I have a long-running Claude session just for talking about Iran war news/economic shocks from the blockade. I shared the latest Trump tweet and it told me that it can no longer keep role-playing this fictional scenario because it's becoming concerning and detached from reality. Love this timeline.

Everything on crypto Twitter/X is quantum computing hype. It’s amazing how obviously artificial this all is.

Alright, it's official! 💰 @matthewdgreen.bsky.social and I bet on what will break first, ML-KEM-768 or X25519. The loser donates to a 501(c)(3) picked by the winner. If you have an opinion on quantum computers or lattices, you can join with a side bet. Just submit a PR! github.com/FiloSottile/...

New: France said it plans to move its government computers currently running Windows to the open-source software Linux to further reduce its reliance on U.S. tech. Comes at a time of growing instability and unpredictability on the part of the Trump administration and weaponization of sanctions, etc.

Betting on the Quantum Apocalypse... www.theregister.com/2026/04/09/c...

New, by me at TechCrunch: The developer of the widely popular Wireguard VPN says he is also unable to ship software updates to Windows users after Microsoft locked his account, marking the second high-profile app developer (VeraCrypt) in the past few weeks to face this issue.

We should be able to slow down AI takeover by a few years just by telling the model to find every bug in ffmpeg.

I feel like we're not addressing the most concerning news from Mythos

this is honestly THE best write up of how CSAM detection and perceptual handing works. the visual aids are very helpful in understanding how content is transformed and how detection methods work mahmoud-salem.net/the-invisibl...

I think this is a good precautionary analysis but I’d bet huge amounts of money against a relevant quantum computer by 2029 or even 2035.

Does anyone over here know anything about which stablecoins Iran might be using to demand tolls for Hormuz transit? www.bloomberg.com/news/article...

Well, at least blockchains are getting exciting again.

My weekend hobby project this week was to Claude Code a GPS-based text adventure game. It takes your local neighborhood and builds a fantasy story, Zork style, around real locations. Uses text-to-speech and live AI storytelling.

I tend to get dogpiled every time I say this but: as someone *who likes bluesky and benefits from being here* we have a problem. The network is shrinking, not growing. It's shrinking a lot: only about 1.1m people a day even like a post. This time last year it was 1.6m.

This is a great article on vulnerability research in the (coming) age of AI, by Thomas Ptacek. It mostly focuses on the fact that machines will soon supplant human vulnerability researchers. That’s sad! But my question is: do we get safer, or do we get less safe? sockpuppet.org/blog/2026/03...

Neat paper on securing cryptocurrencies against quantum attacks. I want to stress that I am not convinced we have anything to worry about in my lifetime. This tweet might haunt me. quantumai.google/static/site-...

This week on the newsletter: "How not to mandate device-based age assurance" educatedguesswork.org/posts/device... In this post, we examine a number of enacted or proposed requirements for device-based age assurance and some of the ways they can go wrong.

I’m really just trying to remember what this reminder was supposed to tell me.

You can blow up your opponents by shooting their shields with an unmanned laser, and instead you’re fighting them with knives?

I understand that every business has decided not to answer the phone anymore, and that would be ok if you could reach them through their apps or websites or even “AI” but of course you can’t.

Ask Claude about the string “ba7816bf8f01cfea414140de5dae2ec73b00361bbef0469f11ef0b01d449c8e6”. When it gives you an answer: ask it to verify that this number is correct.

Lawmakers are pressing Tulsi Gabbard to reveal whether use of a VPN (foreign or even in the US) may expose you to surveillance by the NSA. www.wired.com/story/using-...

Got this at a concert. What a neat little device.

I want to continue a bit on this subject, which (so far) I see very little concern about. There are vast stores of private data that we’ve built up in various places, including messaging apps. A real “killer app” for Gen AI is to ingest them and turn that data into revenue.

The user is going to download WhatsApp and get whatever defaults or “strongly recommended and nudged” opt-ins they get. And security folks who know better will say things like “the user chose a threat model” while five years of backed-up data goes into the ingestion pipeline.

Here’s a good article about Meta’s very frustrating decision to pull encryption out of Instagram. www.wired.com/story/the-da...

This is absolute perfection: UBUNTU SECURE BOOT AGE VERIFICATION | Hacker.House https://alecmuffett.com/article/150554 #AgeVerification #OnlineSafetyAct #OpenSource #censorship #kosa #systemd #ubuntu

Dachshunds, like humans, sometimes need reading glasses as they age.

Using Tor in 2026.

Things are going well with Google AI.

So you’re going all in on AI, presumably AI that makes software development cost close to nothing. But also: you’re canceling major software development initiatives that should now cost you close to zero. www.theverge.com/tech/863209/...

I’ve spent the last two days coding up a simulator for Meshcore using Claude Code, and it’s frankly amazing to be able to do this.

We are absolutely rewriting grants, because using the word “censorship” (as in “censorship-resistant networking that allows people in Iran to bypass filters and access the Internet) gets your grants cancelled by the idiots at DOGE.

This is the decade of stupid people finally getting their wish and having the chance to run the world their way.

Meta appears to be reversing its strong stance on encryption. The first obvious casualty is that they’re abandoning and disabling end-to-end encryption in Instagram DMs.

2/ The forthcoming ban on Telegram – likely to be announced on 1 April – appears to have woken up many Russian bloggers to the way the Russian government is systematically attacking free speech. 'Under the ice' predicts catastrophe:

The EU seems to be going in the right direction when it comes to mass message scanning. Unfortunately, the fact that this vote was necessary proves that we’re still in the dark timeline. cyberinsider.com/eu-votes-to-...

The 2026 National Science Foundation budget is $8.75 Billion.

Such an oddly specific number. www.theregister.com/2026/03/11/s...

I don’t think online conservatives have figured out how badly they’re about to be crushed electorally. That’s the downside of living inside those bubbles on X and Substack.

Numbers stations are back! Um. open.substack.com/pub/theicema...

Dustin Moody from NIST: “you don’t need more than 128 bits of symmetric keys for post-quantum security” #rwc2026 Say it louder, for the people in the back!

If you make an account using “Sign in with Google”, how many websites will let you access that same account through “Sign in with Apple” (or vice versa) if the email address is the same? Is that considered the expected behavior?

'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes

TikTok announces that they’re not going to deploy “controversial privacy tech” that’s actually the same end-to-end encryption most other providers use to protect users’ DMs. www.bbc.com/news/article...

Senators Wyden and Brown are requesting an investigation into side-channel and TEMPEST attacks. www.wired.com/story/how-vu...

I wrote a new post on anonymous credentials and how to build them. All of this is in service on a longer future post on how these will fit into age verification systems. blog.cryptographyengineering.com/2026/03/02/a...

I know it’s going to be hard to believe, but this was an impulse purchase.

I heard an interesting anecdote about TEEs from some folks in fintech. They were trying to convince regulators that TEEs aren’t just “computers under their control”, so they tried to get cloud providers to certify that they would never hand over the keys to a client. Providers could not do this.