protip: when referring to your favourite programming language’s features, call them spells instead to sound more mysterious and cool.

“memory safety feature”

“memory safety spell”

📬

A really “inspirational” Google ad about a young girl who’s inspired by an Olympic athlete so her dad asks Google’s Gemini AI to write the athlete a letter from his daughter.

It’s actually an effective anti-AI ad which plays to the fear AI drains the creativity and honesty out of human communication. 🤦🏾‍♂️

https://youtu.be/NgtHJKn0Mck?si=tsRJaFDCA5t53foa

I found out quite a lot of stuff by now about the Ghidra stack depth mess up and still have no idea how to fix it... 😩

https://github.com/NationalSecurityAgency/ghidra/issues/6747

someone just shared this picture with me and I am so mad this is a thing that somebody thought was a good idea, or even not a terrible idea

My new blog - featuring: a technical overview of the CrowdStrike incident, why security products user kernel mode, and what this means for the future of Windows.

https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/

Shout outs to my non-Microsoft friends who gave me input and technical editing, appreciate you!

👏 more 👏 developers 👏 need 👏 👏 hear 👏 this

I can count on one hand the number of my clients over the past couple of years who haven't either over-architected for scale or were unnecessarily concerned about it.

You don't need to understand Distributional Little's Law to figure this out, it's obvious with primary school level math.

Excerpt from https://tailscale.com/blog/new-internet

Interesting nugget in this story on the historic mass recall to replace 100,000 engines in Toyota trucks & Lexus SUVs: When Toyota first reported the problem to the government, the total # of vehicles hadn't been determined, but NHTSA's website required an "integer value" in the percentage of vehicles impacted field, but "1" also meant "unknown". [insert Do You Even UX Bro gif]

https://www.motortrend.com/news/toyota-engine-recall-tundra-pickup-lexus-lx-suv/

AWS in GovcCoud US-East _accidentally_ upgrading MySQL from 5.7.X to 8.X.

DevOpsBorat was right. Error is human, automatically upgrading a database fleet to a new major MySQL version is #devops .

#cloudfail #aws_rds

@jerry FTR: https://www.youtube.com/watch?v=k8F3UE9qFsg \o/

No opportunity goes to waste ;-)

https://www.theverge.com/2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver

[RSS] You Can't Spell WebRTC without RCE - Part 2

https://margin.re/2024/07/you-cant-spell-webrtc-without-rce-part-2/

I just wrote some initial ramblings on my attempt to write a Rust based bootloader for Open Firmware/ppc64le

https://siliconislandblog.wordpress.com/2024/07/25/booting-with-rust-chapter-1/

@phurd Well, good luck doing pretty much anything online (incl. posting to Fedi)!

@phurd Well, session cookies aren't strictly necessary...if you don't want to have a session in most webapps.

I once had the pleasure of working with @mslaviero, and miss his smarts and wit. This blog post on how @ThinkstCanary architects for security is worth a read for many reasons - but the biting insight delivered with a chuckle is what I’m most enjoying.
https://blog.thinkst.com/2024/07/unfashionably-secure-why-we-use-isolated-vms.html

Gave a burst of new talks over the past week, including intros to (1) patents, (2) timing variations in crypto code, (3) modern tools to avoid bugs in rewriting snippets to run in constant time, and, on the more mathematical side, (4) cola cryptography: https://cr.yp.to/talks.html

The recent post reminded me of

https://www.schneierfacts.com/

With classics like:

"Compilers don't warn Bruce Schneier, Bruce Schneier warns compilers."

"Bruce Schneier mounts chosen-ciphertext attacks without choosing the ciphertext."

T-shirts: https://www.zerodayclothing.com/schneierfacts.php

The CrowdStrike Outage and Market-Driven Brittleness

https://www.schneier.com/blog/archives/2024/07/the-crowdstrike-outage-and-market-driven-brittleness.html

Our UEFI support added in 3.5 continues to improve! 4.1 released last week adds TE support, platform types for SMM, PEI, and PPI and updates to EFI Resolver.

https://binary.ninja/2024/07/17/4.1-elysium.html#uefi-enhancements

And we're not done, keep an eye out for an in-progress blog post with more details.