@mttaggart CISOs don't usually do priority inversion alone: it's often compliance that makes not doing PQ expensive (penatly, non-compliance), while doing telnet cheap (cOMpeNsAtiOn cOnTRol).

(Side note: PQ should be easy to implement)

so 3 courts + US Copyright Office say you cannot copyright nor patent anything made primarily with LLMs because automata aren't human.

#SCOTUS won't review these rules because copyright is meant to protect human creations, not software or automata.

this may mean #AWSlop #Microslop are “de-copyrighting” & “de-patenting” their own proprietary software as they let automata “code” 🧐

❝ AI-generated art can’t be copyrighted after Supreme Court declines to review the rule
https://www.theverge.com/policy/887678/supreme-court-ai-art-copyright

@bluedevil
"Some coverage of this project has overstated its implications. To be clear:

Training works, but utilization is low (~2-3% of peak) with significant engineering challenges remaining
Many element-wise operations still fall back to CPU
This does not replace GPU training for anything beyond small research models today"

There’s just about ~10 days left to make a submission to one of my favorite programming contests:

The International Obfuscated C Code Contest!

Highly encourage you to take a peek and enter, it really brings out some of the best programmers (and compiler wizards).

🇪🇺🎉🔥 BREAKING VICTORY!
LIBE just REJECTED the extension of warrantless #ChatControl 1.0 – no majority! 🛡️💪
Digital privacy of correspondence saved!
Million thanks to everyone who raised their voices! ❤️🙏
Final battle ahead: Plenary vote! 🚀
#StopScanningMe

@airwhale https://stackoverflow.com/questions/2802957/number-of-bits-in-javascript-numbers

When we first showed up at BlackHat as unknown S Africans, we were kinda shellshocked (& awestruck) by it all.

FX was one of the first people to pull us in & hung out with us. We kept in touch but not nearly as much as I should have.

He will be missed.

https://blog.recurity-labs.com/2026-03-02/Farewell_Felix

@joxean @UncleDuke1969 We have this saying that you should try everything in life except incest and folk dancing #NoKinkShaming

So, I have actually read the text of California law CA AB1043 and, honestly, I don't hate it. It requires operating systems to let you enter a date when you create a user account and requires a way for software to get a coarse-grained approximation of this that says either 'over 18' or one of three age ranges of under-18s. Importantly, it doesn't require:

• Remote attestation.
• Tamper-proof storage of the age.
• Any validation in the age.

In short, it's a tool for parents: it allows you to set the age of a child's account so that apps (including web browsers, which can then expose via JavaScript or whatever) can ask questions about what features they should expose.

In a UNIX-like system, this is easy to do, with a tiny amount of new userspace things:

• Define four groups for the four age ranges (ideally, standardise their names!).
• Add a /etc/user_birthdays file (or whatever name it is) that stores pairs of username (or uid) and birthdays.
• Add a daily cron job that checks the above file and updates group membership.
• Modify user-add scripts / GUIs to create an entry in the above file.
• Add a tool to create an entry in the above file for existing user accounts.

This doesn't require any kernel changes. Any process can query the set of groups that the user is in already.

If a parent wants to give their child root, they can update the file and bypass the check. And that's fine, that's a parent's choice. And that's what I want.

I like this approach far more than things that require users to provide scans of passports and other toxically personal information to be able to use services. If we had this feature, then the Online Safety Act could simply require that web browsers provide a JavaScript API to query the age bracket and didn't work unless it returned 'over 18'.

One of the problems has to do with the speed of light and the difficulties involved in trying to exceed it. You can't. Nothing travels faster than the speed of light with the possible exception of bad news, which obeys its own special laws.

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

*Screams in 53-bit numbers*

"Enemy missile took out a central processing unit. [...] We've got a mirror going of course, and we'll have it all up and running again in no time flat. You're just free-floating here for a couple of nanoseconds, while we get UAE processing again."

coping with interstellar medium looks like the better alternative these days

Three years ago I blogged about #nuget serving outdated #curl packages.

They then removed the packages I found.

I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.

The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/

Samsung is an ad delivery network that, as a side effect, produces electronic devices and appliances.

@joern RIP FX. Lets remember him in the good old days https://media.ccc.de/search?p=FX

@mcc @cxiao Maybe you can hack a sensor into @joeycastillo's SensorWatch for compass? https://www.sensorwatch.net/

A friend, @chloetankahhui has been speaking up against the proposal to enforce age verification at the OS level, and the QRTs to this shows the extent of naivety that a lot of people have.

No one who does hardware security believes that any system is bulletproof, but do you really think that circumventing these things will always be a simple firmware mod or hardware hack?

Let's dive in. /1

What's the EU alternative to Let's Encrypt? I see that Actalis is in the default trust store and has an free ACME service, except that it will only do single domain certs so it won't work for my nginx proxy that handles all the TLS.