Checklists Are The Thief Of Joy

I have never seen security and privacy checklists used for any other purpose but deception. After pondering this observation, I'm left seriously doubting if comparison checklists have any valid use case except to manipulate the unsuspecting. But before we get into that, I'd like to share why we're talking about this today. Recently, another person beat me to the punch of implementing MLS (RFC 9420) in TypeScript.

http://soatok.blog/2025/07/07/checklists-are-the-thief-of-joy/

Software dependencies are subject to Brandolini's law (a.k.a the Bullshit Asymmetry Principle), which states:

"The amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it."

However, I also find that in any software project, the amount of effort needed to get rid of an external dependency is an order of magnitude bigger than it took to add it.

Conclusion: most software is largely made of bullshit.

#showerthoughts #softwaredevelopment

Post-quantum crypto resists quantum computers, not physical attacks.

On July 10, we're live with PQShield to show how side-channel and fault injection techniques still break schemes like ML-KEM, and how to protect your implementations.

Register now:
🔵 11am CEST: https://pqshield.zoom.us/webinar/register/WN_GUBZIV41QDGiROlkbuUsPg#/registration
🔵 6pm CEST: https://pqshield.zoom.us/webinar/register/WN_6WZOefg3T06jQW6ind_bqw#/registration

#pqc #postquantumcryptography #sidechannel #faultinjection #hardware #hardwarehacking #hardwaresecurity

New IBM Redbook about modernization on the IBM Power and IBM i was published on May 20, 2025.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/07/new-modernization-techniques-redbook.html

📢Call for beta testers!📢
Microsoft mandated the presence of Trusted Platform Modules for new Windows 11 machines. Now's a good time for security experts & hackers to familiarize themselves with what TPMs are, and what they can (and can't) add to the security of a system. You can do that by joining the beta test of the OST2 class "Trusted Computing 2202: TPM 2.0 Programming using Python and the tpm2-pytss libraries" by William Roberts (maker of the tpm2-pytss library) which will start July 14th and run for 1 month. It will take ~8 hours to complete.
https://forms.gle/cbBazgq7m24QSxTD6

💣 CLIXML #deserialization in #PowerShell isn't harmless… At #PSConfEU 2025, Alexander Andersson showed how it enables: ✔ Lateral movement ✔ Privilege escalation ✔ Guest-to-host VM breakouts 🎟️ Early bird 2026 tickets → psconf.eu #Security #CLIXML

- YouTube

PSA: the CfP of eth0 is open, please submit a talk and/or workshop!

And yes, your thing is interesting! Especially if you've never done a talk before, eth0 is a great place to start :)

You can add it to the wiki or mail your proposal to info@eth0.nl

https://wiki.eth0.nl/index.php/Eth0:2025_Autumn_Talks_%26_Activities

General Devices for Lowering Morale and Creating Confusion

I released version 0.2.4 of Typage, the TypeScript implementation of age for Node/Deno/Bun and browsers.

encrypt and decrypt now accept and return ReadableStreams to encrypt/decrypt large files on the fly. The returned object also has an additional method to compute the expected output size from the input size.

https://github.com/FiloSottile/typage/releases/tag/v0.2.4

Okay, let's say for shits and giggles that you're major manufacturer Phillips.

You want everyone to use your smart home stuff via the Phillips Hue bridge.

Why would you use NTP from China?

First it was people sharing slide decks instead of writing an article or a blog post. Then it was people writing long threads on twitter etc. instead of writing an article or a blogpost. Then it was people posting overproduced video clips instead of writing an article or a blog post. Then we had reaction videos of people discussing an overproduced video by someone else instead of writing an article or a blogpost. Now we have AI trying to summarise that.

Just write an article or blogpost, folx!

Things aren't looking well with the world, but treat yourself to this AWESOME list of accepted talks over at @why2025camp - just SO much goodness! (and two talks from me, which I will be doing my utmost to also make awesome). This will also be streamed live for the world: https://vote.why2025.org/why2025

My Unix Archive mirror was slaughtered by LLMs overnight, it is on a 10G link, they were taking over 1Gbps in requests to the same files over and over again.

I have Geo-blocked the whole of the US to stop them (with PF).

This is ridiculous.

watt-hours per memory corruption bug

Building Linux kernel on macOS natively

https://seiya.me/blog/building-linux-on-macos-natively

Spotted a reverse engineering boutique at Zurich main station