Hello here's a writeup of what's really happening with the new secure boot certificates and how your computer is going to carry on working just fine: https://mjg59.dreamwidth.org/72892.html

"What you have is, in essence, a very grassroots and cheap approach to launder misinformation to the public.”

From @feed - Google’s AI Is Destroying Search, the Internet, and Your Brain

Google’s AI Overview, which is easy to fool into stating nonsense as fact, is stopping people from finding and supporting small businesses and credible sources.

https://www.404media.co/googles-ai-is-destroying-search-the-internet-and-your-brain/

We are a very digital society in Denmark, this is generally a very good things, but not when the banks decide we *must* use Google to log in to our accounts...

Absolutely agree with @jeppe here

#TechSovreignty #privacy

https://jyllands-posten.dk/debat/breve/ECE18376402/du-er-tvunget-til-at-tillade-google-at-overvaage-og-saelge-dig/

"35% of the US stock market is held up by five or six companies buying GPUs."

Ed Zitron, The Hater's Guide to the AI Bubble

https://www.wheresyoured.at/the-haters-gui/

One of the most interesting things I've learnt since doing security-related things is how much security is not really about security at all.

For example, to get a good rate on house insurance, you have to have a fancy lock that's difficult to pick on your front door. My front door has one. It also has a glass panel in the middle. If I wanted to break in in a hurry, I wouldn't even try the lock, I'd smash the glass and open the door. From the insurance company's perspective, that's fine: they don't care about it preventing burglaries, they care about attribution. They need a sign of forced entry to pay out and want to avoid having to argue about whether you left the door unlocked. It's about tamper evidence, not about preventing tampering.

The same is true for a lot of embedded security. It isn't about preventing things from going wrong, it's about knowing which vendor gets to pay for a costly recall. If you can accurately attribute failures to a third-party software component, then you can invoke penalty clauses in your contract with that vendor. If you can't, then you pay.

If you can actually prevent attacks, that's a nice bonus, but it's often not the thing that people care most about. Often because they don't really believe it's possible (or, at least, possible within a budget that is lower than the cost of being attacked sometimes).

Sometimes y’all, there is the perfect meme.

#witchy #infosec #darkarts #updates #funny

Death by a thousand slops

https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/

#curl #AI #bugbounty

This is your regular reminder that if you are the smartest person in the room, go find another room. You are not going to run out of people or rooms.

TIL: Ever wanted to compress data or use cryptographic algorithms but you don't want to link to link to C libraries or you're just plain lazy?

The Linux kernel has you covered! Create a socket of type AF_ALG, bind to your favorite algorithm, send() in your data and recv() it back!

This seems to support deflate, SHA, RSA and some more on ppc64le and additionally even zstd, chacha, lzo, hmac and more on ARM!

https://www.kernel.org/doc/html/latest/crypto/userspace-if.html

“Artificial intelligence is the opposite of education”

https://helenbeetham.substack.com/p/artificial-intelligence-is-the-opposite

> But what if there isn’t a middle of this road? What if the project of ‘artificial intelligence’ is not a road to new kinds of education - not even a slow and bumpy one – but the reversal of everything education stands for?

It is weird to see the continuing fallacy in the software world that 'source code' is the most valuable asset, by far.

The most valuable asset is the knowledge, design decisions, rationale and intent encoded therein. Just because we don't have good languages to encode that does not change the value proposition.

That misplaced value equation is also at the root of the LLM-for-SE hype.

📨 Today, EDRi and 51 civil society organisations, academics, and experts have written to the European Commission to oppose any attempts to suspend or delay the #ArtificialIntelligence #AI Act.

These attempts, especially in light of the growing trend of #deregulation of #FundamentalRrights and environmental protection, could undermine accountability and hard-won rights for people, the planet, justice and democracy 🚨

Read the open letter ➡️ https://edri.org/our-work/open-letter-european-commission-must-champion-the-ai-act-amidst-simplification-pressure/

Everyone who said virtme-ng is a great tool for kernel development was absolutely correct

a blog post by my friend eevee which is, y’know, preaching to the choir about exactly what you think, but. yeah. https://eev.ee/blog/2025/07/03/the-rise-of-whatever/

Så har BEC implementeret Googles "sikkerhedssystem" mod rootede telefoner så jeg nu ikke længere kan bruge netbank på min telefon med /e/os. Det gør mig så vred at danske virksomheder kræver at danske borgere giver deres privatliv til Google og tillader at Google sælger ens profil til hvem der vil betale.
Digital uafhængighed min bare r...!

I always hated being told to show my working as a child, but it took me until recently to understand why it annoyed me so much.

Some thing in a sequence of reasoning steps are obvious. A small number of them are obvious to everyone. Some are obvious to me. A (probably overlapping) set are obvious to you but, typically, they are not the same set.

Over the last few years, I've had a lot of conversations with really smart people where they got stuck on something I consider to be so obvious it doesn't need explaining, and then they skip over the next three reasoning steps that I thought needed very careful explanation because they consider those to be obvious.

A huge part of effective communication (especially in teams with diverse expertise) revolves around understanding which steps in your working you need to show. Showing all of them will just bore your reader. Showing the ones that you think need to be shown will work only if your reader has the same background as you.

I was at small house party a few months ago and some guy was there talking about his New App. Being curious I asked. LLM coding assistant.

Told him what I thought: stuff’s dogshit.

He got upset and claimed it was helping people. I simply said “no” and then said that to every other bullshit claim he offered. Someone eventually told me “hey you have to be nice” so I laughed in their face because the thing is..

No, I fucking don‘t. Why the fuck would I be nice to people who are destroying one of the greatest works of art humanity has ever produced: the internet? Because from the foundations to (almost) everyone on it, it’s so obvious to me that the internet is art. It does not just simply contain it, or provide a medium for it, or facilitate it’s propagation, it is art. Though it certainly is all those other things as well.

The internet is gift to the idea that knowledge should be, must be available to everyone.

Me, two weeks ago:

"Strange days indeed; imagine listening to a carpenter describe themselves as "hammer-first."

"But do you... build houses?"

"Incidentally, yes; but our main focus is on hitting nails with hammers."

Microsoft today:

"AI is now a fundamental part of how we work," Liuson wrote. "Just like collaboration, data-driven thinking, and effective communication, using AI is no longer optional - it's core to every role and every level."

https://www.businessinsider.com/microsoft-internal-memo-using-ai-no-longer-optional-github-copilot-2025-6