@mejofi it's nuts. TBf a while lot of life happened to me in those years and I haven't recovered fully yet

@mejofi wait is it four years? But yes this November.

@sindarina we need more left and centre left systems and defense thinkers :).

@sindarina agreed on the speed at which things are evolving. Given that spiderweb took 18 months to pull off, it makes me wonder what is in the pipeline...

Israel is destroying the foundations of a Palestinian state - https://on.ft.com/43PaU1s via @ft2

@sindarina yeah. Back in 2015 I visited Patagonia and wondered why there were no data centers, and the reply was latency and wind so strong that wind turbines can't handle them...

My brief impulse talk from cycon 2025 is up on YouTube: https://youtu.be/qllU_B_Rmis?si=zgAFL5jy3QDPP0AN

@sindarina east Patagonia has very abundant wind energy - I think it's one of the more obvious locations to put non latency sensitive compute workloads.

Using the GOOGLEFINANCE() function in Google Sheets is so disappointing, because it ... sometimes works, and sometimes doesn't. And today it doesn't, randomly, for certain inputs, and I need to send the sheet to the tax folks.

I wish there were better error messages.

This, as they say, is a banger of a speech. “It is time for Europe to rise up once again. To rally around the next great European project. Thus, I believe that our next great era – the next great unifying project – is about building an independent Europe.” https://ec.europa.eu/commission/presscorner/detail/en/speech_25_1366

@4Dgifts I understand why you worry about that, but ... the drone to drone combat you see currently is quite literally interceptor drones targeting bomber drones that target residential areas, so the understanding that there are casualties is never far from anyone's mind.

@4Dgifts I don't think anyone has that illusion currently, watching what's going on in Ukraine.

@4Dgifts audio track has the details. The assumption was that wars of attrition are over, and militaries largely planned for missions against adversaries with vastly different levels of technology.

Interesting links of the week:

Strategy:

* https://docs.google.com/presentation/d/1_3Iu74UijAjfSLHzqWDkDEaIwoB6WBSo9-mY5e0u0HM/edit?slide=id.g44c27644734fe259_110#slide=id.g44c27644734fe259_110 - @HalvarFlake gives us his take on where the West's strategy is going awry
* https://www.tandfonline.com/doi/full/10.1080/13523260.2025.2498711#abstract - why "feds" and "spooks" don't get reported
* https://arxiv.org/abs/2502.15840 - benchmarking AI
* https://nap.nationalacademies.org/catalog/29056/cyber-hard-problems-focused-steps-toward-a-resilient-digital-future - HARD problems in cyber

Threats:

* https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/ - meet the Spanish mob

Detection:

* https://medium.com/cloud-security/how-to-spot-data-exfiltration-using-cost-anomaly-detection-e3635f1c3aa2 - something I've been known to preach on too... @teriradichel preaches the value of business data in spotting malicious behaviours... not every detection needs to be based on security telemetry
* https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/ - turning your network perimeter into a big ol' fly tray
* https://blog.talosintelligence.com/proactive-threat-hunting-with-talos-ir/ - a nice write up from one of my colleagues at @TalosSecurity on threat hunting

Exploitation:

* https://www.bashcore.org/ - a new security testing distro based on Debian from @nickbearded
* https://tmr232.github.io/function-graph-overview/ - understanding the call flow
* https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/ - enumerating Entra
* https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/ - automating research on Microsoft RPC

Hard hacks:

* https://blog.siguza.net/tachy0n/ - @siguza talks tachy0n for iOS jailbreaking
* https://insbug.medium.com/badusb-attack-explained-from-principles-to-practice-and-defense-3bfe88ec2eeb - naughty flash drives

Hardening:

* https://u1f383.github.io/linux/2025/05/25/dbus-and-polkit-introduction.html - learn about DBUS and Polkit
* https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/ - doing SSH public key auth better

Nerd:

* https://www.theregister.com/2025/05/24/john_young_obituary/ - John Young obituary from el reg
* https://arxiv.org/abs/2502.15840 - care of @0xabad1dea, paper on the chaos one AI controlled business caused
* https://archive.nytimes.com/www.nytimes.com/books/first/b/black-ibm.html?source=post_page-----ce5373f66a3---------------------- - something we don't think about enough when we work with big tech...
* http://websdr.org/ - the radio, on the Internet
* https://optimizedbyotto.com/post/debian-packaging-from-git/ - building Debian packages with Git

#security, #research

@barrelshifter this is now years ago, but I vividly recall how much resistance there was to adding rotates to LLVM IR too because "can't you just build them out of simpler shifts?"

(in short: yes, but not reliably for variable shifts; the patterns to match for rotates with variable shift amount are quite fragile and easily - and frequently - broken by unrelated opts in the middle end)

@resistor @barrelshifter Either way, I like the way the funnel shift solution worked out. (And will always be grateful for Sanjay doing the legwork!)

They're a good normal form, funnel shift<->rotate (where applicable) is canonical and trivial in both directions, they can be formed early (which avoids destroying the pattern), they're reasonably common in target ISAs on their own right, and are still pretty straightforward to lower where they're not available

@rygorous @resistor @barrelshifter good to know! one of these years I'll learn about GPUs for real 😭

@regehr @resistor @barrelshifter anyway I know about the funnel variants mostly from the HW side, e.g. stuff like this https://iccd.et.tudelft.nl/2008/proceedings/626huntzicker.pdf ("Energy-Delay Tradeoffs in 32-bit Static Shifter Designs", Huntzicker et al. 2008). Data-reversal shifters are e.g. in https://web.archive.org/web/20170706054724id_/https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/Shifter_Schulte.pdf ("Design alternatives for barrel shifters", Pillmeier et al. 2002)

@regehr @resistor @barrelshifter actual funnel shift as an exposed operation is much rarer, especially the variable-shift-amount variant, because it absolutely needs a 3-operand architecture on the datapath. GPUs usually pervasively have that, and it's fairly common to see native funnel shift operations exposed on GPUs. (e.g. AMD has v_alignbit_b32, NV has SHF https://docs.nvidia.com/cuda/cuda-binary-utilities/index.html#maxwell-pascal)

@jawnsy No, the 2018 talk will remain the pinnacle of my speaking career. This doesn't compare.