wait, it's ACTUALLY called "bitch at"??

https://techcrunch.com/2025/07/09/jack-dorsey-says-his-secure-new-bitchat-app-has-not-been-tested-for-security/?utm_source=flipboard&utm_medium=activitypub

@felis_catus_domesticus @seyfr @kamatahvel @Tutanota Android's privacy and security model for applications is massively ahead of the desktop Linux software stack. Android Open Source Project has dramatically better privacy and security throughout the OS too. Mandatory app sandboxing with a strong permission model increasingly based around case-by-case consent instead of software doing anything it wants is important. Traditional desktop operating systems do not have good privacy and security.

Imagine paying $300 a year for email and it gets acquired by a glorified keylogger.

I didn’t think it was possible to be this out of touch. Nice job, NYT.

Microsoft and Crowdstrike announced that they have created a shared spreadsheet

https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/

“maybe if you tax poverty you get less of it.”

Who called them 'genetic engineer' instead of 'heir stylist'?

Good news on mobile zero-days in 2024:
- Zero day exploits in mobile fell YoY (~50%)
- Exploit chains with multiple zero day vulnerabilities are almost exclusively in mobile. Generally, this means mobiles are harder to break in.

The flip side:
- % of zero days in enterprise technologies (i.e not end-user facing) is increasing (37% ->44%)
- Much of that is due to zero days in *security* and networking products.
- Security and networking products are generally compromised with a single vulnerability, no exploit chain required. This is scary given the outsized impact of compromising these products.
- Actors conducting cyber espionage still lead the attributions

Google Threat Intelligence Group released their analysis of 2024 0-days that the group tracked:
https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends

#Forbes just published a rare photo of what password spraying attack looks like 😈

Move over Cryptanalysts. Quantum computing has a new application: Payroll processing. This is according to the payroll company Deel, in it's court filing on this case.

"To date, however, on information and belief no one has been able to build a large-scale payroll engine to process payroll on a global scale. Indeed, these likely cannot actually be built without significant advances in quantum computing"

Yeah, right.

https://www.documentcloud.org/documents/25919659-complaint-ca-no-n25c-04-329-djb/#document/p56

@hacks4pancakes

But if I jump to conclusions, I can assume that the cause is the thing my product fixes!

One of the cool things about electricity is that there's more charge in a button battery than in a bolt of lightning. I promise this is true.

One ampere is the flow of one coulomb (~6 quintillion electrons) per second. A typical CR2032 battery packs about 200 mAh; simplifying a bit, this means it can supply 1 mA for 200 hours. An hour is 3,600 seconds, so it works out to 720 coulombs.

A typical lightning bolt is often quoted at 15 coulombs.

Anyway, I think this is why you're not supposed to swallow batteries.

“For all of human history, we’ve been living like energy is scarce and matter is infinite, when in fact the opposite is true: we need to learn to live like we have access to unlimited energy, but with the deep understanding that the atoms we have to work with are part of a closed system.”

— @debcha , “How Infrastructure Works”

if AI writes the law, what was the legislative intent?

Is someone working in the "Secret Service" still in "public" service?

Today's most meta announcement: The FBI is warning that scammers are impersonating the Internet Crime Complaint Center (IC3), which is operated in partnership with the FBI to receive consumer complaints about fraud.

Naturally, the FBI urges victims to immediately report the fraud to the IC3.

To regenerate a head, you first have to know where your tail is
Planaria can't replace a missing head until after the tail develops sufficiently.
https://arstechnica.com/science/2025/04/to-regenerate-a-head-you-first-have-to-know-where-your-tail-is/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

My thoughts on why PUF never took off in the SoC world:
https://vinothd.com/blog/3-the-manufacturing-trust-myth-why-pufs-arent-a-silver-bullet-for-soc-security/

tl;dr: PUF does not simplify the secure manufacturing trust model. Not having to generate the root private key is cool. But you cannot do much with it without extracting the corresponding public key. And that extraction needs to be done securely, which re-introduces the problem of having the trust the manufacturing facilities, and all the complexity needed to minimize that trust.

Xi and Trump could have been born the same day!! I have never been more curious about someone's exact time of birth.