Is my blog written by AI? Do I use AI to write documents for human readers at work?
No.
I do a lot with AI every day, but I believe that passing off AI writing as my own is disrespectful to the people who I'm asking to read it.
More on my blog.
What's the missing layer of systematic defense for log4j JNDI? It wasn't a memory safety issue or something static analysis would target. Much more usable runtime sandboxing would help for the LDAP payload RCEs, but would it do much for the RMI techniques? I don't think so.
@colmmacc I can’t think of any additional systematic mechanisms that are readily generalizable. But for me, this was yet another confirmation that off-box firewalls are valuable, even in today’s world of increasingly ubiquitous app-to-app authentication.
Hello, I am an Apple device which just updated its operating system. Would you like to re-evaluate every privacy decision you’ve ever made for the umpteenth time? Perhaps you’ve reconsidered sharing crash dumps with us?
Majority quorums are pervasive in strongly consistent distributed systems yet there are many alternatives with better scalability and performance. Quoracle is a new open-source tool to find an optimal quorum system for a given distributed architecture. https://t.co/d4UpFNdQuf
I love how the LinkedIn crowd is like, “Get fifteen hours of sleep, create space for your meditation. Truly focus on your success.”
Buddy, just now as I was trying to eat a piece of toast for 2 minutes, the toddler found me and bit me. LMK how that fits into The Strategy.
I agree! And this dynamic is especially pronounced in interviews. When I realized that, I started sitting next to, or across the corner from folks during interviews (back when we interviewed in person)
Wray said companies should be required to hold their own golden keys to encrypted data and said "the cryptologers (?) and cryptographists (?) that I talk to say this is doable."
N.B.: FBI refuses to say which cryptography experts have told Wray this. (Vast majority disagree.)
Wray does not mention that the FBI released incorrect statistics about the scope of the encryption problem and then basically never talked about statistics ever again, despite reporters (including me) repeatedly asking for corrected numbers.
In honor of @colmmacc being elevated to VP, a thread on my experiences with him. Somewhere a bunch of @awscloud people just flinched and didn't know why.
A brief summary:
He uses two different arbitrary code exploits in Ocarina of time to store data in the N64s internal memory, which persists for long enough when you swap carts to allow that data to be executed as code in an exploit in Paper Mario.