More recommended reading linked within:
Links
RSS feedA feed of recommended external reading
Daniel Caesar returned to Tiny Desk this week 😌
Also worth revisiting his first appearance from 2018: https://youtu.be/PBKa-AAy_vo
Hidden in storage, a University of Utah research associate happened upon the only known copy of this ‘revolutionary’ software
Stories like this revitalize my love for computing PLUS it’s great seeing the Flux research group highlighted 🫶.
One way to tell a weak engineer in a discussion thread about some problem is to see who is bringing in specific facts about how the system currently works, and who is making purely general recommendations that could apply to any system. If their messages could all be public tweets, they’re probably not adding much value.
A cool reminder that Let’s Encrypt, Divvi Up, and Prossimo are all run by the same org.
Ivan Krstić at Black Hat 2016, video available
The legendary Melissa Chase recently gave a perfect introduction to Key Transparency, including recent results/active areas.
We need to deliver code that works—and we need to include proof that it works as well. Not doing that directly shifts the burden of the actual work to whoever is expected to review our code.
Cryptography-specific chaser: Implementing As-Safe-As-Possible, Misuse-Resistant Cryptographic Libraries: Part I.
JP Aumasson on Too Much Crypto in 2025:
Too Much Crypto hasnt aged …
\[as expected, just diminishing returns from incremental high-complexity/memory cryptanalysis.\]
Add asserts everywhere.
Also see matklad’s What is an Invariant?.
From USENIX Security 2005!
without [secure deallocation], data can remain in memory for days or weeks, even persisting across reboots.
The span from first write to last read is the ideal lifetime. The data must exist in the system at least this long. The span from first write to deallocation is the secure deallocation lifetime. The span from first write to the first write of the next allocation is the natural lifetime. Because programs often rely on reallocation and overwrite to eliminate sensitive data, the natural lifetime is the expected data lifetime in systems without secure deallocation.