eikendev
@eikendev.bsky.social
Corp-speak translator, business therapist, professional proofreader with a serious love for cyber. Using magic PowerPoint macros to make problems disappear.
Reposted by eikendev
DaVita says ransomware gang stole data of nearly 2.7 million people ift.tt/d4oxbZg
DaVita says ransomware gang stole data of nearly 2.7 million people
Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals.
buff.ly
August 23, 2025 at 11:42 PM
DaVita says ransomware gang stole data of nearly 2.7 million people ift.tt/d4oxbZg
Reposted by eikendev
Here we are again. Every photo, every message, every file you send will be automatically scanned—without your consent or suspicion. This is not about catching criminals. It is not based on scientific evidence. It will enable mass #surveillance of EU citizens. #chatcontrol
fightchatcontrol.eu
fightchatcontrol.eu
Fight Chat Control - Protect Digital Privacy in the EU
Learn about the EU Chat Control proposal and contact your representatives to protect digital privacy and encryption.
fightchatcontrol.eu
August 11, 2025 at 5:40 AM
Here we are again. Every photo, every message, every file you send will be automatically scanned—without your consent or suspicion. This is not about catching criminals. It is not based on scientific evidence. It will enable mass #surveillance of EU citizens. #chatcontrol
fightchatcontrol.eu
fightchatcontrol.eu
Reposted by eikendev
I wrote up some notes on Google Security's new OSS Rebuild project, which increases supply chain security for popular packages on PyPI, NPM and Crates through offering independent build attestations
simonwillison.net/2025/Jul/23/...
simonwillison.net/2025/Jul/23/...
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Major news on the Reproducible Builds front: the Google Security team have announced OSS Rebuild, their project to provide build attestations for open source packages released through the NPM, PyPI …
simonwillison.net
July 23, 2025 at 5:19 PM
I wrote up some notes on Google Security's new OSS Rebuild project, which increases supply chain security for popular packages on PyPI, NPM and Crates through offering independent build attestations
simonwillison.net/2025/Jul/23/...
simonwillison.net/2025/Jul/23/...
Reposted by eikendev
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
End-of-Train and Head-of-Train Remote Linking Protocol | CISA
www.cisa.gov
July 12, 2025 at 12:14 PM
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
Reposted by eikendev
Wrote up some notes on that recent paper from METR "Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity" simonwillison.net/2025/Jul/12/...
Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity
METR - for Model Evaluation & Threat Research - are a non-profit research institute founded by Beth Barnes, a former alignment researcher at OpenAI (see Wikipedia). They've previously contributed ...
simonwillison.net
July 12, 2025 at 6:14 PM
Wrote up some notes on that recent paper from METR "Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity" simonwillison.net/2025/Jul/12/...
Reposted by eikendev
It has officially begun. The CRA info request counter is no longer at zero.
July 11, 2025 at 7:48 AM
It has officially begun. The CRA info request counter is no longer at zero.
Reposted by eikendev
Some notes on Grok 4: excellent benchmark scores, a mid-quality pelican and a launch that was overshadowed by this week's disastrous Grok 3 system prompt update simonwillison.net/2025/Jul/10/...
Grok 4
Released last night, Grok 4 is now available via both API and a paid subscription for end-users. Key characteristics: image and text input, text output. 256,000 context length (twice that …
simonwillison.net
July 10, 2025 at 7:40 PM
Some notes on Grok 4: excellent benchmark scores, a mid-quality pelican and a launch that was overshadowed by this week's disastrous Grok 3 system prompt update simonwillison.net/2025/Jul/10/...
Reposted by eikendev
Cloudflare has launched Orange Me2eets, an open-source end-to-end encrypted video calling demo! Built on top of our OpenMLS implementation, this project showcases secure, private real-time communication.
buff.ly/eEdJdnf
#Cloudflare #E2EE #VideoCalling #OpenSource #OpenMLS
buff.ly/eEdJdnf
#Cloudflare #E2EE #VideoCalling #OpenSource #OpenMLS
Orange Me2eets: We made an end-to-end encrypted video calling app and it was easy
Orange Meets, our open-source video calling web application, now supports end-to-end encryption using the MLS protocol with continuous group key agreement
blog.cloudflare.com
June 30, 2025 at 5:52 AM
Cloudflare has launched Orange Me2eets, an open-source end-to-end encrypted video calling demo! Built on top of our OpenMLS implementation, this project showcases secure, private real-time communication.
buff.ly/eEdJdnf
#Cloudflare #E2EE #VideoCalling #OpenSource #OpenMLS
buff.ly/eEdJdnf
#Cloudflare #E2EE #VideoCalling #OpenSource #OpenMLS
Reposted by eikendev
June treasury data came in today, and Americans paid a record $27B in tariffs & related DHS excise taxes this month—for an annualized pace of more than $300B/year
The graph of intense pain & suffering keeps getting worse
The graph of intense pain & suffering keeps getting worse
June 25, 2025 at 9:48 PM
June treasury data came in today, and Americans paid a record $27B in tariffs & related DHS excise taxes this month—for an annualized pace of more than $300B/year
The graph of intense pain & suffering keeps getting worse
The graph of intense pain & suffering keeps getting worse
What a great way to put it: "When an agent struggles, so does a human."
You can just measure things! “I can confidently say it's not just me that does not like Xcode, my agent also expresses frustration.” lucumr.pocoo.org/2025/6/17/me...
We Can Just Measure Things
Using programming agents to measure measuring developer productivity.
lucumr.pocoo.org
June 17, 2025 at 1:46 PM
What a great way to put it: "When an agent struggles, so does a human."
Reposted by eikendev
Good Monday morning tech nerds. One of my devs wrote *another* blog post about kerberos (I'm creating an army of crazy bloggers). This one you might consider bookmarking.
Introduction to Network Trace Analysis 06: Kerberos it’s AUTH-some! | Microsoft Community Hub
New to the series? Be sure to check out the previous posts!
Introduction to Network Trace Analysis Part 0: Laying the...
techcommunity.microsoft.com
June 16, 2025 at 2:51 PM
Good Monday morning tech nerds. One of my devs wrote *another* blog post about kerberos (I'm creating an army of crazy bloggers). This one you might consider bookmarking.
Reposted by eikendev
Another prompt injection paper review! This time it's "An Introduction to Google’s Approach to AI Agent Security" by Santiago Díaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
An Introduction to Google’s Approach to AI Agent Security
Here’s another new paper on AI agent security: An Introduction to Google’s Approach to AI Agent Security, by Santiago Díaz, Christoph Kern, and Kara Olive. (I wrote about a different …
simonwillison.net
June 15, 2025 at 5:32 AM
Another prompt injection paper review! This time it's "An Introduction to Google’s Approach to AI Agent Security" by Santiago Díaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
Reposted by eikendev
"Design Patterns for Securing LLM Agents against Prompt Injections" is an excellent new paper that provides six design patterns to help protect LLM tool-using systems (call them "agents" if you like) against prompt injection attacks
Here are my notes on the paper simonwillison.net/2025/Jun/13/...
Here are my notes on the paper simonwillison.net/2025/Jun/13/...
Design Patterns for Securing LLM Agents against Prompt Injections
This a new paper by 11 authors from organizations including IBM, Invariant Labs, ETH Zurich, Google and Microsoft is an excellent addition to the literature on prompt injection and LLM …
simonwillison.net
June 13, 2025 at 1:35 PM
"Design Patterns for Securing LLM Agents against Prompt Injections" is an excellent new paper that provides six design patterns to help protect LLM tool-using systems (call them "agents" if you like) against prompt injection attacks
Here are my notes on the paper simonwillison.net/2025/Jun/13/...
Here are my notes on the paper simonwillison.net/2025/Jun/13/...
Reposted by eikendev
Trump updated the PQC EO:
www.whitehouse.gov/presidential...
www.whitehouse.gov/presidential...
June 7, 2025 at 6:41 PM
Trump updated the PQC EO:
www.whitehouse.gov/presidential...
www.whitehouse.gov/presidential...
I can see how that whole “AI shifts the bottleneck from skill to judgment” idea makes a lot of sense. Especially so with coding agents. Writing code is easy now. The hard part is breaking things down and knowing what good output looks like.
Not So Common Thoughts
A personal blog exploring the intersection of design, technology, and human creativity. Through thoughtful analysis and personal experiences, it examines how modern tools and AI are reshaping our appr...
notsocommonthoughts.com
June 5, 2025 at 7:51 PM
I can see how that whole “AI shifts the bottleneck from skill to judgment” idea makes a lot of sense. Especially so with coding agents. Writing code is easy now. The hard part is breaking things down and knowing what good output looks like.
We all know Roko’s Basilisk, the AI that punishes you for not helping it come into existence.
Just had a thought on this. What if there’s another kind of AI?
Just had a thought on this. What if there’s another kind of AI?
June 2, 2025 at 8:22 PM
We all know Roko’s Basilisk, the AI that punishes you for not helping it come into existence.
Just had a thought on this. What if there’s another kind of AI?
Just had a thought on this. What if there’s another kind of AI?
Reposted by eikendev
This story is just wild. The TeleMessage backend was implemented using Spring Boot, and exposed a heapdump endpoint that allowed *anyone* to dump the heap memory of the web server.
Anyone! 😳 Unauthenticated! 😱 In 2025! 🤯
www.wired.com/story/how-th...
Anyone! 😳 Unauthenticated! 😱 In 2025! 🤯
www.wired.com/story/how-th...
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.
www.wired.com
May 21, 2025 at 7:36 AM
This story is just wild. The TeleMessage backend was implemented using Spring Boot, and exposed a heapdump endpoint that allowed *anyone* to dump the heap memory of the web server.
Anyone! 😳 Unauthenticated! 😱 In 2025! 🤯
www.wired.com/story/how-th...
Anyone! 😳 Unauthenticated! 😱 In 2025! 🤯
www.wired.com/story/how-th...
Reposted by eikendev
Very excited to submit the Tuscolo Certificate Transparency logs for inclusion today! 🧾🪵☀️
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
May 9, 2025 at 4:36 PM
Very excited to submit the Tuscolo Certificate Transparency logs for inclusion today! 🧾🪵☀️
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
Reposted by eikendev
TeleMessage, the Israeli company that makes the modified Signal app used by Trump officials, was hacked. “I would say the whole process took about 15-20 minutes,” the hacker said micahflee.com/the-signal-c...
The Signal Clone the Trump Admin Uses Was Hacked
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
micahflee.com
May 4, 2025 at 10:05 PM
TeleMessage, the Israeli company that makes the modified Signal app used by Trump officials, was hacked. “I would say the whole process took about 15-20 minutes,” the hacker said micahflee.com/the-signal-c...
Reposted by eikendev
The EU Agency for Cybersecurity, #ENISA is aware of disinformation circulating that put our name in the context of the power outage, claiming it as a cyberattack as well as additional disinfo regarding an alleged #cyberattack on banks.
We recommend to always consult official sources to confirm info
We recommend to always consult official sources to confirm info
April 30, 2025 at 6:03 PM
The EU Agency for Cybersecurity, #ENISA is aware of disinformation circulating that put our name in the context of the power outage, claiming it as a cyberattack as well as additional disinfo regarding an alleged #cyberattack on banks.
We recommend to always consult official sources to confirm info
We recommend to always consult official sources to confirm info
Reposted by eikendev
We're proud to announce the release of Binary Ninja 5.0. Here's some highlights: Union Support, Dyld Share Cache & Kernel Cache, Firmware Ninja, Auto Stack Arrays, Stack Structure Type Propagation, and so much more. Check out the blog post for more information: binary.ninja/2025/04/23/5...
April 23, 2025 at 8:06 PM
We're proud to announce the release of Binary Ninja 5.0. Here's some highlights: Union Support, Dyld Share Cache & Kernel Cache, Firmware Ninja, Auto Stack Arrays, Stack Structure Type Propagation, and so much more. Check out the blog post for more information: binary.ninja/2025/04/23/5...
Reposted by eikendev
Interesting talk about the plans for a digital identity system for EU citizens, and some of the cryptographic thinking going on behind the scenes media.ccc.de/v/38c3-eu-s-...
EU's Digital Identity Systems - Reality Check and Techniques for Better Privacy
Digital identity solutions, such as proposed through the EU's eIDAS regulation, are reshaping the way users authenticate online. In this ...
media.ccc.de
April 22, 2025 at 9:02 PM
Interesting talk about the plans for a digital identity system for EU citizens, and some of the cryptographic thinking going on behind the scenes media.ccc.de/v/38c3-eu-s-...
Reposted by eikendev
China fires up the world's first thorium-fueled nuclear reactor, a 2 megawatt research reactor located in the Gobi Desert cooled and fueled by molten salt futurism.com/china-thoriu... Thorium is much more abundant than uranium & thorium fueled reactors are poor choice for making an illicit weapon
🔌💡
🔌💡
China Fires Up World's First Thorium-Powered Nuclear Reactor
Researchers at the Chinese Academy of Sciences revealed the successful refueling of an operational Thorium-powered nuclear reactor.
futurism.com
April 21, 2025 at 1:20 PM
China fires up the world's first thorium-fueled nuclear reactor, a 2 megawatt research reactor located in the Gobi Desert cooled and fueled by molten salt futurism.com/china-thoriu... Thorium is much more abundant than uranium & thorium fueled reactors are poor choice for making an illicit weapon
🔌💡
🔌💡
Reposted by eikendev
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 5:23 PM
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
Reposted by eikendev
Meta just dropped Llama 4 on a weekend! Two new open weight models (Scout and Maverick) and a preview of a model called Behemoth - Scout has a 10 million token context
Best information right now appears to be this blog post: ai.meta.com/blog/llama-4...
Best information right now appears to be this blog post: ai.meta.com/blog/llama-4...
The Llama 4 herd: The beginning of a new era of natively multimodal AI innovation
We’re introducing Llama 4 Scout and Llama 4 Maverick, the first open-weight natively multimodal models with unprecedented context support and our first built using a mixture-of-experts (MoE) architect...
ai.meta.com
April 5, 2025 at 7:53 PM
Meta just dropped Llama 4 on a weekend! Two new open weight models (Scout and Maverick) and a preview of a model called Behemoth - Scout has a 10 million token context
Best information right now appears to be this blog post: ai.meta.com/blog/llama-4...
Best information right now appears to be this blog post: ai.meta.com/blog/llama-4...