Henry Harrison
@hh71.bsky.social
Used to work in cybersecurity. Now I don't.
Real question for me is why it's taking so long for self-interest to motivate really substantial change. Presumably the view is that the risk remains worth talking given the costs of getting more resilient
September 18, 2025 at 4:06 PM
Real question for me is why it's taking so long for self-interest to motivate really substantial change. Presumably the view is that the risk remains worth talking given the costs of getting more resilient
The counter-argument is that their own self-interest should ultimately motivate companies to get resilient, whereas in the absence of a regulator, they'd never be much motivated to protect personal data.
September 18, 2025 at 4:05 PM
The counter-argument is that their own self-interest should ultimately motivate companies to get resilient, whereas in the absence of a regulator, they'd never be much motivated to protect personal data.
The article argues that the code should not be "just for startups". But if it's not, then in many countries every company will reincorporate in this way - a big problem for the vested interests (eg notaries)
September 18, 2025 at 12:12 PM
The article argues that the code should not be "just for startups". But if it's not, then in many countries every company will reincorporate in this way - a big problem for the vested interests (eg notaries)
But the reality is that "fix all the vulnerabilities" isn't really a credible policy position, because you can never fix them all. Which is why the Telecoms Security Act and Code of Practice focus on more fundamental architectural remedies
August 28, 2025 at 9:37 AM
But the reality is that "fix all the vulnerabilities" isn't really a credible policy position, because you can never fix them all. Which is why the Telecoms Security Act and Code of Practice focus on more fundamental architectural remedies
Rome Fiumicino is my local. Pleasant and (usually) efficient
August 14, 2025 at 9:34 AM
Rome Fiumicino is my local. Pleasant and (usually) efficient
Maxwell's demon, I suppose
July 12, 2025 at 2:51 PM
Maxwell's demon, I suppose
That said, there's presumably a lot to be learned from Russian efforts in Ukraine but there doesn't seem to be nearly enough public domain information about this to draw strong conclusions (not a complaint, I imagine there are good reasons for it).
June 10, 2025 at 10:49 AM
That said, there's presumably a lot to be learned from Russian efforts in Ukraine but there doesn't seem to be nearly enough public domain information about this to draw strong conclusions (not a complaint, I imagine there are good reasons for it).
But I suspect attackers are still learning about the real power of other effects and regulatory activity is really (really!) slow even where it's happening (eg UK Telecoms Security Act).
June 10, 2025 at 10:49 AM
But I suspect attackers are still learning about the real power of other effects and regulatory activity is really (really!) slow even where it's happening (eg UK Telecoms Security Act).
On human safety, I think you're right about directly causing deaths, and there is already strong regulation in place in areas like air traffic control.
June 10, 2025 at 10:48 AM
On human safety, I think you're right about directly causing deaths, and there is already strong regulation in place in areas like air traffic control.
On the use for both good and bad, not my real area of expertise but I think as *everything* goes to cloud, the legal position for (good) security researchers gets more and more tenuous? Is the adoption of bug bounties for cloud services keeping pace to maintain the equilibrium?
June 10, 2025 at 10:48 AM
On the use for both good and bad, not my real area of expertise but I think as *everything* goes to cloud, the legal position for (good) security researchers gets more and more tenuous? Is the adoption of bug bounties for cloud services keeping pace to maintain the equilibrium?
Having now spent some time thinking about this…
On point 2 (proliferation) - absolutely, 100%. The other 2 points are more subtle - suspect you're right that AI has relatively little impact on them but other trends could upset the equilibrium.
On point 2 (proliferation) - absolutely, 100%. The other 2 points are more subtle - suspect you're right that AI has relatively little impact on them but other trends could upset the equilibrium.
June 10, 2025 at 10:47 AM
Having now spent some time thinking about this…
On point 2 (proliferation) - absolutely, 100%. The other 2 points are more subtle - suspect you're right that AI has relatively little impact on them but other trends could upset the equilibrium.
On point 2 (proliferation) - absolutely, 100%. The other 2 points are more subtle - suspect you're right that AI has relatively little impact on them but other trends could upset the equilibrium.
I'll bite (my first ever post on Bluesky!)
The AI/Cyber article is thoughtful and not a topic where people have much in the way of predigested opinion, so it takes time to think about it (which I for example have been doing). But now triggered to re-engage I'll go and dig out the post and respond
The AI/Cyber article is thoughtful and not a topic where people have much in the way of predigested opinion, so it takes time to think about it (which I for example have been doing). But now triggered to re-engage I'll go and dig out the post and respond
June 10, 2025 at 10:42 AM
I'll bite (my first ever post on Bluesky!)
The AI/Cyber article is thoughtful and not a topic where people have much in the way of predigested opinion, so it takes time to think about it (which I for example have been doing). But now triggered to re-engage I'll go and dig out the post and respond
The AI/Cyber article is thoughtful and not a topic where people have much in the way of predigested opinion, so it takes time to think about it (which I for example have been doing). But now triggered to re-engage I'll go and dig out the post and respond