Sam Mortenson
@mortenson.bsky.social
Security engineer working on AwaySync.com, the asynchronous communication platform that lets you reclaim your attention
avoiding microplastics by not touching city dwellers ever again
November 22, 2025 at 7:28 PM
avoiding microplastics by not touching city dwellers ever again
So with Messaging Layer Security if someone forgets their key and re-joins a group, and you want to give them access to messages they used to have, another member has to re-encrypt everything? It feels like a spec designed for "disposable" group chats, not Slack-like apps.
November 22, 2025 at 5:14 PM
So with Messaging Layer Security if someone forgets their key and re-joins a group, and you want to give them access to messages they used to have, another member has to re-encrypt everything? It feels like a spec designed for "disposable" group chats, not Slack-like apps.
Having European coworkers is like being haunted. You can't prove they exist but if you stay up late enough you might just see one.
November 12, 2025 at 1:47 AM
Having European coworkers is like being haunted. You can't prove they exist but if you stay up late enough you might just see one.
Better Auth is great - except they don't use pluralized table names 😭😭😭
November 10, 2025 at 2:11 AM
Better Auth is great - except they don't use pluralized table names 😭😭😭
Do any compilers exist that split individual exports from a file/module/package into their own dependencies? I'm thinking like, a graph analyzer that can build an ideal dependency tree on the fly, ignoring user defined dependency structure.
November 7, 2025 at 10:05 PM
Do any compilers exist that split individual exports from a file/module/package into their own dependencies? I'm thinking like, a graph analyzer that can build an ideal dependency tree on the fly, ignoring user defined dependency structure.
The existence of "API Security" products should tell you exactly where the cybersecurity industry is maturity wise lol
November 7, 2025 at 6:53 PM
The existence of "API Security" products should tell you exactly where the cybersecurity industry is maturity wise lol
I feel like a lot of cybersecurity products and strategy put almost no responsibility on individuals, and make every problem really meta: "This was a training issue", "A vendor could have caught this", etc.
I don't have a solution, just something I've been noticing.
I don't have a solution, just something I've been noticing.
November 4, 2025 at 9:55 PM
I feel like a lot of cybersecurity products and strategy put almost no responsibility on individuals, and make every problem really meta: "This was a training issue", "A vendor could have caught this", etc.
I don't have a solution, just something I've been noticing.
I don't have a solution, just something I've been noticing.
I often think about how bad the American Taskmaster season went. Maybe we need more panel shows in the US? Some way to identify the generically clever people from the professionally funny people.
October 19, 2025 at 1:40 PM
I often think about how bad the American Taskmaster season went. Maybe we need more panel shows in the US? Some way to identify the generically clever people from the professionally funny people.
React developers are so prop-brained that they'll always use objects as function params instead of two arguments even outside of React!
Wait...that's actually a nice habit...
Wait...that's actually a nice habit...
October 2, 2025 at 11:09 PM
React developers are so prop-brained that they'll always use objects as function params instead of two arguments even outside of React!
Wait...that's actually a nice habit...
Wait...that's actually a nice habit...
Reposted by Sam Mortenson
“Sam Altman” as a name is kinda kojima-coded
September 29, 2025 at 2:18 AM
“Sam Altman” as a name is kinda kojima-coded
How many developer MCP servers do you think accept LAN connections?
September 23, 2025 at 10:59 PM
How many developer MCP servers do you think accept LAN connections?
free username idea: thundurianlightning
September 23, 2025 at 7:13 PM
free username idea: thundurianlightning
I wonder if you could mitigate session hijacking using the Web Push API. On login associate a web push subscription with the session, then every few minutes push down a token that the browser needs to include in future requests. Like DBSC but relying on the webhook URL instead of the TPM?
September 21, 2025 at 7:47 PM
I wonder if you could mitigate session hijacking using the Web Push API. On login associate a web push subscription with the session, then every few minutes push down a token that the browser needs to include in future requests. Like DBSC but relying on the webhook URL instead of the TPM?
em dashes will become a virtue signal when AI stops using them
September 17, 2025 at 12:23 AM
em dashes will become a virtue signal when AI stops using them
I wrote some AppleScript to punish me for being unproductive by slowly lowering my Spotify volume when I'm not working.
September 12, 2025 at 3:50 PM
I wrote some AppleScript to punish me for being unproductive by slowly lowering my Spotify volume when I'm not working.
Reposted by Sam Mortenson
This ad about how great Google Gemini is ends by telling us how Ted, the protagonist and a big James Blunt fan, “found something he didn’t even know he was looking for” at a James Blunt concert where James Blunt is playing not “High” by James Blunt but “She’s So High” by Tal Bachman.
Just Ask Google
YouTube video by Google
youtu.be
September 8, 2025 at 2:32 AM
This ad about how great Google Gemini is ends by telling us how Ted, the protagonist and a big James Blunt fan, “found something he didn’t even know he was looking for” at a James Blunt concert where James Blunt is playing not “High” by James Blunt but “She’s So High” by Tal Bachman.
I support remote work because we need to distribute tech bros more evenly to major cities.
September 7, 2025 at 2:46 AM
I support remote work because we need to distribute tech bros more evenly to major cities.
I feel like I'm reaching a point with Haskell where someone can say "It'd be nice if we banned using Bool" and I'm like "Yeah that makes sense"
September 5, 2025 at 4:32 PM
I feel like I'm reaching a point with Haskell where someone can say "It'd be nice if we banned using Bool" and I'm like "Yeah that makes sense"
the proliferation of jersey club remixes feel like trap remixes in the 2010s but they're actually good
September 2, 2025 at 8:48 PM
the proliferation of jersey club remixes feel like trap remixes in the 2010s but they're actually good
Is mobile hash cracking (of PMKID in the field) viable at all?
I feel like external GPUs and little AI boxes are more common now but imagine the power drain is awful. This is for a hobby project btw
I feel like external GPUs and little AI boxes are more common now but imagine the power drain is awful. This is for a hobby project btw
September 2, 2025 at 8:07 PM
Is mobile hash cracking (of PMKID in the field) viable at all?
I feel like external GPUs and little AI boxes are more common now but imagine the power drain is awful. This is for a hobby project btw
I feel like external GPUs and little AI boxes are more common now but imagine the power drain is awful. This is for a hobby project btw
People buy into SSO that basically just swaps an OAuth token with a per-app session token. Are you 100% sure you can't get long term persistence after login? How many of these "behind SSO" apps allow you to generate an API token?
Passkeys per website seem so much better to me.
Passkeys per website seem so much better to me.
August 27, 2025 at 2:33 AM
People buy into SSO that basically just swaps an OAuth token with a per-app session token. Are you 100% sure you can't get long term persistence after login? How many of these "behind SSO" apps allow you to generate an API token?
Passkeys per website seem so much better to me.
Passkeys per website seem so much better to me.
Something about how Linear does filtering is deeply unintuitive for me. Maybe it's just that the current state of filters is unclear?
August 26, 2025 at 6:22 PM
Something about how Linear does filtering is deeply unintuitive for me. Maybe it's just that the current state of filters is unclear?
An open source music tracker written in Go by the person who made norns, cool!! github.com/schollz/2n
August 25, 2025 at 10:05 PM
An open source music tracker written in Go by the person who made norns, cool!! github.com/schollz/2n
Venture Capital is welfare for Ivy League grads
August 19, 2025 at 5:12 AM
Venture Capital is welfare for Ivy League grads