rmhrisk
@rmhrisk.bsky.social
Dropout. Father. I build things. Security, Cryptography, Engineering, Entrepreneurship.
@peculiarventure
+ x-MSFT + x-GOOG ++. Also on @rmhrisk@infosec.exchange and twitter.com/rmhrisk
@peculiarventure
+ x-MSFT + x-GOOG ++. Also on @rmhrisk@infosec.exchange and twitter.com/rmhrisk
From dropping tables to jailbreaking GPTs, some kids just never change. Meet Little Bobby Prompts. 😂
July 17, 2025 at 6:25 PM
From dropping tables to jailbreaking GPTs, some kids just never change. Meet Little Bobby Prompts. 😂
Classic moral hazard problem in internet infrastructure:
Those making critical security decisions don't face the consequences when things go wrong. Meanwhile, 8 billion users bear all the risks.
This misalignment creates predictable problems across any system at scale.
👇
Those making critical security decisions don't face the consequences when things go wrong. Meanwhile, 8 billion users bear all the risks.
This misalignment creates predictable problems across any system at scale.
👇
June 13, 2025 at 12:53 AM
Classic moral hazard problem in internet infrastructure:
Those making critical security decisions don't face the consequences when things go wrong. Meanwhile, 8 billion users bear all the risks.
This misalignment creates predictable problems across any system at scale.
👇
Those making critical security decisions don't face the consequences when things go wrong. Meanwhile, 8 billion users bear all the risks.
This misalignment creates predictable problems across any system at scale.
👇
My kids are going to grow up thinking “Shit My Dad Says” was mostly just t-shirts about cryptography, root access, malware, and accountability in Git.
And… they’ll be right.
And… they’ll be right.
June 5, 2025 at 1:44 AM
My kids are going to grow up thinking “Shit My Dad Says” was mostly just t-shirts about cryptography, root access, malware, and accountability in Git.
And… they’ll be right.
And… they’ll be right.
We fixed secret management! By dumping everything into Vault and pretending it's not a problem anymore....
February 5, 2025 at 1:18 AM
We fixed secret management! By dumping everything into Vault and pretending it's not a problem anymore....
Has anyone seen our cryptographic keys? They were right here... like, five years ago.
February 5, 2025 at 1:11 AM
Has anyone seen our cryptographic keys? They were right here... like, five years ago.
We need to improve our cryptographic security!
Discovers unprotected private keys lying around
Wait... if we have to discover our cryptographic keys, that means we aren't actually managing them?
Discovers unprotected private keys lying around
Wait... if we have to discover our cryptographic keys, that means we aren't actually managing them?
February 5, 2025 at 12:58 AM
We need to improve our cryptographic security!
Discovers unprotected private keys lying around
Wait... if we have to discover our cryptographic keys, that means we aren't actually managing them?
Discovers unprotected private keys lying around
Wait... if we have to discover our cryptographic keys, that means we aren't actually managing them?
We secure video game DRM keys better than the keys protecting your bank account.
February 5, 2025 at 12:46 AM
We secure video game DRM keys better than the keys protecting your bank account.
You get a shared secret! You get a shared secret! EVERYONE gets a shared secret! Shared secrets are not secret!
February 5, 2025 at 12:33 AM
You get a shared secret! You get a shared secret! EVERYONE gets a shared secret! Shared secrets are not secret!
Why spend millions on cryptography if your keys spend 99% of their life unprotected? We need to fix key management first.
February 5, 2025 at 12:32 AM
Why spend millions on cryptography if your keys spend 99% of their life unprotected? We need to fix key management first.
We don’t suck at cryptography - we suck at managing it. Everyone’s obsessing over PQC algorithms, but the real problem is deployment, key management, and lifecycle. PQC is just another spice - without proper management, it’s just seasoning on bad security.
February 5, 2025 at 12:00 AM
We don’t suck at cryptography - we suck at managing it. Everyone’s obsessing over PQC algorithms, but the real problem is deployment, key management, and lifecycle. PQC is just another spice - without proper management, it’s just seasoning on bad security.
As 2025 approaches, it’s a good time to update WebPKI CA market share. GTS is now the second-largest CA, followed by GoDaddy and DigiCert. The top eight CAs account for 99% of all certificates. Automation is on the rise, making manual enrollment as antiquated as manually renewing your IP address.
December 16, 2024 at 9:05 PM
As 2025 approaches, it’s a good time to update WebPKI CA market share. GTS is now the second-largest CA, followed by GoDaddy and DigiCert. The top eight CAs account for 99% of all certificates. Automation is on the rise, making manual enrollment as antiquated as manually renewing your IP address.
The costs of context switching visualized.
(Ok actually it’s 777 fuel efficiency by trip length and number of stops but still!)
(Ok actually it’s 777 fuel efficiency by trip length and number of stops but still!)
July 8, 2023 at 5:08 PM
The costs of context switching visualized.
(Ok actually it’s 777 fuel efficiency by trip length and number of stops but still!)
(Ok actually it’s 777 fuel efficiency by trip length and number of stops but still!)
Winston says hello from Long Beach Washington.
April 13, 2023 at 1:00 AM
Winston says hello from Long Beach Washington.