Reposted by Apoorv Kothari
The decades-old radical troupe Bread and Puppet, famed for its protest art including giant puppets, is touring again — mixing circus, politics and bread in a sharply polarized moment.
Bread and Puppet Theater is still working to 'make the revolution irresistible'
The decades-old radical troupe Bread and Puppet, famed for its protest art including giant puppets, is touring again — mixing circus, politics and bread in a sharply polarized moment.
n.pr
October 6, 2025 at 9:03 PM
The decades-old radical troupe Bread and Puppet, famed for its protest art including giant puppets, is touring again — mixing circus, politics and bread in a sharply polarized moment.
AT feels like a fundamental shift back to what the internet use to be
"The AT protocol is fundamentally an abstraction over HTTP, DNS, and JSON. But by standardizing how these pieces fit together—putting the user in the authority position, separating identity from hosting, and making data portable"
"The AT protocol is fundamentally an abstraction over HTTP, DNS, and JSON. But by standardizing how these pieces fit together—putting the user in the authority position, separating identity from hosting, and making data portable"
i wrote down the process of resolving an at:// URI step by step. turns out, it's a great way to learn how the AT protocol works!
Where It's at:// — overreacted
From handles to hosting.
overreacted.io
October 3, 2025 at 8:53 PM
AT feels like a fundamental shift back to what the internet use to be
"The AT protocol is fundamentally an abstraction over HTTP, DNS, and JSON. But by standardizing how these pieces fit together—putting the user in the authority position, separating identity from hosting, and making data portable"
"The AT protocol is fundamentally an abstraction over HTTP, DNS, and JSON. But by standardizing how these pieces fit together—putting the user in the authority position, separating identity from hosting, and making data portable"
Reposted by Apoorv Kothari
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
October 3, 2025 at 4:14 PM
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
Reposted by Apoorv Kothari
RFC 9842 is HTTP Compression Dictionary Transport -- this is a big one!
Congrats @Yoav and @PatMeenan ! https://www.rfc-editor.org/rfc/rfc9842.html
Congrats @Yoav and @PatMeenan ! https://www.rfc-editor.org/rfc/rfc9842.html
October 1, 2025 at 6:10 AM
RFC 9842 is HTTP Compression Dictionary Transport -- this is a big one!
Congrats @Yoav and @PatMeenan ! https://www.rfc-editor.org/rfc/rfc9842.html
Congrats @Yoav and @PatMeenan ! https://www.rfc-editor.org/rfc/rfc9842.html
Reposted by Apoorv Kothari
The crates.io team was notified of two malicious crates (with similar names as legitimate crates) which were actively searching file contents for Etherum private keys, Solana private keys, and arbitrary byte arrays for exfiltration.
See the blog post for details: blog.rust-lang.org/2025/09/24/c...
See the blog post for details: blog.rust-lang.org/2025/09/24/c...
crates.io: Malicious crates faster_log and async_println | Rust Blog
Empowering everyone to build reliable and efficient software.
blog.rust-lang.org
September 24, 2025 at 8:52 PM
The crates.io team was notified of two malicious crates (with similar names as legitimate crates) which were actively searching file contents for Etherum private keys, Solana private keys, and arbitrary byte arrays for exfiltration.
See the blog post for details: blog.rust-lang.org/2025/09/24/c...
See the blog post for details: blog.rust-lang.org/2025/09/24/c...
Reposted by Apoorv Kothari
Congress eliminated public media funding. At a time of deep division, public media brings us together.
Help keep it strong. Join our monthly donors today: n.pr/458sOhq
Help keep it strong. Join our monthly donors today: n.pr/458sOhq
July 19, 2025 at 9:48 PM
Congress eliminated public media funding. At a time of deep division, public media brings us together.
Help keep it strong. Join our monthly donors today: n.pr/458sOhq
Help keep it strong. Join our monthly donors today: n.pr/458sOhq
Reposted by Apoorv Kothari
How to be classy, how to be cute, how to actually walk the walk...
Love you for this, @cloudflare.social ❤️
www.nytimes.com/2025/07/01/t...
Love you for this, @cloudflare.social ❤️
www.nytimes.com/2025/07/01/t...
Cloudflare Introduces Default Blocking of A.I. Data Scrapers
www.nytimes.com
July 1, 2025 at 2:34 PM
How to be classy, how to be cute, how to actually walk the walk...
Love you for this, @cloudflare.social ❤️
www.nytimes.com/2025/07/01/t...
Love you for this, @cloudflare.social ❤️
www.nytimes.com/2025/07/01/t...
Its nice being able to rely on on GrapheneOS to provide sane and secure defaults. Ty!
The tracking technique described at arstechnica.com/security/202... is prevented by Vanadium's default "Disabled non-proxied UDP" value. It's also prevented by "Default public interface only", which does permit peer-to-peer connections but won't try to use the loopback interface for it.
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.
arstechnica.com
June 7, 2025 at 4:09 PM
Its nice being able to rely on on GrapheneOS to provide sane and secure defaults. Ty!
Reposted by Apoorv Kothari
I usually get where big tech is coming from but this is just malicious tracking. If you're an engineer and you're asked to implement something like this, it's time to whistleblow.
I hope the IE DPA will look into it.
Anyway, Local Network Access (github.com/explainers-b...) can't come soon enough.
I hope the IE DPA will look into it.
Anyway, Local Network Access (github.com/explainers-b...) can't come soon enough.
Covert Web-to-App Tracking via Localhost on Android
We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps…
localmess.github.io
June 5, 2025 at 9:11 AM
I usually get where big tech is coming from but this is just malicious tracking. If you're an engineer and you're asked to implement something like this, it's time to whistleblow.
I hope the IE DPA will look into it.
Anyway, Local Network Access (github.com/explainers-b...) can't come soon enough.
I hope the IE DPA will look into it.
Anyway, Local Network Access (github.com/explainers-b...) can't come soon enough.
Reposted by Apoorv Kothari
The nice thing about writing a book is you can go out and check all those details you just kind of think you know from memory. For example, here’s how OpenSSL prevents compilers from optimizing key zeroization out of their code.
June 3, 2025 at 7:05 PM
The nice thing about writing a book is you can go out and check all those details you just kind of think you know from memory. For example, here’s how OpenSSL prevents compilers from optimizing key zeroization out of their code.
Reposted by Apoorv Kothari
Tomorrow, Thur May 29, Nuits sonores, Lyon France!
I'm coming dance, I'm coming to party, I'm coming to eat, but first I'm sitting down to talk about tech, privacy, Signal, and what it takes to make a world worth living in <3
I'm coming dance, I'm coming to party, I'm coming to eat, but first I'm sitting down to talk about tech, privacy, Signal, and what it takes to make a world worth living in <3
May 28, 2025 at 9:43 AM
Tomorrow, Thur May 29, Nuits sonores, Lyon France!
I'm coming dance, I'm coming to party, I'm coming to eat, but first I'm sitting down to talk about tech, privacy, Signal, and what it takes to make a world worth living in <3
I'm coming dance, I'm coming to party, I'm coming to eat, but first I'm sitting down to talk about tech, privacy, Signal, and what it takes to make a world worth living in <3
Reposted by Apoorv Kothari
Check out this cool shit
Let's #DeepDive into udpgrm, a lightweight daemon for graceful restarts of UDP servers. It leverages SO_REUSEPORT and eBPF to route new and existing flows to the correct server instance. blog.cloudflare.com/quic-restart...
QUIC restarts, slow problems: udpgrm to the rescue
udpgrm is a lightweight daemon for graceful restarts of UDP servers. It leverages SO_REUSEPORT and eBPF to route new and existing flows to the correct server instance. Designed for modern protocols li...
blog.cloudflare.com
May 7, 2025 at 10:54 PM
Check out this cool shit
Reposted by Apoorv Kothari
The AWS team published a key-committing variant of XAES (https://words.filippo.io/xaes-256-gcm/)!
Still FIPS-compliant, and with a proof.
Key commitment ensures the ciphertext can only be decrypted with one key, to avoid issues in higher-level protocols.
https://eprint.iacr.org/2025/758.pdf
Still FIPS-compliant, and with a proof.
Key commitment ensures the ciphertext can only be decrypted with one key, to avoid issues in higher-level protocols.
https://eprint.iacr.org/2025/758.pdf
May 8, 2025 at 12:01 PM
The AWS team published a key-committing variant of XAES (https://words.filippo.io/xaes-256-gcm/)!
Still FIPS-compliant, and with a proof.
Key commitment ensures the ciphertext can only be decrypted with one key, to avoid issues in higher-level protocols.
https://eprint.iacr.org/2025/758.pdf
Still FIPS-compliant, and with a proof.
Key commitment ensures the ciphertext can only be decrypted with one key, to avoid issues in higher-level protocols.
https://eprint.iacr.org/2025/758.pdf
Reposted by Apoorv Kothari
My team at Cloudflare are hiring mid-level and senior engineers to help us go deep on network protocols (HTTP, QUIC, TLS etc.) as we build and deploy our new Rust-based proxy.
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
The Cloudflare Protocols team is hiring for a number of roles! Come work… | Lucas Pardue
The Cloudflare Protocols team is hiring for a number of roles! Come work with me and my awesome manager Michelle Torres 🏳️🌈.
We're looking for experienced mid-level and senior engineers to go d...
www.linkedin.com
May 8, 2025 at 1:47 AM
My team at Cloudflare are hiring mid-level and senior engineers to help us go deep on network protocols (HTTP, QUIC, TLS etc.) as we build and deploy our new Rust-based proxy.
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
Reposted by Apoorv Kothari
Wyden sends a letter to the DoJ about TeleMessage. Can’t wait to see what happens! www.wyden.senate.gov/imo/media/do...
www.wyden.senate.gov
May 6, 2025 at 6:16 PM
Wyden sends a letter to the DoJ about TeleMessage. Can’t wait to see what happens! www.wyden.senate.gov/imo/media/do...
Reposted by Apoorv Kothari
In this ongoing work, we provide a bandwidth efficient solution to State-based CRDT reconciliation with no need for external metadata. We leverage recent developments in set reconciliation after decomposition of CRDT states into sets. Findings also improve general set synch. arxiv.org/abs/2505.01144
ConflictSync: Bandwidth Efficient Synchronization of Divergent State
State-based Conflict-free Replicated Data Types (CRDTs) are widely used in distributed systems to ensure high availability without coordination. However, their naive synchronization strategy - transmi...
arxiv.org
May 5, 2025 at 9:41 AM
In this ongoing work, we provide a bandwidth efficient solution to State-based CRDT reconciliation with no need for external metadata. We leverage recent developments in set reconciliation after decomposition of CRDT states into sets. Findings also improve general set synch. arxiv.org/abs/2505.01144
Reposted by Apoorv Kothari
A few days ago, President Trump issued an executive order seeking to block all federal funding to NPR, the latest in a series of threats to media organizations across the country.
May 3, 2025 at 10:49 PM
A few days ago, President Trump issued an executive order seeking to block all federal funding to NPR, the latest in a series of threats to media organizations across the country.
Reposted by Apoorv Kothari
Here's something counterintuitive to non-practitioners: curve P-521 is often less secure in practice than curve P-256.
The latter is more popular, and so better tested. The risk of implementation bugs dwarfs the risk of partial cryptanalysis of ECC, so picking P-521 optimizes for the wrong thing.
The latter is more popular, and so better tested. The risk of implementation bugs dwarfs the risk of partial cryptanalysis of ECC, so picking P-521 optimizes for the wrong thing.
May 1, 2025 at 5:40 PM
Here's something counterintuitive to non-practitioners: curve P-521 is often less secure in practice than curve P-256.
The latter is more popular, and so better tested. The risk of implementation bugs dwarfs the risk of partial cryptanalysis of ECC, so picking P-521 optimizes for the wrong thing.
The latter is more popular, and so better tested. The risk of implementation bugs dwarfs the risk of partial cryptanalysis of ECC, so picking P-521 optimizes for the wrong thing.
Reposted by Apoorv Kothari
I am planning to release Jiff 1.0, a datetime library for Rust, this summer. After that, I do not plan to make breaking changes, possibly indefinitely.
I would LOVE LOVE LOVE more experience reports before stabilizing Jiff. Tell your friends.
github.com/BurntSushi/j...
I would LOVE LOVE LOVE more experience reports before stabilizing Jiff. Tell your friends.
github.com/BurntSushi/j...
BurntSushi jiff Experience Reports · Discussions
Explore the GitHub Discussions forum for BurntSushi jiff in the Experience Reports category.
github.com
April 17, 2025 at 12:37 PM
I am planning to release Jiff 1.0, a datetime library for Rust, this summer. After that, I do not plan to make breaking changes, possibly indefinitely.
I would LOVE LOVE LOVE more experience reports before stabilizing Jiff. Tell your friends.
github.com/BurntSushi/j...
I would LOVE LOVE LOVE more experience reports before stabilizing Jiff. Tell your friends.
github.com/BurntSushi/j...
Reposted by Apoorv Kothari
Hot take: The existence and ubiquity of Cargo is just as consequential, if not more so, to real-world productivity vs. C/C++ than anything regarding Rust's type system or borrow check.
The former isn't nearly as fun to argue about on message boards, though.
The former isn't nearly as fun to argue about on message boards, though.
March 30, 2025 at 6:38 AM
Hot take: The existence and ubiquity of Cargo is just as consequential, if not more so, to real-world productivity vs. C/C++ than anything regarding Rust's type system or borrow check.
The former isn't nearly as fun to argue about on message boards, though.
The former isn't nearly as fun to argue about on message boards, though.
Currently reading the blog post series "Reviewing the Cryptography Used by Signal".
Learning a lot and turning out to be my new favorite blog.
soatok.blog/2025/02/18/r...
#cryptography
Learning a lot and turning out to be my new favorite blog.
soatok.blog/2025/02/18/r...
#cryptography
Reviewing the Cryptography Used by Signal - Dhole Moments
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…
soatok.blog
March 15, 2025 at 6:26 AM
Currently reading the blog post series "Reviewing the Cryptography Used by Signal".
Learning a lot and turning out to be my new favorite blog.
soatok.blog/2025/02/18/r...
#cryptography
Learning a lot and turning out to be my new favorite blog.
soatok.blog/2025/02/18/r...
#cryptography
Reposted by Apoorv Kothari
It seems likely that there will be a RUSTSEC advisory for `humantime` being unmaintained.
This is a reminder that Jiff should cover all of the use cases of `humantime`. Specifically, its friendly duration format was specifically designed with this in mind: docs.rs/jiff/latest/...
This is a reminder that Jiff should cover all of the use cases of `humantime`. Specifically, its friendly duration format was specifically designed with this in mind: docs.rs/jiff/latest/...
March 10, 2025 at 10:48 PM
It seems likely that there will be a RUSTSEC advisory for `humantime` being unmaintained.
This is a reminder that Jiff should cover all of the use cases of `humantime`. Specifically, its friendly duration format was specifically designed with this in mind: docs.rs/jiff/latest/...
This is a reminder that Jiff should cover all of the use cases of `humantime`. Specifically, its friendly duration format was specifically designed with this in mind: docs.rs/jiff/latest/...
Reposted by Apoorv Kothari
New, from me: you were told that the threats to free speech came from wokeness. Some compared it to Maoist China.
Now we are witnessing government power being used to silence dissent and censor ideas. Now we know what real society-wide chilling effects look like. 🧵
open.substack.com/pub/donmoyni...
Now we are witnessing government power being used to silence dissent and censor ideas. Now we know what real society-wide chilling effects look like. 🧵
open.substack.com/pub/donmoyni...
Real chilling effects
A extraordinary pattern of government censorship and threats to speech
open.substack.com
March 9, 2025 at 5:39 PM
New, from me: you were told that the threats to free speech came from wokeness. Some compared it to Maoist China.
Now we are witnessing government power being used to silence dissent and censor ideas. Now we know what real society-wide chilling effects look like. 🧵
open.substack.com/pub/donmoyni...
Now we are witnessing government power being used to silence dissent and censor ideas. Now we know what real society-wide chilling effects look like. 🧵
open.substack.com/pub/donmoyni...
Reposted by Apoorv Kothari
Time for another longer Rust impl stream! I haven't decided what I'm going to build yet, but come join me on Sunday at 3pm UTC (everytimezone.com/s/85eb076f) and find out 😅 I'm thinking maybe either the IRC protocol or a port of the guff plotter 🤔
www.youtube.com/live/MAwYsKY...
www.youtube.com/live/MAwYsKY...
impl Rust: topic TBD
YouTube video by Jon Gjengset
www.youtube.com
March 4, 2025 at 5:32 AM
Time for another longer Rust impl stream! I haven't decided what I'm going to build yet, but come join me on Sunday at 3pm UTC (everytimezone.com/s/85eb076f) and find out 😅 I'm thinking maybe either the IRC protocol or a port of the guff plotter 🤔
www.youtube.com/live/MAwYsKY...
www.youtube.com/live/MAwYsKY...
If you like some non-blocking with your meal, crates.io/crates/tokio... is now on the menu.
Tokio support is now available for the quiche QUIC implementation!
#Rust #RustLang
Tokio support is now available for the quiche QUIC implementation!
#Rust #RustLang
crates.io: Rust Package Registry
crates.io
February 21, 2025 at 6:39 PM
If you like some non-blocking with your meal, crates.io/crates/tokio... is now on the menu.
Tokio support is now available for the quiche QUIC implementation!
#Rust #RustLang
Tokio support is now available for the quiche QUIC implementation!
#Rust #RustLang