Cormac Herley

@CormacHerley

I work on security, fraud & abuse, unsupervised learning, science of security, passwords. I like clarity. Speaking only for myself.

Seattle, WA.
Vrijeme pridruživanja: lipanj 2014.

Tweetovi

Blokirali ste korisnika/cu @CormacHerley

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @CormacHerley

  1. proslijedio/la je Tweet
    3. velj

    I love Super Bowl statistics. (“No team that has failed to convert at least 35% of their 3rd downs has gone on to win” etc.) They are the best introduction to p-hacking that can be found outside major journals.

    Poništi
  2. 30. sij

    'The Generalizability Crisis' by . One of the most interesting (and unsettling) papers I've read recently. The problems with quantitative Psych are more severe than p-hacking, reproducability. Everyone interested in usable security should read.

    Poništi
  3. 24. sij

    Draws attn to interesting asymmetry. Questions, speculation, anecdotes, tautologies and unfalsifiable claims are apparently OK as arguments that X must be bigger, but proof is demanded for any claim X can be smaller.

    Poništi
  4. 24. sij

    A crypto paper that was interesting enough for me to read! Claims many symmetric algs would not be less safe with significantly fewer rounds.

    Poništi
  5. 15. sij

    "The word science is already taken." Physicist criticizing excuse-making for lack of empirical support for High Energy theories. "For 'postempiric science,' please, use another word, for instance, iScience, xScience, or something else."

    Poništi
  6. 3. pro 2019.

    There are good reasons to use a password manager (and good reasons not to), but expert consensus is completely unconvincing.

    Poništi
  7. 3. pro 2019.

    I wish ppl would stop citing expert consensus for recommending, eg, password managers. Expert consensus has a near-perfect record of being wrong in this space.

    Poništi
  8. proslijedio/la je Tweet

    Better methods can’t make up for mediocre theory

    Poništi
  9. 24. lis 2019.

    a) This is disrespectful to you audience. b) Abdicates any responsibility to convince. c) You are not in possession of the truth. \2

    Poništi
  10. 24. lis 2019.

    Wish infosec ppl would stop using “Repeat after me” to emphasize stuff they think everyone should know. Comes across as: “I am in possession of the truth. Others must have it drummed into them repetition if they’re too dim to get it any other way.” \1

    Poništi
  11. 14. lis 2019.

    Some summer hikes. Prusik peak, Enchantments. Tank lakes, WA. Arrowhead lake from the John Muir Trail. Paradise valley.

    Poništi
  12. 14. lis 2019.

    Fame at last: a mention in the SMBC footnotes.

    Poništi
  13. 14. lis 2019.

    "What we know about the world is determined by what hypotheses scientists choose to test, what models they choose to compare, what parameters they choose to estimate, and other decisions they make about the trajectories of their investigations."

    Poništi
  14. 30. ruj 2019.
    Poništi
  15. proslijedio/la je Tweet
    23. ruj 2019.

    I'm looking for literature providing a taxonomy of privacy behaviors (all the possible privacy-related behaviors in which a user could engage). I can't seem to find such a paper/list -- am I missing something?

    Poništi
  16. 20. kol 2019.

    Endorsed. This is a great team, working on hugely impactful stuff.

    Poništi
  17. 19. kol 2019.

    "The four horsemen of the reproducibility apocalypse: publication bias, low statistical power, P-value hacking and HARKing (hypothesizing after results are known)."

    Poništi
  18. proslijedio/la je Tweet
    9. srp 2019.

    I hope you enjoy this perspective on why complexity and length rules are generally not your friend. Your password doesn't matter.

    Poništi
  19. 19. lip 2019.

    No matter how much of it you have, the data you have access to cannot tell you how representative it is of the data you do not have access to.

    Poništi
  20. 19. lip 2019.

    Yuan presents our paper w/ at EuroSP today. TLDR: a) weakest accts should get extra protection, b) punish commonly-guessed passwords more, c) punish typos less. Can accomplish a)-c) w/o storing any information that's harmful if leaked.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·