Cem Paya

@randomoracle

Infosec, cryptocurrency & risk // NYC transplant in PDX; Airbnb, Google & MSFT alumni (Opinions expressed are my own; I do not speak for my employer.)

Vrijeme pridruživanja: prosinac 2008.

Tweetovi

Blokirali ste korisnika/cu @randomoracle

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @randomoracle

  1. prije 1 minutu

    Meanwhile there is still an app on the Google Play Store that appears to have been intended for reporting results from the 2016 Iowa caucus 🤔 Even displays a MSFT logo in a screenshot…

    Poništi
  2. prije 5 minuta

    "Let's use an eventually-consistent database, it will be totally fine" said the engineers…

    Poništi
  3. prije 27 minuta

    SQL injection in the mobile app used for If only there was a lesson to learn about information security from the 2016 election

    Poništi
  4. proslijedio/la je Tweet
    prije 2 sata
    Odgovor korisniku/ci

    Wait. The pin is to login? Folks are tweeting pics of the caucus worksheets with the pin clearly visible 🤦🏻‍♂️ e.g.

    Poništi
  5. prije 14 sati

    Using NFC tags for counterfeiting has been a (mostly failed) idea proposed in other contexts eg authenticating bottles of wine Minor problem: unlike bottles of wine, shoes travel with the person & enable ubiquitous tracking that owners never opted into

    Poništi
  6. proslijedio/la je Tweet
    31. sij

    I would like to thank the State of Kentucky for this video on behalf of everybody keynoting an infosec conference this decade.

    Poništi
  7. 2. velj

    Because security through obscurity worked so well for elections before? NYT: "Party officials won’t say who developed the [mobile app for Iowa caucus] because they don’t want to provide a target for hackers"

    Poništi
  8. 1. velj

    Stalin: "It's not the votes that count, but who counts the votes" (apocryphal) US constitution: "It's not the votes that count, but the arbitrary geographic boundary those votes are counted in"

    Poništi
  9. 1. velj

    Alternative take: key to 5X MSFT valuation was Ballmer stepping down & no longer using the same self-destructive strategies that ran the company into the ground during the past decade

    Poništi
  10. proslijedio/la je Tweet
    31. sij

    In light of the criminal charges being dropped this week, I'm re-upping this tweet. I'm looking forward to your presentation about this, !

    Poništi
  11. 1. velj

    Sign of spending too much time tinkering— you start mistaking policy acronyms for technology ones OSCP (certification) ⟶ OCSP (protocol) PCI (standard) ⟶ PCIe (interconnect) SOC (audit) ⟶ SoC (system-on-chip)

    Poništi
  12. 31. sij

    Daily reminder: cryptocurrency wallets are the bush-league amateur-hour of cryptographic hardware Latest episode from Trezor: key extraction with simple voltage-fault injection

    Poništi
  13. 31. sij

    The rare case where public outrage actually caused a vendor to rethink unethical data practices (Mainly because they do not have the slick PR available to Google/FB and their stock tanked 20%)

    Poništi
  14. 31. sij

    If this vulnerability were to get a brand & logo, "Bombshell" is the natural choice…

    Tweet je nedostupan.
    Poništi
  15. 30. sij

    That figure would have been much higher if had not succeeded in using its lobbying power to kill facial-recognition bills in other states inspired by Illinois

    Poništi
  16. 29. sij

    Translation of surveillance-capitalism language for the uninitiated: "Break the web" == "Break our ability to monetize the web"

    Poništi
  17. proslijedio/la je Tweet

    LRT, Gaggle, the company that monitors students, also posted about their tech’s potential to halt teacher strikes. (They’ve since taken the post down).

    Poništi
  18. 29. sij

    Jury is out on which is worse: not applying a year-old security update vs still using MSFT SharePoint in 2020? 🤦‍♂️

    Poništi
  19. 29. sij

    Hint: It stopped being a goal when scaling improvements got bogged down in politics & it became clear the base layer alone can not scale to give every unbanked person in the world their own UTXOs Lightning and other L2 solutions may one day change that

    Poništi
  20. proslijedio/la je Tweet
    28. sij
    Odgovor korisnicima

    I dunno, but I never really liked it. I proposed an alternative, "constant pooling" - indirectly load constants from a non-executable table. I had stats that showed performance impact was negligible, more loads but better icache perf. Blinding was trivial to implement though.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·