Brutkey

Royce Williams
@tychotithonus@infosec.exchange
Royce Williams
@tychotithonus@infosec.exchange

"Let us be the repository of your passkeys" and "We may terminate your account at any time and permanently refuse to communicate with you" ... seems like a bad combination?

Royce Williams
@tychotithonus@infosec.exchange

That "Your Windows PC has a secretly useful backup tool" article title kinda buried a pretty important "but it's been deprecated by Microsoft" lede, didn't it.

Royce Williams
@tychotithonus@infosec.exchange

Do US military installations allow people to wear even semi-smart watches (like old-school Fitbits), given the potential abuse of telemetry (not just GPS, but typing) ?

Royce Williams
@tychotithonus@infosec.exchange

What is your preferred conditional comment grammar style? (Assume "X" and "Y" may be of less-trivial length)

Royce Williams
@tychotithonus@infosec.exchange

I've never wandered off and then come back 1/2 hour later to download a script update from ChatGPT. Was this already a thing, or did it start recently?

Either way, on other models I'm pretty sure I've come back to do something like this weeks later. (switching back to an older session). Seems ... inconvenient.

#ChatGPT #ChatGPT5

End of a programming session with ChatGPT 5 Thinking, ending with a "Download the updated script" link, but clicking the link does not download anything, instead popping up a red warning at the top that says "Code interpreter session expired".
Royce Williams
@tychotithonus@infosec.exchange

I'll be impressed by the TextQuest AI benchmark when they add "A Mind Forever Voyaging" to the test set ... and a model can solve it without the VisiClues clue data.

Royce Williams
@tychotithonus@infosec.exchange

I will absolutely report these as spam, every time.

"But my deliverability numbers will be impacted! Why don't you just unsubscribe?"

Because they are the very definition of unsolicited.

(Bitterness aside, I know that non-profits depend on contributions, and these campaigns work. Maybe a reasonable compromise would be for the initial message to be unsolicited, but one-time and opt-in, instead of forcibly subscribing me to something that will spam me forever, regardless of my interest?)

Screenshot of an email excerpt: Dear Friend, Welcome to [redacted]. You are receiving this email because you've shown interest in similar mission-driven organizations that are fighting to create a
Royce Williams
@tychotithonus@infosec.exchange

Calls to "relax" about the cryptographic threat of quantum computing seem to set aside one important practical fact: that the real-world duty life of some classes of gear is measured in decades (whether by design, org inertia, cost, etc).

PQC work understands how long it can take for equipment in the field to be rotated out. They're effectively trying to make 2055 less of a security s--t show.

The next-best time to plant a security tree is now.

Edit: see my reply here for some risk-tradeoff reasoning.
https://infosec.exchange/@tychotithonus/115016017588683054

Royce Williams
@tychotithonus@infosec.exchange

Wow, I totally forgot about Orkut, Friendster, and Tribe.

What a fascinating transitional era in social media.

Royce Williams
@tychotithonus@infosec.exchange

(This last sentence is brilliant, by the way. Bissell knows he's working in a permanent medium, predicting that any randomly-selected future point in time applies. It's pure genius.)