At last some coverage of the major cyber attack at British Library & the impact this has had on researchers. It is a critical piece of national infrastructure. Worrying if they will have to spend 40% of their reserves on rebuilding their digital services on.ft.com/48FCP4T

MacOS hardened runtime… a good example of secure by design.

Things certainly have changed.

General aviation traffic tracking #Eclipse2024 , beginning at 08:00 EDT this morning. Convergence of most flights in the path of totality happens at 19:00 UTC.

FOMO as I’m double booked over #GoogleCloudNext this year. Always love seeing Vegas decked out in primary colors, but more sad to miss the great content and connections. If you’re there, be sure to check out all the great stuff launching & hydrate, hydrate, hydrate.

Thanks to AI Cyber Challenge collaborators such as Google, competing teams will have access to state-of-the-art large language models and resources that uniquely support their development process. youtube.com/watch?v=JawYn4…

A lot of folks responding to some earlier tweets of mine called upon my employer to help the open source community. We have a long history of doing so, including for the xz project. Abhishek, who leads those efforts, has a nice thread. 👀

The longer it takes to write a book/paper/article, the more you’ll hate it by the end. Is there a name for this phenomenon?

NEW: Polish Government has begun notifying #Pegasus spyware targets.

Remarkable to see the accountability from the new gov.

Unthinkable back in 2021 when we Citizen Lab began confirming abuses in #Poland
tvpworld.com/76811115/polan…

I’m looking forward to Device Bound Session Cookies which would have a meaningful impact on the online security of billions of people. blog.chromium.org/2024/04/fighti…

2-party controls for trains. 🚂

I spent a few years at Google and the OSSF literally trying to give money to OSS maintainers, and I can confidently say funding won't fix these problems.

We had more money than we could possibly give away. This is not a funding problem, sorry. These takes are wrong and…

I hate it when Dino A. Dai Zovi ‘s right.

We just interviewed Andres Freund (Tech) about his xz backdoor discovery... thanks to him for finding the time!

Unpopular opinion: If your hobby is now responsible for running the modern world, it’s no longer just a hobby.

Don't be [email protected]

Lots of analysis of the xz/liblzma vulnerability. Most skip over the first step of the attack:

0. The original maintainer burns out, and only the attacker offers to help (so the attacker inherits the trust of the project built by the maintainer).

Read their words👇🏻 1/

A classic example of this problem is dnsmasq, which is present on millions of devices. It’s a project maintained by one very kind volunteer. 1 person.