Richard StephensOct 23, 2025
Security conference talks fall into two categories
* we designed a distributed entropy siphon to perform a black-box hypervisor side channel escape and chain-load a persistent rootkit into the CPU cache
* we looked behind the sofa and found an entire industry of products/services that have made no attempt at security at all and are therefore vulnerable to the most basic issues that we've been finding in everything for the past 30 years, and no-one else had bothered to look.
Show threadDavid Chisnall (*Now with 50% more sarcasm!*)Oct 24, 2025

@richardstephens

At least at academic security conferences, there’s also a load of ‘We designed this complex mitigation for a class of vulnerability in {Android,Linux} but did not look at why this class of vulnerability does not exist in {some other mainstream OS} and compare our complex mitigation against their technique that eliminates the problem by construction’.

Show threadtautologyOct 24, 2025
@david_chisnall @richardstephens and as it's academic they will use overblown academic english everywhere. Why say "use" when you can say "utili[sz]e" and the need to link every sentence together with "however" and "therefore" so that no knows what the hell they're talking about.
Show threadDavid Chisnall (*Now with 50% more sarcasm!*)

@tautology @richardstephens

In some places (my favourite: you can global replace 'in order to' with 'to' and improve readability in almost any paper). But also there's a hard page limit, so before publication someone will have gone through and deleted a load of words to make paragraphs smaller, which also hurts readability.

Oct 24, 2025 at 10:14amWeb
Show threadmortOct 26
@tautology @richardstephens @david_chisnall not that often in my experience. See for example your example.