I'm leaving #Google: https://www.mayrhofer.eu.org/post/leaving-google/

While I believe that I have been able to do some good with my continuing (part-time) engagement in the Android security and privacy team since returning to Austria a couple of years ago, the deal with the US #DoW is completely misaligned with my personal ethical principles. I will, therefore, no longer be able to act as a contact point to Google-internal teams and discussions, but will continue our research on private digital identity, end-to-end secure communication and storage, network privacy, (embedded/mobile) operating system security, supply chain transparency, etc. from a purely academic point of view. Android - and in particular AOSP - will remain a research interest, so please feel free to reach out on any of those topics for potential collaborations or discussions on the academic side.

During #39c3 Nadia Heninger introduced me to Keegan Ryan, and we talked about things that could go wrong in RSA, and how to detect keys with suspicious patterns created by defect RNGs. At some point, Keegan said: "You could check the Hamming Weight of the Modulus." And I replied: "I don't know what that means."
But it's actually quite simple. The Hamming Weight is the ratio of symbols, if we look at bits, how many 0s vs 1s are there. For a "proper", randomly generated RSA key, the ratio should be close to 0.5. If it's significantly different from that, it's likely not randomly generated.
We ended up finding some keys with repeating zero-byte patterns.It is possible to represent those as polynomials. Unlike integer numbers, polynomials can be factored efficiently, which means these keys can be broken.

We found SSH host keys that we could trace back to a software called CompleteFTP (which, furthermore, had another RSA vulnerability in its Linux version and also generated vulnerable DSA keys - all fixed in the latest version of CompleteFTP, but keys need to be regenerated). We furthermore identified another class of vulnerable keys (with a different width of zero byte patterns) in TLS certs (both self-signed and WebPKI-signed, but all expired, so no revocations), most of them from Verizon+Yahoo, but we were unable to identify the vulnerable RSA implementation.

If you're interested in the details of the attack, check Keegan's blog post:
https://blog.trailofbits.com/2026/06/12/factoring-short-sleeve-rsa-keys-with-polynomials/

The latest badkeys version 0.0.18 detects all affected vulnerable keys.

Palantir has lost a legal bid to force a Swiss magazine to publish its responses to articles detailing how the country’s government repeatedly rejected its services, in a case that has renewed scrutiny of its technology.

In a ruling on Friday, Zurich’s commercial court dismissed 22 of 23 counterstatement requests filed by the US data analytics company and its Swiss subsidiary, finding that only a single passage in one article warranted a published response from the company, which is chaired by Peter Thiel, a co-founder.

The dispute stemmed from two Republik articles that reported how government agencies had declined to adopt the company’s software, and raised concerns about issues including data sovereignty and legal compliance.

The reports, published in December and based mainly on freedom of information requests, examined Palantir’s years-long attempts to secure business with Swiss federal authorities.

The lawsuit has had a “Streisand effect”, drawing wider attention to Republik’s reporting and the Swiss government documents detailing repeated official concerns about adopting Palantir’s technology.

https://www.ft.com/content/7ffcace7-9dc0-4e7e-9912-895ac073f979?syn-25a6b1a6=1

Très intéressant le sujet de physique II du concours des Mines en PSI cette année.
Ça parle en détails de moteurs électrostatiques, électromagnétiques, et ça termine par une grosse partie d'analyse dimensionnelle (rare et original je trouve) pour montrer que les lois d'échelle ne sont pas les mêmes dans les deux cas.

Plus on réduit la taille d'un moteur électromagnétique plus sa puissance volumique diminue, mais plus on réduit la taille d'un moteur électrostatique plus sa puissance volumique augmente. C'est pour ça que les gros moteurs sont électromagnétiques et les tout petits sont électrostatiques.

Le sujet si ça intéresse des gens ici : https://concoursminesponts.fr/wp-content/uploads/2026/05/Physique_PSI_2_2026.pdf

#Mines #Physique #prépa #CPGE

So my systems recently updated to rsync 3.4.3, and as soon as that happened my backup system - which does incremental backups using multiple --compare-dest= arguments - started to fail on anything but a full backup.

Revert to 3.4.1 and it works.

So I go look at the source in GitHub to see what might have changed, because there doesn't seem to be anything relevant in the changelog.

Since 3.4.1, 36 commits by "tridge and claude"

Oh for fuck's sakes.

Jira IS Turing-complete.

https://seriot.ch/computation/jira.html

The proof the folklore was missing.

I've been making a linguistics puzzle game where you decipher a language (which happens to be German) using shared etymology, shared cultural knowledge and pattern matching.

It's called German Is A̶w̶f̶u̶l̶ Easy and the first five levels are up! No German knowledge necessary, and feedback is very welcome.

https://michellefullwood.com/languages/german/is-easy/

#etymology #linguistics #puzzles #LearnGerman

i made a new game called js crossword where you have to solve it by literally writing javascript code that eval()'s into the correct values!

check it out if you're into ctfs or wanna challenge your javascript skills

https://lyra.horse/fun/jscrossword/ <3

Public Money - Public Code

La communauté enseignante de la Forge avait besoin d'une police de caractères cursive libre et conforme aux programmes scolaires.

Et c'est ainsi qu'est née "Marelle", financée par la DNE dans le cadre de son soutien au développement des communs numériques éducatifs.

- présentée sur Eduscol
https://eduscol.education.gouv.fr/6690/marelle-une-police-cursive-libre
- à tester et télécharger sur ce site
https://marelle.forge.apps.education.fr/

Utile et utilisable par nos profs mais aussi par tout le monde puisque sous licence libre.