Several people I respect recently made similar observations to the effect that there is the security community, and then there's the security industry, which are frequently two VERY different things with somewhat misaligned goals and incentives. Seems like there's a lot of truth to explore there.

From my various provocations on LinkedIn the past six months, it's become clear the latter is largely content to sit quietly or even cheer as this administration makes a public mockery of everything their industry claims to stand for. I suspect this may have something to do with tons of security firms suddenly recasting themselves as AI-focused companies.

Am I way off base or too idealistic or simplistic here, or just jaded? I've been trying to identify the real source of my malaise over attending security industry events over the past few months, and I think this dynamic is a big part of it.

Ubuntu is now allowing users to disable security mitigations Intel has baked into its GPU components. People are claiming the setting provides up to a 20% boost in performance. I'm still trying to understand more about the mitigations, but they appear to involve defending against Spectre-based attacks. Is this wise? On the one hand, I'm not aware of a single Spectre-based attack in the wild. On the other hand, you're leaving yourself potentially exposed. Thoughts

https://www.phoronix.com/news/Disable-Intel-Gfx-Security-20p

Company-wide emails in the hardware security lab:

• I am once again reminding you that just because you can pick a lock doesn’t mean you may
• we definitely own like 17 logic analyzers and yet they’re all missing
• urgent: who is 3D printing all these ominous skulls?
• using million dollar prototype circuit boards as a frisbee does not count as “stress testing”