Mark Eldridge

@[email protected]
15 Followers
100 Following
117 Posts
Websitehttps://markeldo.com
GitHubhttps://github.com/meldridge
Mark EldridgeFeb 28
Dan GoodinFeb 27

Google has devised a means for securing HTTPS certificates against quantum computing attacks without massive performance hits stemming from the considerably longer size of data required to be included.

Is anyone following this work?

https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html

Cultivating a robust and efficient quantum-safe HTTPS

Posted by Chrome Secure Web and Networking Team Today we're announcing a new program in Chrome to make HTTPS certificates secure against ...

Google Online Security Blog
Mark EldridgeNov 22
Tom ForsythNov 21
Recent discussion about the perils of doors in gamedev reminded me of a bug caused by a door in a game you may have heard of called "Half Life 2". Are you sitting comfortably? Then I shall begin.
Mark EldridgeJul 26, 2025
Show threadDan GoodinJul 24, 2025

My story from Monday is here:

https://arstechnica.com/security/2025/07/no-phishers-are-not-bypassing-fido-mfa-at-least-not-yet-heres-why/

In short, the attack as originally described simply would not work against a FIDO2-compliant authentication system. Whatever system the researchers analyzed used a non-FIDO2 fallback in the event the user was unable to provide FIDO2-MFA. Calling this a bypass is like saying a door lock is insecure because an intruder could enter through a window. Lots of publications continue even now to say this was a bypass. It wasn't.

Phishers have found a way to downgrade—not bypass—FIDO MFA

Contrary to recent reports, phishing sleight-of-hand doesn’t defeat FIDO.

Ars Technica
Mark EldridgeOct 23, 2024
BrianKrebsOct 23, 2024

I thought I understood the extent to which the broad availability of mobile location data has exacerbated countless privacy and security challenges. That is, until I was invited along with four other publications to be a virtual observer in a 2-week test run of Babel Street, a service that lets users draw a digital polygon around nearly any location on a map of the world, and view a time-lapse history of the mobile devices seen coming in and out of the area.

The issue isn't that there's some dodgy company offering this as a poorly-vetted service: It's that *anyone* willing to spend a little money can now build this capability themselves.

I'll be updating this story with links to reporting from other publications also invited, including 404 Media, Haaretz, NOTUS, and The New York Times. All of these stories will make clear that mobile location data is set to massively complicate several hot-button issues, from the tracking of suspected illegal immigrants or women seeking abortions, to harassing public servants who are already in the crosshairs over baseless conspiracy theories and increasingly hostile political rhetoric against government employees.

https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

The Global Surveillance Free-for-All in Mobile Ad Data – Krebs on Security

Mark EldridgeOct 16, 2024
Show threadtefOct 16, 2024

even before you open up the book labelled "the guy has really skeevy opinions and doesn't know how to keep his mouth shut"

or the large overflowing binder of "people who have left free software because of his behaviour"

there's a quick summary note that says "other free software organizations have broken ties with the fsf because of him"

for someone who kicked up a fuss over sudo it is kinda tragic they're clawing onto power over others despite the consequences

Mark EldridgeOct 16, 2024
Show threadtefOct 15, 2024

"what's his job" promoting free software and providing a real alternative to proprietary systems

"how's that working out" gcc kept getting forked to stop him sabotaging the project, eventually forcing clang to exist.

"oh" immediately after he stepped down, emacs replaced the default config with something useful over his crufty defaults

"i guess" other people have successfully written microkernels several times over, their secret was not reporting to rms. he is the reason hurd does not work

Mark EldridgeOct 16, 2024
tefOct 15, 2024

to be clear, stallman has repeatedly shown that he's not a capable steward of software projects (everything that happened to hurd and gcc), and even less capable as a leader of an organization

even before you get into his toenail eating: he is very bad at his job

if free software is to mean more than a cult of personality, he should be replaced at the fsf, no question

i do not think he is capable or responsible enough to perform the job he gave himself

Mark EldridgeOct 11, 2024
mx alex tax1a - 2020 (6)Nov 1, 2023
sure sex is great but have you ever used AWS breakglass admin access at a megacorp with otherwise very strict access controls? fuckin feels like the irl equivalent of picking up the Quad Damage in Quake
Mark EldridgeOct 3, 2024
K. Reid Wightman  🌻  Oct 3, 2024
#directorytraversalmemes
Mark EldridgeOct 2, 2024
Babak Farrokhi Sep 30, 2024

SSH Secret Console:
https://grahamhelton.com/blog/ssh-cheatsheet/#ssh-console-

You are welcome.

An Excruciatingly Detailed Guide To SSH (But Only The Things I Actually Find Useful) · Graham Helton

Welcome We’ve all seen these great diagrams of how SSH port forwarding works but if your brain is anything like mine, these diagrams leave you with a lot of unanswered questions. If you’re on a red team, understanding how to traverse a network better than the people who designed it gives you immense power to do evil things. SSH is such a powerful tool but sometimes the syntax and other concepts can get in the way of us accomplishing our goals.

Graham Helton