Am I the only one a bit surprised a Turing Award has been awarded for Quantum Key Distribution of all the things?

It seems to distinct from recent awards in terms of both practical and even theoretical impact. Result of a quantum threat FUD?

https://edition.cnn.com/2026/03/18/science/quantum-key-cryptography-turing-award-winners

Hybrid key exchange (DH+ML-KEM) in TLS 1.3 has been approved today.

https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/

The work presented by @arunninghacker at #CyCon should be an overdue wake-up call to Western tech companies:
russian military apps are actively leveraging Western cloud infrastructure, open-source maps, and Android's sideloading model to support battlefield operations against #ukraine

Without proactive countermeasures, the tech giants of the free world become passive accomplices of the aggressor.

Here's what companies can do to stop enabling aggressor's warfare by negligence:
⦿ Monitor cloud usage for signs of military activity
⦿ Enforce geofencing & API restrictions on russian actors
⦿ Scrutinize app ecosystem and flag military-grade tools
⦿ Rethink tech neutrality in times of war

Complicity through inaction is not neutral.

https://www.rusi.org/explore-our-research/publications/commentary/russias-military-apps-use-wests-open-infrastructure

Research at Stanford developed Cybench: A Framework for Evaluating Cybersecurity Capabilities and Risks of Language Models.
https://crfm.stanford.edu/2024/08/19/cybench.html

The work has also been presented at this year's Stanford Computer Forum: https://forum.stanford.edu/events/2025-annual-affiliates-meeting/day-1-security-workshop

This Okta vulnerability is a great demonstration that engineers should stop using cryptographic primitives as magic boxes and start looking into actual properties and parameters of the algorithm they use: https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass

Bcrypt Wikipedia article mentions the input limit of 72 bytes. Which, of course, is not a great design by modern standards, but the reason Okta turned this limitation into a vulnerability is due to misuse of a password-based key derivation function.

The name suggests that you should only feed the password to the function. Instead, Okta passed concatenation of userId + username + password.

And to make things worse, the fix that Okta chose is a step in the wrong direction: instead of fixing inputs they moved from bcrypt to PBKDF2. Which provides weaker protection of low-entropy password source than more modern functions like Argon2 (and even bcrypt itself).

It's rather disappointing to see such incompetence from a security vendor. Out of all the companies, Okta should know how to avoid mistakes when hashing passwords.

Know your cryptography. Or hire professionals.

Engineers should be concerned about "AI", but not for the reason most think.

Machine learning and LLMs got to the point where they can either accurately describe a well-known concept, or make up complete, utter nonsense on topics that are not as widely covered on the Internet.

As the result, AI assistants act as a productivity boost for knowledgeable enough engineers who are already beyond the Danning-Kruger barrier and just need faster access to certain technical details.

But at the same time, they may completely derail and confuse novice engineers who cannot yet spot cases where LLMs hallucinate.

Consequently, LLMs provoke gap increase between top talent and novice engineers. Use it with caution.

Things aren't bad when teams performance in your engineering org is not where you'd like it to be.

Things are bad when engineering is more concerned with making their metrics *look* good by managing targets than doing actual work.

The case of pathetic behavior by @symfony maintainers surfaces larger problem with complete ignorance and loss of moral compass in the western society. Just listen to their argument for removing #StandWithUkraine banner from their website:

”There is other wars and conflicts in the world, it's not fair to only have this for Ukraine (why not for Palestine?)“

So this means that they added this tag in the first place not to show solidarity with Ukraine and not to support people who suffered from unprovoked military aggression. They did it because it was a trendy victim at the time. So these people have zero understanding of what is right and what is wrong, the only thing they care for – is to side with whoever is commonly accepted by the rest of the society as victim, for the sole purpose of virtue signalling.

They are also so lost and incapable of critical thinking and judgement, that they can't see a difference between people who did nothing to russia and posed no threat to it whatsoever, and terrorists who crossed a border with another country and killed over 1000 of its civillians, raping women, killing children, and taking hostages.

Професор Марк Стадтерр описує кровопролитну історію яка показує, чому важливо мати фундаментальні знання свого фаху і все тестувати. Американська ракетна батарея "Патріот" не змогла ефективно перехоплювати ракети під час війни в Перській затоці через неправильну арифметику з рухомою комою, внаслідок якої накопичувалася похибка під час відстеження цілі.

Тішить, що ця проблема була виправлена до застосування Patriot в Україні. Проте це чергова демонстрація, що конструювання складних систем – завжди непроста задача, хоч для української, хоч для американської військової промисловості.