"Hätten wir den Authentifizierungscode doch nur nicht von der KI schreiben lassen…!"

"Jo, hätte hätte Markov-Kette…"

Wir haben heute über die neuen Open-Source-fähigen EVB-IT - die Vertragsvorlagen für die öffentliche Softwarebeschaffung - diskutiert:

Kollege: "...also wenn jetzt z.B. ein Anbieter mit so einer verrückten Lizenz wie der WTFPL ankommt, in der keine Lizenzbedingungen enthalten sind, wird die Behörde das sicher nicht zulassen."

Ich: "Lass mich nachschauen...ob Du es glaubst oder nicht, die 'Do What The F*uck You Want To Public License' ist in der offiziellen Lizenzliste des Bundes enthalten"

Wie Deutschland auf die Ölkrise 1973 reagierte:

- Tempolimit 100 auf Autobahnen
- Tempo 80 auf Landstraßen
- 4 autofreie Sonntage
- Rationierung von Sprit an Tankstellen

Wie Deutschland auf die Ölkrise 2026 reagiert:

- Verschiebt das Verbrenner-Aus
- Neue Ölheizungen weiter erlaubt
- Würgt Ausbau der Erneuerbaren ab
- Leert seine Ölspeicher

Was ist seitdem nur geschehen?

If you follow me, you know Lilu by now.

Lilu is one of the friendliest, cuddliest, dorkiest cats I have ever known. She is not among the smartest.

Last night Lilu spent more than an hour walking through the flat making licking and spitting noises. I grew quite concerned, but she still ate happily, and when it was bedtime she had stopped.

This morning I saw that SOMEBODY had been chewing on my chili plants.

#catsofmastodon #caturday

RE: https://infosec.exchange/@david_chisnall/116160637051672728

the question you should be asking yourself is not “what's the best way to verify the age of every single computer user on earth”

but rather “why the fuck are we trying to verify the age of every single computer user on earth????”

and the answer to that is: fascism
stop. complying.

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

The media is such a wiener for Elon Musk.

The dude will say baseless nonsense like "in ten years every one will have telekinesis" and it'll be a headline with no skepticism.

Besides being an actual Nazi, he also has been wrong about everything for a decade. We aren't on mars, the hyperloop is a single-lane tunnel in one city, AI is still broken, and DOGE somehow added cost while reducing services.

He's an idiot. Stop quoting him like anything he says is meaningful.