Royce Williams

@tychotithonus@infosec.exchange
3.1K Followers
3.7K Following
11.1K Posts

Just doing my undue diligence.

ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.

Day job: Enterprise Security Architect for an Alaskan ISP.

Obsessed with security keys:
techsolvency.com/mfa/security-keys

My 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":
youtube.com/watch?v=-uiMQGICeQY&t=20260s

Followed you out of the blue = probably stole you from follows of someone I respect.

Blocked inadvertently? Ask!

Am I following a dirtbag? Tell me!

Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning in front of a display of Alaskan license plates.

Boosts not about security ... usually are.

Banner: 5 rows of security keys in a wall case.

#NonAIContent

#hashcat #Alaska #YubiKeys #LicensePlates

P.S. I hate advance-fee scammers with the heat of 400B suns

❤️:⚛👨‍👩‍👧🛡🙊🌻🗽💻✏🎥🍦🌶🍫!

Stuffhttps://www.techsolvency.com/roycewilliams/mastodon
Keybasehttps://keybase.io/royce
GitHubhttps://github.com/roycewilliams
LinkedInhttps://www.linkedin.com/in/roycewilliams
Gravatarhttps://gravatar.com/tychotithonus
Not "dehashed"!https://www.techsolvency.com/passwords/dehashing-reversing-decrypting/
Royce Williams16h ago
Bela Lugosi's Head17h ago

I need to be very clear, that the push towards "vibe coding" - that is, deliberately deskilling people - is because AI code assistants are an (increasingly expensive) subscription service.

If you know how to code, you can just write Python, C, Java, R, PHP, whatever for free and make things. You may not own the tools of production, but at least you're not renting them.

If you have been deskilled so you only know how to vibe code, you will be paying for that privilege forever.

This also goes, by the way, for researchers who are starting to be convinced they don't need to learn how to be scientists anymore, because "the AI" can just do the science for them. Nope.

Royce Williams22h ago
lenazun22h ago
i don’t need the phone i can doomscroll through my brain
Royce Williams1d ago

Tired: "The Hottie and the Nottie" was a Paris Hilton commercial

Wired: "The Hottie and the Nottie" was a Rogaine commercial

Royce Williams1d ago
Cool wall art at the Anchorage DMV, made from actual license plates (well, technically two of them ('98' and '?ERBER') are souvenir plates, because personalized plates were not available on the centennial base. But even those are real base sheeting, made by the same manufacturer as the real issued plates at the time)
Royce Williams1d ago
Don Marti1d ago
Another FBI warning to "Use an ad blocking extension when performing internet searches" is up. (Personally I think it should be "Winners don't search ads" but I don't know how many people would get it) https://blog.zgp.org/winners-don-t-click-search-ads/
Winners don’t click search ads

Royce Williams1d ago
dm1d ago
It’s sort of amazing that a political party which, for decades, opposed digitizing gun ownership records for fear of enabling tyranny is apparently totally fine with the idea of deporting anyone at all to a third world prison just because the feds claim they’re a noncitizen.
Royce Williams1d ago

I always feel like it's my birthday when I'm on a project call, and Legal and Security are asking for the same things.

Sometimes I don't even have to unmute. It's a true joy.

Royce Williams1d ago
Taggart 1d ago

A phrase I've been repeating a lot on vendor calls, regarding prevention vs. detection:

I want to win; I don't just want to know why we lost.

Royce Williams1d ago

I'm a big fan of driver autonomy in the self-driving car context ...

... but "prevent cars from speeding in my kid's school zone" is a concept that I wouldn't kick out of bed for eating crackers.

Royce Williams1d ago
Zack Whittaker2d ago

Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan public servants and the normalization of loyalty oaths."

"If we — who aim to protect critical systems — can’t defend the humans who manage and maintain them, what exactly are we securing?"

Full read: https://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae

What Are We Really Securing?

In a few days, tens of thousands of cybersecurity professionals will descend on San Francisco for RSA, the world’s largest cybersecurity conference. We’ll talk about threats and vulnerabilities and, inevitably, about the promise of agentic AI.