Royce Williams

@[email protected]
3.5K Followers
3.8K Following
14.9K Posts

Just doing my undue diligence.

ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.

Day job: Enterprise Security Architect for an Alaskan ISP.

Obsessed with security keys:
techsolvency.com/mfa/security-keys

My 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":
youtube.com/watch?v=-uiMQGICeQY&t=20260s

Followed you out of the blue = stole you from someone I respect.

Blocked inadvertently? Ask!

Am I following a dirtbag? Tell me!

Suggestions welcome!

Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning by a display of Alaskan license plates.

Boosts not about security ... usually are.

Banner: 5 rows of security keys in a wall case.

#NonAIContent

#hashcat #Alaska #YubiKeys #LicensePlates

P.S. I hate advance-fee scammers w/heat of 400B suns

❀️:βš›πŸ‘¨β€πŸ‘©β€πŸ‘§πŸ›‘πŸ™ŠπŸŒ»πŸ—½πŸ’»βœπŸŽ₯🍦🌢🍫!

Stuffhttps://www.techsolvency.com/roycewilliams/mastodon
Keybasehttps://keybase.io/royce
GitHubhttps://github.com/roycewilliams
LinkedInhttps://www.linkedin.com/in/roycewilliams
Gravatarhttps://gravatar.com/tychotithonus
Not "dehashed"!https://www.techsolvency.com/passwords/dehashing-reversing-decrypting/
Royce Williams26m ago
My sister in driving, I know that navigating a high-school parking lot right after school gets out can be trying. But as a middle-aged person, flipping off a teenager is never a good look.
Royce Williams22h ago
David Reamer4d ago
As winter lingers so cruelly, I decided to look into the origins of the idiom "cabin fever." It is a more recent term than I expected, with surprising turns including President William Henry Harrison and hard cider. Below is a cabin in 1898 Beaver City. https://www.adn.com/alaska-life/2026/03/22/a-condition-born-of-cold-snow-darkness-and-distance-the-history-of-cabin-fever/
Royce Williams23h ago
David Reamer1d ago
Does anybody know of a good place to get oversized flat items scanned in Anchorage? My usual place has gotten a bit pricey for a humble historian, and I have a Prinz Brau poster begging to be digitized. Also, here's an unrelated 1987 Timberland boots ad featuring Alaska. #alaska
Royce Williams23h ago
Filippo Valsorda1d ago

Last year, my position was that we still had time to design PQ authentication mechanisms.

Now, based on the pace of progress and on statements like Google's, I believe:

1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system

https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/

Quantum frontiers may be closer than they appear

An overview of how Google is accelerating its timeline for post-quantum cryptography migration.

Google
Royce Williams23h ago
Sam Bent1d ago

> builds a GRUB replacement in 2016
> spends 5 years breaking GRUB piece by piece
> strips LUKS encryption from /boot "for security"
> proposes to remove: btrfs, xfs, zfs
> keeps SquashFS, two CVEs, one rated 7.8 HIGH
> controls the signing keys for all of it
> Canonical promoted him.

https://www.sambent.com/canonicals-grub-saboteur-has-a-10-year-plan

Royce Williams23h ago
evacide1d ago

If you are traveling to or through Hong Kong, here is a new thing to consider when you are deciding whether or not to take your devices with you and how you should set them up.

https://hk.usconsulate.gov/security-alert-2026032601/

Royce Williams1d ago

That Ubuntu "let's make GRUB more secure by forcing a ton of use cases onto an unsecure path" is some specious BS.

https://www.phoronix.com/news/Ubuntu-26.10-Lighter-GRUB

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

Ubuntu developers at Canonical are looking to strip the signed GRUB bootloader features to the bare minimum for the Ubuntu 26.10 release later this year

Royce Williams1d ago
'Enumclaw' hits different now -- seems like it should be a tool for discovering AI agents.
Royce Williams1d ago
Matt Weagle1d ago
Nail guns : home building :: Agents : system design
Royce Williams1d ago
Eric Schultz6d ago

RE: https://social.treehouse.systems/@wwahammy/116264430375745593

I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:

* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.

How does all of this happen?