Whose CVE Is It Anyway?
The latest vulnerability causing headaches across the world is CVE-2023-4863, issued by Google Chrome and described as “Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. This same CVE is cited by a number of other vendors as they are impacted as well. But, is this really a Google Chrome vulnerability?
Read more…AI: Art Without Expression?
Generative AI1 is changing the world, and is doing so faster than most of us could realise. While I don’t share the fear that it’ll destroy humanity (something we’re doing quite well at, without help), I do see that it’s having an impact on how we work, how we interact, and will have a growing impact on what jobs survive into the next generation. Just as switchboard operators, pin setters, and lift operators are all essentially extinct today, advances in technology will steadily eliminate some jobs, while creating new ones.
Read more…Twitter Becomes a Walled Garden
Today is a red letter day in the history of Twitter, though not in a good way. Twitter has a long reputation of free speech, providing a platform for all that wanted it, easily connecting to the powerful, building communities, and organising against tyranny. This didn’t come without controversy of course; in the effort to keep the platform safe, more and more moderation was implemented - sometimes the got it right, sometimes they got it wrong.
Read more…On Art, Heritage, Nazis, & 3D Scanners
or: How an 18th century painter saved Warsaw from the Nazis, and how 3D scanners may save Ukraine While researching applications that use the iPhone’s LiDAR scanner or perform more pure photogrammetry, I came across an effort by Polycam - likely the largest player in this space - to help protect the heritage of Ukraine and its people: Backup Ukraine. This is an effort to recruit people in Ukraine to leverage Polycam (provided a no cost as part of this program), to create detailed scans of artwork, buildings, and other items of cultural significance.
Read more…Logseq: My External Brain
Over the years I’ve used most of the major note taking tools around, I’ve been a paying customer of Evernote for over a decade, I’ve used Standard Notes, Good Notes, pen & paper, and a bunch of others I can’t recall now. They were never quite right for my needs — some were close, but none were what I was after. One of the major challenges was that I didn’t know what I needed, and it’s hard to find something when you don’t know what you’re looking for.
Read more…On Productivity
Productivity and efficiency have been passions of mine from a young age, I’m not sure why, but achieving as much as possible, as quickly and efficiently as possible has always driven much of my thoughts, actions, and plans. I was around 10 years old when I learned that there were people that specialised in worker productivity, which led me to researching process design, why restaurants are setup the way they are, the psychology of work and motivation, and a variety of other related topics.
Read more…Death, Cancer, and Missed Chances
In early December, about a month ago, I had the to perform one of the hardest tasks I’ve ever faced as a leader, letting my team know that a colleague had passed away. She was a friend to us all, and the glue that held the team together; telling them that she was gone was, without question, the hardest thing I’ve had to do in a work setting. What made this so hard was not just what I was telling them, but my own feelings for her as a friend, and the opportunity I had missed.
Read more…Trojan Source and Why It Matters
Yesterday the news hit of a new vulnerability that threatens the security of all code; dubbed Trojan Source by the researchers from the University of Cambridge. From an initial analysis, it does seem to impact just about everything, and the status of fixes is very hit or miss at this point. But the real question is, does this even matter? Is this issue worth spending your time on? Let’s look closer.
Read more…Insane Ideas: NFT the Stars
This is part of the Insane Ideas series. A group of blog posts that detail ideas, possible projects, or concepts that may be of interest. These are ideas that I don’t plan to pursue, and are thus available to any and all that would like to do something with them. I hope you find some inspiration – or at least some amusement in this. NFTs are drawing in vast amounts of money; the cryptocurrency community couldn’t be more excited unless Elon sold himself as an NFT.
Read more…Generating Content Stats for Hugo
Producing useful insight into your content
I recently became curious just how much time I had spent working on content for this site, which led me to an idea: it would be great to have a page that listed some useful data about the content, and how much effort was put into it. I had some hope that I could pull some of this directly out of Hugo, though unfortunately it didn’t expose the information I wanted (and certainly not in an efficient way).
Read more…
About Me
Security Architect at 1Password. Security researcher, engineer and software developer with more than 20 years of experience.
Work: I primarily focus on application security, usable security, secure communications, and cryptography. I build and lead strong and dynamic teams, who cover all facets of security and privacy.
Writing: I write about my research, security in general, development and software design, and leadership through my blog, essays, and various publications. I also engage in some creating writing when I can.
Photography: I am a purist fine art photographer, working primarily in black & white, and focused on sharing new perspectives of the world. Limited edition prints of my work are available on my online gallery. I also have a background in photojournalism, and volunteer in this field when I can.