I pointed Claude Fable at a major update of one of our crypto libs over night. It more than quadrupled encrypt performance and found an obscure encrypt-side timing security flaw that exists in our scheme as well as all of the current published ORE schemes in the literature. Mind blown. ...and now Fable has been disabled.

I love this! Great move from the @prisma team

Field-level encryption in JavaScript without shooting yourself in the foot 👀 cipherstash.com/blog/orm-fie…

I've been a big Prisma fan for years. Prisma Next looks like a genuine step up. And to have @cipherstash directly integrated is *Next* level.

In the long run I think software gets more secure out of necessity, but the in between is a scary time period where everyone is just CONSTANTLY getting hacked

I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. 😵‍💫 There's obviously more technical detail to uncover, but you'll get a general understanding of the complexity and the stealthy mechanisms used to remain undetected. 🧐 Thanks to @AndresFreundTec for his insight into this and a shoutout to these researchers if you want to learn more about the backdoor 🙏👇 - gist.github.com/smx-smx/a611… by SMX - bsky.app/profile/filippo.aby… by @FiloSottile - github.com/amlweems/xzbot by @amlweems - github.com/karcherm/xz-malwa… by Karchem - research.swtch.com/xz-script by Russ Cox - github.com/0xlane/xz-cve-202… by 0xlane And of course, all the others previously mentioned and those who contributed to the analysis. #xz #infosec

In the wake of FTX, SVB, Medibank and Optus data hacks, how do we move forward? Join @RaajRayat (Investment Manager, AirTree) as he discusses best practice for treasury management and cyber security with a panel of experts from the AirTree family 🌳 🎟️: intersektfestival.com/regist…

Trying to do some tricky stuff in SQL server so I asked ChatGPT. It recommended that I use PostgreSQL. Can't say I disagree!

Gold.

Apparently I'm moving back to Sydney (finally). And officially house hunting Since this has worked insanely well before, Twitter friends, if you know of anyone looking for a roomie please let your girl know!

Ugh. Sick. Whyyyyyyy

This is weird to say out loud, but I actually am kinda an expert in rate limiting, so I'm gonna explain some stuff. About half of incidents in large-scale production systems involve having more requests than you can serve. There are two categories of this kind of incident:

9x out of 10, CopilotX is bang-on! The other time I'm like wuuuut. So basically the same as the typical engineer 🤣