Bob Lord
@boblord.bsky.social
Cautiously pessimistic, esp. about cyber things.
The owls are not what they seem.
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼♀️ 👍🏻
Also: 🔐🔑🔒
The owls are not what they seem.
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼♀️ 👍🏻
Also: 🔐🔑🔒
Pinned
Bob Lord
@boblord.bsky.social
· Dec 20
The Quiet HTTPS Revolution
In a recent post, I explained that the websites I visit on my Chromebook are almost all delivered over HTTPS. Better still, 100% of the…
medium.com
Reporters, this is a story worth covering. It might not be as glamorous as high-profile hacks, and it might not attract as many clicks, but it’s important. The quiet adoption of HTTPS has improved online security for billions of people, and it deserves attention.
medium.com/@boblord/the...
medium.com/@boblord/the...
If you have not seen it yet, @alilleybrinker.com posted a fantastic and thoughtful article on memory safety. 🔐
queue.acm.org/detail.cfm?i...
queue.acm.org/detail.cfm?i...
Memory Safety for Skeptics - ACM Queue
queue.acm.org
November 10, 2025 at 9:37 PM
If you have not seen it yet, @alilleybrinker.com posted a fantastic and thoughtful article on memory safety. 🔐
queue.acm.org/detail.cfm?i...
queue.acm.org/detail.cfm?i...
Reposted by Bob Lord
Sometimes when people ask me why I’m wearing a mask I say I’m traveling or have some important thing soon and can’t afford to get sick and miss it and that’s pretty much always true but I think it would be nice if it were more normalized to just say “I don’t want to get sick” and leave it at that
November 8, 2025 at 4:49 PM
Sometimes when people ask me why I’m wearing a mask I say I’m traveling or have some important thing soon and can’t afford to get sick and miss it and that’s pretty much always true but I think it would be nice if it were more normalized to just say “I don’t want to get sick” and leave it at that
Happy Memory Safety Day to all who observe. 🔐
Secure by Design software: It’s time to stop patching and start preventing. One year left before "Smashing the Stack" turns 30—let’s make it count! 🔐💪🛡️🗓️
medium.com/@boblord/29-...
medium.com/@boblord/29-...
29 Years Since “Smashing the Stack”: Time to Smash Memory Unsafety Itself
This coming Saturday marks the 29th anniversary of Aleph One’s seminal Phrack Magazine article, “Smashing the Stack for Fun and Profit.”…
medium.com
November 8, 2025 at 4:09 PM
Happy Memory Safety Day to all who observe. 🔐
Secure by Design software: It’s time to stop patching and start preventing. One year left before "Smashing the Stack" turns 30—let’s make it count! 🔐💪🛡️🗓️
medium.com/@boblord/29-...
medium.com/@boblord/29-...
29 Years Since “Smashing the Stack”: Time to Smash Memory Unsafety Itself
This coming Saturday marks the 29th anniversary of Aleph One’s seminal Phrack Magazine article, “Smashing the Stack for Fun and Profit.”…
medium.com
November 6, 2025 at 7:36 PM
Secure by Design software: It’s time to stop patching and start preventing. One year left before "Smashing the Stack" turns 30—let’s make it count! 🔐💪🛡️🗓️
medium.com/@boblord/29-...
medium.com/@boblord/29-...
Reposted by Bob Lord
November 3, 2025 at 10:08 PM
📣📣📣 It has come to my attention that Department Store Christmas is back on SOMA FM! 🎁☃️🎅🎄❄️
somafm.com/deptstore/
somafm.com/deptstore/
Department Store Christmas (Special) from SomaFM
Holiday Elevator Music from a more innocent time.
somafm.com
October 20, 2025 at 2:13 PM
📣📣📣 It has come to my attention that Department Store Christmas is back on SOMA FM! 🎁☃️🎅🎄❄️
somafm.com/deptstore/
somafm.com/deptstore/
Reposted by Bob Lord
In a world with increasing nuclear dyads, can emerging technologies make us safer? On 10/23, IST will host author & international security expert @nktpnd.bsky.social in Palo Alto to discuss his book on the new nuclear age & the changing landscape of nuclear security.
🌐 Register to attend:
🌐 Register to attend:
Book Talk | The New Nuclear Age: At the Precipice of Armageddon
In a world with increasing nuclear dyads, can emerging technologies make us safer – or are we opening Pandora's Box? Join IST in Palo Alto, CA or virtually for a book talk with Ankit Panda.
securityandtechnology.org
October 6, 2025 at 7:12 PM
In a world with increasing nuclear dyads, can emerging technologies make us safer? On 10/23, IST will host author & international security expert @nktpnd.bsky.social in Palo Alto to discuss his book on the new nuclear age & the changing landscape of nuclear security.
🌐 Register to attend:
🌐 Register to attend:
You can't improve what you don't measure. A world in which software is secure by design requires tools to measure progress. In this paper, we present some ideas to evolve the CVE program to meet current and emerging needs. 📜 🔐
securityandtechnology.org/virtual-libr...
securityandtechnology.org/virtual-libr...
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerabi...
securityandtechnology.org
October 8, 2025 at 5:34 PM
You can't improve what you don't measure. A world in which software is secure by design requires tools to measure progress. In this paper, we present some ideas to evolve the CVE program to meet current and emerging needs. 📜 🔐
securityandtechnology.org/virtual-libr...
securityandtechnology.org/virtual-libr...
I'm writing this post while connected to the airport wi-fi. Is that OK? Am I in danger? 🤔🔒
September 19, 2025 at 8:05 PM
I'm writing this post while connected to the airport wi-fi. Is that OK? Am I in danger? 🤔🔒
Reposted by Bob Lord
“Official statistics are a public good…Over the long run, there’s no replacement for the government. No private-sector company has the incentive to produce trustworthy official statistics that are available to everybody at no cost.”
www.nytimes.com/2025/08/08/b...
www.nytimes.com/2025/08/08/b...
What if You Can’t Believe the Official Numbers?
www.nytimes.com
August 10, 2025 at 2:13 PM
“Official statistics are a public good…Over the long run, there’s no replacement for the government. No private-sector company has the incentive to produce trustworthy official statistics that are available to everybody at no cost.”
www.nytimes.com/2025/08/08/b...
www.nytimes.com/2025/08/08/b...
Reposted by Bob Lord
Not to pile on, but every 'c' in 'Pacific Ocean' is pronounced differently.
August 3, 2025 at 6:58 PM
Not to pile on, but every 'c' in 'Pacific Ocean' is pronounced differently.
Defeatist logic often masquerades as insight or realism. Don't fall for it.
July 31, 2025 at 7:29 PM
Defeatist logic often masquerades as insight or realism. Don't fall for it.
You can't add salt to the dough after the bread is baked.
July 18, 2025 at 10:56 PM
You can't add salt to the dough after the bread is baked.
Reading the news of hacks lately, it occurs to me that someone should invent a form of identification that resists phishing. They could call it something like, “phishing resistant MFA”. Something that protects accounts even when the user does what the hacker says.
What do you think? 🤔
What do you think? 🤔
June 27, 2025 at 10:51 PM
Reading the news of hacks lately, it occurs to me that someone should invent a form of identification that resists phishing. They could call it something like, “phishing resistant MFA”. Something that protects accounts even when the user does what the hacker says.
What do you think? 🤔
What do you think? 🤔
Reposted by Bob Lord
📅 500 days from now will mark the 30th anniversary of Aleph One’s “Smashing the Stack for Fun and Profit”.
🛡️ Today, CISA and NSA released a joint guide on reducing memory-related vulnerabilities in software. 🙏
www.cisa.gov/resources-to...
💭 How much progress can we make before this milestone?
🛡️ Today, CISA and NSA released a joint guide on reducing memory-related vulnerabilities in software. 🙏
www.cisa.gov/resources-to...
💭 How much progress can we make before this milestone?
www.cisa.gov
June 24, 2025 at 10:56 PM
📅 500 days from now will mark the 30th anniversary of Aleph One’s “Smashing the Stack for Fun and Profit”.
🛡️ Today, CISA and NSA released a joint guide on reducing memory-related vulnerabilities in software. 🙏
www.cisa.gov/resources-to...
💭 How much progress can we make before this milestone?
🛡️ Today, CISA and NSA released a joint guide on reducing memory-related vulnerabilities in software. 🙏
www.cisa.gov/resources-to...
💭 How much progress can we make before this milestone?
What cybersecurity games are publicly available? I'm thinking about board or card games that might include topics like secure software development or network defense (like TTX games). All replies are appreciated. And don't assume I've heard of something great.
Feel free to repost! 🙏
Feel free to repost! 🙏
June 24, 2025 at 5:03 PM
What cybersecurity games are publicly available? I'm thinking about board or card games that might include topics like secure software development or network defense (like TTX games). All replies are appreciated. And don't assume I've heard of something great.
Feel free to repost! 🙏
Feel free to repost! 🙏
Once hacklore, now forgotten: why did we stop telling people to shut down their computers for safety?
medium.com/@boblord/the...
medium.com/@boblord/the...
June 19, 2025 at 8:55 PM
Once hacklore, now forgotten: why did we stop telling people to shut down their computers for safety?
medium.com/@boblord/the...
medium.com/@boblord/the...
I'm going to have to spend more time with this excellent blog post by Adam. The part on effective communication is worthy of contemplation. I wonder how we practice, and how we ensure the people we're talking to are using the same communication playbook.
From my blog archive: Crew Resource Management (CRM) for Security Teams - One of the most important improvements in aviation security has been the use of CRM. In this detailed post, I examine how those same lessons can be applied to security teams. adamcaudill.com/2021/06/25/c...
Crew Resource Management for Security Teams
Over the last year or so, I’ve become quite a fan of Air Disasters, a television show dedicated to analyzing plane crashes and similar incidents. As I watched the show, I started seeing many ways…
adamcaudill.com
June 16, 2025 at 2:49 PM
I'm going to have to spend more time with this excellent blog post by Adam. The part on effective communication is worthy of contemplation. I wonder how we practice, and how we ensure the people we're talking to are using the same communication playbook.
"Create an image that summarizes what you know about me."
June 14, 2025 at 5:01 PM
"Create an image that summarizes what you know about me."
Some perspectives on the concept of "human error":
www.youtube.com/watch?v=Ygx2...
www.youtube.com/watch?v=Ygx2...
Was it technical failure or human error?
YouTube video by Lund University - Human Factors and Systems Safety
www.youtube.com
May 23, 2025 at 4:45 PM
Some perspectives on the concept of "human error":
www.youtube.com/watch?v=Ygx2...
www.youtube.com/watch?v=Ygx2...
Reposted by Bob Lord
We created a safer AV1 decoder, rav1d, by forking the dav1d decoder and rewriting the C code in Rust. It works great except our Rust is 5% slower than the C. We're not sure why so we're offering a $20k bounty to figure it out and make the Rust code faster. www.memorysafety.org/blog/rav1d-p...
$20,000 rav1d AV1 Decoder Performance Bounty
In March of 2023 we announced that we were starting work on a safer high performance AV1 decoder called rav1d, written in Rust. We partnered with Immunant to do the engineering work. By September of 2...
www.memorysafety.org
May 14, 2025 at 8:02 AM
We created a safer AV1 decoder, rav1d, by forking the dav1d decoder and rewriting the C code in Rust. It works great except our Rust is 5% slower than the C. We're not sure why so we're offering a $20k bounty to figure it out and make the Rust code faster. www.memorysafety.org/blog/rav1d-p...
Reposted by Bob Lord
+++ Twin Peaks - 35 Years Ago Today - (8/04/90) +++
Dale Cooper: Who's the lady with the log? Sheriff Truman: We call her the Log Lady.
TwinPeaks first aired on ABC 35 year's ago today. 8th April 1990.
#twinpeaks #davidlynch #markfrost #otd
Dale Cooper: Who's the lady with the log? Sheriff Truman: We call her the Log Lady.
TwinPeaks first aired on ABC 35 year's ago today. 8th April 1990.
#twinpeaks #davidlynch #markfrost #otd
April 8, 2025 at 8:48 AM
+++ Twin Peaks - 35 Years Ago Today - (8/04/90) +++
Dale Cooper: Who's the lady with the log? Sheriff Truman: We call her the Log Lady.
TwinPeaks first aired on ABC 35 year's ago today. 8th April 1990.
#twinpeaks #davidlynch #markfrost #otd
Dale Cooper: Who's the lady with the log? Sheriff Truman: We call her the Log Lady.
TwinPeaks first aired on ABC 35 year's ago today. 8th April 1990.
#twinpeaks #davidlynch #markfrost #otd
Looking at your work today, are you using local data to make local decisions that will only have local outcomes?
What could you change to create bigger outcomes?
What could you change to create bigger outcomes?
April 5, 2025 at 5:02 PM
Looking at your work today, are you using local data to make local decisions that will only have local outcomes?
What could you change to create bigger outcomes?
What could you change to create bigger outcomes?
Is it too soon for enterprise software customers to demand Y2038 testing and resilience? If so, what date should they start demanding it? 📆
March 24, 2025 at 4:21 PM
Is it too soon for enterprise software customers to demand Y2038 testing and resilience? If so, what date should they start demanding it? 📆