Chris Fenner
@chrisfenner.bsky.social
Me several days ago: “why do all the ML-DSA signing test vectors have only up to 2 of ( key seeds, hedging randomness, and mu values )”
Me now: “ok guess I’m sending a PR to Wycheproof
Me now: “ok guess I’m sending a PR to Wycheproof
January 30, 2026 at 11:35 PM
Me several days ago: “why do all the ML-DSA signing test vectors have only up to 2 of ( key seeds, hedging randomness, and mu values )”
Me now: “ok guess I’m sending a PR to Wycheproof
Me now: “ok guess I’m sending a PR to Wycheproof
Implementing a protocol that uses cryptography is harder than designing a protocol that uses cryptography.
Normally I use that to explain to people that they need to minimize excessive complexity in their designs but imagine what designs the team responsible for this code is capable of
Normally I use that to explain to people that they need to minimize excessive complexity in their designs but imagine what designs the team responsible for this code is capable of
Why was this code ever shipped?!
This is from the second vuln, where keys' signatures aren't checked before they're stored in the trusted key store.
Why would you ever ship a "TODO, actually validate signatures lol" in your secure messenger?!
This is from the second vuln, where keys' signatures aren't checked before they're stored in the trusted key store.
Why would you ever ship a "TODO, actually validate signatures lol" in your secure messenger?!
January 29, 2026 at 3:00 AM
Implementing a protocol that uses cryptography is harder than designing a protocol that uses cryptography.
Normally I use that to explain to people that they need to minimize excessive complexity in their designs but imagine what designs the team responsible for this code is capable of
Normally I use that to explain to people that they need to minimize excessive complexity in their designs but imagine what designs the team responsible for this code is capable of
Reposted by Chris Fenner
They believe in nothing.
When you determine your views as being the midpoint between two opposing positions, it just shows that you don't hold actual beliefs or principles.
When you determine your views as being the midpoint between two opposing positions, it just shows that you don't hold actual beliefs or principles.
January 27, 2026 at 7:22 PM
They believe in nothing.
When you determine your views as being the midpoint between two opposing positions, it just shows that you don't hold actual beliefs or principles.
When you determine your views as being the midpoint between two opposing positions, it just shows that you don't hold actual beliefs or principles.
Reposted by Chris Fenner
Minnesota National Guard members have arrived at a federal building and were directed to distribute donuts, coffee, and hot chocolate to anti-ICE protesters. Guard members were issued reflective vests so they would not be mistaken for federal agents.
January 25, 2026 at 8:55 PM
Minnesota National Guard members have arrived at a federal building and were directed to distribute donuts, coffee, and hot chocolate to anti-ICE protesters. Guard members were issued reflective vests so they would not be mistaken for federal agents.
Reposted by Chris Fenner
At the end of the day, the Black Lives Matter era was about whether people should be killed in the street, and lots of people decided yeah and put those little blue flags on their cars. It spread to everyone because it stopped for no one.
January 24, 2026 at 4:45 PM
At the end of the day, the Black Lives Matter era was about whether people should be killed in the street, and lots of people decided yeah and put those little blue flags on their cars. It spread to everyone because it stopped for no one.
It is fun and good to dunk on BitLocker not bothering to update their threat models (cf. TPM bus interposition) but Matthew’s thread breaks down how truly difficult Microsoft’s position is here — MS cannot serve remote recovery without also being technically able to respond to warrants
Oh for fuck's sake don't make me write a blog post defending Bitlocker, I do not want to defend Bitlocker
January 24, 2026 at 9:43 AM
It is fun and good to dunk on BitLocker not bothering to update their threat models (cf. TPM bus interposition) but Matthew’s thread breaks down how truly difficult Microsoft’s position is here — MS cannot serve remote recovery without also being technically able to respond to warrants
I am pleased to report that between HackerNews and Google’s internal “Learning on the Loo” program, I am officially published to toilets worldwide
January 17, 2026 at 8:57 PM
I am pleased to report that between HackerNews and Google’s internal “Learning on the Loo” program, I am officially published to toilets worldwide
Reposted by Chris Fenner
it's incredible how if you put this entire dialog into the Left Behind series, it would basically work, but instead it's just IRL MN
!["Sir! This is a warning!" the agent yelled as he punched the man's vehicle window. "Stop f—king following us! You are impeding operations! This is the United States federal government!"
"I live over here," the driver explained. "I got to get to my house."
"This is your warning!" the officer exclaimed.
"I serve the Lord; go to church," the resident replied.
"I will arrest you!" the officer threatened.
"Don't make a bad decision," another agent warned.
"I serve the Lord," the driver repeated. "Not a draft-dodging coward."
"Let these people go to church," the driver added. "Let these people serve the Lord and worship."
"You're not going to like the outcome of this, sir," the first officer said. "I guarantee that... Did you not learn from what just happened [when Renee Good was killed]?"
"Learn what?" the driver asked. "I serve the Lord, not a draft-dodging coward. I can't believe you'd take orders from a draft dodger."](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:hbpefio3f5csc44msmbgioxz/bafkreibjwvcxk2ptdafgbwfhk4rjalweyoz3d55gl72qhwhiudhu6aywcm@jpeg)
January 12, 2026 at 4:29 PM
it's incredible how if you put this entire dialog into the Left Behind series, it would basically work, but instead it's just IRL MN
American Sturmabteilung
A woman recording an ICE agent tells him "Shame on you."
The agent responds, "Have you all not learned from the past couple of days?"
"Learned what?" she asks
Then he knocks her phone out of her hand
The agent responds, "Have you all not learned from the past couple of days?"
"Learned what?" she asks
Then he knocks her phone out of her hand
January 10, 2026 at 4:29 PM
American Sturmabteilung
I wrote about a feature I got disabled-by-default in Linux last year dlp.rip/decorative-c...
January 4, 2026 at 3:13 AM
I wrote about a feature I got disabled-by-default in Linux last year dlp.rip/decorative-c...
The latest version of the TPM specification is out! And I’m really excited about it!
Attesting to the TPM’s Firmware
Murphy’s Law says: Anything that can go wrong will go wrong. Unfortunately, TPMs fall into the category of “anything.”
dlp.rip
March 19, 2024 at 3:48 AM
The latest version of the TPM specification is out! And I’m really excited about it!
New year to-do list:
1. Remember to write 2024 instead of 2023
2. Read about another person “discovering” TPM Genie attacks against use cases that never bothered with that threat model research.nccgroup.com/2018/03/09/t...
1. Remember to write 2024 instead of 2023
2. Read about another person “discovering” TPM Genie attacks against use cases that never bothered with that threat model research.nccgroup.com/2018/03/09/t...
BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when...
BitLocker's reliance on a TPM for security is its own downfall in this specific exploit.
www.tomshardware.com
February 7, 2024 at 11:43 AM
New year to-do list:
1. Remember to write 2024 instead of 2023
2. Read about another person “discovering” TPM Genie attacks against use cases that never bothered with that threat model research.nccgroup.com/2018/03/09/t...
1. Remember to write 2024 instead of 2023
2. Read about another person “discovering” TPM Genie attacks against use cases that never bothered with that threat model research.nccgroup.com/2018/03/09/t...