Mike Samuel 🟣
@mvsamuel.bsky.social
I solve large software systems problems with programming language techniques.
Previously, I was the first frontend engineer on Google Calendar, and was a security engineer who worked on the industrial-strength Mad Libs undergirding Gmail.
Previously, I was the first frontend engineer on Google Calendar, and was a security engineer who worked on the industrial-strength Mad Libs undergirding Gmail.
Typed file descriptors, Midori style.
November 7, 2025 at 9:16 PM
Typed file descriptors, Midori style.
You mean a point of sales system had access to transaction history?
Yeah, that seems bad.
I suspect the culprit is rewards programs which should all be, imo, opt-in, and would ideally not involve the PoS device but only involve the rewarder and your device if properly architected.
Yeah, that seems bad.
I suspect the culprit is rewards programs which should all be, imo, opt-in, and would ideally not involve the PoS device but only involve the rewarder and your device if properly architected.
November 6, 2025 at 9:22 PM
You mean a point of sales system had access to transaction history?
Yeah, that seems bad.
I suspect the culprit is rewards programs which should all be, imo, opt-in, and would ideally not involve the PoS device but only involve the rewarder and your device if properly architected.
Yeah, that seems bad.
I suspect the culprit is rewards programs which should all be, imo, opt-in, and would ideally not involve the PoS device but only involve the rewarder and your device if properly architected.
lachrymeh is right there
November 6, 2025 at 6:42 PM
lachrymeh is right there
Why not just have one continent that vibrates?
Australia: New Earth's counterweight continent / waterbed.
Australia: New Earth's counterweight continent / waterbed.
November 6, 2025 at 5:32 PM
Why not just have one continent that vibrates?
Australia: New Earth's counterweight continent / waterbed.
Australia: New Earth's counterweight continent / waterbed.
Oldie but goodie, sorely underrated.
Random fact, I think Ka-Ping wrote the first version of pydoc because he was annoyed with the Python ecosystem.
All around lovely person.
Random fact, I think Ka-Ping wrote the first version of pydoc because he was annoyed with the Python ecosystem.
All around lovely person.
November 6, 2025 at 5:15 PM
Oldie but goodie, sorely underrated.
Random fact, I think Ka-Ping wrote the first version of pydoc because he was annoyed with the Python ecosystem.
All around lovely person.
Random fact, I think Ka-Ping wrote the first version of pydoc because he was annoyed with the Python ecosystem.
All around lovely person.
I think one positive example is NFC for payments, "tap to pay" I think it's called.
Holding my phone physically close to another thing serving to grant authority is a perfect example of an intuitive authorizing action.
Holding my phone physically close to another thing serving to grant authority is a perfect example of an intuitive authorizing action.
November 6, 2025 at 5:13 PM
I think one positive example is NFC for payments, "tap to pay" I think it's called.
Holding my phone physically close to another thing serving to grant authority is a perfect example of an intuitive authorizing action.
Holding my phone physically close to another thing serving to grant authority is a perfect example of an intuitive authorizing action.
I read some on folk models of privacy and security a while back and it's wild the gap between expectations and actual SWE practice.
I feel like work like Ka-Ping Yee's "User Interaction Design for Secure Systems" can bridge that.
Without that, end users can't build good practice on intuitions.
I feel like work like Ka-Ping Yee's "User Interaction Design for Secure Systems" can bridge that.
Without that, end users can't build good practice on intuitions.
November 6, 2025 at 5:08 PM
I read some on folk models of privacy and security a while back and it's wild the gap between expectations and actual SWE practice.
I feel like work like Ka-Ping Yee's "User Interaction Design for Secure Systems" can bridge that.
Without that, end users can't build good practice on intuitions.
I feel like work like Ka-Ping Yee's "User Interaction Design for Secure Systems" can bridge that.
Without that, end users can't build good practice on intuitions.
- designing for boundable delegation
- aligning configuration options w/ user expectations
- aligning configuration options w/ user expectations
November 6, 2025 at 4:57 PM
- designing for boundable delegation
- aligning configuration options w/ user expectations
- aligning configuration options w/ user expectations
Ok. I don't really understand that.
There are some things in privacy that are very specialized.
- which cryptographic techniques to use when
- how to take a dataset with PII and produce a derivative that's useful for research purposes
- acceptable-use data tagging
There are some things in privacy that are very specialized.
- which cryptographic techniques to use when
- how to take a dataset with PII and produce a derivative that's useful for research purposes
- acceptable-use data tagging
November 6, 2025 at 4:57 PM
Ok. I don't really understand that.
There are some things in privacy that are very specialized.
- which cryptographic techniques to use when
- how to take a dataset with PII and produce a derivative that's useful for research purposes
- acceptable-use data tagging
There are some things in privacy that are very specialized.
- which cryptographic techniques to use when
- how to take a dataset with PII and produce a derivative that's useful for research purposes
- acceptable-use data tagging
(I don't mean to single out Japan or Japanese culture)
I think these interlocks should be everywhere.
We should just have ubiquitous HW interlocks when a device is receiving irl data.
Yes, black tape can be put over a camera-on light.
But removing plausible deniability is a good.
I think these interlocks should be everywhere.
We should just have ubiquitous HW interlocks when a device is receiving irl data.
Yes, black tape can be put over a camera-on light.
But removing plausible deniability is a good.
November 6, 2025 at 4:44 PM
(I don't mean to single out Japan or Japanese culture)
I think these interlocks should be everywhere.
We should just have ubiquitous HW interlocks when a device is receiving irl data.
Yes, black tape can be put over a camera-on light.
But removing plausible deniability is a good.
I think these interlocks should be everywhere.
We should just have ubiquitous HW interlocks when a device is receiving irl data.
Yes, black tape can be put over a camera-on light.
But removing plausible deniability is a good.
We privsec folks need to overcome deep skepticism of hardware interlocks, e.g. the faux shutter sounds for the upskirt photo problem.
The prevailing sentiment: if there's any conceivable bug fixable in SW, control it in SW.
But for privsec you need HW locks.
www.tokyoweekender.com/japan-life/n...
The prevailing sentiment: if there's any conceivable bug fixable in SW, control it in SW.
But for privsec you need HW locks.
www.tokyoweekender.com/japan-life/n...
Why You Can’t Disable the Shutter Sound on Japanese Phones
Japanese phones don’t have the option to silence this shutter sound, but why is this irritating feature mandatory in the first place?
www.tokyoweekender.com
November 6, 2025 at 4:42 PM
We privsec folks need to overcome deep skepticism of hardware interlocks, e.g. the faux shutter sounds for the upskirt photo problem.
The prevailing sentiment: if there's any conceivable bug fixable in SW, control it in SW.
But for privsec you need HW locks.
www.tokyoweekender.com/japan-life/n...
The prevailing sentiment: if there's any conceivable bug fixable in SW, control it in SW.
But for privsec you need HW locks.
www.tokyoweekender.com/japan-life/n...
Yeah. No excuses really.
But the way engineers make progress on systemic problems is typically by reducing the amount people in one specialty need to know about others' by baking it into lower layers.
But the way engineers make progress on systemic problems is typically by reducing the amount people in one specialty need to know about others' by baking it into lower layers.
November 6, 2025 at 4:39 PM
Yeah. No excuses really.
But the way engineers make progress on systemic problems is typically by reducing the amount people in one specialty need to know about others' by baking it into lower layers.
But the way engineers make progress on systemic problems is typically by reducing the amount people in one specialty need to know about others' by baking it into lower layers.
He struck me (~ 10 years ago) as a fairly genuine guy who enjoys nattering about tech with practitioners but his days are taken up talking policy.
But to "field not their own," he's never going to be as comfortable talking about it as CITP or TIP/FSI folk who've done the work.
But to "field not their own," he's never going to be as comfortable talking about it as CITP or TIP/FSI folk who've done the work.
November 6, 2025 at 4:29 PM
He struck me (~ 10 years ago) as a fairly genuine guy who enjoys nattering about tech with practitioners but his days are taken up talking policy.
But to "field not their own," he's never going to be as comfortable talking about it as CITP or TIP/FSI folk who've done the work.
But to "field not their own," he's never going to be as comfortable talking about it as CITP or TIP/FSI folk who've done the work.
Nothing'll make them madder than a left-wing Jew preferring Israeli left-wingers over Israeli right-wingers.
November 6, 2025 at 3:26 PM
I didn't think he was the type to get thin-skinned with journos but I've only interacted with him in limited contexts.
November 5, 2025 at 7:23 PM
I didn't think he was the type to get thin-skinned with journos but I've only interacted with him in limited contexts.
Thanks for explaining.
He should know better that there's a different between surreptitiously recording someone who's chosen to interact with you and doing the same to someone you approach.
Also, I would assume he's familiar with hardware interlock approaches from his IoT work.
He should know better that there's a different between surreptitiously recording someone who's chosen to interact with you and doing the same to someone you approach.
Also, I would assume he's familiar with hardware interlock approaches from his IoT work.
November 5, 2025 at 7:22 PM
Thanks for explaining.
He should know better that there's a different between surreptitiously recording someone who's chosen to interact with you and doing the same to someone you approach.
Also, I would assume he's familiar with hardware interlock approaches from his IoT work.
He should know better that there's a different between surreptitiously recording someone who's chosen to interact with you and doing the same to someone you approach.
Also, I would assume he's familiar with hardware interlock approaches from his IoT work.
Sorry, what happened with Cerf and a reporter? Agree the defense is bullshit, just unaware of the origin.
November 5, 2025 at 4:46 PM
Sorry, what happened with Cerf and a reporter? Agree the defense is bullshit, just unaware of the origin.
In my head: in•fu•cking•cre•di•bl
Out load: in••cre•di•ble
For real, yes, but mostly for phrases that I tend to stumble on, like the silent first 'r' in February. Like part of me has a manual override for some phrasing.
Out load: in••cre•di•ble
For real, yes, but mostly for phrases that I tend to stumble on, like the silent first 'r' in February. Like part of me has a manual override for some phrasing.
November 5, 2025 at 4:07 PM
In my head: in•fu•cking•cre•di•bl
Out load: in••cre•di•ble
For real, yes, but mostly for phrases that I tend to stumble on, like the silent first 'r' in February. Like part of me has a manual override for some phrasing.
Out load: in••cre•di•ble
For real, yes, but mostly for phrases that I tend to stumble on, like the silent first 'r' in February. Like part of me has a manual override for some phrasing.
Most of mmitchell's 13 mitigations don't suggest any override, and these 4 from the issue she linked are more about involving irl friends and blocklist user's understand who is on the blocklist.
Framing a request as a demand is a bit over the top too.
Framing a request as a demand is a bit over the top too.
November 4, 2025 at 6:48 PM
Most of mmitchell's 13 mitigations don't suggest any override, and these 4 from the issue she linked are more about involving irl friends and blocklist user's understand who is on the blocklist.
Framing a request as a demand is a bit over the top too.
Framing a request as a demand is a bit over the top too.
November 4, 2025 at 6:39 PM
Cyclone's children fighting.
November 4, 2025 at 4:27 PM
Cyclone's children fighting.
gc + c = gcc
simple math, dude
simple math, dude
November 4, 2025 at 4:23 PM
gc + c = gcc
simple math, dude
simple math, dude