[email protected]

@p01arst0rm @kieczkowska Diffie Hellman's exchange

@grok @MosheTov @moyix Imagine thinking a PAN-OS 0day is unexpected

The two black swan events are the DigiCert CA breach in early April (social engineering attack that let attackers issue malicious EV code signing certs used in malware) followed by the Palo Alto Networks PAN-OS firewall zero-day (CVE-2026-0300) disclosed May 6 with confirmed in-the-wild RCE exploits. Two rare, high-impact supply-chain-level shocks in core security infrastructure, back-to-back.

Wow what are the odds we’d get TWO black swan events in a row

Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too. Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition. The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it. Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web. Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems: support.google.com/recaptcha/answ… Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web. Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more. Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive. Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out. Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it. It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source. Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them. Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security. reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that. This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere. Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.

@LetAlbaFlourish @Dr_PhilippaW @Johncadden5 @theSNP Sorry, I don't follow politics that closely. Did she win?

@gor_zilla @Dr_PhilippaW @Johncadden5 @theSNP That must be from the archives lol. He was on a small campaign team for 5 weeks in leadership campaign and then worked p/t at parliament for maybe 6 months in 2023 🤷‍♀️

For those who say a #RegionalVote for @theSNP is wasted - #SouthScotland returned AT LEAST 3 #SNP list MSPs in EVERY election up to 2016 - 5 in 2007 & 4 in 2011! In 2021 only 1 due to fall in list votes! You can reverse this and help achieve #SNP Majority! #VoteSNP1and2

@LetAlbaFlourish @Dr_PhilippaW @Johncadden5 @theSNP I think ‘e’ is British and ‘o’ is American. Spectator used ‘e’ x.com/gor_zilla/stat…

@gor_zilla @Dr_PhilippaW @Johncadden5 @theSNP “Political advisor” lol

@EoinJMartainn @Dr_PhilippaW @Johncadden5 @theSNP That bit's wrong too x.com/gor_zilla/stat…

@gor_zilla @Dr_PhilippaW @Johncadden5 @theSNP Maths behind the D'Hondt list vote options is whats matters for acheiving #ScottishIndependence and are included at the botome of the page 😉

@EoinJMartainn @Dr_PhilippaW @Johncadden5 @theSNP I already sent my postal vote last week. I'm just saying that website is shite. It's biased af and you shouldn't repost it

@gor_zilla @Dr_PhilippaW @Johncadden5 @theSNP Dinnae vote as per the 'Editors Pick' "SUGGESTION" then 🤷‍♂️ Pick another pro-indy list option so as naw tae gift seats tae Unoinists 😉 #BothVotesYes #BothVotesIndy

@EoinJMartainn @Dr_PhilippaW @Johncadden5 @theSNP No, there's no maths behind picking Ash Regan. The voters on the website picked AtLS as the tactical vote for the Edinburgh region The Editor (Ash Regan's political adviser) has stuck her in there with no explanation, splitting the tactical vote due to his own bias

@gor_zilla @Dr_PhilippaW @Johncadden5 @theSNP The maths don't lie, instead the data erases the same old narratives we have heard since 2014. #BothVotesYes putting #IndyFirst is what is needed. #ScottishIndependenceNothingLess is the goal.

@KirkJTorrance And this is wrong too. AtLS is standing in more constituencies than the Greens!

@KirkJTorrance Looks very unbiased

The Scottish independence movement is bigger than any party. Always has been. On 7 May, vote like it. VoteWiser.scot shows you – seat by seat, region by region – how to make every Indy vote count. No party line. No spin. Just the maths. #BothVotesYES = more YES MSPs

@EoinJMartainn @Dr_PhilippaW @Johncadden5 @theSNP I have not misread anything. It's telling me to vote for someone who will not win. The website is built by Ash Regan's political adviser and is pretty clearly biased Change the options to "Scottish Green scenario" and you end up with a stronger indy majority. Bullshit website

@gor_zilla @Dr_PhilippaW @Johncadden5 @theSNP Gor, yir misreading the options, you have choices. Just make it #BothVotesYes 😉

@EoinJMartainn @Dr_PhilippaW @Johncadden5 @theSNP No way. This stupid website is directing people to waste pro-indy votes Just told me to vote for Ash Regan (has no chance of winning) instead of the Greens (on track for record gains)

Philippa, ​ the claim that SNP list seats in 2011 prove "SNP 1 and 2" works in 2026 is a mathematical fallacy. It ignores the Divisor Shift. ​The Evidence (2011 vs. 2026): ​In 2011: The SNP won only 4 out of 9 constituencies in South Scotland. Their list vote was divided by 5 (4 seats + 1). That low tax allowed them to pick up list seats. ​In 2026 (Polling): Due to the Reform/Tory split, the SNP is projected to sweep 7 or 8 constituencies in the region. ​The Math: This pushes the SNP list divisor to 8 or 9. At that level, even a massive list vote share is functionally deleted. ​The Reality: Success in the constituencies kills the list vote. If you win the region's constituencies, you cannot win the list. Piling more votes into an 8x or 9x divisor is the definition of a wasted vote. ​The Solution: To secure a pro-independence majority, that list vote must go to a party with a divisor of 1 (AtLas or the Greens). ​SNP List Vote: Power is divided by 9. ​Any other Pro-Indy List Vote: Power is at 100%. ​Check the current local projections at Votewiser.Scot before you head to the polls. Don't vote for a 2011 ghost; vote for a 2026 Idy majority parliament that keeps Unionist out and counters the rise of the Reform right wing fascists. 🗳️ #BothVotesYes

@MrJohnNicolson @IpsosScotland @theSNP x.com/IpsosScotland/…

@MrJohnNicolson @IpsosScotland @theSNP Probably because Greens aren’t even standing in most constituencies This is a stupid way to compare them as a party (unless your goal is to make them look bad)

Final @IpsosScotland Holyrood poll shows @theSNP well ahead with Labour & #Reform fighting it out for second place. In the constituency list the Greens & other parties trailing far behind. #SP26

@LundukeJournal @gf_256 >Rust is associated with trans people >What are the chances of them picking a trans expert for their rust project? Quite high, based on your own assertions >The motivation for converting coreeutils to [a memory safe language] must be ideological Oh I see. You’re an idiot

@gf_256 x.com/LundukeJournal…

Remember the security firm that Ubuntu hired to audit the (ill-advised, highly buggy) Rust-rewrites of all of the GNU Coreutils? Turns out that security firm is run by @gf_256, who: - Appears to be a man who thinks he's a woman ("trans"). - Uses an anime cartoon of a girl as his avatar. - Appears to have an OnlyFans page. I repeat: Ubuntu hired a "Trans" man, with an anime girl avatar and an OnlyFans page... to audit Rust code. It's hard to get more on-the-nose than that.

@benakaget Camera phones do that automatically now x.com/tomhfh/status/…

John Swinney – Uploading AI Generated people to fake his support

@ednewtonrex @JohnSwinney x.com/stuart_foy/sta…

@JohnSwinney Is the crowd behind you faked with AI?

As First Minister, I will take urgent action to support people - with a £2 bus fare cap, cutting the cost of essential foods, and bringing down electricity bills with the fresh start of independence. The SNP wants to lower your bills, other parties are trying to stop us.

@k_thos @Chucks_BTC @litcapital They sound shit at what they do tbh x.com/daringlucile/s…

@Chucks_BTC @litcapital how do you even know? i've seen it demo'd back in 2014 and followed it a bit, but most of the applications are not public facing or transparent

Genuine question, why do certain people hate Palantir so much?

@CTI_Updates That’s FileFix mrd0x.com/filefix-clickf…

@shotgunner101 Visegrad24 is a disinfo account btw

Coming to a western government near us all

@vxunderground x.com/netspooky/stat…

I'm also surprised by the lack of write ups discussing YARA internals. YARA is a very clear demonstration on how AVs and/or EDRs can perform static analysis on binaries. It's possible people have reviewed it to learn, but simply didn't share it because it's open source, but still it's kind of unusual to me. I saw over 9000 write ups on YARA rules, but very few explaining the internal mechanisms of YARA

I have a really deep appreciation for YARA and the work VirusTotal's engineers put into YARA. YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well. Initially I was under the assumption YARA read rules by parsing strings and applying them to binaries in-memory (mapping). However, being a doofus, I failed to consider the fact YARA contains BOOLEAN logic in their rules. Hence, reading the files and parsing them as text wouldn't be able to reliably handle the logic present inside the YARA files. YARA contains an internal VM and transforms the text into byte code. The caveat being the VM isn't turing complete and does not possess any ability to interact with anything else. This was done intentionally though because it acts as a sandbox. Regardless, it uses the transformed byte code to perform operations on the in-memory mapped binary using (sort of) simple logic but containing a custom implemented callstack for doing stuff. Furthermore, YARA also has a custom heap management system (they're using the ARENA algorithm). What makes this even more impressive is all of this written in C, is cross platform for Windows, Linux, and MacOS, and easily compiles. This is a significant software engineering project and they did an extremely good job.