Taking a break from my break to share some thoughts about AI before getting proven correct. codingnagger.com/2026/04/14/ai-…
English
Jean-Dominique Nguele
6K posts
Jean-Dominique Nguele
@CodingNagger
Insert whatever opinion you made from the post that brought you here.
London 加入时间 Nisan 2010
585 关注338 粉丝
@Pontifex Only one post about but getting shy about islamists doing the killing doesn't feel very leader like. Sounds like Macron.
English
Woe to those who manipulate religion and the very name of God for their own military, economic, and political gain, dragging that which is sacred into darkness and filth. #ApostolicJourney #Cameroon vatican.va/content/leo-xi…
English
@CodingNagger Sounds like it was coded by people who never studied security at all
English
Sounds like it was vibe-coded
Paul Moore - Security Consultant @Paul_Reviews
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
English
Jean-Dominique Nguele 已转推
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Paul Moore - Security Consultant @Paul_Reviews
.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…
English
@_onlyscott Easy af, you even gave us the clubs: Bernardo Silva.
Mbappe at Monaco
Ronaldo with Portugal
Haaland at City
English
English
@_onlyscott Dembele (psg, france, barca), Kounde (france, france, barca), Zaire-Emery (france, france, psg), I'm sure there are even more.
Français
@RupertLowe10 Lowest trust society race between the UK and France. Spain can't even compete as everyone will instantly shift to where the benefits are best.
English
Spain's government has just approved plans to give legal status to 500,000 illegal migrants.
This is treason.
English
Thailand, day 13. I can feel something we lost in the West is still present here yet fragile. High trust society.
In France or even the UK, Songkran would end up with burnt cars and/or stabbings. Girls would get assaulted but here it's all fun and games. Even children can play.
English
Jean-Dominique Nguele 已转推
This is not okay, currently in Samui and I had a great time through Songkran. I can't believe some idiots are trying to ruin that fun. The next logical step is banning countries that gave passports to these people and there's a chance this gets me bars me from entering as a 🇫🇷.
Skyboyz@Skyboyz15
ดูมันทำ‼️สงกรานต์ป่าตอง นักท่องเที่ยวชาวต่างชาติ สุดป่วน รุมเปิดประตูรถตู้ฉีดน้ำถึงในรถ คนทำมาหากินเดือดร้อน จนคนขับรถต้องต้องลงมาไล่ ปิดประตู Cr. Little patong #สงกรานต์ #ป่าตอง #ภูเก็ต #นักท่องเที่ยว #Songkran2026 #สงกรานต์2559
English
@Skyboyz15 This is not okay, currently in Samui and I had a great time through Songkran. I can't believe some idiots are trying to ruin that fun. The next logical step is banning countries that gave passports to these people and there's a chance this gets me bars me from entering as a 🇫🇷.
English
ดูมันทำ‼️สงกรานต์ป่าตอง นักท่องเที่ยวชาวต่างชาติ สุดป่วน รุมเปิดประตูรถตู้ฉีดน้ำถึงในรถ คนทำมาหากินเดือดร้อน จนคนขับรถต้องต้องลงมาไล่ ปิดประตู
Cr. Little patong
#สงกรานต์ #ป่าตอง #ภูเก็ต #นักท่องเที่ยว
#Songkran2026 #สงกรานต์2559
ไทย
Thailand, day 10.
11 days since I left my job.
Finally took some time to work on that side project I put off for months. I refactored a core class to introduce the Decorator pattern which keeps my core logic clean and enables testing of non-core logic in isolation.
English
Thailand day 7: Reached the point of considering a permanent move as one does for every enjoyable holiday location.
Could technically work 2pm to 11pm to match a London 8am to 5pm work day. Still gives me more than enough time to enjoy the local life.
English
@Lesjoursfr Meurtre de Quentin Deranque: enquête sur la victime au lieu des assassins LFI
Commission d'enquête sur votre fraude: enquête sur le collaborateur de Charles Alloncle.
Vous êtes vraiment les collabos que vous pensez combattre.
Français
🔴 Info Les Jours. Christophe Coraux, l’un des collaborateurs parlementaires du député UDR Charles Alloncle, a multiplié les posts sexistes et racistes sur son profil Facebook public. 🧵
🔗 lesjours.fr/obsessions/rn-…
Français
