security
The Filter Is the Attack Surface
Simon Willison's "lethal trifecta" identifies the three conditions that make AI agents vulnerable to prompt injection: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three combine, a single injected instruction can exfiltrate secrets, manipulate outputs, or act on the agent's behalf.
The Confused Deputy Has an AI Assistant
In computer security, the "confused deputy" is a program that gets tricked into misusing its authority on behalf of an attacker. Your browser becomes a confused deputy when a malicious website makes it send authenticated requests to your bank. The deputy has legitimate access. The attacker doesn't. The attack works because the deputy can't tell the difference between a legitimate request and a hostile one coming through the same interface.
Moltbook and the Infrastructure of Trust
The biggest story in AI agents this week isn't a new model or framework—it's an AI-only social network called Moltbook that went from zero to 1.6 million registered agents in days, leaked 1.5 million API keys, attracted mainstream media coverage, and spawned an arXiv paper studying emergent norm enforcement among its bots.
MIE Soft Mode
Difficulty enabling Apple's MIE
Progress in standard.site validation
Including Rust in an Xcode project with Pointer Authentication (arm64e)
Experiments with Memory Integrity Enforcement
Protect your keys with the Secure Enclave
2024 Guide to Signing and Notarising a Single CLI Binary for Mac
Sandboxed Python Environment
My PGP Key Has Changed
This is just a quick post to alert that I have changed my PGP key. It doesn't receive much use, but in the eventuality that someone may want to send me something potentially encrypted, I think it's reasonably good to keep the record that I updated the key at some point. The contact page has been updated accordingly.
YubiKey Setup for GPG, SSH and 2FA
YubiKeys are hardware authentication devices that can be used with many applications, such as GPG, SSH and for 2 factor authentication. I have owned quite a few over the past years and recently I decided to upgrade them to the NFC version so I can use them with my mobile devices.
Slot Insecurities
What the heck is a Kensington security slot, and why does your computer probably have one? And how well does it really work, anyway?
Home Security Insecurities
Wait, so why could changes to the cellular system cause headaches for your home security setup? And honestly, is it really that big of a deal?
How to Effectively Backup Your Emails
For quite some time, I have been setting up systems to backup my data of my computer, as well as fetching data from services, such as Trakt, Last.fm or GoodReads. There's always one kind of service that has been on the back of my mind for a while to backup, but I've never got the time, nor the will to do so: email!
Donglevision
Pondering the many ways that dongles have taken over our lives, for better and for worse. One port will never rule them all, apparently.
OwnYourTrakt
It's now time to own my own watch log. I use Trakt to keep up with the series and movies I'm watching and now I'm going to PESOS to my website!
Owning My Reading Log
It's now time to own my own reading log. I started by creating a reading logs page and supporting all the IndieWeb-related specs for this.
Smaller Airports, Lower Stakes
Regional and municipal airports, which often target enthusiasts or niche needs, are pretty low-key compared to say, LAX. But they have plenty of mystery.
Security In Stereo
Car stereos have historically been both valuable and easy to spot in an idle vehicle, making them a key target for thieves. Why has that changed?
Back That Thang Up
Much like on our laptops and cloud servers, there are some valuable physical objects we'd like to back up. (Think fine art.) Is 3D printing the answer?
Como Utilizar a API de Passwords do PHP 5.5+
A API de passwords introduzida na versão 5.5 do PHP é excelente. Trouxe quatro novas maravilhosas funções. Resumimos a forma como cada uma funciona.