1. tsujamin Jan 3, 2026 parent

   To name a few (presumably): drivers, proprietary protocols, vendor warranties/support, licensing/relicensing, paying you to do the work, waiting for the work to be done/tested, paying for workforce re-training, justifying this to management etc.

   All these reasons suck, but they’re all reality in one industry or another sadly.

2. tsujamin Dec 31, 2025 parent

   There’s also API Sets: where DLLs like api-win-blah-1.dll acts as a proxy for another DLL both literally, with forwarder exports, and figuratively, with a system-wide in-memory hashmap between api set and actual DLL.

   Iirc this is both for versioning, but also so some software can target windows and Xbox OS’s whilst “importing” the same api-set DLL? Caused me a lot of grief writing a PE dynamic linker once.

   https://bookkity.com/article/api-sets

3. tsujamin Dec 27, 2025 parent

   Strong recommendation for Alistair Reynold’s Century Rain if you want another of his. It’s part 20th century alternate history, part hard boiled crime noir, and part hard space opera.
4. tsujamin Dec 27, 2025 parent

   Cutting a long list short, the _best_ thing I read this year was W. Somerset Maugham’s Of Human Bondage.

   It’s not a book where the world changes greatly or great things are done, but honestly that’s kind of nice: It’s a compelling story of a life, the characters were engrossing (one in particular stands out for how strongly _dislikeable_ they are) and the I loved the prose.

   Also shoutout to Standard EBook’s excellent, public domain edition (and all their volunteers other work!): https://standardebooks.org/ebooks/w-somerset-maugham/of-huma...

5. tsujamin Dec 25, 2025 parent

   I thought I was going crazy, but it started feeling materially worse sometime in last few weeks.
6. tsujamin Dec 13, 2025 parent

   > Great Dead Bars of New York:

   > 1. SIBERIA in any of its iterations. The one on the subway being the best.

   Timely, as the latest reincarnation of SIBERIA just re-opened in 59th Street/Columbus Circle station

7. 439 points Nov 3, 2025

   Simple trick to increase coverage: Lying to users about signal strength

   181 comments tsujamin nickvsnetworking.com
8. tsujamin Aug 15, 2025 parent

   So long as you’re writing your smart contracts with a chisel, into a stone tablet, with no compilers or assemblers in sight!
9. tsujamin Aug 14, 2025 parent

   A Pwnie for "unilaterally shutting down a counterterrorism operation”
10. tsujamin Jun 1, 2025 parent

    You say beautiful, I say existentially terrifying, let’s split the difference
11. tsujamin May 20, 2025 parent

    Obviously not speaking for others experience, but it all makes me feel pretty fatigued, and as if this growing expectation of "AI-enhanced productivity" is coming at the expense of a craft and process (writing software) that I enjoy.
12. 2 points Apr 24, 2025

    Using AI to Create an Exploit for CVE-2025-32433 Before Public PoCs Existed

    1 comment tsujamin platformsecurity.com
13. tsujamin Mar 28, 2025 parent

    > wireless file transfers between Android and iOS being completely impossible at the moment

    P2P proximal wireless transfer, sure, but there's half a dozen apps on your phone that'll let you punt a document, a photo, an invite to someone on the other phone OS platform.

    Maybe I'm an edge case, but probably 90% of my Airdrop usage is between my own devices, so the platform taking care of the authentication story is of more utility than cross-platform transfers. If someone isn't on iOS I'll just send them the file on Signal since, if the source is my phone in the first place, it's probably not a huge transfer anyway.

14. tsujamin Mar 16, 2025 parent

    They already have a compostable automation api with 3rd party integrations: Shortcuts!

    It’s not perfect, but surely you could natural language -> llm -> temporary shortcut script and that gets you a decent part of the way to a smarter Siri

15. tsujamin Mar 15, 2025 parent

    How does SBOM and such account for this? If you’re a package maintainer, do you need to include CI pipeline plugins, their dependencies, going down as far as the pipeline host, in your security-relevant dependencies? Hard problems :/
16. tsujamin Mar 15, 2025 parent

    I can’t remember the example (it was a conference talk a few years ago), but I’m pretty sure there’s LE and DFIR companies who also reverse this stuff and assist in recovery, they just don’t publish the actual flaws exploited to recover the data.
17. tsujamin Mar 14, 2025 parent

    Presuming this results in a cryptosystem change for Akira, there’s a real number of victims who won’t get their data back as a result of this disclosure.

    Whether the number is more than that of victims to date who can recreate this? Who knows

18. tsujamin Mar 7, 2025 parent

    By lobbying for government-bans on foreign models? /s
19. tsujamin Mar 6, 2025 parent

    That’s super cool, I was going to say “nat punching and public relays are a requirement for me” but you already do that! Definitely filing this away for future projects.
20. tsujamin Mar 6, 2025 parent

    funnel and serve are also awesome, but in this case the use case necessitated a single binary that worked without the full package installed/didn’t touch the routing table or tun device
21. tsujamin Mar 6, 2025 parent

    It’s pretty simple, I’ve not updated my package version in a while but iirc you give it a state directory, an auth key, and you get a Dial-like interface you can use with the stdlib http libraries
22. tsujamin Mar 5, 2025 parent

    The tailscale.com/tsnet package in Go [1] is really useful if you've not looked at it before: you can make single binary HTTP or whatever servers that are only exposed inside your tailnet.

    Their golink project [2] is a good example (and useful itself), but I've used it to build "peer to peer" comms for one application, and to host an API and Svelte SPA to control some other things in a tailnet.

    [1] https://pkg.go.dev/tailscale.com/tsnet

    [2] https://github.com/tailscale/golink

23. 14 points Mar 4, 2025

    Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia?

    4 comments tsujamin zetter-zeroday.com
24. tsujamin Feb 22, 2025 parent

    You’ve still got a couple days to download (DRM’d) copies of the books before they remove that option!

    I just finished importing mine in Calibre and converting them all to epub

25. tsujamin Feb 10, 2025 parent

    Necessary quote from my favourite movie

    > Dr. Josh Keyes: The core is the size of Mars. You're talking about jump-starting a planet. This is a superheated hyper-fluid of molten iron and nickel at 9,000 degrees Fahrenheit. And the deepest we've ever been is... 7 miles, with a two-inch drill bit. Space is easy. It's empty. We're talking about millions of pounds of pressure per square inch. Even if we somehow came up with a brilliant plan to fix the core, we just can't get there.

    > Dr Conrad Zimsky: ...But what if we could?

    [1]: https://www.imdb.com/title/tt0298814/

26. tsujamin Feb 9, 2025 parent

    Annecdotal, but some of win32k.sys got ported to rust. If you run a search for win32*.sys you’ll see the way it’s been split.
27. tsujamin Jan 28, 2025 parent

    More like compiling a bunch of github projects written by hackers is a pain in the ass, so “make me an ec2 with Kali” is more cost effective
28. tsujamin Jan 26, 2025 parent

    You mean Microsoft Atom? Jokes aside, a lot of the platform security work (VBS/ the secure kernel) is pretty novel

This user hasn’t submitted anything.