guest - flak

near match fast lockout

My phone decided it didn’t like my face and wouldn’t let me log in. Unusually, instead of giving me some retries, it immediately locked me out, requiring a passcode. At first I thought this might be a security measure, but I’m pretty sure it was just a glitch. However, it’s an interesting possibility for an authorization system. Fast lockout after a near match.

Continue reading near match fast lockout...

Posted 2019-01-15 03:24:24 by tedu Updated: 2019-01-15 03:30:10
Tagged: security thoughts

de facto vs de jure maintenance

Some thoughts on cowboys vs conservatorships after reading De-facto closed source: the case for understandable software. I can’t say I disagree with anything there. Software is too complicated and should be simpler. There is, however, an angle which wasn’t examined. Or at least an alternative that wasn’t fully explored, which is to trust authors in a way which works.

Continue reading de facto vs de jure maintenance...

Posted 2018-11-30 19:11:31 by tedu Updated: 2019-01-24 02:38:07
Tagged: software thoughts

comparative truthiness

When comparing two things, it’s easy to make a claim relating them. This one is longer. This one is stronger. This one is older. This one is bolder. (This one sounds like Dr. Seuss.)

Continue reading comparative truthiness...

Posted 2017-12-19 18:09:52 by tedu Updated: 2017-12-19 18:09:52
Tagged: thoughts

fifty years ago

Fifty years ago today, Burt Munro rode a motorcycle really really fast. Setting a world record that has stood for fifty years, working by himself on an ancient machine, required quite a bit of dedication. There’s a movie version of the story, The World’s Fastest Indian, which is perhaps a bit simplistic and of course dramatic, though still more or less accurately capturing the idea of perseverance. Real life Munro was apparently quite a bit more difficult than the ever cheerful Hopkins, but I suspect that helped too.

Continue reading fifty years ago...

Posted 2017-08-26 19:08:23 by tedu Updated: 2017-08-26 19:08:23
Tagged: thoughts

moving to https

The time has finally come to switch everything to https. Actually, I’ve been using https for a while, but now it’s time to inflict, er invite, everyone else along for the ride.

Continue reading moving to https...

Posted 2017-07-18 15:12:45 by tedu Updated: 2017-07-21 22:29:02
Tagged: flak security thoughts web

books chapter three

How big is the ideal team? How do we organize it?


Douglas Crockford, inventor of JSON. At the time of the interview, a great battle was being waged between standardization of ES4 vs ES3.1, which became ES5. He learned to program long ago, when memory was small and CPUs were small, which required a lot of effort to make things fast. “Eventually we got over that, so today we’re writing big applications in JavaScript that run in a browser. It’s such a profoundly inefficient environment compared to the stuff that we used to do, but Moore’s Law sort of made it all OK.” Sort of OK sounds about right. People do it and it does work, but not so well I don’t complain about it.

Continue reading books chapter three...

Posted 2017-07-07 19:24:27 by tedu Updated: 2017-07-07 23:41:59
Tagged: bookreview thoughts

books chapter two

Moving on, getting in to some good stuff.


Brad Fitzpatrick has never lived in a world without the Internet, founded LiveJournal, and says lots of things I agree with, so he must be really smart.

Continue reading books chapter two...

Posted 2017-06-30 19:28:10 by tedu Updated: 2017-06-30 19:28:10
Tagged: bookreview programming thoughts

books chapter one

I wanted to read, or reread, some books, but couldn’t decide which ones, so figured reading all of them at once would be the best solution. In particular, I’d read Coders at Work about the time it came out, and liked it, then skimmed it again recently. The second time through I still liked it, but I noticed new things. I should reread the whole thing. And what about these other books I’m always certain to install on each Kindle but never quite read? My favorite unread books.

Continue reading books chapter one...

Posted 2017-06-23 15:55:11 by tedu Updated: 2017-06-23 15:55:11
Tagged: bookreview programming thoughts

missing features as features

Whenever I plug an external monitor into my laptop, nothing happens. Then I run xrandr, and gears turn, and displays appear. Not too surprising. Whenever I unplug an external monitor, nothing happens. Then I run xrandr, gears turn, and all those hidden offscreen windows come screaming back. This is absurd, right? Shouldn’t my desktop software be, I don’t know, desktopping?

Continue reading missing features as features...

Posted 2017-03-03 19:04:28 by tedu Updated: 2017-03-03 19:04:28
Tagged: software thoughts

colliding, fast and slow

I found it hard to locate a good reference explaining how various hash attacks apply to password hashing. Somebody might reasonably ask how the SHA1 collision, or an extension thereof, would apply to bcrypt. Can bcrypt have collisions? It’s a strange question if you know the answer, but knowing that much requires synthesizing a fair bit of knowledge that’s not all in one place.

Continue reading colliding, fast and slow...

Posted 2017-02-28 22:38:41 by tedu Updated: 2017-03-05 19:12:50
Tagged: security software thoughts

1000 links later

Some reflections on life, the universe, and everything after posting 1000 links to inks. I started inks on a lark because one day I was annoyed with HN or Lobsters or something and it seemed easy enough to make my own cooler version, but there wasn’t much of a mission statement. Maybe Daring Fireball but without the fucking Yankees. It’s been a few months and 1000 links is enough to notice some trends and evaluate results.

Continue reading 1000 links later...

Posted 2017-02-26 17:45:28 by tedu Updated: 2017-02-26 17:45:28
Tagged: thoughts web

features are faults redux

Last week I gave a talk for the security class at Notre Dame based on features are faults but with some various commentary added. It was an exciting trip, with the opportunity to meet and talk with the computer vision group as well. Some other highlights include the Indiana skillet I had for breakfast, which came with pickles and was amazing, and explaining the many wonders of cvs to the Linux users group over lunch. After that came the talk, which went a little something like this.

Continue reading features are faults redux...

Posted 2017-02-21 22:02:11 by tedu Updated: 2017-02-21 22:18:32
Tagged: security software thoughts

how to influence friends and win people

I rarely comment about politics, and rarely regret not posting, but this is one of those times I thought about saying something earlier and didn’t, and now I regret it. This should have been said months ago, but there will be more elections to come, so better late than never. It’s about talking to people, but don’t worry, it has nothing to do with respect.

Continue reading how to influence friends and win people...

Posted 2016-11-14 01:38:18 by tedu Updated: 2016-11-14 01:38:18
Tagged: politics thoughts

production ready

A few thoughts on what it means for software to be production ready. Or rather, what if any information is conveyed to me when I’m told that something is used in production. Millions of users can’t be wrong!

Continue reading production ready...

Posted 2016-11-11 20:11:29 by tedu Updated: 2016-11-11 20:11:29
Tagged: software thoughts

all that’s not golden

Several stories and events recently that in some way relate to backdoors and golden keys and security. Or do they? In a couple cases, I think some of the facts were slightly colored to make for a more exciting narrative. Having decided that golden keys are shitty, that doesn’t imply that all that’s shit is golden. A few different perspectives here, because I think some of the initial hoopla obscured some lessons that even people who don’t like backdoors can learn from.

Continue reading all that’s not golden...

Posted 2016-08-18 18:52:56 by tedu Updated: 2016-09-08 19:47:47
Tagged: security thoughts


Strolling through the book store, among the new titles on display in the politics section was Ratfucked by David Daley. What could this be about? The subtitle, The True Story Behind the Secret Plan to Steal America’s Democracy, conjured up images of telepathic lizard men so I passed it by. A little while later, though, I saw the New Yorker’s review and summary which sounds a lot better. It describes a plan to target particular districts in local elections, win control of the state, then aggressively gerrymander the map to ensure future victories as well. Of particular interest, the summary focused on some local Pennsylvania elections and the damned Arlen Specter library. Sounds great, this is worth a read. In fact, the cover image subtitle for the Kindle version, How the Democrats Won the Presidency But Lost America, is much more accurate and less sensational. (The book title is actually stylized Ratf**ked because the author is a pussy.)

Continue reading ratfucked...

Posted 2016-07-12 13:41:55 by tedu Updated: 2016-11-09 00:32:02
Tagged: bookreview politics thoughts

regarding embargoes

Personal thoughts. To each their own.

Yesterday I jumped the gun committing some patches to LibreSSL. We receive advance copies of the advisory and patches so that when the new OpenSSL ships, we’re ready to ship as well. Between the time we receive advance notice and the public release, we’re supposed to keep this information confidential. This is the embargo. During the embargo time we get patches lined up and a source tree for each cvs branch in a precommit state. Then we wait with our fingers on the trigger.

Continue reading regarding embargoes...

Posted 2016-05-04 14:04:17 by tedu Updated: 2017-10-17 21:18:24
Tagged: security software thoughts