Share this page!

Thomas H. Ptacek Profile picture
Twitter logo
19 Jan, 4 tweets, 1 min read
Today is the deadline for questions to be added to the 2021 Oak Park village ballot and one of our anti-defund trustees just slipped a resolution to add “Should Oak Park defund its police department” to the ballot.
If that question hits the ballot it will almost certainly fail _dramatically_, so the pro-defund trustees basically have to vote against it. It’s probably too late for them to introduce a competing resolution with friendlier wording, too.
I don’t like the trustee that did this but I have to concede this was well played: defund supporters are going to end up voting against a measure to put the question to the voters in plain language, thus effectively conceding the unpopularity of the slogan.
My real point here being: you probably have a local election coming up in 2021 where your vote will be much more meaningful than it was in November, and with potentially bigger policy impact, and you should pay attention to local politics.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Thomas H. Ptacek

Thomas H. Ptacek Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tqbf

Thomas H. Ptacek Profile picture
18 Jan
Why does the Go standard library think an rcode of REFUSED is a temporary error of “server misbehaving”? I just REFUSED you.
(The Go stdlib appears to reconnect a _bunch_ of times on REFUSED, is why we noticed; switching REFUSED to NXDOMAIN fixes that problem.)
Another weird thing is that the Go stdlib flips out if there’s no Question record in an error response — it claims not to be able to unmarshal the message, doesn’t show the rcode, and reconnects.
Read 4 tweets
Thomas H. Ptacek Profile picture
14 Jan
This is extremely cool. The basic idea: WireGuard is just a network protocol, like any other, and you can drive it from unprivileged userland code… which means you can drive all of TCP/IP from unprivileged userland code, through WireGuard.
Why would you ever want to do that? Well, we expose services on Fly.io over WireGuard (and, for security, over no other interfaces) but not all of our users are going to install OS WireGuard.
But: all of our users have our (Golang) `flyctl` installed, and flyctl can do WireGuard via wireguard-go, and then userland TCP/IP, to be a client of a network service exposed over WireGuard, without installing WireGuard itself.
Read 4 tweets
Thomas H. Ptacek Profile picture
9 Jan
This is super smart, and it took me less than 4 minutes to do the same thing for Oak Park, the suburb in which I live.
Illinois makes it super easy to send FOIA requests to any municipality (just look up their FOIA officer’s email); it’s free, and they get just 5 days to respond (10 with a written extension) before you can sue and have them pay your legal costs if you win.
What I’m saying is, not a crazy project to just come up with every police officer in all of Chicagoland who took PTO during the riots in DC.
Read 4 tweets
Thomas H. Ptacek Profile picture
26 Dec 20
This paper is very cool: behavior oracles in interactive systems that reveal successful decryption can, with a bunch of different AEADs incl. GCM and Chapoly, discern which specific key was used in something resembling log k queries. eprint.iacr.org/2020/1491.pdf
It’s based in part on the idea of “non-committing AEADs”, which are, roughly, AEADs where the specific key used to encrypt isn’t encoded into the output. For something like GCM, this means it’s straightforward to generate K_1, K_2, and C which decrypts under K_1 and K_2.
I found Shay Gueron’s writeup on key committing AEADs to be pretty accessible (I’m just reading casually), with worked examples. eprint.iacr.org/2020/1153.pdf
Read 14 tweets
Thomas H. Ptacek Profile picture
16 Nov 20
Mudge is the new head of security at Twitter, which got me talking about cDc, hacking groups, cliques, and the distinctions between them. I mentioned 8lgm and TESO as examples of hacking groups best understood as hacking groups, unlike cDc.

Someone said: “never heard of them”.
This creates an opportunity for me to talk again about my favorite exploit of all time, unquestionably a part of the canon of our field.
The year is 1995 and BSD Unix runs the Internet. The most important hacking target is SunOS 4.1.3; every network you want to get on is running it somewhere, and often everywhere.

The most important SunOS security research group: 8lgm.
Read 19 tweets
Thomas H. Ptacek Profile picture
16 Nov 20
Kind of crazy watching the orange site, which believes I’m an NSA stooge, fall over itself arguing that publishing DKIM keys to provide deniable email would be a grave injustice, depriving “activists and historians”.
This is what happens when you have a culture that attempts to derive everything axiomatically, just moments after reading something. They forget that deniable messages are literally part of the premise of messaging cryptography. otr.cypherpunks.ca/otr-wpes.pdf
This is currently the top comment on the thread. Again: these people think I’m a shill for NSA.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @tqbf has new unrolls!

Check out other threads from @tqbf!

Read all threads by @tqbf