Share this page!

Matthew Green Profile picture
Twitter logo
25 Nov, 4 tweets, 1 min read
I still don’t understand why “let’s make system RNGs fast and insecure in case someone wants to run a Monte Carlo simulation” was ever considered to be anything other than the dumbest of all possible thoughts.
Apparently there is this huge population of language/OS users running Monte Carlo simulations and THEIR LIVES WILL BE UTTERLY RUINED if those simulations run slow.
I mean if I’m doing statistical simulations and the built-in system PRNG is slow, what’s the impact? I guess I’ll have to spend the 10 minutes copy/pasting the Mersenne Twister off Wikipedia. Seems pretty non-devastating.
Meanwhile every security system in the world is in a constant state of existential semi-brokenness because even expert developers are unable to navigate around the sarlacc pit of broken system RNGs. But yeah, prioritize the Monte Carlo folks, yeah.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

Matthew Green Profile picture
12 Nov
I headed over to the Home view to see why tech Twitter has gotten so much lamer, and it’s all people speculating on when Bitcoin will hit 100K.
So henceforth this account will just speculate on the Bitcoin price.
I’ve been using Latest Tweets for a couple months now and switching back to Home is like going home to find your parents have turned your bedroom into a Taco Bell. ImageImage
Read 6 tweets
Matthew Green Profile picture
5 Nov
Many governments realize they’ve “lost” their chance to ban end-to-end encrypted messaging, but they also realize it doesn’t matter because unencrypted backups are much more useful.
So predictably the vanguard of the conversation has shifted away from E2EE (which is in many places a done deal) to device backups — which are still not widely E2EE encrypted.
I personally think that governments want to preserve unencrypted backups because it provides investigative capability. (Ie. they can subpoena Apple to get your texts.) And CSAM fear is just a tool that politicians are using to preserve this capability. But 🤷‍♂️.
Read 5 tweets
Matthew Green Profile picture
2 Nov
Good thread about the recent Unicode attacks and some previous work that predates it. I agree that citations could be improved. But I want to push back a little. 1/
What was interesting to me about the recent Unicode/Trojan attacks (link below) isn’t that Unicode contains some exploitable fluffery. *Of course* it does. Unicode is terrible. 2/ trojansource.codes
What was surprising to me is how many compilers, source management tools and IDEs were vulnerable to the attacks. I expected this from pomo languages like, say, Golang or Swift. But even compilers for ancient languages like C/C++ were happy to eat Unicode and not complain. 3/
Read 8 tweets
Matthew Green Profile picture
1 Nov
If the house has a spooky iron gate but the porch light is on, do you trick or treat? Image
You’d expect these houses just to be full of candy. Image
Ok this is extremely unacceptable people. Image
Read 6 tweets
Matthew Green Profile picture
29 Oct
“Hard drive”? You mean Dropbox, Overleaf, Github and Google Drive, right? I’m sure they’ll all keep my data forever.
Fortunately I’m clever and I’ve checked my Dropbox into Github.
I keep every academic project since 2003 in a directory named src2/. Why src2? Because six years and three laptops ago I somehow corrupted src/ and was afraid to overwrite it. In 2025 I anticipate an upgrade to src3/.
Read 6 tweets
Matthew Green Profile picture
25 Oct
Imagine creating a social media company and rigging the stock so nobody can ever depose you, and then *not* creating a giant candy factory staffed with weird and magical helpers.
Whenever I read about the exploits of Zuck I’m like SMH that’s what people who actually worry about their jobs do, you dumbass.
“Oh no, promoting voter info might make idiots think my company is politically biased, then we’d have a 4% drop in weekly engagement…”

Seriously, you could invent chewing gum that never loses its flavor and this is what you choose. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @matthew_d_green has new unrolls!

Check out other threads from @matthew_d_green!

Read all threads by @matthew_d_green

:(