Thomas H. Ptacek Profile picture
Fear not the obstacles in your path, for fate has vouchsafed your reward. @tqbf@infosec.exchange
Oct 12 11 tweets 3 min read
I feel like there's a "next Google" thing happening with Internet-scale LLMs and part of it is because I find myself using them more than Google but the "next" part is because it never made any sense to argue or cajole Google and that works with LLMs. A true advance. Image You can also ask ChatGPT "why does anybody like Roxy Music they sound like a Eurovision band" and it will say "I see where you're coming from" and then give reasons. I love it so much.
Jul 24 21 tweets 4 min read
In 1917, the Supreme Court in Buchanan v. Warley struck down Louisville's zoning laws, which explicitly restricted Black families, on the basis of the 14th Amendment. 1917 is very early in the history of American zoning. Oak Park, where I live, enacted zoning in 1921, and it was a novelty; newspaper articles described it as one of the first comprehensive zoning systems in the nation. Image
Dec 1, 2022 4 tweets 1 min read
What the possible fuck bugs.chromium.org/p/apvi/issues/… I mean obviously OEM platform certs getting compromised is very bad, but this is an extremely WTF way to find out about it!
Oct 23, 2022 4 tweets 1 min read
Opening of Ronin. De Niro walks behind the cafe, cases the joint, hides his gun behind some milk crates. Why? Nobody’s patting him down. It’s a cafe! Why not just go in strapped? This first car chase is great, Stellan Skarsgard riding along in the passenger compartment of an iPhone 4 directing the whole thing.
Oct 23, 2022 4 tweets 1 min read
S’mores? Seriously? British friends: do you really not have graham crackers?
Oct 21, 2022 15 tweets 3 min read
DNSSEC on the orange site front page, so there’s my morning. I wrote a long thing there, if you want to go track it down. About 8 years ago I collected all my arguments against DNSSEC (DNSSEC is bad) into a single blog post, “Against DNSSEC”. It’s on HN this morning, but you can just read it here: sockpuppet.org/blog/2015/01/1…
Oct 10, 2022 5 tweets 2 min read
If I asked 100 people to tell me what this app does, “bank” would come in last, after “social network”, “dating site”, “new phone”, and every other kind of app ever made. But, nope: the answer is “bank”. Image This is like that episode of The Office where Ryan adds a social network to Dunder Mifflin Infinity. You’re chatting with your friends, you’re talking about the latest music, about the election; all of it is happening in their virtual bank. Image
Oct 8, 2022 5 tweets 1 min read
They actually bake in Mexico! It’s a whole thing! Chicago is full of panaderías! I thought they couldn’t get worse in the showstopper challenge but then someone busted out the “sweet corn” because it’s “Mexican”.
Oct 8, 2022 7 tweets 1 min read
Holy shit, this “Mexican Week” episode would be an excellent one to have an American expat baker on for. Prue talking about how Mexico is so vibrant and full of color and then you hear front across the tent someone yelling “what the fuck are you saying”
Sep 28, 2022 20 tweets 4 min read
Matrix is not the first group chat system to have this basic flaw, which is apparently non-obvious: if you can’t securely control group membership, the cryptography doesn’t much matter. Nobody ever gets multi-device group messaging right. Here’s an example of it going spectacularly wrong:
Aug 15, 2022 4 tweets 1 min read
A few months ago we did a preview release of Fly Machines, our API for quickly starting/stopping VMs. Here’s a neat application of it: quickly booting an in-cloud instance of VS Code and deploying from it. fly.io/blog/remote-id… We build Machines because we’re growing out of Nomad (which is excellent; think Flask to K8s’s Django). For our own infra, we wanted finer-grained control over VMs than Nomad wanted to give us.

But you build something like this and get to play with it and other uses pop out.
Apr 25, 2022 4 tweets 1 min read
A pretty foundational, far-reaching belief I have about end-to-end encryption is that building systems that have complicated, expensive, impractical-seeming loopholes mostly serves the surveillance state, whose real objective is expanding their budget, not reading your DMs. In other words: by making it harder for state-level adversaries to read your DMs, you can be doing them a favor; they’re not spending their own money to build the incredibly wasteful and complicated intercept systems that’ll spring up in response to almost-good-enough E2E.
Apr 20, 2022 8 tweets 2 min read
Welp. It’s the crypto bug of the year. Mark it down for April. Java 15-18 ECDSA doesn’t sanity check that the random x coordinate and signature proof are nonzero; a (0,0) signature validates any message. Breaks JWT, SAML, &c. neilmadden.blog/2022/04/19/psy… These are my very most favorite crypto bugs and are endemic to asymmetric primitives (similar things happen in SRP and DH).
Jan 11, 2022 5 tweets 1 min read
An orange comment suggests that the infamous “” (the premium software companies charge to link up your single sign-on) is a “dark pattern”. I strongly object. Words mean things.sso.tax The SSO tax exists because it’s a super-effective market seg signal. Overwhelmingly, the companies that need SSO are the least price-sensitive customer cohort. This is 101: charge price-insensitive customers more, so you can charge price-sensitive customers less.
Dec 29, 2021 8 tweets 2 min read
Sort of telling that SSO keeps coming up as a potential killer web3 app; it’s maybe the least promising use of blockchains you could come up with. There are two major use cases for SSO: retail/end-user sign-on to random apps around the Internet, and corporate SSO. SIWA and Google are excellent fits for both, and blockchain for neither.
Nov 29, 2021 6 tweets 2 min read
Ha! This DNSSEC Internet Draft thanks me by name. datatracker.ietf.org/doc/html/draft… This is the funniest fucking thing.
Nov 29, 2021 8 tweets 2 min read
A many-splendored infrasec disaster. Count all the ways DNSSEC sabotaged this infra team. DNSSEC quietly changes the behavior of resolvers even before we get to signature checking — they stop honoring CNAMEs at zone apexes. Even before you push the DS record that “links” your zone to the USG’s PKI. Of course! Who would think otherwise.
Jun 8, 2021 15 tweets 3 min read
This, as they say, is “a take”. I don’t even know what to say.
Jan 19, 2021 4 tweets 1 min read
Today is the deadline for questions to be added to the 2021 Oak Park village ballot and one of our anti-defund trustees just slipped a resolution to add “Should Oak Park defund its police department” to the ballot. If that question hits the ballot it will almost certainly fail _dramatically_, so the pro-defund trustees basically have to vote against it. It’s probably too late for them to introduce a competing resolution with friendlier wording, too.
Jan 18, 2021 4 tweets 1 min read
Why does the Go standard library think an rcode of REFUSED is a temporary error of “server misbehaving”? I just REFUSED you. (The Go stdlib appears to reconnect a _bunch_ of times on REFUSED, is why we noticed; switching REFUSED to NXDOMAIN fixes that problem.)
Jan 14, 2021 4 tweets 1 min read
This is extremely cool. The basic idea: WireGuard is just a network protocol, like any other, and you can drive it from unprivileged userland code… which means you can drive all of TCP/IP from unprivileged userland code, through WireGuard. Why would you ever want to do that? Well, we expose services on Fly.io over WireGuard (and, for security, over no other interfaces) but not all of our users are going to install OS WireGuard.