tl;dr “in app” browsers a la the ones used by apps like Facebook and its ilk are ridiculously unsafe.

Incidentally, this is just the modern version of an already-fought battle from the 90s-early-2000s. It was bad then and it’s still bad now.

Tanks for that.

Apparently tank games are such serious bizness people are prepared to leak state military  secrets to “win” internet arguments about them. Multiple times.

Bet that’s not in your Department of Defence’s risk assessment, ay?


Open source software seems like a great idea until you realise maybe it’s not . . .

Very slow and incredibly loud.

Why do suspension bridges have stranded cables not solid rods? The major reason is that solid rods would fail suddenly and catastrophically, whereas stranded cables fail slowly and make alarming noises while they do. We build software systems out of solid rods; they fail abruptly and completely. Most are designed to perform their tasks as fast as possible, so that when they are compromised, they perform the attacker’s tasks as fast as possible.

David Rosenthal on failure.

This is actually from a talk about the externalities of cryptocurrencies, which is worth watching and/or reading in full.

SSL is still terrible, pt. 128.

Once upon a time, when I was a wee babe, I had a course trainer explain to me what SSL was actually, originally for, and I could never take it seriously ever again . . .