Why?
08.03.2026 12:20
π 0
π 0
π¬ 1
π 0
Why?
On the plus side, LLMs donβt hold their noses at hard to read code like GnuPG (I remember your students complaining about it). dev.gnupg.org/T8044
I am not familiar with verified code. Is it common to have admit, lax and delayed proof statements? Great write up, thanks!
I gave our students two screenshots, one with a valid PGP signature and one with a signature by the attacker (also valid) where the signer had a different eTLD and a spoofed From: address. They complained it was too hard to spot .org instead of .de. We need sender validation for signed PGP emails!
Iβm sorry you had a bad exp. It absolutely can be, but at least for me thatβs rare. I prefer βcoordinated vuln. disclosureβ because it doesnβt imply other ways are irresponsible. Anyway I would hate to be boxed in one form of disclosure. Interests of stakeholders can be aligned, why not use that?
My experience: It's surprisingly usable. First result was within 5 minutes, fine tuning was done after two hours. Another two hours for adding convenience features, and a final hour for testing and cutting a release.
Main features: Filter by topics, keywords (from title and abstracts), text, or preference. Sort by number, title, score, preference. Show all abstracts or just one, show topics. Navigate and rank by keyboard. Undo and redo. Everything is stored in local storage (just reload the CSV and it's there).
A screenshot of a web page that shows a list of papers that can be filtered and searched, to enter review preferences for a HotCRP conference.
I vibe-coded hotcrp bidding helper with Claude. It's a single index.html (+2 JS libs from CDN). Preferences can be im- and exported via CSV. Topics/Keyword scores can be taken from your own publications (just drop in PDFs and run a script). Image shows fake data. Enjoy! github.com/lambdafu/hot...
When the AI wars come, we will wish the browser war back.
Now's your chance to participate in growing academic cryptography participation in the Middle East and North Africa region: the Africacrypt call for papers is out!
Submit your paper and come join us this July in beautiful Hammamet, Tunisia: www.africacrypt2026.tn/call-for-pap...
Anything in particular? I wouldnβt even know where to look for news and stories on that industry.
The decent thing would be to delete the inbox every afternoon before heading home. Then everybody has a fighting chance.
Over the past few months, I have left my comfort zone and begun working on Agentic AI systems. For that, I am now trying to fill several roles, so if that sounds like something you'd like to work on with me, please get in touch.
Submissions are now open for the SPIQE Workshop! Submit your work until 12th of March AoE! βοΈ spiqe.cool
At the gpg.fail talk and omg #39c3
You can just put a \0 in the Hash: header and then newlines and inject text in a cleartext message.
Wonβt even blame PGP here. C is unsafe at any speed.
gpg has not fixed it yet.
What are good alternatives?
We are just waiting for our AI token quota to reset.
At least they now know we didnβt withdraw our submission.
The university library MΓΌnster has a clear opinion on this matter. upload.wikimedia.org/wikipedia/co...
I strongly believe that AI will have a lasting impression on human to human communication. Expectations will be presented as prompts rather than as opportunities. The response to non-compliance will be reinforcement rather than reflection. And success will be judged by how well the recipient obeyed.
Announcing SPIQE 2026: 2nd Workshop on Secure Protocol Implementations in the Quantum Era, bringing together researchers and implementers to securely deploy PQC!
π Co-located with Euro S&P in Lisbon, Portugal, July 6-10, 2026
spiqe.cool
#SPIQE2026 #EuroSP #PostQuantumCrypto
Das erinnert mich sehr an die Arbeiten von Andy Goldsworthy!
When I met Hermann HΓ€rtig at Eurosys 2006 I talked to him about the relevance of formal verification in OS design and he just smiled and asked me if I can show that a user space program canβt escape to ring 0 (kernel mode) on the CPU. π²
Counterpoint: imagine an alternative world where the NSA truly believes that QC is possible within two or three decades. Could we observe the difference from the outside? And if no, which world is more likely?
I havenβt been in Paris for a long time. But I have been in Barcelona and although it is smelly and really crowded, I had no involuntary body contact there at all. People seemed to in general have more awareness of what is going on around them. Japan is wonderful, and a great inspiration!
Inside the train: People blocking free seats, playing loud music, talking loudly, drinking beer, coffee in a puddle on the ground. Iβm used to it (Iβve grown up here), but itβs just flat out awful. I think the trains would be better with a more open seat layout and strict, enforced no food/drinks).
And because trains share platforms, there are no markings to tell you where the train goes and where you can stand and wait. People rush to the doors and block the people trying to get out - itβs really annoying.
By far the biggest problem is the trains, though. Itβs nice that we have such a dense public transport system, but they all share the same rails, which causes congestion with famous delays. And if you miss one train, you have to switch platforms with all your stuff. Platforms can also change sudden.
Letβs not talk about the dirty ground. The Germans in my area are in general pretty badly behaved (shoving, running, letting your wheeled suitcase run ahead of you without holding it, taking loudly etc.) and there is just not enough workers around to keep things clean and people in check.
Itβs also insane that renting a little trolley for your bags costs 2.50 EUR. And of course you canβt go to the train station with it, so it is pretty useless anyway.