Show newer

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

Today I saw a student present a bogus police citation as an attendance excuse, then watched the whole thing blow up in their face when the prof called the police department on the spot to verify. Amazing 20 minutes, will never forget.

This is a reminder that Amazon is discontinuing their Kindle magazine subscriptions. This is going to have a significant impact on our bottom line (and future). If you are currently subscribing on Amazon, please read this:

And if you aren't currently subscribing, this would be a great time to start. If you subscribe direct, you can lock-in our current monthly price. Subscriptions starting after September will be more expensive.

Some people I recently followed that have been posting extremely high-quality content:



Conference organizers: it is not safe for your trans participants to go to a conference in Kansas because they can no longer safely and legally pee there. Florida is likely to do the same soon. And maybe in the future any state without positive protections in law already in place.

Pick your future venues carefully and ask for escape clauses in your venue contracts should anti-trans laws be passed.

Burning the candle at both ends? Cut that shit in half. Boom, two more ends to burn.

American Public Media Group has also announced that they are suspending the use of Twitter in an e-mail to current/previous donors

"After much discussion, we concluded that continued use of the social media platform Twitter by our organization was contrary to our mission and core values. Instead of being a neutral and efficient channel for serving the public, Twitter is now actively aiming to undermine the integrity of public media organizations like ours.

All of American Public Media Group’s channels will cease to post and engage on the Twitter platform at this time. The decision will be effective immediately, but we expect winding down use of the platform will take several weeks, primarily due to some of our contractual obligations.

The decision to leave Twitter was neither simple nor easy. It was instead the product of much discussion. In deciding to label public media organizations as “state affiliated,” then “government funded,” then “publicly funded” over a week period, Twitter inaccurately describes what public media is and does. That inaccuracy undermines the value of what our employees do for people and their families: providing accurate, unbiased journalism and information about our country and the world."

3000 BCE: Imagine talking to someone anywhere in the world
1000: Imagine talking to someone anywhere in the world
1400: Imagine talking to someone anywhere in the world
1800: Imagine talking to someone anywhere in the world
2007: Nice! My first cellphone! 📱
2020: *Declines Call*

It was pointed out to me that Leon Henkin's PhD thesis, "The Completeness Of Formal Systems" is not digitized or easily available, and the UC libraries had a copy.

So I have scanned it and posted it to

Because it is old and faded, and in parts handwritten, the OCR isn't very accurate.

According to everything I have read it should be in public domain as it lacks a copyright notice and was published in 1947. So hopefully I don't go to jail.

And on the topic of obscure mid-century analog electronic instruments that are still useful, behold the Potomac Instruments FIM-41 field intensity meter. This handsome device, resembling a large lunchbox, is designed to precisely measure the RF field strength of AM (MW) broadcast radio stations, for maintenance and compliance with FCC rules. (Mine was purchased surplus from the FCC). The lid, when opened, serves as a directional loop antenna, allowing quick setup in the field.

Everyone’s linked to the NYT piece on the hideous environmental/economic cost of Bitcoin mining:

The question: What to do about it?

Suggestion: Every public agency (mostly but not entirely in the USA) that holds significant Btc (mostly seized from criminals) co-ordinates to set a D-Day where D stands for “Dump”. That day, they all go and sell their Btc for fiat at any price whatsoever.

That might just solve the problem right now. Because the liquidity ain’t there.

Seeing people post positively about Substack now that it's challenging Twitter.

Reminder: Substack is also centralised. Worse, the business model is basically to take what would once have been blogs and paywall them as premium 'newsletters'.

Substack is not a friend of the open web.

the abbreviation "sic" comes from the Latin, and is used to indicate that the word or phrase preceding it was fucken sick

No surprise that Kent Beck's article "Thinking about Code Review" has an excessively good value:words ratio. His point about incentives of pull-requests is spot-on, and I really like this quadrant.

So sad to hear about Bob Lee. He was an incredible coworker, leader, and friend. So much of Square and Cash App engineering culture is directly linked to him, and certainly our propensity for using and releasing open source software.

One of the main reasons I joined Square back in 2010 was the chance to work with the famous Bob Lee. Part of me was braced for a "never meet your heroes" situation, but I shouldn't have been worried. Anyone lucky enough to have known Bob can tell you what a warm, intelligent, enthusiastic, and genuinely generous person he was. He taught me so much in our time together, and his loss is a devastating blow to our entire community. Goodbye, Bob.

💚 Bob was a kind person who lived more life in 43 years than most would do in 430. I will miss him and his magic.


Show older

A Mastodon instance for programming language theorists and mathematicians. Or just anyone who wants to hang out.