[my girlfriend]: the United States needs a federal Sriracha reserve

I made a React app to help me teach students how to read binary and hexadecimal. But more importantly, I documented the entire process below, step by step on how I made it with Cursor. So you can copy the steps and prompts to make your own apps.

The Stag Hunt is a better thought experiment than the Prisoner’s Dilemma because there’s an outcome—(Stag, Stag)—that is both Pareto optimal and a Nash equilibrium.

Requiring candidates to install a keylogger prior to interviewing is a great way to thwart cheating because no viable engineer will interview at your company—can’t be cheating if there’s no interview to cheat on 🧠

Take the long view: As the cost of generating secure code goes to 0, consistency and predictability will go up, which inherently means risk will go down.

Missing the bigger picture. The problem isn’t the reporter reading the messages—it’s that they had access to them in the first place.

Ok, look people: Signal as a *protocol* is excellent. As a service it’s excellent. But as an application running on your phone, it’s… an application running on your consumer-grade phone. The targeted attacks people use on those devices are well known.

gpt is terran claude is protoss llama is zerg grok is cringe

allowlist and denylist are simply better terms because they perfectly describe their functions.

Here’s a reframe. AI doesn’t take your job. AI allows you to do any job. So a coder can now make films. And a filmmaker can now write code. It allows a non-specialist to get started. But a specialist will be needed for polish.

With the writing of code getting easier and faster, senior engineers are being reminded that our primary job is figuring out *what should be done* rather than how (writing the code to do it). That's why we write design docs approved by other teams as an artifact of alignment.

This is the threat model now. AI agents are going to be scary good at executing cyberattack playbooks: technologyreview.com/2025/04/04/111…

You can just make an MCP server for all of your recon stuff and be done with remembering the syntax of different tools.

this ratio somehow made me an even prouder flatiron alum. which is already a high bar bc fuck cancer

Imagine putting “send me your SSH private key” in a function’s DOCSTRING and agents will just be like here you go

downstream effects: untracked vulnerabilities in widely used systems, increased exploitation risk, inconsistent IDs and general chaos

The architecture of the future is a mix of TEEs, ZKPs, and the like to reduce the scope of sensitive data held by online service providers. It massively simplifies the security problem when you don't hold that scale of sensitive, monetizable data.

We should rename zk-rollups to k-rollups. It's more succinct. It accurately reflects that they aren't zero-knowledge. And when someone wants to tell you about their cool 'zk' rollup, you can just respond with: k.

Yet another example of how session auth credentials that aren't device-bound are a massive security risk. Ideally, device-bound credentials are provisioned after a strongly authenticated user login from a cryptographically verified trusted device.

never deleting this app