Accidents can happen in life. This might come in handy if you loose memory for some reason. It requires planning ahead though.

Very in depth review of the mess of a Matrix home server vide coded at Cloudflare... all the way to the blog announcing it. Unsurprisingly this didn't go well and they had to cover their tracks several times. The response from the Matrix foundation is a bit underwhelming, it's one thing to be welcoming, it's another to turn a blind eye to such obvious failures. This doesn't reflect well on both Cloudflare and the Matrix Foundation I'm afraid.

Are we surprised? Of course not... As soon as you backup the keys on someone else's server BitLocker can't do anything to ensure privacy.

Are you sure you want to trust that random project you got provided with? Really?

New packaging ecosystems bring their new attack vectors. This is definitely a teething problem which will need to be addressed soon.

Friendly reminder that securing APIs and secrets is a must. Not doing so can have really bad consequences.

If you needed a reminder about why you can't trust WhatsApp, this is a good explanation.

There are growing concerns regarding the Rust supply chain. It's still time to address them but it's became important to tackle this area.

What's the right way to manipulate secrets in your shell to avoid leakage? The answer definitely varies, here is the paranoid version.

Email encryption is indeed still an open issue. There's no fix in sight for it. It's mostly a lack of political will though, so none of the big players are going to change anything.

This looms like a handy help to check your email client is doing the right thing and is not leaking information.

This is definitely a bad one, there seem to be quite a few popular devices affected. And there might be more devices affected of course.

Interesting tool. Indeed very often people send PDFs with useless redaction in them. Better check first.

Always hated this notarization with a passion when I had to target Macs... One reason being that it felt fairly useless, and it's confirmed: it is pretty much useless.

An oldie now but still the best way to create a passphrase.

Indeed, we might want to use dev containers more widely in the profession. If you're developing something for the desktop you're out of luck though.

This is what you're signing up to with such ecosystems. Can't use those for backups even though people are led this way. Sure technically the data is safe on their infrastructure, but is your access to said infrastructure guaranteed? This gilded cage looks less like a gift when you loose access.

I keep being surprised at how common this kind of mistakes are. I probably shouldn't, it's actually kind of easy to fall into such traps.

TLS inspection software is indeed a very bad idea. You'd better not have them in your organisation.

This is now critical infrastructure in my opinion. It's nice to see how much progress was made.