~/paulderscheid.xyz /about /blog /perl /links /mail Links — #security Slightly safer vibecoding by adopting old hacker habits (Apr 26, 2026) Halvar Flake on bringing classic infosec discipline — checksums, sandboxes, careful diff review — to the new era of LLM-assisted code. #ai #security #essays AI cybersecurity is not proof of work (Apr 26, 2026) antirez argues that volume of LLM-generated security findings is meaningless unless the false-positive rate keeps pace with human triage capacity. #ai #security #essays GnuPG 2.5.19: post-quantum crypto in mainline (Apr 26, 2026) Announcement of the first GnuPG release with post-quantum primitives in the mainline branch — a quietly significant moment for OpenPGP. #news #security Sudo for Windows (Apr 26, 2026) Microsoft's official sudo port. Surprising in 2024; useful in 2026. #security #tools Little Snitch for Linux (Apr 26, 2026) Objective Development bring their per-app outbound firewall to Linux — long-time Mac users have been waiting for this for years. #privacy #security #tools German EUDI Wallet will require an Apple or Google account (Apr 26, 2026) The architecture spec for Germany's national digital identity wallet pins trust to the two phone-OS vendors instead of the citizen. #politics #privacy #security A stable Firefox identifier linking your private Tor identities (Apr 26, 2026) Fingerprint.com found that Firefox and Tor's IndexedDB ordering is stable across private windows — enough to fingerprint a user across origins. #privacy #security #web You can't trust macOS Privacy and Security settings (Apr 26, 2026) Eclectic Light Co. demonstrates how to access privacy-protected folders even when System Settings claims they're locked down. #essays #privacy #security BrowserGate (Apr 4, 2026) LinkedIn is quietly scanning your browser extensions — a privacy investigation. #security Bucketsquatting Is Finally Dead (Apr 4, 2026) How cloud providers finally closed the S3 bucket squatting attack vector. #security Good Bad ISPs (Apr 4, 2026) Tor Project's community-maintained list of ISPs and their friendliness to relay operators. #security AirSnitch: Breaking Client Isolation in Wi-Fi Networks (Apr 4, 2026) NDSS research paper on demystifying and exploiting Wi-Fi client isolation mechanisms. #security enject (Mar 1, 2026) Keeps .env secrets in encrypted local stores, injecting them at runtime without plaintext on disk. #security #tools Goodbye innerHTML, Hello setHTML (Mar 1, 2026) Mozilla introduces the Sanitizer API and setHTML for safer DOM manipulation in Firefox 148. #web #security Large-Scale Online Deanonymization with LLMs (Mar 1, 2026) Research on how LLMs can deanonymize users from writing style at scale. #privacy #security #ai Please, please, please stop using passkeys for encrypting user data (Mar 1, 2026) Why using passkeys with PRF for encryption is dangerous and premature. #security #web Nepenthes (Feb 7, 2026) A web tarpit for AI scrapers. Generates infinite pages of Markov gibberish to waste crawler resources and poison training data. #security #ai vet - safety net for curl | bash (Jul 24, 2025) Inspect, diff, and lint remote scripts before executing them. A safer curl | bash. #tools #security < all links