Bread and Puppet Theater is still working to 'make the revolution irresistible' The decades-old radical troupe Bread and Puppet, famed for its protest art including giant puppets, is touring again — mixing circus, politics and bread in a sharply polarized moment.

The decades-old radical troupe Bread and Puppet, famed for its protest art including giant puppets, is touring again — mixing circus, politics and bread in a sharply polarized moment.

Does it make sense only for each user to be able to authorize access to a users data? Dunno if that's even possible in the open model that AT proposes.

Can someone explain who hosts the data, who pays for the hardware and how is it secured?

AT feels like a fundamental shift back to what the internet use to be

"The AT protocol is fundamentally an abstraction over HTTP, DNS, and JSON. But by standardizing how these pieces fit together—putting the user in the authority position, separating identity from hosting, and making data portable"

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

RFC 9842 is HTTP Compression Dictionary Transport -- this is a big one!

Congrats @Yoav and @PatMeenan ! https://www.rfc-editor.org/rfc/rfc9842.html

crates.io: Malicious crates faster_log and async_println | Rust Blog Empowering everyone to build reliable and efficient software.

The crates.​io team was notified of two malicious crates (with similar names as legitimate crates) which were actively searching file contents for Etherum private keys, Solana private keys, and arbitrary byte arrays for exfiltration.

See the blog post for details: blog.rust-lang.org/2025/09/24/c...

Congress eliminated public media funding. At a time of deep division, public media brings us together.

Help keep it strong. Join our monthly donors today: n.pr/458sOhq

Cloudflare Introduces Default Blocking of A.I. Data Scrapers

How to be classy, how to be cute, how to actually walk the walk...

Love you for this, @cloudflare.social ❤️

www.nytimes.com/2025/07/01/t...

Its nice being able to rely on on GrapheneOS to provide sane and secure defaults. Ty!

Wondering if @grapheneos.org prevents this with its sandboxing. Also if WhatsApp was also affected.

Gold. Keep on being a broken record because its possible to develop intuition of this after sometime working with complex systems, but its really not obvious.

"I have strong domain knowledge... Could be very clear with the prompt"

I get the sense that for now this is a perquisite for effective AI use.

I have had mixed results using AI but can see the appeal.

On one hand it was able to complete the task (create a simulated network for testing) and explain complicated concepts. On the other hand it was misquoting RFCs and confidently providing bad info.

Covert Web-to-App Tracking via Localhost on Android We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps…

I usually get where big tech is coming from but this is just malicious tracking. If you're an engineer and you're asked to implement something like this, it's time to whistleblow.

I hope the IE DPA will look into it.

Anyway, Local Network Access (github.com/explainers-b...) can't come soon enough.

The nice thing about writing a book is you can go out and check all those details you just kind of think you know from memory. For example, here’s how OpenSSL prevents compilers from optimizing key zeroization out of their code.

Picture of me advertising the event

"Nuits sonores Lab is opening a discussiong with Meredith Whittaker, president of the Signal Fooundation, the worldwide messaging application renowned for its data protection and co-founder of the AI Now Institute. During this conversation, Meredith Whittaker will present her critical reflections from her position at the heart of tech, from the ethics of AI, to online privacy, social networks, and internet governance."

Tomorrow, Thur May 29, Nuits sonores, Lyon France!

I'm coming dance, I'm coming to party, I'm coming to eat, but first I'm sitting down to talk about tech, privacy, Signal, and what it takes to make a world worth living in <3

Check out this cool shit

The AWS team published a key-committing variant of XAES (https://words.filippo.io/xaes-256-gcm/

Still FIPS-compliant, and with a proof.

Key commitment ensures the ciphertext can only be decrypted with one key, to avoid issues in higher-level protocols.

https://eprint.iacr.org/2025/758.pdf

The Cloudflare Protocols team is hiring for a number of roles! Come work… | Lucas Pardue The Cloudflare Protocols team is hiring for a number of roles! Come work with me and my awesome manager Michelle Torres 🏳️‍🌈. We&#39;re looking for experienced mid-level and senior engineers to go d...

My team at Cloudflare are hiring mid-level and senior engineers to help us go deep on network protocols (HTTP, QUIC, TLS etc.) as we build and deploy our new Rust-based proxy.

More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...

Wyden sends a letter to the DoJ about TeleMessage. Can’t wait to see what happens! www.wyden.senate.gov/imo/media/do...

ConflictSync: Bandwidth Efficient Synchronization of Divergent State State-based Conflict-free Replicated Data Types (CRDTs) are widely used in distributed systems to ensure high availability without coordination. However, their naive synchronization strategy - transmi...

In this ongoing work, we provide a bandwidth efficient solution to State-based CRDT reconciliation with no need for external metadata. We leverage recent developments in set reconciliation after decomposition of CRDT states into sets. Findings also improve general set synch. arxiv.org/abs/2505.01144

Public media is under threat. Millions depend on the NPR Network every day. Silencing journalism is one way to silence truth and erode the power of the people. Donate now.

A few days ago, President Trump issued an executive order seeking to block all federal funding to NPR, the latest in a series of threats to media organizations across the country.

Here's something counterintuitive to non-practitioners: curve P-521 is often less secure in practice than curve P-256.

The latter is more popular, and so better tested. The risk of implementation bugs dwarfs the risk of partial cryptanalysis of ECC, so picking P-521 optimizes for the wrong thing.

@grapheneos.org is what I have been running for multiple years now to de-google my phone. A nice side effect is the battery life improves when google play services is not constantly running in the background.

Installation instructions are quite easy and it just works.

BurntSushi jiff Experience Reports · Discussions Explore the GitHub Discussions forum for BurntSushi jiff in the Experience Reports category.

I am planning to release Jiff 1.0, a datetime library for Rust, this summer. After that, I do not plan to make breaking changes, possibly indefinitely.

I would LOVE LOVE LOVE more experience reports before stabilizing Jiff. Tell your friends.

github.com/BurntSushi/j...

Changes a language in what ways? For worse I assume? Also is there a standard or set of standards that languages use?

Hot take: The existence and ubiquity of Cargo is just as consequential, if not more so, to real-world productivity vs. C/C++ than anything regarding Rust's type system or borrow check.

The former isn't nearly as fun to argue about on message boards, though.

Reviewing the Cryptography Used by Signal - Dhole Moments Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…

Currently reading the blog post series "Reviewing the Cryptography Used by Signal".

Learning a lot and turning out to be my new favorite blog.

soatok.blog/2025/02/18/r...

#cryptography

It seems likely that there will be a RUSTSEC advisory for `humantime` being unmaintained.

This is a reminder that Jiff should cover all of the use cases of `humantime`. Specifically, its friendly duration format was specifically designed with this in mind: docs.rs/jiff/latest/...