The economics of buy vs build sure are going to start getting warped as the ability of coding agents hits orbit

Strong start to 2026

The “AI as a junior engineer” maps well to building agents. Via prompts (here’s what to consider) and sub-agents (the key phases/modes of thinking we will be in) I feel like I’m teaching TAOSSA to a newly joined security engineer

I’m delightfully surprised how well 99% of people behave at 4-way stop signs.

I’m interested in what drives this behavior in contrast to most situations where self-interest rules

If you were in favor of providing law enforcement access routes into your encrypted data during the Biden administration, have you changed your mind?

I'm curious how the "This will only be used with due process and legal authority" perspective is holding up in the era of DOGE.

My first car was $100 and I can’t stop comparing things to how many 1985 corollas it costs. I should probably at least update it for inflation to be intellectually honest.

The unseen world of 3d printing at 1000fps! YouTube video by Lost In Tech

Wanna see what 200GB of raw footage makes around here?

youtu.be/S9EWITrwcqU

I got Linux running in a PDF file using a RISC-V emulator.

PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.

linux.doompdf.dev/linux.pdf
github.com/ading2210/li...

Also paying $150 and saying it can’t be disclosed until patched, which takes 9 months. Basically paying to keep mouth shut about exploitable bug.

As someone who's on both sides of this one, it's a no-brainer: Disclose and then the clock starts. Threat actors aren't bound by NDAs or 3rd party intermediaries and neither are security researchers. Coordinated disclosure is in every company's interest, but if they refuse, that's on them.

(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?

Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php

Soft deadline is Feb 1st.

It’s truly phenomenal and inspiring what was achieved by skunkworks - I assumed the 1980s was a freewheeling Wild West lacking regulation and rules.

Certainly does a rug pull on notions of “I could do .. if only ..”

When you can’t do awesome things, because of crushing bureaucracy I’ve sometimes bumped into people who bemoan their broken company cultures with varying degrees of self-awareness. Around 2007, a then-customer heard we were heading to Vegas to speak at BlackHat a…

Ben Rich in his book on skunkworks & the F117a: ~the unions would’ve killed us if they found out we wouldn’t hire bearded men. But osha demanded clean shaved faces due to safety concerns with the materials we used

This post by Haroon sent me down a rabbit hole: blog.thinkst.com/2019/02/when...

Give them a 10gb CSV of system logs and tell them to find the most likely series of events that indicates a compromise.

It’ll take 25 seconds to realize they need to code.

Zero trust is coarse grained, so it’s not an end goal but rather step 1. Step 2 is extending the model to do fully context-aware fine grained (object-level) access. Step 3 isn’t clear, but will be once we’re seeing attacks against step 2.

I’m pretty sure I’m young and hip but also pretty sure a lot of security people don’t remember wardriving with PCMCIA cards and debugging bad drivers in a moving car

Wardriving over IP

Now, even microblogging platforms will be a partisan choice!

I foresee no problems whatsoever that this could cause to the fabric of society and our understanding of one another.