Dave Farber, R.I.P.

@dangillmor Sigh.

Yuck—Signal is having "techical difficulties" now.

@willenck Yes, I've heard back from the chair. It also is not obvious to me that cispa.saarland — the hosting site — is the same as cispa.de.
Look—I know Python well enough that I can probably spot (most) dangerous things. But that isn't the point. A security conference should not be training people to run random stuff that an apparently authoritative email address sent them. I just finished writing something that includes the following two adages:

Never trust a URL in an inbound email or text message: It’s extremely hard, and sometimes impossible, to tell if it’s legitimate or not.
Trust nothing you receive: If you’re concerned about information you’ve received, use information you already have to contact the organization.

@usenixassociation I already did…

Dear @usenixassociation Security: this is a security conference. Are you seriously asking folks to download and run a 500+ Python program downloaded from a random site I've never heard of? If you really want people to use a PDF format-checker, install it as a web app on your web site.

@mattblaze Fimbulwinter

@20002ist @mattblaze Yup—there's even a Wikipedia page about that, complete with the Greek text from Herodotus: https://en.wikipedia.org/wiki/United_States_Postal_Service_creed.

No mail for me today, which suggests that the snow did stay the courier from their appointed rounds. Of course, that slogan is on the main post office in Manhattan, not here, so maybe it doesn't apply.

@agreeable_landfall I get those, too, but at least they don't ask me to pay…

@blotosmetek @20002ist In one course I took from Brooks (I took four from him, two lecture courses and two seminars, and he was the department chair!), he distributed a dataset for a fake electric company showing many of the bad input data fields the billing system might receive. The variety was staggering…

@blotosmetek @20002ist Not Mythical Man-Month. (The manuscript for it was my text when I took Software Engineering from Brooks as a grad student…)

I just received a reminder from building management about an overdue maintenance bill. We need to pay it at once, or—if we've already paid it—tell them the check number. Fair enough—but the attached invoice was for $0… Yup—it's 2026 and that sort of thing still happens. (Do I need to dust off my very rusty COBOL skills and offer my services?)

Remember those late 1950s/early 1960s cars with tailfins? Well, seeing a cyberdumpster on the highway today I thought of a way to make it look even dorkier. Hear me out; grid fins.
Elon: send my check to Antifa.

@mattblaze @carlmalamud Have you ever been to the AD White Library at Cornell?

Mumble. LaTeX, \pageref, and \phantomsection… Mumble.

@mattblaze @boiledpotato I wonder what they'd say if I showed up with my VHF scanner and a frequency counter.

@mattblaze @adafruit I bet you could write a Raspberry Pi emulator for an Android phone. Is that legal?

@mattblaze What does John Mastodon say?

Security experts: what are your favorite myths about security? Don't bother with anything in https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf — I've already got those… Reply here or by email to me.

@mattblaze What's really funny to me is this 1853 book that Ches and I quoted in the first edition of "Firewalls", about whether it's proper to discuss vulnerabilities in locks.