Sign in with Twitter


Matthew Garrett @mjg59 Oakland, CA

Former biologist. Actual PhD in genetics. Blog: . One tiny part of security @google, but opinions not those of my employer. He/him.

317 Following   18,512 Followers   43,488 Tweets

Joined Twitter 12/22/10

Platform Certificates make it possible to verify the identity of a system before it's even left the factory. A whol… an hour until I'm on stage here to talk about how Google is making use of Intel's Transparent Supply Chain tec… my god
@tveastman @jeamland But I have no numbers whatsoever to back anything up hereeeee @tveastman @jeamland My expertise is that if I start using swap heavily then it's going to be faster to reboot than recover
Just came home to find my vacuum had knocked its charging station over and it was just sitting in front of it bleep… @hypatiadotca It's true that adding a desk plant is a big dealHey there! We're hiring for Google Cloud product security in Zurich and Seattle. We do vuln research on all levels…
Retweeted by Matthew GarrettDear Twitter what does "Business casual" mean for SF tech events
@__vlqc That seems to work, thanks! @saleemrash1d Takes longer, still no change @saleemrash1d Nope, still not rebuilding the dependencies @saleemrash1d Oh wait because *my* code didn't change it's not even attempting the test ok give me a moment @saleemrash1d It doesn't appear to be being rebuilt @saleemrash1d (Despite there being a C file that now contains a line reading "asdfasdf") @saleemrash1d Test still passesThe naive approach of "Just hack the copy that's under pkg" doesn't seem to result in it being rebuiltHey people who speak Go if I have a bug in a dependency that's only exposed through a specific path in my code, wha… @tef How many places have longer articles about their station than the place itselfHey I'm going to need you to choose between two leopards who will definitely eat your face, but only one of them wi… number of amazing people leaving the company as an explicit response to management behaviour has now reached th… no I saw this and recognised it @smurfix Like I said, I don't think these are good licenses. The goal is to see whether there's an avenue to explor…
Retweeted by Matthew Garrett
@Jer_Diamond He steals people's friesThe worst thing about Roger Stone going to prison is that nobody's going to be able to drunk message Roger Stone and post his replies nowDade already hates the idea of college and has nothing to live for so isn't really risking much. Kate is risking MI… and Blade are the underrated heroes who pass up a lucrative TV opportunity to coordinate a righteous hack spanning the entire planetIncreasingly thinking that Hack the Planet was a distraction and we should have paid more attention to Hackers of the world, uniteYou need an army.
Retweeted by Matthew Garrett @toojoe The freedoms granted to you by any given free software license @mhall119 I don't think ICE would have any concerns about providing source code to detainees @mattl @richardfontana 2.0 is a *much* better license @richardfontana Lack of clarity didn't prevent Artistic License 1.0 from being OSI approved (although FSF don't aff… wrote a slightly more detailed discussion of where the extremes might be on usage restrictions while still (argua…
@dinda I'm 30 miles away from the device, so adding explosives to it doesn't really change my personal risk calcula… It's perfectly reasonable for me to play with updating my workstation's TPM remotely Also me: (is surprised whe… @vmlemon 4 clause requires you to advertise, 3 clause prevents you using the author's name. @vmlemon How does 3-Clause BSD's restriction on using the author's name to endorse the code not fall under this?Angry that someone who has hurt a bunch of my friends is, once again, refusing to take any responsibility for any of their actions @zer0tonine Somewhat? Providing an explicitly enumerated set of freedoms that are outside the scope of software lic… @sorsoup Does it comply with the goals of the four freedoms described in @seanodiggity @Natanael_L How is this different in enforceability to something like "You may not use this to operat… @sorsoup The freedoms that the license grants you @Natanael_L That would be one interpretation, yes @seanodiggity Freedom 0 is clearly already a grey space - even 3-clause BSD places restrictions on you that could a… @seanodiggity It doesn't grant freedoms to others, it's a condition on your use that you don't prevent them from having those freedoms. @richardfontana That argument makes AGPL sound non-free… @vmlemon By that argument, GPL is a restriction on fields of endeavour (if my endeavour is dependent on not giving… is obviously a bad license, but is it a non-free one?)Thought experiment: is "You may not use this software in any way that would inhibit others from exercising the same… about we focus on ensuring that free software isn't used to remove people's ability to use free software instea… I agree with the solutions that have so far been proposed by the ethical licensing people? No. Do I think that f… imagine spending more time complaining that open source is under attack by people who are attempting to make th… a guy who was harassing a trans woman on the street and then he apologised to me? Which really doesn't feel like the point.
@gdamjan What?"I didn't think the eugenicists would come for me" says man above the optimal breeding age who voted for the "Using… Dawkins is a shitty scientist and a shitty human the endLike, yes, we *know* that a diverse gene pool is actually good and that selecting for individual traits doesn't gen… his claim is accurate or not doesn't matter. He's supporting the argument that nationalists can make things… a well-known scientist says that eugenics works, what people hear is that if they murder the LGBTQ population… @mjg59 bloomburg's only actual problem with trump is that he's not behaving in line with the country club's rules and giving the game away
Retweeted by Matthew GarrettMeanwhile Democrats supporting Bloomberg because despite his history of using the police to attack minorities he'll… problem isn't going to be solved by pointing out that the racists are racist the people who agree with them are already aware of thatTweets that are all like "Britain, do you want ethnic cleansing because this is how you get ethnic cleansing" with… @dsilverstone esp8266 doesn't have a 5V - is there a 3.3V equivalent?What's the simplest way to bridge a device with RS232 (with actual RS232 voltages, not TTL) to wifi?Staring at some code that round trips a float by casting it to an int16 and backWow that worked better than I expected
@alicegoldfuss @ashleylynch Also: conferences who put hot water in urns that previously contained coffee @ashleylynch @alicegoldfuss Related: hotels that give you tea bags but expect you to heat water in the coffee maker @peturdainn Thick waterproofing layer @yanaimoyal @GabrielaLimonta @hasarfaty And you'd need it to be implemented without any side channel extraction weaknesses @yanaimoyal @GabrielaLimonta @hasarfaty How do you do that if all the keys have leaked? @yanaimoyal @GabrielaLimonta @hasarfaty Right, but in that scenario what stops them extracting any other underlying… @yanaimoyal @GabrielaLimonta @hasarfaty I'm having a *really* tough time figuring out how you'd end up leaking the… @yanaimoyal @GabrielaLimonta @hasarfaty For a hardware TPM I don't think you have any lower level of identity than… @yanaimoyal @GabrielaLimonta @hasarfaty This presumably still relies on the CSME having some form of uncompromised identity?At the part of the electronics reverse engineering project where I need to buy paint stripper
its the weekend baby. youknow what that means. its time to drink precisely one beer and figure out why this intern… does the "marketplace of ideas" consist solely of hundreds of variations on "but what if racism is good?" and n…
Retweeted by Matthew Garrett"Bootloader loader" oh god no kill me now @luis_in_brief Details forthcoming
In awe of this app that puts basically all its logic in a database @HiJinxBattleBot Team captain is the amazing @Herchenroeder who builds an assortment of impressive machines so a go… out there want to pay some money to have their name appear on @HiJinxBattleBot which is a thing that with lu… @beajammingh You should also watch Turbo Killer @beajammingh It was at the Roxie for one night on Thursday :((Sorry, database rights as a distinct thing from copyright) @sarahjeong this feels extremely youCan we talk about how the new Craig Wright thing involves him claiming database copyright over the Bitcoin blockcha… @theblazehen Encrypted email is basically *always* a bad idea. There's a huge quantity of unencrypted metadata. Eve…
Roses are red, certificates DER ASN1 parsing is as distasteful as fur(this is overly harsh and there are many excellent people working there but publicly defending GPG in this day and… that the publication that managed to accidentally out a whistleblower would think that GPG was fit for purposeGlad to see that your boy at The Intercept whose bio says he makes bad tweets is, in fact, making bad tweets @TheMartianLife is earlier related workJust watched and please inject more of this directly into my veins @Jon_A_Haas @Greenhouse Mail was from Greenhouse, but was in reference to Reddit
Do I know anyone at @Greenhouse ? I just got a rejection notice for a job I didn't apply for and would be extremely…