Sign in with Twitter

Username:

Matthew Garrett @mjg59 Oakland, CA

Former biologist. Actual PhD in genetics. Blog: https://t.co/uwiSDXrayO . One tiny part of security @google, but opinions not those of my employer. He/him.

317 Following   18,512 Followers   43,488 Tweets

Joined Twitter 12/22/10


Platform Certificates make it possible to verify the identity of a system before it's even left the factory. A whol… https://t.co/MTuqUzkimyHalf an hour until I'm on stage here to talk about how Google is making use of Intel's Transparent Supply Chain tec… https://t.co/G43uYpBNeAOh my god https://t.co/VsglF6rjuE
2/24
2020
@tveastman @jeamland But I have no numbers whatsoever to back anything up hereeeee @tveastman @jeamland My expertise is that if I start using swap heavily then it's going to be faster to reboot than recover
2/23
2020
Just came home to find my vacuum had knocked its charging station over and it was just sitting in front of it bleep… https://t.co/mBMF3MBqKq @hypatiadotca It's true that adding a desk plant is a big dealHey there! We're hiring for Google Cloud product security in Zurich and Seattle. We do vuln research on all levels… https://t.co/El3dGxwyeX
Retweeted by Matthew GarrettDear Twitter what does "Business casual" mean for SF tech events
2/22
2020
@__vlqc That seems to work, thanks! @saleemrash1d Takes longer, still no change @saleemrash1d Nope, still not rebuilding the dependencies @saleemrash1d Oh wait because *my* code didn't change it's not even attempting the test ok give me a moment @saleemrash1d It doesn't appear to be being rebuilt @saleemrash1d (Despite there being a C file that now contains a line reading "asdfasdf") @saleemrash1d Test still passesThe naive approach of "Just hack the copy that's under pkg" doesn't seem to result in it being rebuiltHey people who speak Go if I have a bug in a dependency that's only exposed through a specific path in my code, wha… https://t.co/vvaXrPk8zq @tef How many places have longer articles about their station than the place itselfHey I'm going to need you to choose between two leopards who will definitely eat your face, but only one of them wi… https://t.co/dQBHV3AhCNThe number of amazing people leaving the company as an explicit response to management behaviour has now reached th… https://t.co/HL2IKonx4oOh no I saw this and recognised it https://t.co/MA40iA0M2G @smurfix Like I said, I don't think these are good licenses. The goal is to see whether there's an avenue to explor… https://t.co/jhGX2D9MCzPool? https://t.co/YVrg8MH515
Retweeted by Matthew Garrett
2/21
2020
@Jer_Diamond He steals people's friesThe worst thing about Roger Stone going to prison is that nobody's going to be able to drunk message Roger Stone and post his replies nowDade already hates the idea of college and has nothing to live for so isn't really risking much. Kate is risking MI… https://t.co/bGx9P8OlqnRazor and Blade are the underrated heroes who pass up a lucrative TV opportunity to coordinate a righteous hack spanning the entire planetIncreasingly thinking that Hack the Planet was a distraction and we should have paid more attention to Hackers of the world, uniteYou need an army. https://t.co/Edtwbor07W
Retweeted by Matthew Garrett @toojoe The freedoms granted to you by any given free software license @mhall119 I don't think ICE would have any concerns about providing source code to detainees @mattl @richardfontana 2.0 is a *much* better license @richardfontana Lack of clarity didn't prevent Artistic License 1.0 from being OSI approved (although FSF don't aff… https://t.co/oQnvNApiuxI wrote a slightly more detailed discussion of where the extremes might be on usage restrictions while still (argua… https://t.co/zl0F3IBRZJ
2/20
2020
@dinda I'm 30 miles away from the device, so adding explosives to it doesn't really change my personal risk calcula… https://t.co/giD2MQrTfcMe: It's perfectly reasonable for me to play with updating my workstation's TPM remotely Also me: (is surprised whe… https://t.co/jRgqia0dNS @vmlemon 4 clause requires you to advertise, 3 clause prevents you using the author's name. @vmlemon How does 3-Clause BSD's restriction on using the author's name to endorse the code not fall under this?Angry that someone who has hurt a bunch of my friends is, once again, refusing to take any responsibility for any of their actions @zer0tonine Somewhat? Providing an explicitly enumerated set of freedoms that are outside the scope of software lic… https://t.co/06gkrIbWjx @sorsoup Does it comply with the goals of the four freedoms described in https://t.co/Ypyh0fAOMi @seanodiggity @Natanael_L How is this different in enforceability to something like "You may not use this to operat… https://t.co/lqGf85mHNa @sorsoup The freedoms that the license grants you @Natanael_L That would be one interpretation, yes @seanodiggity Freedom 0 is clearly already a grey space - even 3-clause BSD places restrictions on you that could a… https://t.co/Ro0JX4recP @seanodiggity It doesn't grant freedoms to others, it's a condition on your use that you don't prevent them from having those freedoms. @richardfontana That argument makes AGPL sound non-free… @vmlemon By that argument, GPL is a restriction on fields of endeavour (if my endeavour is dependent on not giving… https://t.co/Y8VpuarS6a(This is obviously a bad license, but is it a non-free one?)Thought experiment: is "You may not use this software in any way that would inhibit others from exercising the same… https://t.co/18gXfYYiyZHow about we focus on ensuring that free software isn't used to remove people's ability to use free software instea… https://t.co/dMhr1dSYfFDo I agree with the solutions that have so far been proposed by the ethical licensing people? No. Do I think that f… https://t.co/UmiD18gwZOMan imagine spending more time complaining that open source is under attack by people who are attempting to make th… https://t.co/V4NP7utIeBChallenged a guy who was harassing a trans woman on the street and then he apologised to me? Which really doesn't feel like the point.
2/19
2020
@gdamjan What?"I didn't think the eugenicists would come for me" says man above the optimal breeding age who voted for the "Using… https://t.co/L45kqF2S4AAnyway Dawkins is a shitty scientist and a shitty human the endLike, yes, we *know* that a diverse gene pool is actually good and that selecting for individual traits doesn't gen… https://t.co/xWGoEm6ggGWhether his claim is accurate or not doesn't matter. He's supporting the argument that nationalists can make things… https://t.co/HuejhUZzm3When a well-known scientist says that eugenics works, what people hear is that if they murder the LGBTQ population… https://t.co/eDgRCJyi1Y @mjg59 bloomburg's only actual problem with trump is that he's not behaving in line with the country club's rules and giving the game away
Retweeted by Matthew GarrettMeanwhile Democrats supporting Bloomberg because despite his history of using the police to attack minorities he'll… https://t.co/bM64woiHpjThis problem isn't going to be solved by pointing out that the racists are racist the people who agree with them are already aware of thatTweets that are all like "Britain, do you want ethnic cleansing because this is how you get ethnic cleansing" with… https://t.co/m0fBS8sLbd @dsilverstone esp8266 doesn't have a 5V - is there a 3.3V equivalent?What's the simplest way to bridge a device with RS232 (with actual RS232 voltages, not TTL) to wifi?Staring at some code that round trips a float by casting it to an int16 and backWow that worked better than I expected
2/18
2020
@alicegoldfuss @ashleylynch Also: conferences who put hot water in urns that previously contained coffee @ashleylynch @alicegoldfuss Related: hotels that give you tea bags but expect you to heat water in the coffee maker @peturdainn Thick waterproofing layer @yanaimoyal @GabrielaLimonta @hasarfaty And you'd need it to be implemented without any side channel extraction weaknesses @yanaimoyal @GabrielaLimonta @hasarfaty How do you do that if all the keys have leaked? @yanaimoyal @GabrielaLimonta @hasarfaty Right, but in that scenario what stops them extracting any other underlying… https://t.co/f9SfwgndHF @yanaimoyal @GabrielaLimonta @hasarfaty I'm having a *really* tough time figuring out how you'd end up leaking the… https://t.co/P3e7hrU2ca @yanaimoyal @GabrielaLimonta @hasarfaty For a hardware TPM I don't think you have any lower level of identity than… https://t.co/ipsUP6RgDm @yanaimoyal @GabrielaLimonta @hasarfaty This presumably still relies on the CSME having some form of uncompromised identity?At the part of the electronics reverse engineering project where I need to buy paint stripper
2/17
2020
its the weekend baby. youknow what that means. its time to drink precisely one beer and figure out why this intern… https://t.co/8I911SYmp3why does the "marketplace of ideas" consist solely of hundreds of variations on "but what if racism is good?" and n… https://t.co/MC95Oo2wJa
Retweeted by Matthew Garrett"Bootloader loader" oh god no kill me now @luis_in_brief Details forthcoming
2/16
2020
In awe of this app that puts basically all its logic in a database @HiJinxBattleBot Team captain is the amazing @Herchenroeder who builds an assortment of impressive machines so a go… https://t.co/II1nqsntC6Anyone out there want to pay some money to have their name appear on @HiJinxBattleBot which is a thing that with lu… https://t.co/9CckHMbyxJ @beajammingh You should also watch Turbo Killer @beajammingh It was at the Roxie for one night on Thursday :((Sorry, database rights as a distinct thing from copyright) @sarahjeong this feels extremely youCan we talk about how the new Craig Wright thing involves him claiming database copyright over the Bitcoin blockcha… https://t.co/8f1SuGHj0b @theblazehen Encrypted email is basically *always* a bad idea. There's a huge quantity of unencrypted metadata. Eve… https://t.co/6w99LebKng
2/15
2020
Roses are red, certificates DER ASN1 parsing is as distasteful as fur(this is overly harsh and there are many excellent people working there but publicly defending GPG in this day and… https://t.co/0ixqA0LZdgShocked that the publication that managed to accidentally out a whistleblower would think that GPG was fit for purposeGlad to see that your boy at The Intercept whose bio says he makes bad tweets is, in fact, making bad tweets @TheMartianLife https://t.co/P9LUwDEwa5 is earlier related workJust watched https://t.co/9xaOxQvu4F and please inject more of this directly into my veins @Jon_A_Haas @Greenhouse Mail was from Greenhouse, but was in reference to Reddit
2/14
2020
Do I know anyone at @Greenhouse ? I just got a rejection notice for a job I didn't apply for and would be extremely… https://t.co/7S9BwcT0MW
2/13
2020

0