Security

The internet is broken. Not the “buffering on YouTube” kind of broken, but fundamentally, architecturally, absurdly broken. We know why: history, culture, economics, politics, and human laziness have all conspired to turn it into a precarious tower of routers teetering on a cliff. The question now is: what can we actually do about it? The answer is messy, expensive, and occasionally involves telling very powerful people that their business model is morally questionable. ...

Once upon a time, the internet was described as an “information superhighway”. In truth, it more closely resembles the back alley behind a funfair: noisy, sticky underfoot, and populated by people selling things you probably do not want but will end up buying anyway. It is not defendable in any serious sense, and the extraordinary thing is that everyone knows this but insists on behaving as if surprise breaches and collapses are acts of God rather than consequences of design. ...

Programming can be serious business — buffer overflows, privilege escalations, and command injections can ruin your day (or your server). But what if we let the code speak for itself? Imagine strcpy whispering, “I will politely overflow your stack”, or a rogue Python pickle.loads grinning, “I will happily instantiate whatever you smuggled in.” These literal translations are not only a chuckle for the seasoned security geek but also a cheeky reminder of why we need careful coding. They turn intimidating vulnerabilities into short, witty sentences that make you laugh — and maybe shiver a little. Dive in, enjoy the humour, and see old nemeses in a whole new light. ...

Europe likes to think it is safe and secure. In reality, much of its critical infrastructure is running on borrowed time. Old systems, fragmented responsibility, and perverse incentives have left a security debt that, if left unpaid, could affect millions of lives. Some sectors carry heavier debt than others, and the consequences of ignoring it grow by the day. Healthcare, energy, and transport carry the heaviest burdens. The patient-facing nightmare Hospitals and clinics are the most visible examples of this precarious state. Every day, lives depend on machines and systems conceived in a different era, when floppy disks were a mark of sophistication. Electronic health records, imaging machines, and ICU monitors often run on unsupported operating systems, and many hospitals are uncertain which devices are even connected to their networks. Vendors supplying medical technology have rarely been held accountable for security, and procurement contracts tend to value cost or certification above protection against cyberattacks. ...

The trouble with governments and cryptography is that they keep mistaking mathematics for magic. In Ankh-Morpork, this was the sort of thinking that once led the Wizards of Unseen University to try and regulate gravity, on the grounds that it was “inconvenient.” It ended, inevitably, in bruises. In our world, the same logic has produced the noble invention of the “government backdoor.” A handy hole in the wall of your digital house, through which the Watch can come and go as it pleases. The Watch insists it will only use this hole to catch thieves and murderers. Unfortunately, thieves and murderers are rather good at using holes too. ...

The US National Vulnerability Database has slipped from a dull but dependable piece of security plumbing into a sputtering liability. Enrichment of CVEs has stalled, backlogs have exploded, and defenders are left with raw identifiers instead of actionable intelligence. This collapse is not accidental—it is the predictable result of political austerity, funding cuts, and a fixation on flashy science over unglamorous infrastructure. In other words, the pipes have burst while Washington debates whether water is really a priority. For security teams all over the world, the message is blunt: stop waiting for rescue. Diversify your sources, automate your own triage, build peer networks, and treat metadata as survival gear, not a luxury. ...

You’ve spotted a cheap Android tablet or TV box online, taken by how cheap it looks—until you plug it in. Now, interred in its firmware, there’s malware. Not something you can remove, because it’s buried beneath the operating system. This is BadBox: a class of threats embedded in devices at the factory or during shipping. It isn’t just an app you can delete; it’s pre-installed, hidden in the firmware, and ready to phone home as soon as the device connects to the internet. ...

David Clark remembers the moment the Internet’s Pandora’s box creaked open and said, “Hello, world.” It was 2 November 1988, and the Morris Worm was slithering its way through cyberspace like a python on speed. Designed with the innocence of a curious grad student and the destruction of a cyber sledgehammer, it crashed some 6,000 machines—roughly one-tenth of the Internet at the time. Not bad for an opening act. Back then, the network engineers in the room weren’t pondering threats to democracy or ransomware gangs knocking on NHS servers. No, they were earnestly wrestling with TCP packet loss and the excitement of latency reduction. Making things go faster, scale bigger, and connect better. The digital equivalent of building a racetrack and forgetting brakes might be useful. ...

I created accounts on GitHub, Gitlab and Bitbucket. In Github and GitLab we set our email addresses to private to have the warehouses generate a commit email address. Gitconfig We cannot configure git globally with two different email addresses at the same time (mutually exclusive). We can either configure each github or gitlab repository locally with whichever commit email address applies OR we can create, github, gitlab and bitbucket folders in a Development folder for the respective repositories and put in the user’s root folder a .gitconfig: ...