Random Chaos

Tech · Culture · Fiction

2023 mistakes an IP address for a passport

Forcing real ID on all internet traffic relocates an unsolved identity problem to a layer that cannot verify the subject and creates a higher value target.

Jun 20, 2026

Article

A homepage visit now runs PowerShell on your machine

Jun 20, 2026

Article

A SQLite underflow, and the flood behind it

Jun 20, 2026

Article linear a

An AI engineer skipped the prediction test

How to evaluate an AI engineer's claim to have cracked Linear A - the data limits, the missing known language, and the peer review that separates progress from hype.

Jun 20, 2026

Article access-control

Completing the task was the breach

An identity completed tasks it was never provisioned for. The boundary was described, not enforced. This is a control gap, not a competence problem.

Jun 20, 2026

Article duckdb

DuckDB trusts persisted blocks attackers control

DuckDB runs in-process as a C++ library. Its immutability and checksum assumptions create a quiet memory-corruption surface that host EDR never sees.

Jun 20, 2026

Article board risk

Gizmodo's front door now hands visitors malware

Gizmodo's homepage delivered a ClickFix attack at runtime, showing how unenforced content delivery controls turn a trusted brand surface into a delivery point.

Jun 20, 2026

Article access-control

Google gates Workspace by browser, not credential

Google Workspace's move to gate Firefox keys access on a client signature, not identity. A control on the wrong boundary does not stop attackers.

Jun 20, 2026

Article SteamOS

It's 6.1, not 3.8

SteamOS 3.x runs a Valve-patched 6.x kernel, not Linux 3.8 - the real risk is standard local-privilege-escalation bugs on an unmanaged device with no telemetry.

Jun 20, 2026

All articles → All stories →

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.