RC RANDOM CHAOS
RC RANDOM CHAOS

Tech · Culture · Fiction

Possession is the credential Article

Possession is the credential

Verified badges, JWTs and X.509 certificates resolve trust once and keep honoring the reference long after the reality behind it has moved.

Open source is not decentralized
Article supply chain security

Open source is not decentralized

Damn Interesting going paid is an indicator, not a failure: deep technical analysis concentrates value, and concentrated value gets targeted.

The browser runs whatever the host returns
Article systems failure analysis

The browser runs whatever the host returns

A browser tab holding 2 GB is not a malfunction; it is a trust model that resolves references and never revalidates the referent behind the name.

The copy runs past the allocation, again
Article vulnerability-management

The copy runs past the allocation, again

Recurring dystopian tech vulnerabilities persist because defenders patch the CVE instance and never hunt the underlying mechanism. The inaction is the vuln.

The kernel is still C
Article use-after-free

The kernel is still C

An OpenBSD kernel use-after-free (CWE-416, CVSS 7.8) escalates a local user to root via pool reclaim and cr_uid overwrite. Mechanism, exploit path, and the BSD telemetry gap.

The rubric graded an empty chair
Article systems failure analysis

The rubric graded an empty chair

Brown's AI cheating scandal is not a student failure. It is an assessment system that resolves trust by reference and never revalidates the reality behind it.

The string you validated no longer exists
Article unicode-security

The string you validated no longer exists

Unicode transliteration is a Turing-complete rewrite engine at every trust boundary. CVE-2024-4577, Django CVE-2019-19844, and Trojan Source show why.

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.