Truncated HMAC Security and Performance Trade-offs
RFC 2104 says you need at least 80 bits, but NIST's new SP 800-224 dropped the floor to 32 bits with a risk analysis requirement that nobody wants to explain.
Read more
Haveno Brought Back the Arbitrator Multisig and Attackers Just Hijacked It
At 03:43 UTC on May 20, woodser opened an eight-line patch in TradeProtocol.java, and by the time it went up the exploit was already running against live RetoSwap trades.
Ageless Linux: Civil Disobedience Through Operating System
Ageless Linux is a Debian-based operating system project that has declared "full, knowing, and intentional noncompliance" with California's Digital Age Assurance Act, Cal. Civ. Code § 1798.501(a). Where most Linux distributions are quietly building age verification into their installers ahead of the January 2027 enforcement
Perplexity's Incognito Mode Is a Lie
A class action complaint alleges Perplexity shipped complete conversation transcripts to Meta and Google, even when Incognito Mode was switched on.
Proton Meet Isn't What They Told You It Was
Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.