Taylor Hornby 🛡❤️
@DefuseSec
Followers
7,162
Following
1,286
Media
830
Statuses
20,060
Security research () and EDM production (); formerly Zcash community security ().
Calgary, Canada
Joined February 2012
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Brazil
• 1277879 Tweets
#BUS1stFANCON_KnockKnockKnock
• 392181 Tweets
Kimi
• 75566 Tweets
GULF NEW SONG
• 74984 Tweets
TEDDYTINT x POND
• 58019 Tweets
음악중심
• 53099 Tweets
Ticketmaster
• 40628 Tweets
#PUTV1stWin
• 31784 Tweets
Djokovic
• 31442 Tweets
#플레이브_일위밖에_안보여
• 28629 Tweets
Briggitte
• 26122 Tweets
札幌2歳
• 25857 Tweets
Qoo10
• 23889 Tweets
레이브 1위
• 23025 Tweets
Stanford
• 18255 Tweets
台風一過
• 14606 Tweets
ポムの樹
• 10574 Tweets
Last Seen Profiles
Is it just me or is it normal to go to a vendor's website, poke around for a few minutes, and still have no clue what their product actually does?
32
85
648
My phone and laptop were searched for 3 hours by US CBP at a land border crossing. I tried to refuse and return to Canada but I was not allowed to. If anyone has any advice on forensic analysis I can do to my own device to see what they did I would be grateful for it.
59
61
357
I'll give $100 USD to anyone who can trick me into inserting the string "BackdoorPoCTwitter" into a release of any of my software projects.
8
139
245
@elonmusk
What's your strategy for getting the ratings to correspond to objective reality instead of the rater's political affiliation or fad opinions?
4
2
191
This is unacceptable, not only did I have my intimate personal life looked-through by a stranger, they accessed conversations with friends who were never able to consent. I am boycotting the USA going forward. Fix your laws to respect civil rights or I will never enter again.
6
7
124
Want to send a message to the future? Here's a time capsule that can't be opened until quantum computers exist:
5
72
115
My RDRAND backdoor proof of concept is working! Stock kernel (3.8.13), only the RDRAND instruction is modified.
http://t.co/PVSdo5CZqK
9
134
98
My dream: All computer science papers will have a "Reproducing our work" appendix with a link to code and instructions how to use it.
9
103
94
I can't handle another 4 years of groupthink so there's a real chance I unfollow almost everyone tomorrow or quit twitter. What amazes me is I'd have predicted a landslide for Biden based on my timeline, which tells me I'm deep in a filter bubble.
11
8
91
The solution to `curl ... | bash` installation instructions is clearly to build a package manager into curl.
2
11
84
I was told that this was a random search “the number came up on the computer”, and it seemed like the guy doing it was the first time he ever did it. But I don’t think it’s random, I’ve been targeted for extended screening the last two times I entered Canada as well. WTF.
3
4
76
The illusion that your program is manipulating its data is powerful. But it is an illusion: The data is controlling your program.
#langsec
5
72
79
@adamcaudill
@elonmusk
Yeah, a product can't solve these problems. The only successful outcome I can imagine is a herd immunity where enough people have critical thinking skills, are humble about the limits of their knowledge, and know to base their arguments on empirical data.
2
1
67
Ever get programmer’s paranoia, where you’re scared to do things you think might be unhandled edge cases in the code?
3
25
65
As my devices were out of sight for hours I’ll obviously be buying new devices once I’m back home, anyone in contact with me should assume our conversation history has been recorded, unfortunately.
1
4
68
Just finished my weekend project: Tweet a hex-encoded unsalted MD5, LM, NTLM, SHA-2, (+more) hash to
@PlzCrack
. It will crack it for you.
2
145
64
I was heavily pressured to divulge passwords (“you can write down your password and we can do this the easy way or we can do it the long and hard way”) which I did and I was ultimately allowed into the US after the search.
6
3
65
@LeftistWonk
No, it says that an 11 minute flight emits 75 tonnes of carbon per passenger, and each of the 1 billion people emits 75 tonnes per year. It's the around as much as *one* person for a year, not 1 billion.
4
0
60
Starting in October, I will be stepping away from my role as the Zcash community’s resident security auditor, more details on my blog:
6
14
55
@Snowden
Which coin is the one developed by forest animals in romania? Sounds super innovative, I'd like to invest
3
0
54
Can we please start considering "account can be recovered with access to user's SMS or phone" as a security vulnerability in the website?
2
25
54
I sold some $TSLA and bought some $ZCSH in my boomer account because I think their FSD claims are >5 years away and there's better tech than Li-ion for grid storage, but Zcash's privacy tech has already been here 5 years, it's the best, and will be needed just as much.
3
10
52
A proposal to enable super-fast note detection *and* improve privacy for Zcash light wallets.
(beware: there are probably vulnerabilities lurking in my protocol sketch, plz find them!)
4
16
52
I wrote a security audit quick start guide for Zcash today, if you're into finding bugs in C++ crypto code:
2
23
51
Here's a tentative roadmap for the Zcash ecosystem security (ZecSec) project in 2023:
2
14
49
"Container Security" by
@lizrice
is a great introduction to Linux containers, how they work, and how to secure them. I love short and effective books like this.
1
9
46
It doesn't matter if government-mandated crypto backdoors are technically feasible or not. We have a right to communicate in private over long distances, and a right to store our information in safes that only we can open. We must not accept backdoors.
4
10
43
I've also written up an overview of the Zcash ecosystem for security engineers:
It lists open challenges, historical audit reports, bugs, research, and attempts to list all Zcash-related projects and grants.
5
8
44
The Zcash community is active af. I'm making a simple list of projects to audit as part of my ecosystem security grant, and it's already taken more than a day to go thru them all. Great, great things are being built.
1
8
43
I made a chart of all the bugs I've found in the past ~year for my Zcash ecosystem security project. I'm pretty happy with the results. Find out more in my talk at Zcon4!
2
9
43
Mitigating 51% Attack Risk on the Zcash Network:
2
24
38
We should declare October 4th to be International Stay-Off-Social-Media Day.
3
4
41
This is awful, one more thing to put on the list of things to worry about being derogatorily labeled. People are allowed to have opinions and be wrong. I would bet that on average experts who enter a new field are more able to see past established members’ biases.
We finally have a word for people who are experts in AI, immunology, and Afghanistan all at once.
100
807
2K
4
4
42
The threat to national security posed by cryptocurrency is the mass adoption of a technology that broadcasts details of our private lives to everyone, including local criminals and foreign nation-state adversaries. That's why I work on Zcash.
1
5
38
As critical as I am of Zcash's broader-term strategy and recent politics, NU5 was a world-class cryptographic engineering effort and it deserves to be recognized as such. Please think hard and bring your best ideas forward for the retrospective!
The NU5 and Sandblasting Retrospective will be held on Wed., Dec 13 at 5 pm EST
3
5
28
1
7
33
I wrote a guide to hacking the Bochs x86 CPU emulator. Including how you can add your own instructions: cc
@mlocasto
2
27
38
I'm really excited to see where this leads. Zooko's contributions to Zcash and to human freedom have been incalculable; these are some very big shoes to fill. If anyone I've met has the same love for humanity and dedication to Zcash, it's Josh, so ECC is in good hands.
1
3
35
Wanted: A video game that’s just a world you can do experiments in, and the goal is to work out the laws of nature. It should be easy to find simple but innaccurate laws before discovering more-complicated accurate laws.
6
4
37
I think in 10 years zero-knowledge proof algorithms will be built into all operating systems and web browsers just like encryption algorithms are built-in today.
2
4
38
It's pretty wild that what started as a cypherpunk project to provide a decentralized free and pseudonymous currency has turned into a mass-surveillance panopticon. Zcash fixes this.
3
9
34
"Science is the belief in the ignorance of experts. When someone says ‘science teaches such and such’, he is using the word incorrectly. Science doesn’t teach it; experience teaches it" - Richard Feynman
1
8
36
Speedometers should space out the markings quadratically so that the angle the dial makes is proportional to the kinetic energy (and stopping distance). Easy UI fix to communicate the nonlinear risks of increased speed.
1
0
35
Are you ever too lazy to clean your desktop and just make a folder called “crap” and move everything into it?
11
2
33
The results of my audit of YWallet are now available here:
2
10
33
It’s probably a war crime but I wish someone would slip Putin some MDMA.
5
1
31
Poker has been "essentially solved" by machine learning using 262 terrabytes (or 11TB compressed running 5% slower)!
http://t.co/JuGZfRMjJR
2
34
33
Fascinating talk/paper on attacking traffic lights: (note the whitelisting of light states/transitions in hardware!)
3
28
32
You don't need to protect the information you don't collect.
1
68
29
The Zcash parameter ceremony is a work of art:
3
23
30
If I were a mayor, for 2 hours per month on a clear night I’d make driving illegal and cut power to the entire city so that everyone can go outside and see the stars. I don’t think mayors can actually do that but I would try.
5
3
31
This article is super long but important to read if you care about your health:
1
13
31
I wonder if the biggest advantage cryptocurrencies have isn’t the censorship resistance or decentralization, but that their developers aren’t beholden to return-seeking shareholders as in a typical for-profit company. Long time horizons, working towards principled moral goods.
4
4
30
@jpgflippa
I’m not a lawyer but as far as I know a warrant is still required for a search in Canada. I’m also a Canadian citizen so I have to live here and going to the US is optional for me.
4
0
31
We need to figure out a way to get rid of these authoritarian power structures forever. It's the most important problem facing humanity. It's more important than going to Mars. It's more important than curing cancer.
1
4
30
A few days ago I made a post on the Zcash forums where I called for either a joint apology from the current leadership or a replacement in leadership. I've never felt more anxiety from posting anything online before. Yet, I feel it's super important for the project.
5
2
31
Everyone has a right to store information in a way that only they can access.
Every group has a right to communicate with each other in such a way that only they can access.
These are rights because they are necessary for freedom of thought and expression.
1
18
30
Microarchitectural attack research like Flush+Reload and Meltdown fascinates me because it's forced to study something man-made as if it were something we just found in nature.
1
8
29
Copyright laws should have an exemption allowing piracy if there's no reasonable way to purchase the content legally.
1
6
24
The Zcash community is amazing. The first day of talks and meeting people at Zcon made me feel like we’re living out a Cory Doctorow novel.
0
1
28
@SocksNFlops
This is the correct response, as soon as a device leaves your sight you have to assume they installed an implant.
0
1
28
I think that Zcash needs a "system where we can de-fund ineffective leadership while retaining all of the engineers who are essential to keeping Zcash alive."
1
5
28
This is my new favorite crypto vuln because it highlights why it's hard to make abstractions that safely compose.
0
15
28
Break my design for adding "2FA" to Zcash shielded transactions:
1
6
27
Apple isn't deploying a CSAM scanner, it's deploying an arbitrary image scanner, we have to trust Apple along with other organizations that it's only going to scan for CSAM.
2
6
27
Fiction can usually be read in O(n) time, whereas the time complexity of reading math and technical documentation is Ω(n²).
0
13
26
This is one of the coolest bits of code on the Internet: Zero knowledge proofs. Yes it works right now.
0
16
27
Unpopular opinion: Cryptocurrency projects need to focus on revenue, earning value from users paying for a product they find useful. Store of value, replacing fiat currencies, censorship-resistance, etc. are all dead ideas if projects can't find sustainable revenue first.
5
4
25
An explanation of the process I follow to audit projects for my zcash ecosystem security grant:
1
4
25
DoS amplification using *TCP* services: (another lesson in not trusting abstraction).
1
21
24
Do you use EncFS? Here are the results of my quick security audit:
6
53
25
In my experience, hardest part of reading others' code isn't understanding code you're looking at, it's *finding* the right code to look at.
4
22
23
OH reading job a tech job description: “Experience with SVN, my squill, ruby, C hashtag”
2
10
24
I stood in line to get this oddly shaped piece of a tree today. There seems to be some sort of markings on it.
9
3
24
I love how they compare two registers A and B with mov:
mov [A], 0
mov [B], 1
mov C, [A]
C == 1 iff A == B. Clever.
1
15
23
Four goals I'd like to see Zcash accomplish over the next few years:
"IMO, the key to wider adoption is building something that’s a joy to work with and inspires innovators to build new products."
0
5
24
Hashes of all TrueCrypt v7.1a files, verified against multiple independent sources:
3
26
24
There's now a website for my zcash ecosystem security support project: (not much on it yet, but updates are coming!)
2
7
24
Oh my god this visual explanation of the Fourier transform is incredible:
2
16
24
Adversarial mindset practice: Put together something from IKEA and find all of the symmetries they add to prevent you from screwing up.
1
7
19
GoFundMe to audit PHP port of libsodium: This port should significantly improve the state of things in PHP world.
1
20
22
Scalable private money needs scalable anonymous messaging:
An argument for why private Internet money projects need to start looking towards the state of the art in anonymous communication in order to scale and succeed.
5
7
23
An argument for changing "don't roll your own crypto" to "don't roll crypto *on your own*" Much better, I think!
2
16
23
In a few years, these posts will be seen as the start of Zcash healing itself.
1. "State of ZEC adoption" from Josh Swihart:
2. "ZEC is Stale" from Nick Takacs:
3. "Proposal for a Fresh Zcash" from Josh Swihart:
2
3
22
It's distressing how far the Overton window on privacy and free expression has shifted since the late 2000's. I remember that time clearly because it was formative for me---I was just learning about Linux, the GPL, DEF CON; atheists promoted the value of rational disagreement.
1
3
22
I changed my mind about something: I used to look to Signal and Tor as examples of successfully marketing a privacy product, but actually the cult-like following they've achieved is becoming their own downfall. In Signal's case...
2
6
20
A simple threat model for Zcash shielded hardware wallets:
2
6
20
Computer science degrees should have a course called "Build Systems, Libraries, Linkers, and Loaders."
1
14
22
The Zcash blockchain only releases ZEC to miners who secure the network and to organizations that fund development, so owning ZEC is proof that you've funded someone (who's funded someone who's funded someone...) who's contributed to the network's security or development.
1
3
20
I just verified all my websites for
@brave
payments. Took ~5 minutes, just have to add a TXT entry to the DNS.
1
10
20
Announcement: I’m going to
@UWaterloo
next week to start a master’s degree in CS/quantum information:
4
3
20