Andrew Whalley
LightNews LightNews
banner
arw.me
Andrew Whalley
@arw.me
430 followers 380 following 120 posts
An Englishman in San Francisco. Director of Security for Google Chrome.
Posts Media Videos Starter Packs
arw.me
Andrew Whalley @arw.me · 2d
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
3 25 84
arw.me
Andrew Whalley @arw.me · Aug 8
I do! Two actually. It's utterly silly and utterly delightful. This review sums it up well: youtu.be/8pPCMjqI_uw?...
arw.me
Andrew Whalley @arw.me · Jul 31
BECOME UNOVENABLE 🪿
mbrowley.bsky.social Matthew Rowley @mbrowley.bsky.social · Oct 17
Ovenable. This container is not ovenable.
1 2 22
arw.me
Andrew Whalley @arw.me · Jul 29
Somewhat ironic that this is the week I start VPNing /in/ to the UK so I can listen to BBC Sounds again.
6
arw.me
Andrew Whalley @arw.me · Jul 27
I’d love to get the web platform primitives in place so they could have a web app. Maybe one day.
4
arw.me
Andrew Whalley @arw.me · Jul 15
Congratulations!?
1 3
arw.me
Andrew Whalley @arw.me · Jul 14
Do you recommend reading them in order?
arw.me
Andrew Whalley @arw.me · Jul 12
bsky.app/profile/jenn...
secretaboutbox.bsky.social chelsea bridge 🏳️‍⚧️🩸 @secretaboutbox.bsky.social · Jul 11
*alex horne voice* quote this with the best post. you have three hours and one attempt. your time starts now
1
Reposted by Andrew Whalley
dadrian.io
David Adrian @dadrian.io · Jul 8
Just posted a deep dive on how Chrome integrates with Advanced Protection Mode on Android. security.googleblog.com/2025/07/adva...
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection , which extend...
security.googleblog.com
1 1
arw.me
Andrew Whalley @arw.me · Jun 22
/sub :-)
1
arw.me
Andrew Whalley @arw.me · Jun 21
Another great ancillary benefit of memory safe languages: Cool infrastructure projects remain cooler for longer 😎

Library authors can provide great functionality without implicitly signing up for the slew of security bugs that are sadly the consequence of a large c/c++ project.
vcsjones.dev Kevin Bones @vcsjones.dev · Jun 21
Everyone wants to maintain a cool infrastructure library until maintaining a cool infrastructure library is no longer convenient.
1 4
Reposted by Andrew Whalley
filippo.abyssdomain.expert
Filippo Valsorda @filippo.abyssdomain.expert · Jun 20
Here's something I am very excited about: Photosynthesis! 🌱☀️

A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.

This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.
[TLS] Photosynthesis, an update to Merkle Tree Certificates
Photosynthesis combines the Static CT API with the ideas in Merkle Tree Certificates.
mailarchive.ietf.org
1 12 40
arw.me
Andrew Whalley @arw.me · Jun 20
Happy solstice! 🌞🌝
1 1 5
arw.me
Andrew Whalley @arw.me · Jun 17
Oh no! *hug* !
2
arw.me
Andrew Whalley @arw.me · Jun 17
True, and I have an embarrassment of passports
1 2
arw.me
Andrew Whalley @arw.me · Jun 17
British Airways, to give a taste of how long a transatlantic flight feels, created BA.com
2 2
arw.me
Andrew Whalley @arw.me · Jun 14
I once managed to get a lovely rack of xserves and xserve raids for running malware analysis infra, with the justification that windows malware didn’t run well on PowerPC :-)
5
arw.me
Andrew Whalley @arw.me · Jun 5
Congratulations!
2
arw.me
Andrew Whalley @arw.me · Jun 1
i pretend to be a music geek by listening to strongsongspodcast.com, and enjoyed learning about each of the final 13 minutes of the first moon landing www.bbc.co.uk/programmes/p...
Episodes
Music: It's good. On each episode of Strong Songs, host Kirk Hamilton takes listeners inside a piece of music, breaking it down and figuring out what makes it work.
strongsongspodcast.com
Reposted by Andrew Whalley
elizabethjacobs.bsky.social
Elizabeth Jacobs, PhD @elizabethjacobs.bsky.social · May 31
Screenshot of scene from the old game Oregon Trail. There is a green graphic on a black background. The graphic is of an ox pulling a wagon and below it is says YOU HAVE LISTENED TO RFK Jr.
140 3.8K 16K
arw.me
Andrew Whalley @arw.me · May 29
Really excellent deck! cc @rusi.bsky.social - might be of interest to your members.
2
arw.me
Andrew Whalley @arw.me · May 20
Whoever it was should be in a pennitentiary
1
Reposted by Andrew Whalley
amyre.bsky.social
Amy @amyre.bsky.social · May 16
Behold my favorite weird Chrome security bug of 2025 so far!

A jaw-dropping URL / omnibox spoof via ligatures, specifically the googlelogo ligature.

issues.chromium.org/issues/39178...
Chromium
issues.chromium.org
1 9 16
arw.me
Andrew Whalley @arw.me · May 17
Though once you learn, you never forget. It's just like riding a cymbal.
3
arw.me
Andrew Whalley @arw.me · May 17
nooo!
1 1