banner
LightNews
nora.bsky.social
nora
@nora.bsky.social
180 followers 62 following 53 posts
Engineer and Applied Cryptographer working in the ASML at Harvard’s BKC. Led cryptography R&D at Juicebox and privacy projects at Signal. Passionate about fostering inclusive communities, mentoring women in tech, and building third spaces for creatives.
Posts Media Videos Starter Packs
Reposted by nora
chanda.blacksky.app
Chanda Prescod-Weinstein 🌌 @chanda.blacksky.app · Sep 2
NASA scheduled a major workshop for early career researchers during the most important week of the Jewish calendar, during two of the most important days of that week and expects me to accept that this was “difficult scheduling conflicts”

That’s what casual antisemitism sounds like
77 360 1.8K
Reposted by nora
emily.space
Emily Hunt @emily.space · Aug 15
I really dislike how science has started calling almost any fancy computational technique AI. 🧪

The framing of this entire article makes it sound like a benevolent AI independently made these drugs.

That is *pure fantasy*.

Instead: a team of scientists made a machine learning model for a study.
Article on BBC news. Title: AI designs antibiotics for gonorrhoea and MRSA superbugs Description: Two new potential drugs have been designed by AI to kill drug-resistant bacteria, in a major Massachusetts Institute of Technology study.
58 710 2.3K
Reposted by nora
emilynussbaum.bsky.social
Gremliny Nussboo @emilynussbaum.bsky.social · Aug 5
When I die, please do not write an AI obituary of me *or* code an AI replica, however well-intentioned, but feel free to build a shockingly realistic rotini sculpture & then eat it at my shiva
17 99 950
Reposted by nora
thatrabbicohen.bsky.social
Rabbi Emily Cohen @thatrabbicohen.bsky.social · Aug 3
The fate of ordinary Gazans trapped by Israel in a war zone and ordinary Israelis held hostage by Hamas in a war zone will be one and the same.

They are starving.

They are buried beside one another.

They are cast aside by those with power to save them.

For this we weep.
1 8 25
Reposted by nora
abbystein.bsky.social
Abby Chava Stein @abbystein.bsky.social · Aug 3
Read this in full.

I'm short: The ADL has fully given up on its mission to fight real antisemitism.

Instead, they are focused on unconditional support towards Israel, including justification of antisemitism if it serves that goal. Plus, working with fascists & antisemitic groups and people.
noahshachtman.bsky.social
Noah Shachtman @noahshachtman.bsky.social · Aug 1
I spoke with 40+ sources for a look inside the Anti-Defamation League. Here’s some of what I found.

ADL’s gentle response to Elon Musk’s infamous salute was partially driven by his support of Israel. To ADL, that indicated he didn’t have “antisemitic tendencies.” (1/x)

nymag.com/intelligence...
ADL Musk
15 29
Reposted by nora
rude1.blacksky.team
Rudy wants revolution. @rude1.blacksky.team · Aug 2
Slowly rolling out the new suite of Blacksky tools... ⏳
- @blackskyweb.xyz People's Assembly: We'll use this tool to gather feedback and collectively govern Blacksky, democratically
- Login using your atproto account (bsky.social, blacksky.app, w.e.)
- Serves as both poll and forum for the community
5 65 180
Reposted by nora
mmitchell.bsky.social
Margaret Mitchell @mmitchell.bsky.social · Aug 1
🤖 Always on the lookout for potential net positive uses of “AI”, esp for elderly…but the claims here pissed me right off:
“There was no way that we could have found enough songwriters out there to be able to create those tracks in an authentic way”
🚫 No. MANY musicians [wc]ould do this. And, 🧵
npr.org
NPR @npr.org · Aug 1
For nearly 30 years, the nonprofit Songs of Love Foundation has created custom songs for kids with terminal illnesses. Now it has harnessed AI to expand its services to older adults with memory loss.
Songs of Love writes personalized music for kids — but can AI carry the tune?
For nearly 30 years, the nonprofit Songs of Love Foundation has created custom songs for kids with terminal illnesses. Now it has harnessed AI to expand its services to older adults with memory loss.
n.pr
5 17 46
Reposted by nora
kendraserra.bsky.social
Kendra Albert @kendraserra.bsky.social · Jun 30
As a Jewish person who worked at Harvard for 7 years, including much of the period covered by the Department of Ed. investigation, I object deeply to this retaliatory bullshit being laundered as on my behalf. www.ed.gov/about/news/p...
13 51
nora.bsky.social
nora @nora.bsky.social · Jun 24
I hope you’re preserving scraps of wallpaper for a gallery wall some day when this is all finished!
1
nora.bsky.social
nora @nora.bsky.social · Jun 23
We cannot let the AI take our em dashes away! I also use them all the time—so frustrating how it has become such an indicator of ChatGPT!
1
Reposted by nora
abbystein.bsky.social
Abby Chava Stein @abbystein.bsky.social · Jun 22
I have been using the em dash for about 10 years (I only learned English 13 years ago, for context). I even got a whole book I published before ChatGPT to prove it.

I am not stopping—too useful!
jsketch12.bsky.social
Juno @jsketch12.bsky.social · May 9
How the hell did we let AI take away the em dash from us. it's a useful punctuation mark but now people are so stupid that society thinks it's exclusively used by chatgpt
2 2 16
Reposted by nora
matthewdgreen.bsky.social
Matthew Green @matthewdgreen.bsky.social · Jun 9
I wrote a bit more about X’s new encrypted DMs and the Juicebox protocol. blog.cryptographyengineering.com/2025/06/09/a...
A bit more on Twitter/X’s new encrypted messaging
Matthew Garrett has a nice post about Twitter (uh, X)’s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew’s post is that from a cryptographic…
blog.cryptographyengineering.com
6 27 71
Reposted by nora
mjg59.eicar-test-file.zip
Matthew Garrett @mjg59.eicar-test-file.zip · Jun 6
This is just a flat out lie and everyone involved is either malicious or incompetent
Screenshot of a dialog from Twitter. It says: "Messages are now fully encrypted End-to-end encryption: messages are end-to-end encrypted across all your devices. State-of-the-art privacy: There's no way for anyone, including X, to read your messages. Set up a passcode: In order to secure your messages, you'll need to set up a 4-digit passcode."
4 14 52
nora.bsky.social
nora @nora.bsky.social · Jun 6
Ah, to be clear the virtual HSM here is a juicebox implemented version just for testing the code without costly hardware. It doesn’t even attempt any protections. Which one are you talking about?
1
nora.bsky.social
nora @nora.bsky.social · Jun 6
Belatedly! That could indicate either an HSM or a virtual HSM (meant for testing, not secure). The /livez endpoint suggests they're using the code as-is from main. Request timing makes me suspect a virtual HSM, but it's not definitive.
1
nora.bsky.social
nora @nora.bsky.social · Jun 6
Please do!
1
nora.bsky.social
nora @nora.bsky.social · Jun 6
It's totally possible! If you find something concrete, definitely let me know. NCC audited the design and code and there were a number of other folks who reviewed, but mistakes happen and this is the first time its being used in production at this kind of scale.
1 1
nora.bsky.social
nora @nora.bsky.social · Jun 6
There's a few others out there using it, but with similar misunderstandings. In hindsight, it's probably not well engineered for most developers to not shoot themselves in the foot. But I'd love to see it used well! It's much more efficient than similar things, like WhatsApps HSM setup
nora.bsky.social
nora @nora.bsky.social · Jun 6
Signal ended up doing their own thing, relying heavily on confidential compute (AWS nitro and the like) which I think is less ideal, but to some degree follows the same premise. www.usenix.org/conference/o...
Secret Key Recovery in a Global-Scale End-to-End Encryption System | USENIXusenix_logo_notag_white
www.usenix.org
1 1
nora.bsky.social
nora @nora.bsky.social · Jun 6
The hope was to carry on the work we did at Signal on Secure Value Recovery, but diversify away from SGX/a singular hardware failure point.
Technology Preview for secure value recovery
At Signal, we want to make privacy simple. From the beginning, we’ve designed Signal so that your information is in your hands rather than ours. Technologies like Signal Protocol secure your messages ...
signal.org
1 1
nora.bsky.social
nora @nora.bsky.social · Jun 6
The organization doesn't exist anymore. We created the protocol, played with the idea of offering it as saas (we run HSMs for people), pitched around, and eventually scrapped it due to minimal interest. Open sourced and published stuff to the world, and mostly I thought that was that until now!
2 1
nora.bsky.social
nora @nora.bsky.social · Jun 6
Yes, I know about that theoretical ceremony :) I linked that pdf above, but noone who worked on Juicebox (and developed that ceremony) worked with Twitter to do this, and given they haven't published the results of a ceremony I must assume one never happened (despite it being our intended design)
1 1
nora.bsky.social
nora @nora.bsky.social · Jun 6
And I have good reason to suspect those realms using noise are at _best_ are HSMs that haven't gone through a signing ceremony, but much more likely virtualized HSMs
1
nora.bsky.social
nora @nora.bsky.social · Jun 6
I don't know for sure but I strongly suspect they aren't. They use noise for some realms (which points towards HSMs, but not guarantee), but realm-a.x.com and realm-b.x.com don't use noise at all and definitely aren't HSMs. Since they only require 2 realms to recover, basically they don't have HSMs
1 2
nora.bsky.social
nora @nora.bsky.social · Jun 6
Do you have evidence that Twitter conducted a ceremony?

I would definitely be curious if there is a protocol bug (so we can fix it), but not quite sure the avenue you're getting at
1