Jonathan Anderson
@trombonehero.bsky.social
Associate Professor. Computer Security. Sometimes grumpy (but I repeat myself).
Pinned
We need to make online security a mandatory subject in our schools. It's not just about protection of personal devices and data, but one person's brief lapse in judgement can bring down a school, a payroll system, or a hospital.
2/2
2/2
Counterpoint: if one person’s brief lapse in judgement can bring down the whole org, we’re building our systems all wrong.
Reposted by Jonathan Anderson
Happy Thursday, Canada 🍁
November 27, 2025 at 3:22 PM
Happy Thursday, Canada 🍁
Reposted by Jonathan Anderson
sorta coming around to the view that the social danger of genAI images is less that they'll make people believe fabricated things are real and more that they'll make people believe real things are fabricated
November 27, 2025 at 5:59 PM
sorta coming around to the view that the social danger of genAI images is less that they'll make people believe fabricated things are real and more that they'll make people believe real things are fabricated
Americans may have Thanksgiving too close to Christmas, but on the locality of dressing (“stuffing”), This Is The Way.
You just have never truly experienced peak stuffing until you’ve had it cooked inside a bird. There’s no equal.
November 27, 2025 at 11:06 PM
Americans may have Thanksgiving too close to Christmas, but on the locality of dressing (“stuffing”), This Is The Way.
Old Man take of the day:
What’s with all the selfies in washrooms? Not even just at home, I mean people posting photographic evidence that they were taking photos in public washrooms?
What’s with all the selfies in washrooms? Not even just at home, I mean people posting photographic evidence that they were taking photos in public washrooms?
November 26, 2025 at 8:24 PM
Old Man take of the day:
What’s with all the selfies in washrooms? Not even just at home, I mean people posting photographic evidence that they were taking photos in public washrooms?
What’s with all the selfies in washrooms? Not even just at home, I mean people posting photographic evidence that they were taking photos in public washrooms?
This kind of transparency is to be commended:
“human oversight is mandatory; AI is the tool, never the creator; final editorial judgment, fact-checking and accountability always rest with our journalists; our journalistic standards must be met at all times; …”
www.cbc.ca/news/editors...
“human oversight is mandatory; AI is the tool, never the creator; final editorial judgment, fact-checking and accountability always rest with our journalists; our journalistic standards must be met at all times; …”
www.cbc.ca/news/editors...
How CBC News will use AI responsibly to benefit our journalism — and keep your trust | CBC News
CBC is launching a new campaign aimed at reminding Canadians how our journalism can provide a safe harbour from the fake news and AI-generated content roiling through our feeds. As the campaign begins...
www.cbc.ca
November 25, 2025 at 6:39 PM
This kind of transparency is to be commended:
“human oversight is mandatory; AI is the tool, never the creator; final editorial judgment, fact-checking and accountability always rest with our journalists; our journalistic standards must be met at all times; …”
www.cbc.ca/news/editors...
“human oversight is mandatory; AI is the tool, never the creator; final editorial judgment, fact-checking and accountability always rest with our journalists; our journalistic standards must be met at all times; …”
www.cbc.ca/news/editors...
This is what happens when you outsource so much of your essential function (here, managing schools) that you don't have the expertise to keep contractors honest.
Education boards left gates wide open for PowerSchool mega-breach, say watchdogs
Education boards left gates wide open for PowerSchool mega-breach, say watchdogs
Privacy cops say attack wasn't just bad luck but a result of sloppy homework
Canadian privacy watchdogs say that school boards must shoulder part of the blame for the PowerSchool mega-breach, not just the ed-tech giant that lost control of millions of student and staff records.…
dlvr.it
November 24, 2025 at 2:26 PM
This is what happens when you outsource so much of your essential function (here, managing schools) that you don't have the expertise to keep contractors honest.
What's the worst that could happen?
Breaking: The FCC has voted 2-1 along party lines to eliminate cybersecurity requirements for telecom companies that the commission adopted at the end of the Biden administration.
Telecoms had lobbied for the change. Democrats said it would invite another Salt Typhoon.
Story coming shortly.
Telecoms had lobbied for the change. Democrats said it would invite another Salt Typhoon.
Story coming shortly.
November 24, 2025 at 2:16 PM
What's the worst that could happen?
And then I go and spoil it all
By saying something stupid like
I love you
By saying something stupid like
I love you
November 24, 2025 at 1:12 AM
And then I go and spoil it all
By saying something stupid like
I love you
By saying something stupid like
I love you
Just got an email from the grocery store saying, “thanks for buying pie!”
If they wanted to remind me that they’re tracking everything I purchase for the purposes of microtargeted advertising… great job, gang!
If they wanted to remind me that they’re tracking everything I purchase for the purposes of microtargeted advertising… great job, gang!
November 24, 2025 at 12:49 AM
Just got an email from the grocery store saying, “thanks for buying pie!”
If they wanted to remind me that they’re tracking everything I purchase for the purposes of microtargeted advertising… great job, gang!
If they wanted to remind me that they’re tracking everything I purchase for the purposes of microtargeted advertising… great job, gang!
Calvin, now 46, comes home after a long day to find little Calvin Jr giving him sass
The adventures of a precocious 6-year-old and his stuffed tiger debuted on November 18, 1985. NPR's Renee Montagne spoke with the comic strip's editor, Lee Salem, in 2005.
40 years ago, Calvin and Hobbes' raucous adventures burst onto the comics page
The adventures of a precocious 6-year-old and his stuffed tiger debuted on November 18, 1985. NPR's Renee Montagne spoke with the comic strip's editor, Lee Salem, in 2005.
n.pr
November 22, 2025 at 12:48 AM
Calvin, now 46, comes home after a long day to find little Calvin Jr giving him sass
Reposted by Jonathan Anderson
It’s widely known (and, I think, pretty uncontroversial) that learning requires effort — specifically, if you don’t have to work at getting the knowledge, it won’t stick.
Even if an LLM could be trusted to give you correct information 100% of the time, it would be an inferior method of learning it.
Even if an LLM could be trusted to give you correct information 100% of the time, it would be an inferior method of learning it.
Relying on ChatGPT to teach you about a topic leaves you with shallower knowledge than Googling and reading about it, according to new research that compared what more than 10,000 people knew after using one method or the other.
Shared by @gizmodo.com: buff.ly/yAAHtHq
Shared by @gizmodo.com: buff.ly/yAAHtHq
November 21, 2025 at 12:49 PM
It’s widely known (and, I think, pretty uncontroversial) that learning requires effort — specifically, if you don’t have to work at getting the knowledge, it won’t stick.
Even if an LLM could be trusted to give you correct information 100% of the time, it would be an inferior method of learning it.
Even if an LLM could be trusted to give you correct information 100% of the time, it would be an inferior method of learning it.
Surprise, surprise: those who read things understand them better than those who don’t
Relying on ChatGPT to teach you about a topic leaves you with shallower knowledge than Googling and reading about it, according to new research that compared what more than 10,000 people knew after using one method or the other.
Shared by @gizmodo.com: buff.ly/yAAHtHq
Shared by @gizmodo.com: buff.ly/yAAHtHq
November 21, 2025 at 3:25 PM
Surprise, surprise: those who read things understand them better than those who don’t
Double rainbow over @memorialu.bsky.social… with the elusive pot of gold looking like it might be in @munengineering.bsky.social? 🧐
November 17, 2025 at 7:01 PM
Double rainbow over @memorialu.bsky.social… with the elusive pot of gold looking like it might be in @munengineering.bsky.social? 🧐
Do you hear the Sonic rings
echo the memory of the past
It is the music of a hedgehog
whose first game was quite the blast
echo the memory of the past
It is the music of a hedgehog
whose first game was quite the blast
When I was a kid I always dreamed about Sega Game Gear and now I am a proud owner of it 🤩🥰 #sega #gamegear #retrogaming
November 16, 2025 at 1:00 AM
Do you hear the Sonic rings
echo the memory of the past
It is the music of a hedgehog
whose first game was quite the blast
echo the memory of the past
It is the music of a hedgehog
whose first game was quite the blast
In these turbulent times, amidst great polarization and misinformation, we can all take solace in the wise words of the late Tim Horton:
“Lorem ipsum dolor sit amet”
“Lorem ipsum dolor sit amet”
November 9, 2025 at 8:17 PM
In these turbulent times, amidst great polarization and misinformation, we can all take solace in the wise words of the late Tim Horton:
“Lorem ipsum dolor sit amet”
“Lorem ipsum dolor sit amet”
“There are too many similarities between the iPhone and Meta’s glasses to name them all here, just as one could strain to name infinite similarities between a table and an elephant if we chose to ignore the context that actually matters to a human being.”
Essentially every time we write about abuse of Meta's Ray-Ban AI glasses, Meta tries to convince us the glasses are no different from an iPhone. Here's a helpful guide for Meta PR about the difference between AI glasses and phones 😊
www.404media.co/whats-the-di...
www.404media.co/whats-the-di...
What’s the Difference Between AI Glasses and an iPhone? A Helpful Guide for Meta PR
Meta thinks its camera glasses, which are often used for harassment, are no different than any other camera.
www.404media.co
November 7, 2025 at 9:27 PM
“There are too many similarities between the iPhone and Meta’s glasses to name them all here, just as one could strain to name infinite similarities between a table and an elephant if we chose to ignore the context that actually matters to a human being.”
Software patents… probably something like “Method for adding the colour orange to a website”
GoDaddy hit with $170 mln patent verdict over web-design tech reut.rs/4hPvky6
GoDaddy hit with $170 mln patent verdict over web-design tech
Internet domain registrar GoDaddy owes a patent owner $170 million for violating its rights in website-building technology, a Delaware federal jury said in a verdict made public on Friday.
reut.rs
November 7, 2025 at 8:00 PM
Software patents… probably something like “Method for adding the colour orange to a website”
Just found a new deadlock illustration
November 7, 2025 at 7:57 PM
Just found a new deadlock illustration
"JSONH is same as HJSON but different." 😆
Things I Don't Like in Configuration Languages https://lobste.rs/s/zhzxfg ##programming
Things I Don't Like in Configuration Languages
medv.io
November 6, 2025 at 3:18 PM
"JSONH is same as HJSON but different." 😆
When people deliberately scam your users, and you can detect it, you should… I dunno… stop it?
Or, apparently, charge scammers EXTRA for the privilege of access to your users.
Or, apparently, charge scammers EXTRA for the privilege of access to your users.
Meta earns $3.5 billion every six months from showing Faceboon and Instagram users 15 billion “higher legal risk” scam ad impressions a day, internal documents state.
That haul vastly exceeds how much the company expects regulators
To fine it for running scam ads.
www.reuters.com/investigatio...
That haul vastly exceeds how much the company expects regulators
To fine it for running scam ads.
www.reuters.com/investigatio...
www.reuters.com
November 6, 2025 at 1:13 PM
When people deliberately scam your users, and you can detect it, you should… I dunno… stop it?
Or, apparently, charge scammers EXTRA for the privilege of access to your users.
Or, apparently, charge scammers EXTRA for the privilege of access to your users.
It’s not like it was protecting anything important
November 4, 2025 at 12:00 AM
It’s not like it was protecting anything important
A great example of why, when someone cites work as “from MIT” or “from Harvard” instead of “peer-reviewed by X”, your spidey senses should tingle…
Some guy got in an argument with me about the impact of AI malware. He cited a MIT paper claiming "80% of ransomware attacks are AI powered". I glanced over it and burst out laughing, but couldn't be bothered to debunk it. My friend on the other hand, could. He roasted it so hard that MIT deleted it
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 10:34 PM
A great example of why, when someone cites work as “from MIT” or “from Harvard” instead of “peer-reviewed by X”, your spidey senses should tingle…
Fascinating details and analysis
Or IOW, if this valuation is right, Apple's top-end bug-bounty for top-tier security research, despite their popular image as being generous, is still about an order of magnitude below than the offensive market
October 30, 2025 at 1:36 AM
Fascinating details and analysis
It’s like the Jaffa Cake decision, but with lower stakes
Fans of VAT food and drink cases will enjoy this decision, where the Tax Tribunal was entertained with two days of argument on whether Ferrero Nutella chocolate biscuits (pictured) are “covered in chocolate”. caselaw.nationalarchives.gov.uk/ukftt/tc/202....
October 28, 2025 at 5:34 PM
It’s like the Jaffa Cake decision, but with lower stakes
Reposted by Jonathan Anderson
Reminder that the majority of the world doesn’t bother with daylight savings.
October 27, 2025 at 3:22 PM
Reminder that the majority of the world doesn’t bother with daylight savings.