Starting with the release of the Pixel 3, all of Google’s Pixel Android
smartphones come with the Titan M security chip on board. When I realized the
Pixel 3a XL I purchased also had it, I decided to try to take advantage of it in
an app I work on. It turned out that using the Titan M chip through the Android
Keystore API for AES-GCM in a specific way lead to predictable and bogus
ciphertext. This is the story of how I stumbled upon that bug, and why it’s a
With the release of the Ryzen 3000 series CPUs, I decided it was finally time to
upgrade from my good old Intel i5 2500K. It served me well for nearly 8 years,
but its age was starting to show. While doing the upgrade, I also wanted to
address the other two main pain points I had with my previous setup. Long story
short: I ended up installing NixOS and setting up PCI passthrough.
I think I experienced a random bit flip while updating Linux on one of my
machines today. My laptop was humming along happily during compilation until GCC
suddenly aborted with an error: invalid preprocessing directive #lefine; did
you mean #define?.
On the 21th of June 2018, the release of the new wallet applications for Nano
was announced on
Shortly after that, another
was made telling users of the Android app to transfer their funds to a wallet
with a seed that was not generated by the app. I quickly looked up the source
code and found that the app was using a random number generator that is not
cryptographically secure. Let’s analyze how bad this really is. Spoiler: it’s
As most Go programmers probably know, strings are immutable in Go. This has its
advantages, but there are times when one might want to make changes to a string.
Using reflection, we can obtain the underlying StringHeader struct of strings
and modify the contents.