Posts

No Priors Ep. 133 | With Alpha School Principal Joe Liemandt

No Priors Ep. 133 | With Alpha School Principal Joe Liemandt

Joe Liemandt, founder of Trilogy and principal of Alpha School, presents a radical vision for K-12 education powered by AI. He advocates for a "Time Back" model where students complete their core academics in just two hours a day using AI tutors, freeing the rest of their time for passion-driven workshops that build real-world life skills. This approach is built on principles of learning science, mastery-based progression, and a controversial but effective system of incentives.

When LLMs Go Online: The Emerging Threat of Web-Enabled LLMs

When LLMs Go Online: The Emerging Threat of Web-Enabled LLMs

Hanna Kim from KAIST explores the significant cybersecurity risks posed by web-enabled Large Language Model (LLM) agents. The research investigates how these agents, equipped with web search and navigation tools, can be misused to automate and scale cyberattacks involving personal data, such as PII collection, impersonation, and spear-phishing, while easily bypassing existing safety measures.

A Formal Analysis of Apple’s iMessage PQ3 Protocol

A Formal Analysis of Apple’s iMessage PQ3 Protocol

A detailed overview of the formal verification of Apple's iMessage PQ3 protocol using the Tamarin prover. The talk covers PQ3's hybrid cryptographic design, its post-quantum security goals like forward secrecy and post-compromise security, the powerful adversary model it resists, and the successful formal analysis of its unbounded double ratchet structure.

Fundamentals of Data Engineering • Matt Housley & Joe Reis • GOTO 2025

Fundamentals of Data Engineering • Matt Housley & Joe Reis • GOTO 2025

Joe Reis and Matt Housley, authors of "Fundamentals of Data Engineering," reflect on the book's principles three years after its publication. They discuss how the rise of AI has created both powerful tools and dangerous "bear traps" for engineers, the critical role of expertise in a world of AI-generated content, and why foundational knowledge is more important than ever.

Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability

Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability

SMTP smuggling is a critical vulnerability allowing email spoofing that bypasses standard authentication protocols like SPF and DMARC. This research presents a large-scale study on its prevalence, uncovering widespread issues due to shared infrastructure and incomplete patches, and introduces a novel, non-intrusive methodology for ethically testing private email services.

A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models

A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models

This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.