fully in the rebound!

now the consensus seems to be that "if everyones implementation is broken then its not the implementation"

if you aren't developing an implementation to use secure defaults, you're not developing security.

same can be said for PGP even.

if you arent developing something that forces implementations to use sane defaults, you aren't developing security.

the difference is that even if you use the command line tool, you still have to load the gun before you can shoot yourself in the foot

see an auth error? maybe just rm that file

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.