Security

Two articles that frame security from opposite ends. Supply Chain Trust maps the chain of strangers between you and every program you run — from event-stream's compromised maintainer through Merkle tree logs and reproducible builds to the irreducible problem that hardware can't be verified without destroying it. LLM-powered vulnerability scanning is the newest tool, finding business logic flaws in minutes that traditional static analysis misses entirely. Cryptography As Capability shows the other side: encryption as a power equalizer, from 18th-century secret societies incubating democracy behind polyalphabetic ciphers to modern end-to-end encryption enabling the same function. The Shamir secret sharing story — PayPal nearly destroyed by getpass() truncation on Solaris — captures the perpetual gap between mathematically perfect schemes and the messy systems they run on. Both articles converge on the same insight: security is not a technical property but a social one, and the institutions responsible for it are often running on vibes rather than evidence.