Thread for those who don't have an account: https://xcancel.com/s_heyneman/status/2014519007244656652
Based on what security is meant to do, Likewise.
Based on the lack of (apparent) self awareness of the author, I think I'd expect a little better of somebody using a device as a pitch-deck to the wealthy in a location of heightened security.
Is it security pantomime? yes. What did the OP expect? Is the OP really as naieve as they are saying? Was this not forseen/forseeable?
Being wise after the event means being wise. Does anyone else reading this think the OP was not wise?
If it looks like Osama bin Laden attending a War on Terror summit ... they'll wave it right through.
* https://www.theguardian.com/tv-and-radio/2020/jan/20/how-the...
Not an especially wise move if unintended, and a precarious risk if intended fpr the drama.
I'm thinking my personal best time getting grilled over a suspected security issue runs to 36 hours or so .. hard to tell in retrospect, the US TLA bods do like their blinken lights and screeching music to mess with peoples internal clocks.
You are absolutely right about the optics (and the blinkin' lights). The forensic expert made the same point—unintended drama is still drama. I definitely didn't aim for this (just wanted to demo the hardware), but once the process started, I had to respect the thoroughness. Their protocols are no joke.
The grilling by US security types was a "feature" of crossing any US controlled border space for a number of years after this: https://news.ycombinator.com/item?id=46597539 in 1998.
You spend one month at ground zero for 11 nuclear tests that caught most of the five eyes by suprise and that's all they ever seem to ask about forever.
It is fascinating to see the evolution of the 'threat signature,' though. You were flagged for proximity to literal nuclear physics in 1998; I was flagged for a vibe-coded prototype that just looked like physics in 2026.
I have a sinking feeling that, like you, I've just unlocked the 'secondary screening' achievement for the next decade. I’ll take the permanent Swiss police record over the Five Eyes watchlist any day. You win.
Seperately again some nice people in Finland gave us some really nice SAKO TRG's and spotting scopes in return for being the fastest to find some drums of waste they hid in a forest.
My father (still alive) is a few years older than M.J., they grew up together, being from the same part of the same state .. so it was handy having them going to bat for us when faecal matter contacted propellers ( https://en.wikipedia.org/wiki/Michael_Jeffery ).
I’ve walked around SF and NYC with prototypes for years without issue. I genuinely failed to code-switch for the environment. I expected a bag search; I didn't expect a 13-hour detention and a forensic code audit.
It felt like 'pantomime' at first, but once the forensic team arrived, it became very real. They weren't performing theater; they were genuinely verifying the interrupt handlers in the code.
That said, your point is the correct one. In a normal setting, leaving a bag near your table while you check in is fine. In a high-security zone during WEF, placing a black box with wires on a bench is a massive red flag. I treated it like a backpack; they treated it like a potential threat. It was a hard lesson in situational awareness.
That said, the scrutiny shifted quickly from the 'black box' visual to the actual tech. It wasn't just a physical inspection; they brought in a forensic expert to audit the Rust borrow checker logs and interrupt handlers to verify the triggers were benign. It turned into a very technical interview, just with higher stakes.
They were incredibly professional. Once we moved past the initial 'threat assessment' phase, the officers and the forensic expert were fair, logical, and treated me well. The system worked exactly as it should for a suspicious package in a high-security zone.
reutinger•2w ago
To get released, I had to walk a forensic expert ('Chris') through this codebase line-by-line. He didn't care about the pitch; he audited the Rust borrow checker logs, the specific hardware interrupts, and the encryption implementation to prove it wasn't a trigger mechanism.
It was the most aggressive code audit of my life. Happy to answer questions about the stack, the 'vibe coding' workflow I used to build it, or the Swiss prison lasagna."
steveklabnik•2w ago
reutinger•2w ago
To be precise with my terminology: I showed the forensic expert the terminal history and compiler output in my VS Code/Cursor logs.
Because I was 'vibe coding' with LLMs, I had a long scrollback of cargo build failing repeatedly with ownership/borrow errors. 'Chris' (the forensic expert) reviewed that timestamped history to verify that I was genuinely struggling to compile a harmless display driver in a hotel room that morning, rather than deploying a pre-compiled malicious payload.
His logic was essentially: 'A terrorist brings a clean binary. A developer brings a terminal full of red text.' The broken build state was my alibi.
steveklabnik•2w ago