remember all the fucking rubes saying Proton’s LLM wasn’t a problem cause only business and visionary accounts had access to it? well, only one month later of fucking course they went back on that and now it’s included with duo and family accounts, and my soon to be cancelled unlimited account just popped an ad for it on the compose window trying to get me to opt into the free trial for the fucking thing (and also the button’s purple just as a last dark pattern to try and fool users into clicking it)
this isn’t surprising, but now it’s confirmed: in addition to the environmental damage generative AI does by operating, and in spite of all attempts to greenwash it and present it as somehow a solution to climate change, of course Microsoft’s been pushing very hard for the oil and gas industry to use generative AI to maximize resource exploitation and production (via Timnit Gebru)
cryptographers: need strict guarantees on code ordering and timing because even compiler optimizations can introduce exploitable flaws into code that looks secure
the go cryptographer: there’s no reason not to completely trust a system that pastes plagiarized code together so loosely it introduces ordering-based exploits into ordinary C code and has absolutely no concept of a timing attack (but will confidently assert it does)
it’s so weird how the garbage finds us in bursts, like all week it’ll be relatively quiet then the weekend comes and the floodgates open
From 2018 to 2022, I worked on the Go team at Google, where I was in charge of the Go Security team.
Before that, I was at Cloudflare, where I maintained the proprietary Go authoritative DNS server which powers 10% of the Internet, and led the DNSSEC and TLS 1.3 implementations.
Today, I maintain the cryptography packages that ship as part of the Go standard library (crypto/… and golang.org/x/crypto/…), including the TLS, SSH, and low-level implementations, such as elliptic curves, RSA, and ciphers.
I also develop and maintain a set of cryptographic tools, including the file encryption tool age, the development certificate generator mkcert, and the SSH agent yubikey-agent.
I don’t like go but I rely on go programs for security-critical stuff, so their crypto guy’s bluesky posts being purely overconfident “you can’t prove I’m using LLMs to introduce subtle bugs into my code” horseshit is fucking terrible news to me too
but wait, mkcert and age? is that where I know the name from? mkcert’s a huge piece of shit nobody should use that solves a problem browsers created for no real reason, but I fucking use age in all my deployments! this is the guy I’m trusting? the one who’s currently trolling bluesky cause a fraction of its posters don’t like the unreliable plagiarization machine enough? that’s not fucking good!
maybe I shouldn’t be taking this so hard — realistically, this is a Google kid who’s partially funded by a blockchain company; this is someone who loves boot leather so much that most of their posts might just be them reflexively licking. they might just be doing contrarian trolling for a technology they don’t use in their crypto work (because it’s fucking worthless for it) and maybe what we’re seeing is the cognitive dissonance getting to them.
but boy fuck does my anxiety not like this being the personality behind some of the code I rely on
To be fair, it was the moderator that deleted their message, not the poster. Mods are always stifling discussion around here. Feels like Reddit.
it’s really weird how nobody wants your awful fucking posts in any community. must be the mods!
anyway, time to stifle discussion around here
huh, I figured this was common knowledge but thinking back on it, it might have just been dire informal warnings from some of my college friends with a little too much experience in the area
This $6.5 billion round will give OpenAI an alleged “valuation” of $150 billion, up from $86 billion earlier this year.
so pets.com had a valuation of $87 million (~$159 million adjusted for inflation) right before the market crashed, and that shit’s so radioactive capitalists still use it as an example of a shitty bubble business that never should have been valued that high cause who in their right mind thinks pet stuff online’s worth that much?
this next crash is going to be a fucking doozy isn’t it
@self
@awful.systems