Mastodon Feed
dysfun@treehouse.systems ("gaytabase") wrote:
gigamicrons
Mastodon FeedMastodon Feedjscalzi@threads.net ("John Scalzi") wrote:
I confront my cluelessness about so many things on a regular basis, I assure you. I do a lot of work not to be defensive about it when it crops up and to learn, so I only have to be clueless about it once.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
HyperCraft3r@chaos.social ("HyperCraft3r DECT 6830") wrote:
Anyone hiring?
My work told me they will not be giving me a job after my apprenticeship (as a Developer) ends in the summer. I am skilled in DevOps and have great joy in organising things (from confluence spaces to events.. I do it all). I have a permit for carrying weaponised autism in problem solving. I do volunteering work in first aid and like basic human rights for all.
:BoostOK: :ReplyOK: :fairydust:
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
shibacomputer@post.lurk.org ("𝔰𝔥𝔦𝔟𝔠𝔬") wrote:
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Without knowing whether it would have made any difference, it is my belief that the targeted suppression campaign against NDC in 2025, in which we received a completely baseless Cease and Desist as we began publishing, stopped our digital identity research from reaching eIDAS 2.0 policymakers. The resulting clusterfuck can be seen basically all around us.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
ra6bit@infosec.exchange wrote:
I have encountered very few security programs which are truly limited by a lack of vulnerability detection and threat intelligence.
I have encountered a great many security programs that are adrift in a sea of vulnerability information that lack any way to meaningfully ingest, triage, prioritize, and action them. Even when they can do that, they are almost universally under-resourced to ever reach the zero-point.
Mastodon Feed[Tom Lehrer voice]
These are all the elements known to California
There may be many others but Prop 65 won't warn ya
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
occult@ominous.net wrote:
RE: https://infosec.exchange/@trailofbits/116419704979785055
Today in memory safety bugs in Rust code.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
SecureOwl@infosec.exchange ("Mike Sheward") wrote:
I wrote up this cursed discovery with more details:
https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
charlotte@akko.chir.rs ("Charlotte :lotteheartplural:/Cinny :cinny_heart_plural: :thetadelta: :ursaminor: :treblesand: ") wrote:
critical security issue: if you disable all of the device’s security, you will be able to edit otherwise protected values to say what you want them to say
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
0xabad1dea@infosec.exchange ("abadidea") wrote:
if you have no idea what this is about: a very official-looking "IPv8" draft appeared that was an absolute fever dream of and-a-pony wishlist features for a censorious regime, down to using json web tokens at the hardware level for some reason
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
0xabad1dea@infosec.exchange ("abadidea") wrote:
it seems someone decided to prove you really can just publish any nonsense protocol draft with the IETF https://www.ietf.org/archive/id/draft-meow-mrrp-00.html
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
cesarsagaert@hachyderm.io ("César") wrote:
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
MolarFox@pixel.tiggi.es ("MolarFox 📷") wrote:
On today's #fursuitfriday, we're transporting a very fluffy and very important payload in the back of my ute!
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
campuscodi ("Catalin Cimpanu") wrote:
-Grok is still nudifying
-Nudify apps are still everywhere
-Android gets new one-time location and contact pickers
-Chrome does nothing to stop browser fingerprinting
-Windows adds RDP warning popups
-Raspberry Pi disables passwordless sudo
-More cyber EOs are coming
-FCC exempts Netgear from foreign router ban
-US Tech Force is hiring cyber staff
-DPRK laptop farmers sentenced
-16yo arrested for school hack
-53 DDoS-for-hire domains seized
-Hazy Hawk hijacks university subdomains
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
GossiTheDog@cyberplace.social ("Kevin Beaumont") wrote:
RE: https://infosec.exchange/@metacurity/116420216155655162
Mythos is quickly becoming its own mythological beast.
They’ve automated the vulnerability hype train - an expression I used where researchers would find real vulnerabilities, which had no real impact in the real world. People would get very excited for no reason. Now they’ve automated that process with execs.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
david_chisnall@infosec.exchange ("David Chisnall (*Now with 50% more sarcasm!*)") wrote:
A few notes about the massive hype surrounding Claude Mythos:
The old hype strategy of 'we made a thing and it's too dangerous to release' has been done since GPT-2. Anyone who still falls for it should not be trusted to have sensible opinions on any subject.
Even their public (cherry picked to look impressive) numbers for the cost per vulnerability are high. The problem with static analysis of any kind is that the false positive rates are high. Dynamic analysis can be sound but not complete, static analysis can be complete but not sound. That's the tradeoff. Coverity is free for open source projects and finds large numbers of things that might be bugs, including a lot that really are. Very few projects have the resources to triage all of these. If the money spent on Mythos had been invested in triaging the reports from existing tools, it would have done a lot more good for the ecosystem.
I recently received a 'comprehensive code audit' on one of my projects from an Anthropic user. Of the top ten bugs it reported, only one was important to fix (and should have been caught in code review, but was 15-year-old code from back when I was the only contributor and so there was no code review). Of the rest, a small number were technically bugs but were almost impossible to trigger (even deliberately). Half were false positives and two were not bugs and came with proposed 'fixes' that would have introduced performance regressions on performance-critical paths. But all of them looked plausible. And, unless you understood the environment in which the code runs and the things for which it's optimised very well, I can well imaging you'd just deploy those 'fixes' and wonder why performance was worse. Possibly Mythos is orders of magnitude better, but I doubt it.
This mirrors what we've seen with the public Mythos disclosures. One, for example, was complaining about a missing bounds check, yet every caller of the function did the bounds check and so introducing it just cost performance and didn't fix a bug. And, once again, remember that this is from the cherry-picked list that Anthropic chose to make their tool look good.
I don't doubt that LLMs can find some bugs other tools don't find, but that isn't new in the industry. Coverity, when it launched, found a lot of bugs nothing else found. When fuzzing became cheap and easy, it found a load of bugs. Valgrind and address sanitiser both caused spikes in bug discovery when they were released and deployed for the first time.
The one thing where Mythos is better than existing static analysers is that it can (if you burn enough money) generate test cases that trigger the bug. This is possible and cheaper with guided fuzzing but no one does it because burning 10% of the money that Mythos would cost is too expensive for most projects.
The source code for Claude Code was leaked a couple of weeks ago. It is staggeringly bad. I have never seen such low-quality code in production before. It contained things I'd have failed a first-year undergrad for writing. And, apparently, most of this is written with Claude Code itself.
But the most relevant part is that it contained three critical command-injection vulnerabilities.
These are the kind of things that static analysis should be catching. And, apparently at least one of the following is true:
- Mythos didn't catch them.
- Mythos doesn't work well enough for Anthropic to bother using it on their own code.
- Mythos did catch them but the false-positive rate is so high that no one was able to find the important bugs in the flood of useless ones.
TL;DR: If you're willing to spend half as much money Mythos costs to operate, you can probably do a lot better with existing tools.
Mastodon Feedpzmyers@freethought.online ("pzmyers 🕷") wrote:
Louisiana has a special way of dealing with homelessness.
https://freethoughtblogs.com/pharyngula/2026/04/17/are-there-no-prisons-are-there-no-workhouses/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
patcharcana@furry.engineer ("Patch Arcana") wrote:
"I failed upward, to the level of my incompetence. The same as the rest of us."
St. Naomi Nagata, Patron of Breaking Stuff, continues to deliver the bangers.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
bascule@mas.to ("Tony “Abolish ICE” Arcieri🌹🦀") wrote:
New metric shows renewables are 53% cheaper than nuclear power
A new metric for assessing total system costs puts a least-cost mix of offshore wind and solar at about €46 ($54.20)/MWh in a future climate-neutral energy system for Denmark. Researchers tell pv magazine that figure is less than half the equivalent cost of nuclear under the same conditions.
Mastodon Feedpzmyers@freethought.online ("pzmyers 🕷") wrote:
Hideous slimy rape monkeys in action.
https://freethoughtblogs.com/pharyngula/2026/04/17/humans-are-awful-creatures/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
itnomad@ruhr.social ("Alexander Janßen") wrote:
HAHAHA LOL That didn't age well!
> EU age verification app can be hacked in 2 minutes, claims security expert
https://cybernews.com/security/eu-age-verification-app-hack/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
rawenwolf@meow.social ("RawiWoof") wrote:
Well, so much for safety and privacy
@itnomad https://ruhr.social/@itnomad/116419862667935057
@EUCommission, @HennaVirkkunen
This is absolutely unacceptable and puts almost 500 mil. people in danger.
On the bright side, it wouldn't be found so quickly if the code wasn't publicly available so you've got plenty of time to fix this huge error. And I mean fix, not cover up.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hkrn@mstdn.social ("Hacker News") wrote:
US tech firms lobbied EU to keep datacentre emissions secret
L: https://www.theguardian.com/technology/2026/apr/17/microsoft-us-tech-firms-lobbied-eu-secrecy-rules-datacentre-emissions
C: https://news.ycombinator.com/item?id=47802962
posted on 2026.04.17 at 02:17:41 (c=1, p=9)
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
FlohEinstein@chaos.social wrote:
I think it is really important to analyze the implication of the new IETF Draft Meow MRRP in the wild. I strongly assume it will lead to widespread loss of carriers when applied in areas where IP over Avian Carrier is in use. More research is needed. And funding!
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
bluish.gecko@pixelfed.furryfandom.me ("Blouie the Blue Heeler") wrote:
You don’t need a #Sandevistan when you've got #zoomies 😁
#furry #fursuit #FursuitEveryday
📸 @furcphoto.bsky.social
🧭 @nordicfuzzcon.org 2026, #Malmö
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
Cassius@meow.social ("Cassius Crafts") wrote:
He looks cool but I promise you there's nothing but air between those ears 🫡
Happy #FursuitFriday everybody! This wonderful photo was taken atScotiacon by @/PurpleFoxCosmo
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
relhr0vs@furry.engineer ("REX HR0VS") wrote:
Happy #FursuitFriday everyone!
This photo of Theta ( https://www.furtrack.com/index/character:theta ) was taken at a recent meet at a dinosaur museum. It was a great day out and I got a stack of photos of all the furs playing with the dinosaurs. 🦖
It seems very brave of Theta to turn her back on that giant t-rex, but I'm sure that little fence will keep the dinosaurs contained.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
NaveMcCanine@meow.social ("Nave :ms_furry_pride:") wrote:
🫘 B 🫘 E 🫘 A 🫘 N 🫘
🐈: furrynakita (FA)
🐕: Me!
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
creideiki@akkoma.pikaböl.se ("Creideiki") wrote:
For #FursuitFriday photography, make sure to turn the fursuiter all the way around to get the good angles, and to shift the focus plane to alternate between paws and maws.
🐺: Badwolf Brock http://badwolfbrock.com/
🧭: ConFuzzled 2025
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
trailofbits@infosec.exchange ("Trail of Bits") wrote:
Google used a ZK proof to disclose a quantum breakthrough that cuts the cost of breaking cryptocurrency by 20x without handing attackers the circuit.
The Rust code behind the proof had memory safety bugs. We used this new attack surface to forge a proof that beats Google’s on every metric.
Google patched it within days. Their quantum claims are unaffected. https://blog.trailofbits.com/2026/04/17/we-beat-googles-zero-knowledge-proof-of-quantum-cryptanalysis/