Software: security, cryptography, Rust enthusiast. Outdoors: mountains, cycling, trains. Zurich-based.
Mozilla has a new CEO who:
- Has been at Mozilla for less than a year
- Has no prior open source experience (but well in "fintech" and "real estate")
- Has a MBA (aka "brainworm diploma")
- Is all-in on AI
That’s exactly the kind of bingo profile the whole community has been waiting for.
My friend seems genuinely baffled that I am an AI researcher who refuses to use AI! Not only that, but I argue against it from theory, not experience. Why don't I just give it a try for a while, and see what it's really about before I judge it?
I guess I see where he's coming from. Part of the problem is the word "AI." LLMs are not my research focus, so it's less of a contradiction than it sounds. But I admit, being a non-user makes my arguments against LLMs less credible.
I just don't understand why I owe it to anybody to give AI a shot. I know how LLMs work in gory detail, and I don't trust them. I've seen the mediocre work they produce. I've read studies about the seductive illusion of competence and caring they create, and how people fall for that. I know it's all built on an incredibly exploitative business model.
I feel entirely justified in not giving them a chance. I guess I'm just as baffled by how badly he wants me to try it, and how sure he seems to be that it would change my mind.
From top AI coding user globally to completely stop using it because it's so much harder to review AI code than write it myself. And they say all software developers jobs will be replaced by LLM. Life comes fast at you. 🤣 https://xcancel.com/jhleath/status/1999589156314578961?s=46
So many senior devs lament how much time they have to spend coaching and giving feedback, and how little time they have for code.
And with LLMs we see rafts of senior devs gleefully shifting their career so that all they do now is coach and provide feedback to a dumb agent that will never learn anything permanently from the process, never surpass its master, never stand on their shoulders and move on to greater things.
Teaching, but without any long term ROI. What a shitty gig that sounds like
webdev here, we actually round corners on ui elements so people don't accidentally cut themselves while interacting with them
We don't have a cybersecurity problem.
We have a software quality problem.
Trying to solve the former without addressing the latter will not produce the desired outcomes no matter how hard we try.
[It's always DNS]
Fun fact (if you don't have to debug this): if you use reqwest (HTTP client in @rust) in the default configuration, it appears to make one DNS query per request (in fact 2, A + AAAA) even if you make hundreds of requests to the same domain within seconds.
The router of my new ISP wasn't amused, and stopped replying at some point hence causing weird DNS resolution errors. On the plus side it was easy to diagnose with tcpdump + Wireshark.
Anyway, it looks like switching to hickory-dns solved the problem: https://docs.rs/reqwest/latest/reqwest/struct.ClientBuilder.html#method.hickory_dns. It still makes a good dozen requests instead of one A + one AAAA, but that's orders of magnitude more efficient than the default.
#Zig quitte MicrosoftHub pour FramaGit (euh, non, pour Codeberg).
https://ziglang.org/news/migrating-from-github-to-codeberg/
A status checker that checks the checker that checks the checker that checks Downdetector.
https://downdetectorsdowndetectorsdowndetectorsdowndetector.com/
New post: a defense of lock poisoning in #rust.
Followup to recent discussion: decided to write about lock poisoning, looking at the arguments on each side, and informed by our experience at @oxidecomputer dealing with the parallel problem of unexpected async cancellations in critical sections.
Please give it a read!
Ever wonder why the "vi" editor uses H, J, K, and L keys for cursor navigation, and why Unix shells traditionally use "~" as an alias for the home directory?
The ADM-3A terminal was a very popular and inexpensive Unix terminal in the 1970s. Notice where the arrow keys are, and where the "~" key is? It influenced a lot!
France was actively using GrapheneOS on a national level via ANSSI. They benefited from our open source code available to them for free as it is to everyone else in the world. This makes it all the more ridiculous that French state agencies are now heavily attacking GrapheneOS.
Please listen to this podcast about ANOM:
https://darknetdiaries.com/transcript/146/
The FBI ran a sting operation in Europe where they created their own 'secure' phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.
Social engineering -- the art of tricking people into doing stupid shit -- has always been the most reliable way to hack anything. Now with AI browsers and agentic this and that, we've actually built social engineering into the code. So it can be used to trick others but also trick itself. Brilliant!
La vie de Nicolas Guillou, juge français de la CPI sous sanctions des Etats-Unis : "Vous êtes interdit bancaire sur une bonne partie de la planète": "Tous mes comptes auprès d’entreprises américaines, comme Amazon, Airbnb, PayPal, etc., sont fermés (...) Etre sous sanctions, c’est être renvoyé dans les années 1990", explique le magistrat. Pour l'instant, l'Union européenne reste atone. Glaçant... https://www.lemonde.fr/international/article/2025/11/19/nicolas-guillou-juge-francais-de-la-cpi-sanctionne-par-les-etats-unis-face-aux-attaques-les-magistrats-de-la-cour-tiendront_6654016_3210.html
#Politique #Trump #EtatsUnis #CPI #Sanctions #Gafam #Banques
@_calmdowndear any tool enables crime. not just encrypted phones, or grapheneOS, any tool.
however, just because a tool enables crime, does that mean we should ban it? cars enable crime by being able to go over the speed limit. should we say those aren't allowed anymore?
but I know, I know, cars just jump out of the driveway and commit crimes, right? I heard one car going at a speed and s...nevermind, that was a joke.
still, point is, your phone is not going to turn itself on, fly out of your house, and start celling drugs to people one day, that's you the human. it's like what they say with guns: it's not the gun, it's the person that ames it.
every tool can enable crime, from screwdrivers to, yes, even phones. they all have double edged sourds to them, it's what you the human decide to do with it.
We were contacted by a journalist at Le Parisien newspaper with this prompt:
> I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police?
