rook
Summary of the recent crowdstrike report: 🧵https://infosec.exchange/@munin/112916974811882522
Munin wonders if the weird writing style of the report might be because crowdstrike used an LLM to generate a summary of several source documents, which would be funny-yet-depressing if true.
The actual causes of the incident probably won’t suprise anyone… “didn’t bounds-check, didn’t test parser on bad data, didn’t stage rollouts” in order of should-have-done-this-first-ness.
And, whilst I’m here, a post from someone who tried using copilot to help with software dev for a year.
I think my favourite bit was
Don’t use LLMs for autocomplete, use them for dialogues about the code.
Tried that. It’s worse than a rubber duck, which at least knows to stay silent when it doesn’t know what it’s talking about.
https://infosec.exchange/@david_chisnall/113690087142854474
(and also https://en.m.wikipedia.org/wiki/Rubber_duck_debugging for those who haven’t come across it)
Valsorda was on mastodon for a bit (in ‘22 maybe?) and was quite keen on it , but left after a bunch of people got really pissy at him over one of his projects. I can’t actually recall what it even was, but his argument was that people posted stuff publicly on mastodon, so he should be able to do what he liked with those posts even if they asked him not to. I can see why he might not have a problem with LLMs.
Anyone remember what he was actually doing? Text search or network tracing or something else?
For VPNs, at least, I can offer some suggestions. If you wanted to securely access a specific box or network of yours, tailscale is pretty great and very painless to use. If you wanted to do stuff without various folk noticing then that’s a bit trickier but I’ve been happy using mullvad… they’re not the cheapest, though they have some splendid anonymous payment mechanisms (you can literally mail them a wad of banknotes with a magic code on a bit of paper… you don’t even need to muck about with bitcoin).
Not sure where there’s a good summary of the drama, but it started (I think) back in February with some serious concerns about transphobic moderation on tumblr. Openly trans user predstrogen posted
I hope photomatt dies forever a painful death involving a car covered in hammers that explodes more than a few times and hammers go flying everywhere
and he took it a bit too seriously, including banning them for dubious reasons then looking them up on twitter and listing all their old alt account names to their followers, because he’s totally not a transphobic stalker y’all and this is a reasonable thing to do when you’re worth half a billion.