RE: https://kolektiva.social/@beka_valentine/116845902133405690
An excellent thread here. So much of what I see people pointing to as LLM's benefits for coding relates to long-standing problems in software engineering that the field just hasn't addressed. And LLMs don't solve these problems, at best the just paper them over and make dealing with them less tedious -- while reinforcing the problematic dynamics.
So yes it's great that people with no programming skills can create software to solve their prolems. But if we had collectively spent a chunk of the literally billions of dollars that are going to "AI" building on the early approaches to this from 25+ years ago (Hyperscript, Logo) that don't have the same downsides, we'd be in a much better place today.
And this goes for program analysis as well! Sure, it's impressive that Mythos-class LLMs can be used to identify oodles of problematic constructs in code that's been shipping for years, including tends of thousands of real bugs some of which are security vulnerabilities. It was also very impressive that PREfix and PREfast (the program analysis tools I worked on in back in the day) and the more-powerful tools that followed like Coverity could do it. Where would the program analysis field be today if billions of dollars had been invested in building on these tools instead of "AI"?
But none of these analysis tools change the underlying causes of the bugs -- software engineering processes that value time-to-market over security, unsafe libraries and languages, leaving security as an afterthought, etc etc etc. Don't get me wrong, finding and fixing bugs has value; one net effect this wave of LLM program analysis is likely to be useful hardening of existing software. But all the resources going to that aren't going to addressing the underlying issues -- and also reinforcing all the ethical, sustainability, and power-concentrating consequences of LLM usage.
For decades, the KKK marched and protested wearing masks, and Dem lawmakers said, "It's free speech! We have to let them talk!"
Then for a few summers, some Black kids said, "We need a ceasefire in Palestine." And Dem lawmakers passed laws against masked protest.🤡
Now those Dems are quiet again.🤷🏿♂️
Blog post: Inspired by the video I just boosted - some honest thoughts on my AI remorse from my experiments earlier in the year.
It was bad, and I have SERIOUS regrets.
Agentic AI has "guardrails" (e.g. you have to explicitly say "don't delete all the files on my computer" if you don't want it to delete all your files).
One of these guardrails is asking users to confirm whether to do things. Claude Code apparently has now decided that if you take over sixty seconds to answer a question, it'll just go ahead.
Turns out guardrails get in the way of consuming tokens, and you must consume tokens in order for the business model to work.
Interesting Git repos of the week:
Strategy:
* https://github.com/mr-r3b00t/ai_usage_mitre_analysis - AI abuse through an ATT&CK lens with @UK_Daniel_Card 🤖
Detection:
* https://github.com/citizenlab/bluecoat-investigations investigating Blue Coat device breaches with @citizenlab
* https://github.com/andreicscs/HoneyWire - F/OSS deception
Bugs:
* https://github.com/sgkdev/ipv6_frag_escape - another Linux LPE
Exploitation:
* https://github.com/x86byte/Obfusk8 - obfuscation library
* https://github.com/bee-san/RustScan - a port scanner in Rust
* https://github.com/t0thkr1s/gpp-decrypt - dumping GPP cpassword
* https://github.com/kernelstub/Nox - attack surface management in Go
* https://github.com/JVBotelho/skewrun - abusing time in AD
* https://github.com/db0109/AI-Red-Team-Scripts-And-Checklist - tips and tricks for red teaming AI 🤖
* https://github.com/jonaslykkegaard9-ops/m - remapping Windows memory
Hard hacks:
* https://github.com/pinkflawd/MIPSReverseEngineeringWorkshop - @pinkflawd's MIPS training
Nerd:
* https://github.com/ripienaar/free-for-dev - free hosting for developers 🤖
* https://github.com/dockur/macos - OS X in Docker
Why I love Mastodon: someone famous got married to someone else famous today and my wife told me about it. I didn’t see one person talking about it here. Thanks for being great.
RE: https://techhub.social/@Techmeme/116856918203941961
Yet another reason to #ban #meta
Horrible.
But the worst part is that Zuckerberg laughs all the way to the Bank
What the trolls ruining social media actually look like.
[📹 BestMoon_boxphonefarm]