mttaggart

mttaggart, 4 months ago to random

Okay, listen up:

Mozilla is two different entities. The Mozilla Corporation and the Mozilla Foundation. The second one? That's the social good one you really want focused on important things.

The Mozilla Foundation, like all non-profits, publishes their Form 990 annually to disclose compensation. Here it is.

You'll see that the top earner there, Mitchell Baker, who is very handsomely rewarded, is actually paid by the Mozilla Corporation, not the Foundation. Put another way, the non-profit is not blowing its funding on a CEO.

And the corp, by the way, is what generates revenue that largely funds Firefox.

The annual report of the Foundation shows a pretty healthy financial situation, and increased investment in public good projects year-over-year.

I don't like everything they do either (e.g. that risible website generator), but I don't actually think they are suffering from a lack of focus. They're suffering from a mature market.

mttaggart, 9 months ago to random

Well that sucks. The company behind Libby/Overdrive has been acquired by the same group that gutted Toys R Us: https://karawynn.substack.com/p/the-coming-enshittification-of-public-libraries

This is exceptional bad news for libraries, which already strain against corpo nonsense to deliver digital materials.

mttaggart, 3 months ago to random

Choose a successor? Hell no, GitHub; my code dies with me and will assist me in the afterlife like the pharaohs of old

mttaggart, 7 months ago to random

If I'm reading this correctly, Chrome will route your traffic through its own proxies—and a chosen third party, which you can't decide about. It'll be opt-in for now.

The amount of concerns that this introduces to both individuals and organizations is significant. What will it take before Chrome itself is labeled a PUP? Even with the best of intentions, the browser is taking more and more for Google, leaving less and less for the open web.

https://www.bleepingcomputer.com/news/google/google-chromes-new-ip-protection-will-hide-users-ip-addresses/

https://github.com/GoogleChrome/ip-protection

mttaggart, 2 months ago to random

Good morning, nerds! The British Library just dropped its after-incident report on the ransomware attack that has disabled the Library for, uh, months?

Let's dig in.

mttaggart, 5 days ago to random

My wife tells me that she is observing conversations on X where regular, non-tech users are beginning to consider Linux because of Recall.

That's how bad an idea this is.

mttaggart, 8 months ago to random

Hey, good job patching all your browsers for the latest WebP vulnerabilities (there's a new one today, btw).

Know what probably didn't get updated?

Yeah, all those Electron apps.

mttaggart, 8 months ago to unity

Actually, big thanks to #Unity for elegantly demonstrating a huge part of the risk model of proprietary software.

mttaggart, 5 months ago to random

There are basically two irreconcilable camps in the Threads debate here.

• Camp 1, understandably, wants nothing to do with Meta and view them as an existential threat to the Fediverse for plenty of well-precedented reasons.

• Camp 2, also understandably, sees potential in connecting a managed platform that appeals to entities like news outlets and other services to the Fediverse, enabling us to access that information without requiring an account on a Meta-owned platform.

Camp 1 will not cede ground because they view the issue as existential.

Camp 2 will, I dunno, deal with it or move to a server where they can see what they want to see?

But given the scale of Threads already, widespread blocking of it will create a pretty noticeably weird gap in the federation graph, and make onboarding for new potential Fedi users even more confusing. That part, by itself, kinda sucks.

mttaggart, 1 month ago to random

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.

Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

mttaggart, 8 months ago to random

Some reminders on this #LaborDay:

The LinkedIn productivity/hustle culture is a trap that serves the corpos. Working 80 hours a week for someone else is just cheating yourself.

Companies rely on the naivety of the young to inflate their staff hours. With few other obligations, you feel like that extra work is an opportunity. It is, but not for you. Do your job well and then have a life.

HR does not protect you; it protects the company, and you know what companies hate? Whistleblowers.

Equity as a component of a compensation package is almost always a cheat, especially in startups. Get paid in real money, not pinkie promises.

If the service is free, you're not just the product; you're part of the labor force, because guess who is generating value for whatever the product actually is? So you can and should hit da bricks from services and social media you don't like.

There is no moral consumption under corporate capitalism, because there is no moral production under corporate capitalism. But that doesn't mean you have to lean into it. It's worth your time and effort to choose goods and services from companies that treat people and the planet well—or at least, not as exploitatively as others . And if you can, choose employers the same way.

Return-to-office is about power, control, and justifying the sunk cost of office space. If you can, avoid it.

Add on, and enjoy the day!

mttaggart, 8 months ago to random

Stop pressing backspace until you feel safe: Ctrl+U clears the password prompt on the terminal so you can start again.

mttaggart, 4 months ago to random

It's been a minute, so here's your reminder that the claim that "quote posts are mostly toxic" is untrue and has been roundly debunked. absolutelymaybe.plos.org/2023/01/12/quote-tweeting-over-30-studies-dispel-some-myths/

mttaggart, 3 months ago to random

I am not kidding when I say I'd rather have no illustration for your blog post/article/news story than a generative one.

mttaggart, 13 days ago to random

All this LLM crap, especially the latest from Google, has me really bummed out. I did not sign up for a life of avoiding lies from the literal lying machine being shoved down my throat.

But now, I am apparently forced to fight a war against these things, in defense of whatever is left of fact.

mttaggart, 12 days ago to random

The writing is on the wall.

Actually it's not writing. It's neon letters directly wired to a fusion reactor.

The internet you knew? It's gone. There is no recovering it. There's too much money and incentive behind the idea of making the entire village into a strip mall run by LLMs. Your gardens are forfeit.

I don't know if a #hardfork is possible, but even if it isn't, we gotta get to work building the intentional, human web. The one that rejects generative content, the one that verifies humanity through mutual trust, the one that takes privacy and safety of our neighbors as the highest value.

There are many tools available, but united effort must join together around them. Carefully, intentionally, we have to start moving what matters away from the polluted land.

mttaggart, 7 days ago to random

Listen.

It's not about whatever Microsoft is doing with these features today. Maybe it's apocalyptic, maybe it's not. But what we're seeing is next-level disregard for user choice about their OS. Yes, even for Microsoft, this is exceptional.

And in the constant pursuit of monetizing our data or extracting training sets, we must confront the question of what they will push on us next, without consent or reasonable recourse.

This is not an OS under owner control, and as such, should not be trusted for any purpose where data security is a concern.

I struggle to think of a use case where it isn't.

mttaggart, 5 months ago to random

Do you think gas stoves are "better" for cooking?

Are you sure you know why you think that? www.npr.org/2023/10/17/1183551603/gas-stove-utility-tobacco

mttaggart, 8 months ago to random

If you are struggling, please please please try to let someone know. There is help, and you do not need to suffer in silence.

https://cyberscoop.com/cyber-professionals-mental-health/

mttaggart, 4 months ago to random

It turns out being really angry all the time at the state of the world accomplishes nothing at all, and yelling at others for being less angry than you accomplishes less than that.

Find a thing you can help solve, then log off and go do it.

mttaggart, 12 days ago to random

I am SO SICK of hearing "people are lazy," as an argument for, well, anything.

I've been on this planet for a minute, and I can think of maybe four people I've ever met who could truly be called lazy.

I know tired people. Sick people. Hurt people and angry people. Fast people, slow people. Scared people and confused people. And yes, many brilliant hardworking people who achieve beyond all expectations.

But most everyone is working hard just to get by. It is no moral failing that they do not have the time nor inclination to care deeply about the thing you do. In fact, thinking so is rather lazy of you.

Also, it makes you kind of an asshole.

Always remember: if everyone around you is an idiot, guess who's the jerk?

mttaggart, 4 months ago to random

Where does all of this leave the Firefox browser. Surman argued that the organization is very judicious about rolling AI into the browser — but he also believes that AI will become part of everything Mozilla does.

I can't wait to find out what will happen when all the Firefox evangelists wake up to find an LLM baked into their darling.

techcrunch.com/2024/01/03/whats-next-for-mozilla/