Posts by munin@infosec.exchange
(DIR) Post #B1Jo5cB8PSMurIv5Xs by munin@infosec.exchange
2025-12-16T21:03:56Z
0 likes, 0 repeats
the thing about nazis is that they refuse to learn from other peoples' mistakes and end up innovating new kinds of fuckups in the process of their obstinate rejection of the notion that anyone else might know better than they do https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
(DIR) Post #B1LvAiLdzFSBR78N0K by munin@infosec.exchange
2025-12-17T21:14:59Z
0 likes, 1 repeats
RE: https://chaos.social/@danimo/115729293506504456Sam Altman is a greedy little shit and the world would be a much less stressful place if he did not have the resources to pull bullshit like this.
(DIR) Post #B1LvAnecG8bHtP35lo by munin@infosec.exchange
2025-12-17T21:17:37Z
0 likes, 0 repeats
For all the conspiracy theories about various cabals of shadowy figures running the world secretly, it's kind of exasperating to be able to point to specific named individuals - fucking Altman, fucking Musk, fucking Thiel - as being the actual driving force behind massive injustices and inequities, who can get away with this due to having the resources to make themselves inaccessible for any redress. I fucking hate this situation.
(DIR) Post #B1X6HW7XLnfyF8IPjc by munin@infosec.exchange
2025-12-23T06:19:57Z
0 likes, 0 repeats
RE: https://hachyderm.io/@evacide/115766967110810608nunquam potentiae livoris subaestime.never underestimate the power of spite.
(DIR) Post #B1wxFkcyaxd7BB2i3M by munin@infosec.exchange
2026-01-04T18:37:21Z
0 likes, 0 repeats
I don't see any problem here.https://www.churchtimes.co.uk/articles/2025/31-october/news/uk/full-ban-of-conversion-therapy-would-criminalise-mainstream-christian-teaching-government-told
(DIR) Post #B1wxFloiAobwrrXaz2 by munin@infosec.exchange
2026-01-04T18:38:41Z
0 likes, 0 repeats
Gaslighting people into delaying necessary medical treatment for a health condition is abusive, so if your practices insist on that then yes they are abuse. This is a very easy concept.
(DIR) Post #B1wxFqRqxEIVEPsuY4 by munin@infosec.exchange
2026-01-04T18:41:16Z
0 likes, 0 repeats
Demanding that laws be drafted in such a way that they tiptoe around coercion when it's from a religious figure, instead of recognize that religious indoctrination is coercive in nature and needs to evolve so as to recognize and respect peoples' agency to make choices that they may disagree with -something which is even -in- their doctrines, for their christ's sake - is completely ass-backwards.
(DIR) Post #B1wywh9tT7iCpITrcW by munin@infosec.exchange
2026-01-04T18:43:59Z
0 likes, 0 repeats
@foone I don't think that verse-slinging is a legitimate form of debate, being as it's basically bible autism to show off, but going down that road, there's plenty of verses - rubricated ones - that specifically state things contrary to their positions.Tho my absolute favorite one to sling at the street preachers is Matt 6:5; ain't never had one of 'em want to engage with that one.
(DIR) Post #B1xN6BZy8IqkgEjfF2 by munin@infosec.exchange
2026-01-04T21:13:23Z
0 likes, 0 repeats
the real rule that they use is "anyone who we want to get rid of, we will" there's no coherence in their rules. don't look for a grand strategy here. https://reason.com/2025/12/31/dhs-says-real-id-which-dhs-certifies-is-too-unreliable-to-confirm-u-s-citizenship/
(DIR) Post #B2Ftmk47g05KEQlqLo by munin@infosec.exchange
2026-01-12T22:36:03Z
0 likes, 1 repeats
Tim Sweeney is defending the production of CSAM.Tim Sweeney is the CEO of Epic Games, the publisher of Fortnite.Fortnite is a game targeted at children.If the CEO of a game targeted at children is defending the production of CSAM, I have some -very- specific questions about his motivations in doing so.https://www.pcgamer.com/gaming-industry/epic-games-ceo-tim-sweeney-argues-banning-twitter-over-its-ability-to-ai-generate-pornographic-images-of-minors-is-just-gatekeepers-attempting-to-censor-all-of-their-political-opponents/
(DIR) Post #B2FtmoujeKXxGlPuue by munin@infosec.exchange
2026-01-12T23:36:47Z
0 likes, 0 repeats
One of those specific questions is "why do you consider providing the means to abuse children to be a valid political issue"Generally we do not expect foxes to be honest custodians of henhouses; this is, in fact, proverbially what's considered to be a "bad idea."
(DIR) Post #B2ICqzs58igVr8nic4 by munin@infosec.exchange
2026-01-15T00:45:58Z
0 likes, 0 repeats
@futurebird @Unixbigot last time this happened we got Javascript and the infamous "WAT" talk lol
(DIR) Post #B2K2mqGQJ78RfwUDMe by munin@infosec.exchange
2026-01-15T21:40:03Z
0 likes, 0 repeats
RE: https://masto.free-dissociation.com/@kevinr/115901240505999398are users hardware
(DIR) Post #B2Nd74jKPZh49opjgu by munin@infosec.exchange
2026-01-16T18:00:14Z
0 likes, 0 repeats
@JessTheUnstill this is the sign of a deficient organization that does not have an appropriate FLOSS dependency policy for their third-party supply chain risk management. it's completely nonsensical to demand compliance questionnaire activity from volunteer maintainers of various projects.the security department has a responsibility in these situations to discuss the use and vulnerability surfaces of these libraries with the internal development team making use of them, and to analyze risk - and potential other options - accordingly.the business is the one making money off of its use; the open-source community is already being exploited, and does not have the resources to shoulder the cost of the business' compliance desires.
(DIR) Post #B2Nd77NoY1GcNxn64e by munin@infosec.exchange
2026-01-16T18:17:41Z
0 likes, 0 repeats
@JessTheUnstill it's regrettably common.
(DIR) Post #B2Nd79L3HGFIRyVv2u by munin@infosec.exchange
2026-01-16T18:21:31Z
0 likes, 0 repeats
@JessTheUnstill ayup. anyone with any understanding of the industry will immediately realize this is not reasonable, and will write their open-source policy to accommodate this reality.
(DIR) Post #B2Nd7BypSLFgdv8iK8 by munin@infosec.exchange
2026-01-16T18:47:36Z
0 likes, 0 repeats
@JessTheUnstill @dr_a frequently it's from execs demanding compliance without understanding that there's more to it than checking off boxes on the list.
(DIR) Post #B2cmtrAV9s66yrpPzU by munin@infosec.exchange
2026-01-24T23:01:17Z
0 likes, 0 repeats
I have just been informed that on github, windows CI actions are performed in an environment where C:\ is mounted as a -network- drive. Which means that the default temporary directory location, normally found on C, is a remote block device.Which means that every tempfile interaction requires a network transaction to complete.Which means that github CI actions take -significantly longer to do- and are -more expensive for their operations- than they have to be.Which has the consequence that -your- cost for github CI actions is greater than it has to be, because those profiteering fucks charge by the minute.https://docs.github.com/en/billing/concepts/product-billing/github-actions
(DIR) Post #B2gdbFLcd9PUpcSzj6 by munin@infosec.exchange
2026-01-26T19:33:08Z
0 likes, 0 repeats
LLMs do not "think"The LLM instantiation methodology* correlates patterns in the data that the developers provide to build a database** of linkages between collections of words and phrases*** that appear in that corpus. The way in which this database is used is to inform a probabilistic selector process by seeding it with a set of probabilities**** associated with a given word or phrase; that set of probabilities has pointers to related words or phrases.If a given word or phrase is found in close proximity in the original data consistently, then those probabilities will be higher. When a query***** is made to this database, a randomization process is used to drop certain parts****** of the query being sent into the lookup process. The remainder is divided into segments†and passed into the database for query.So.With all this in mind, it should be -screamingly obvious- why this story, of how it's entirely feasable to get an LLM to rederive copyrighted works out of the database that was seeded with those works, happens: https://futurism.com/artificial-intelligence/ai-industry-recall-copyright-books* I am deliberately not using the word 'training'. You can train dogs; you can train employees; you can train chimpanzees; what you do to an LLM is not training - it is building a database to feed into another process.** I am deliberately not using the word "model" here, so as to restate the process in plain language absent the jargon these dipshits insist on using to obfuscate their techniques.*** "Tokens" is another jargon word here.**** "weights" is less objectionable as jargon, given it's used for a number of things with this approximate conceptual shape, but it's fucking annoying to me in this context.***** "prompt" is their fucking bullshit term for a natural-language database query****** "zero weighting" is jargon for "we drop it on the floor" - this is why I keep referring to people doing "prompt engineering" as playing games instead of doing actual security; if the fucking thing drops random parts of your shit on the ground, then inherently you have no way to enforce a policy that is subject to that process.†"tokenized", see ***
(DIR) Post #B2hw0BOQSpGI8emJDE by munin@infosec.exchange
2026-01-26T21:55:13Z
1 likes, 0 repeats
The excuses by mastercard about refusing to process payments pertaining to consensual, intentionally produced, and legal sexual content ring pretty fucking hollow now.The agenda was clearly always one of repressing women and queers.https://www.theverge.com/ai-artificial-intelligence/867874/stripe-visa-mastercard-amex-csam-grok