More

forkerenok · 2025-09-26T08:15:47 1758874547

> This decision came after Illinois Secretary of State [...] discovered that Flock had allowed U.S. Customs and Border Protection to access Illinois cameras in a “pilot program” against state law, and after the RoundTable reported in June that out-of-state law enforcement agencies were able to search Flock’s data for assistance in immigration cases.

This illustrates the textbook argument for why mass surveillance is bad: these tools can quickly end up in the wrong hands.

Play silly games, win silly prizes.

burnte · 2025-09-26T20:22:23 1758918143

> these tools can quickly end up in the wrong hands.

With respect, they ALWAYS end up in the wrong hands.

EasyMark · 2025-09-26T20:44:49 1758919489

The people pitching for said surveillance are always the wrong hands if they're from the government. "We here from the government, we're here to help" are very scary words, and be careful if you take them up on the offer

conception · 2025-09-27T02:30:48 1758940248

This statement from Reagan is why we’re in this mess. There’s nothing wrong having the government come help you. The problem is regulatory capture, corruption, and a population that seems ok with it. A competent government with people who care can be a powerful force in people lives, eg social security, national parks, public schools.

burnte · 2025-09-26T20:53:39 1758920019

I don't really want private parties doing mass surveillance either.

EasyMark · 2025-09-26T21:17:38 1758921458

me either, but their power is limit. Governments can ruin you forever and even disappear you without any real consequences

ab5tract · 2025-09-27T07:58:39 1758959919

Governments can equally allow private companies this same capacity.

burnte · 2025-09-27T17:32:00 1758994320

I have recourse against the government. I have less recourse against private companies.

forkerenok · 2025-09-11T07:38:02 1757576282

> There was a reliance on visual cues for too long and ironically the accident would probably have never happened if the visibility had been poor.

Ironic indeed.

The incident reconstruction video a bit further down the article is well done:

https://www.youtube.com/watch?v=sXUf6B2wLtw

forkerenok · 2025-08-23T19:22:58 1755976978

"Popular kids game Roblox faces pressure over allegations of child predators on its platform":

https://www.google.com/amp/s/www.msnbc.com/msnbc/amp/shows/t...

I read your comment carefully to see whether you've taken the GP's joke further, but alas :)

DistractionRect · 2025-08-23T20:51:17 1755982277

Ha, yeah. Sailed right over my head. It's really too bad. Both about the what the platform has become and the missed setup.

gus_tpm · 2025-08-24T10:50:06 1756032606

Programming doesn't make it easy to not miss jokes like that. I'll never forget my mum's face after I told her that I was working on a "killAllChildren" function when I was at school

forkerenok · 2025-08-19T13:56:48 1755611808

I thought they have accidentally "responsibly disclosed" the vulnerability directly into a public mailing list, but the attached pdf is dated >3 months ago.

So assume it's a bit of an inaccurate phrasing.

EDIT: nope, the email itself seeks disclosure coordination etc. So yeah, oops.

karel-3d · 2025-08-19T16:01:18 1755619278

dnsmasq has no security contact

marcusb · 2025-08-19T16:33:11 1755621191

Sure, but the author publishes their email address on the main dnsmasq page:

  Contact.
  There is a dnsmasq mailing list at http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss which should be the first location for queries, bugreports, suggestions etc. The list is mirrored, with a search facility, at https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/. You can contact me at simon@thekelleys.org.uk.

forkerenok · 2025-07-29T09:57:26 1753783046

> the number of new sign ups went up 8x overnight.

What's the number if you adjust for quality of signups? E.g. how many people convert and how many people stay on and convert later.

forkerenok · 2025-07-10T12:35:20 1752150920

> The findings exposes a troubling asymmetry: at 0.1% vulnerability rates, attackers achieve an on-chain scanning profitability at a $6000 exploit value, while defenders require $60000, raising fundamental questions about whether AI agents inevitably favor exploitation over defense.

Seems not that good of thing on the balance :)

sshine · 2025-07-10T15:02:49 1752159769

Prior to AI, outside the context of crypto, it is/was often not “worth it” to fix security holes, but rather bite the bullet and claim victimhood, sue if possible, and hide behind compliance.

If automated exploitation changes that equation, and even low-probability of success is worth trying because pentesting is not bottlenecked by meatspace, it may incentivise writing secure code, in some cases.

Perversely enough, AIs may crank out orders of magnitude more insecure code at the same time.

I hope this means fuzzing as a service becomes absolutely necessary. I think automated exploitation is a good thing for improved security overall, cracked eggs and all.

chrisjj · 2025-07-10T15:44:01 1752162241

> Perversely enough, AIs may crank out orders of magnitude more insecure code at the same time

No perversity there, in fact.

scyclow · 2025-07-10T13:45:32 1752155132

If I'm understanding the paper correctly, they're assuming that defenders are also scanning deployed contracts with the intention of ultimately reporting bug bounties. And they get the $6,000/$60,000 numbers by assuming that the bug bounty in their model is 1/10th of the exploit value.

This kind of misses the point though. In the real world engineers would use AI to audit/test the hell out of their contracts before they're even deployed. They could also probably deploy the contracts to testnet and try to actually exploit them running in the wild.

So, while this is all obviously a danger for existing contracts, it seems like it would still be a powerful tool for testing new contracts.

chrisjj · 2025-07-10T15:42:30 1752162150

> whether AI agents inevitably favor exploitation over defense.

/Technology/ inevitably favors exploitation over defense.

forkerenok · 2025-06-26T20:00:12 1750968012

I see some rough edges typical to LLM-powered products, but this is still a fantastic tool!

I think it needs push-to-talk mode, because it's picking up every surrounding noise.

forkerenok · 2025-05-26T06:52:24 1748242344

The sibling comment from M4v3R covered this well.

shermantanktop · 2025-05-26T15:57:12 1748275032

Did it? I didn’t see a claim that doing this work manually had a zero error rate.

Again, I would probably not do this. But let’s not pretend that non-AI release processes prevent all issues. We’re really talking different kinds of errors, and the ai driven ones tend to be obviously wrong. At least right now.

danw1979 · 2025-05-27T08:25:32 1748334332

What I didn’t say was that “all devops release pipelines that use traditional scripted approaches are error free”.

forkerenok · 2025-04-22T10:16:33 1745316993

This is the website of the presented project for those who prefer text:

https://qoiformat.org/

An interesting and somewhat inspiring bit of trivia from the video: the creator barely understands modern image compression techniques (from their own words), but this hasn't stopped them from coming up with that impressive result.

forkerenok · 2025-03-10T20:17:27 1741637847

Would you mind explicitly indicating whether you have reviewed the submitted materials? And if so, why is it inferior to the material you linked?

Not trying to catch you, genuine interest.