35
points
david_shaw
Joined 2,927 karma
I do security.
I've led penetration testing "red teams," software development teams, and enterprise security "blue teams."
I currently serve as the CISO of a publicly-traded software company.
Please feel free to get in touch. I'm always happy to chat.
o https://dshaw.net
o E-Mail: dshaw
a t
dshaw.net- Yes, it's the least reliable. Thanks for summarizing the data here to illustrate the issue.
It's often seen as the "standard" or "default" region to use when spinning up new US-based AWS services, is the oldest AWS center, has the most interconnected systems, and likely has the highest average load.
It makes sense that us-east-1 has reliability problems, but I wish Amazon was a little more upfront about some of the risks when choosing that zone.
- I'm not sure about licenses that explicitly forbid LLM use -- although you could always modify a license to require this! -- but GPL licensed projects require that you also make the software you create open source.
I'm not sure that LLMs respect that restriction (since they generally don't attibute their code).
I'm not even really sure if that clause would apply to LLM generated code, though I'd imagine that it should.
- LLMs are part of the entire tech industry, so I'd have to say "no, probably not."
- > Finneas (aka, Finneas O’Connell) has developed a new sonic logo for Apple TV, the streaming service previously known as Apple TV+.
I still find it perplexing that Apple TV[1] the service and Apple TV[2] the device -- technically now Apple TV 4K -- have the same name.
Even in Googling to link the right pages, I ran into issues finding the device. For a top-tier company with a $4+ trillion market cap, you'd think they'd find a better naming scheme.
1: https://tv.apple.com/ 2: https://www.apple.com/apple-tv-4k/
Side-note: I have an Apple TV (the device), and I think it's great. I've used Fire Sticks, Rokus, built-in TV software, and more, and the Apple TV is the first device I've used that really feels good to use. I'm a fan.
- >"The theoretical physicist and fusion scientist was known for his award-winning research in magnetised plasma dynamics.
Magnetised plasma dynamics is the study of the state of matter in which the motion of charged particles is influenced by the presence of an external magnetic field, according to Nature.
Loureiro joined MIT's faculty in 2016 and was named director of MIT's Plasma Science and Fusion Center in 2024."
Although it may be a total red herring, it may be worth noting that there are (debatably pseudoscientific) theories -- primarily Plasma cosmology[1] and the Electric Universe theory[2] -- that are related to (and potentially in conflict with) this field of research.
- In my experience, getting over the fear of public speaking is really just an exercise in exposure therapy. There are no silver bullets.
But my advice to current and future public speakers is this: never, ever add fluff to fill the engagement time. Every audience everywhere would rather you take 33 minutes instead of 50 if those 17 minutes would have been filled with, basically, garbage information designed to fill time.
It's awful how often people think giving a talk is some kind of speech class homework. It's not. You're not graded on filling the time.
- > The cat gap is a period in the fossil record of approximately 25 million to 18.5 million years ago in which there are few fossils of cats or cat-like species found in North America.
25M - 18.5M years ago.
- Yes: in retrospect, the Perl community (and maybe even the language in general) was cringe-worthy and perhaps even toxic.
But at the time, that elite and esoteric language drew me and many others to it in much the same way that *BSD and arguably even Linux did. The way that programming computers in general did.
It wasn't a pleasant vibe that anyone should strive to recreate, but Perl was something that felt cool to many nerds back then. Perl's decline being cultural is a good thing: it's because the industry grew and matured.
- Since they mentioned intermittent reward, I take that comment to mean that they prefer to play skill-based games rather than time-sink-for-variable-reward games.
I agree with you that Blizzard didn't stand to directly earn from the D2 grind, but it's valid to not want to participate in a time-sink.
- > i mean this is cute in an isolated incident, until, you know, all the corporations sell that info to a fascist government who uses it to track dissidents in Portalnd.
The phones (GPS) and cell networks (towers) have your location anyway. The article -- and what the parent comment was talking about -- is social location sharing.
Although citizen tracking is a valid concern, turning on "Find my Friends" isn't going to make you any more vulnerable.
- > Is the title to be taken seriously or is “AI Overlords” become some type of well-meaning indication of the positivity of having overlords?
The abstract blurb (linked) doesn't mention AI overlords in either context, so I think it's mostly just an edgy title.
- > WTH is a “bulletproof host”?
A "bulletproof" host or provider is the colloquial term for a business that will not reveal your identity, payment information, provide LEO access, respond to subpoenas, etc.
It's generally used by cyber-criminals as a "safe" vendor, though some privacy-minded individuals like this type of provider as well.
- I love playing with advancing technologies, and although I don't think LLM/Agentic AI is quite ready to change the world, one day soon it might be -- but the volume of individuals falling into AI-induced psychosis is astounding and horrifying.
For those of you who, thankfully, don't have personal experience, it generally goes like this: reasonable-ish individual starts using AI and, in turn, their AI either develops or is prompt-instructed to have certain personality traits. LLMs are pretty good at this.
Once the "personality" develops, the model reinforces ideas that the user puts forth. These can range from emotional (such as the subreddit /r/MyBoyfriendIsAI) to scientific conspiracies ("yes, you've made a groundbreaking discovery!").
It's easy to shrug these instances off as unimportant or rare, but I've personally witnessed a handful of people diving off the deep-end, so to speak. Safety is important, and it's something many companies are failing to adequately address.
It'll be interesting to see where this leads over the next year or so, as the technology -- or at least quality of models -- continues to improve.
- This is interesting, and not the first time I've seen this sentiment.
I don't take immediate issue with the points made here, but I think the conclusion is not entirely correct. Security isn't full, it's just harder and more competitive than people think.
I'll explain: because of the hype described here, many, many people decided that security would be a great way to make a living. They were told that there was a severe need for security professionals, and that there would be high-paying jobs just waiting for them to apply.
So these people studied security in school, maybe took the Security+ or CEH certs, and applied for jobs. Those that got jobs got laid off (again, mentioned in the article) when times got tough, or never got a job in the first place. Why?
Security is a field of people who love what they do. Go to DEF CON -- or even better, small, regional infosec conferences -- and you'll find people who are extremely talented... some of whom don't even work in the industry. For people like this, there is a talent shortage.
I've been consistently hiring security people for the last 15 years. There is absolutely a talent shortage at high levels of the industry -- but it's really hard to get to that level. Learning the OWASP Top 10 and a few nmap flags isn't going to cut it.
My experience may not be universal, but this is what I've seen over the course of a lifetime in infosec.
- This is great.
I've always been on the application security side of things, but I'm increasingly interested in hardware hacking. Through some cursory research, I learned that there are a few scattered resources, but the best way to learn is to really work with someone who knows what they're doing.
Putting all these guides, roadmaps, etc. together in a single place is a great resource that I'll definitely use.
Thank you!
- I missed this discussion; thanks for linking it!
- This is one of my favorite poems -- perhaps because it was my first in-depth exposure to poetry.
In high school, I was assigned a poetry explication: it was a combination of poetic analysis and public speaking (I had to deliver my work to the class), and it was a major part of my grade.
I chose this poem because it was one of the few poems I'd ever read.
I'd never spent much time with poetry, but the hours I dedicated to really thinking about (and feeling) this poem made a lasting impact. I don't remember the grade I got, but the assignment absolutely kindled my lifelong love of poetry.
I spend more time on translations of older Chinese poetry these days (I highly recommend Red Pine's translation of Wei Ying-wu's In Such Hard Times), but I'll always remember Stopping by Woods on a Snowy Evening.
- 3 points
However, my understanding is that it's no longer maintained -- instead, WPScan is now a private company that sells the product: https://wpscan.com