🇨🇦🇩🇪🇨🇳张殿李🇨🇳🇩🇪🇨🇦
Corvus Volvens 𓄿
- 10 Followers
- 193 Following
- 270 Posts
An urban raven exploring the wilderness of human cyberspace.
Slightly Exhausted Parent Who Cannot Possibly Be The Easter Bunny@CorvusVolvens I don't really need much time, 'cos I wrote a blog post about it 
You can get pretty far with just nginx or caddy, without having to touch iocaine, and achieve ~90% of what iocaine does with a handful of lines in your reverse proxy config.
Prof. Emily M. Bender(she/her)I was disappointed to read Cory Doctorow's post where he got weirdly defensive about his LLM use and started arguing with an imaginary foe.
@tante has a very thoughtful reply here:
https://tante.cc/2026/02/20/acting-ethical-in-an-imperfect-world/
A few further comments, 🧵>>
Acting ethically in an imperfect world
Life is complicated. Regardless of what your beliefs or politics or ethics are, the way that we set up our society and economy will often force you to act against them: You might not want to fly somewhere but your employer will not accept another mode of transportation, you want to eat vegan but are […]
Tagir ValeevToday we had a fire alarm in the office. A colleague wrote to a Slack channel 'Fire alarm in the office building', to start a thread if somebody knows any details. We have AI assistant Glean integrated into the Slack, and it answered privately to her: "today's siren is just a scheduled test and you do not need to leave your workplace". It was not a test or a drill, it was a real fire alarm. Someday, AI will kill us.
TaggartDiscord claims "most users" will never go through an age verification process because they're already monitoring your behavior.
For the majority of adult users, we will be able to confirm your age group using information we already have. We use age prediction to determine, with high confidence, when a user is an adult. This allows many adults to access age-appropriate features without completing an explicit age check.
Gotta say, constant behavior analysis is not the warm and fuzzy blanket they seem to think it is.
https://discord.com/safety/how-discord-is-building-safer-experiences-for-teens
Josh BressersI keep seeing stories about LLMs finding vulnerabilities. Finding vulnerabilities was never the hard part, the hard part is coordinating the disclosure
It looks like LLMs can find vulnerabilities at an alarming pace. Humans aren't great at this sort of thing, it's hard to wade through huge codebases, but there are people who have a talent for vulnerability hunting.
This sort of reminds me of the early days of fuzzing. I remember fuzzing libraries and just giving up because they found too many things to actually handle. Eventually things got better and fuzzing became a lot harder. This will probably happen here too, but it will take years.
What about this coordinating thing?
When you find a security vulnerability, you don't open a bug and move on. You're expected to handle it differently. Even before you report it, you need at a minimum a good reproducer and explanation of the problem. It's also polite to write a patch. These steps are difficult, maybe LLMs can help, we shall see.
Then you contact a project, every project will have a slightly different way they like to have security vulnerabilities reported. You present your evidence and see what happens. It's very common for some discussion to ensue and patch ideas to evolve. This can take days or even weeks. Per vulnerability.
So when you hear about some service finding hundreds of vulnerabilities with their super new AI security tool, that's impressive, but the actually impressive part is if they are coordinating the findings. Because the tool probably took an hour or two but the coordination is going to take 10 to 100 times that much time.
KrisRE: https://social.tchncs.de/@kuketzblog/116034644267703808
Heißer Flamewar und Hot Takes in den Kommentaren
In der Theorie sollten Passkeys so wie SSH-Keys für das Web funktionieren und schneller, bequemer und sicherer als Paßworte sein.
In der Praxis ist das alles komplett fucked, es ist unklar, was wann von wem wo gespeichert wird und wie man es wiederherstellt, und wie man es portiert, wenn man Geräte wechselt. Oder wie der Recovery-Flow aussieht und ob der sicher ist.
Ich habe daher auf allen meinen Geräten Passkeys blockiert und warte noch fünf bis zehn Jahre ab. Bis dahein Bitwarden gegen Vaultwarden und OTP. Und ich archiviere die QR-Codes zur Initialisierung der OTP-Generatoren für jede Site, sodaß ich dem Recovery-Flow der jeweiligen Sites geflissentlich fern bleiben kann – ich lerne einfach ein neues Gerät nacheinander mit den Screenshots der archivierten Codes an.
Mein Rat an jeden der mich fragt ist: Macht halt Passkeys, wenn ihr glaubt, daß ihr wisst ob und wie es funktioniert und ihr das managen könnt.
Für mich lösen sie keine Probleme und schaffen nur neue, funktionieren unzuverlässig und das Management ist unklar.
william.maggosWhen I share an article from @wallabag, the original URL is retained. I wish #PocketCasts would do this. Hell I wish every podcast actually had its own website. #podcasting
(what's the best hashtag for "read it later" apps with "text to speech"? who doesn't use these now?)
Ulrich KelberDie elektronische Patientenakte in ihrer derzeitigen Form hat nach wie vor Sicherheits- und Datenschutzprobleme, sowie fehlende Basisfunktionalitäten und Performancemängel. Das größte Problem aber sind eingerichtete ePAs (weil kein Widerspruch), die aber von Versicherten nicht kontrolliert und gesteuert werden. Wenn die #ePA so erwünscht ist, dann gebt den Versicherten doch einen Bonus, wenn sie ihren Zugriff darauf einrichten. Oder hat da jemand Angst, dass dann weitere Widersprüche kommen?
tante"The Zersetzung is working. He is taking himself apart, piece by piece, and replacing the parts with synthetic fillers because the world has told him his own parts are defective."
"The Colonization of Confidence" by Robert Kingett (@WeirdWriter) is one of the best pieces of writing about "AI" I have ever seen. Read it over lunch and it literally made me cry in the restaurant.
https://sightlessscribbles.com/the-colonization-of-confidence/