Mastodawn

@GossiTheDog Right. Meanwhile, the guy running it just continues to tell the media with a straight face that they never really got any abuse complaints. My response to that is yea that's what happens when your abuse mailbox goes straight to /dev/null/.

Andrei Kucharavy May 30

Show thread

Kevin Beaumont May 28

GitHub has long been a source for zero days exploits in competitor products - it still is. While I worked there GitHub had a policy saying they wouldn’t remove them.

By continually removing just exploits for their own products from Github and declaring “criminal activity”, it’s a rubicon.

Andrei Kucharavy May 30

Tanawts May 27

Visual Studio Code Extensions lack a means of enforcing a minimum age to protect against updates that spread worms. There is a feature request to compel Microsoft to add this festure functionality, it only has 212 likes today.
Please help give it a BIG signal boost!

https://github.com/Microsoft/vscode/issues/316867

Security: minimumReleaseAge setting for mitigating supply chain attacks on extensions · Issue #316867 · microsoft/vscode

In the last years, supply chain attacks have increased dramatically. A few examples in the VS Code extension ecosystem: AI-Slop ransomware test sneaks on to VS Code marketplace - BleepingComputer M...

GitHub

Andrei Kucharavy May 28

Come join the #Apertus LLM team as an AI research engineer!

If you have experience with software, data, and ML engineering, a passion for #FOSS and interesting in post-training of large models (#SFT, #RL, rewards design, ...), you could be a great fit for the recently opened roles, all in Lausanne, Switzerland!

https://careers.epfl.ch/job/Lausanne-AI-Research-Engineers-Apertus-Initiative/1164610655/

#Fedihire #Job #Swtizerland #FOSS #ML #AI

AI Research Engineers - Apertus Initiative

Andrei Kucharavy May 28

Will Dormann May 27

Microsoft, who banned Nightmare-Eclipse from their GitHub platform, conveys their displeasure with said individual

Along with a threat:

Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity – coordinating as needed with law enforcement around the world.

Also manages to sprinkle in a few references to not using CVD as being not "responsible". (Microsoft was a big proponent of the term "responsible disclosure", which has gone by the wayside because it tends to favor vendor-centric perspective in a subjective and moralizing way.)

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

Andrei Kucharavy May 27

evacide May 27

To write a 12-minute talk about the Opium Wars, I have written a 40-minute talk about the Opium Wars.

Andrei Kucharavy May 23

elle mundy May 23

weird how claude mythos is too dangerous to release to the public because [checks notes] it can find existing security holes, but not a word is said about how many security holes claude generates on the regular

Andrei Kucharavy May 23

Terence Tao May 23

I am co-organizing a workshop at IPAM on "Foundations of Interpretability of AI" from Aug 31 to September 4: https://www.ipam.ucla.edu/programs/workshops/foundations-of-interpretability

We still have some slots available for applicants; applications close on May 31 (though we may be able to take some late applications past this deadline).

Andrei Kucharavy May 23