David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange
2.7K Followers
86 Following
7K Posts

I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the #CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the #CHERIoT Platform.

I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler.

Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated.

Warning: May contain greater than the recommended daily allowance of sarcasm.

No license, implied or explicit, is granted to use any of my posts for training AI models.

David Chisnall (*Now with 50% more sarcasm!*)13h ago

Overheard in Cambridge:

Well, Chad doesn't know what real sources are!

I bet Chad cites ChadGPT.

David Chisnall (*Now with 50% more sarcasm!*)14h ago
#Lazyweb: A while ago I came across a paper that said men in management positions were more likely than women to make judgements based on emotions instead of evidence. I can't find it now, does anyone have a reference?
David Chisnall (*Now with 50% more sarcasm!*)15h ago
Antifa International15h ago
#grok, #elonmusk, #theterminator, #mechahitler
David Chisnall (*Now with 50% more sarcasm!*)15h ago
Star Trek Minus Context15h ago
#StarTrek
David Chisnall (*Now with 50% more sarcasm!*)16h ago

Since working on #CHERIoT, I've been surprised at how many other potential security problems I can just ignore if I have temporal memory safety that works in the presence of malicious compartments.

If I free an object, I guarantee that nothing else I care about will alias it. Another compartment may have kept a reference, but they either claimed it (and so it counts against their quota) or didn't (in which case its pointer stops working right now).

A whole chunk of the TLS stack can be riddled with TOCTOU bugs and I don't care because the scoped delegation mechanism means that, once a receive call has returned from the TCP/IP stack, I know that the TCP/IP stack can't hold a pointer to it, so the only thing that can mutate the object is the TLS compartment (and it's not actively trying to attack itself), so as long as it doesn't check something in the packet and then mutate it, it's fine: nothing else can, not even untrusted assembly code in the TCP/IP stack.

I guess it's not surprising that it's easier to build secure systems if the hardware and core platform give you a sensible set of core guarantees.

#CHERI

David Chisnall (*Now with 50% more sarcasm!*)18h ago
jonny (good kind)1d ago

Here is my flash talk from #SciPy #SciPy2025 - model free AI, just output random garbage directly

https://docs.google.com/presentation/d/1qzTAz5Y5QiGw6CMkefZBxi-E7FJ7TqSpP-UU1ip4YUE/edit?usp=sharing

https://github.com/sneakers-the-rat/gpu-free-ai

gpu-free-ai

gpu-free-ai All the features of AI with no model, gpu, or compute https://github.com/sneakers-the-rat/gpu-free-ai

Google Docs
David Chisnall (*Now with 50% more sarcasm!*)18h ago
Phil M0OFX21h ago

METR: "We ran a randomized controlled trial to see how much AI coding tools speed up experienced open-source developers.

The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't."

Bluesky thread: https://bsky.app/profile/metr.org/post/3ltn3t3amms2x

METR (@metr.org)

We ran a randomized controlled trial to see how much AI coding tools speed up experienced open-source developers. The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.

Bluesky Social
David Chisnall (*Now with 50% more sarcasm!*)19h ago
Thomas 🔭🕹️1d ago

That study that shows that developers think they save 20% of time when using coding LLMs, but they’re actually taking 20% longer is so funny.

Not only does the AI bullshit the developers—the developers also bullshit themselves.

David Chisnall (*Now with 50% more sarcasm!*)19h ago

This year, twice, I've seen butterflies glide: Open their wings and just coast without flapping.

I've never seen this before. They've always been flapping and zig-zagging manically (in a way that apparently makes it hard to predict where they will be and eat them). Opening their wings and gliding in a straight line is new to me.

Is this a normal thing I've not seen before, or a new thing for them to be doing? Or a thing that they do in higher air temperatures? Or just weird?

David Chisnall (*Now with 50% more sarcasm!*)20h ago
Baldur Bjarnason21h ago

“Artificial intelligence is the opposite of education”

https://helenbeetham.substack.com/p/artificial-intelligence-is-the-opposite

> But what if there isn’t a middle of this road? What if the project of ‘artificial intelligence’ is not a road to new kinds of education - not even a slow and bumpy one – but the reversal of everything education stands for?

Artificial intelligence is the opposite of education

Or: what if there is no middle ground?

imperfect offerings
×
Show threadMikeJun 26
@europe @mmiasma @macpsych Store employees have a lot of time to notice things, it's kind of expected 😆 (from a slow day at work, with daikon)
Show threadMilcom MiasmaJun 26

@sunumbral @europe @macpsych

LOL.