David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange
2.7K Followers
83 Following
6.7K Posts

I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the #CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the #CHERIoT Platform.

I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler.

Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated.

Warning: May contain greater than the recommended daily allowance of sarcasm.

No license, implied or explicit, is granted to use any of my posts for training AI models.

David Chisnall (*Now with 50% more sarcasm!*)4h ago
taco, bird/cat 11h ago

"the download links to this artwork are on my discord"

did you just tell me to go fuck myself?

David Chisnall (*Now with 50% more sarcasm!*)4h ago
ADHDean8h ago
Failed math as a kid because all we could afford was an amateur tractor
David Chisnall (*Now with 50% more sarcasm!*)4h ago
Marcus Hutchins 5h ago
Yet more companies laying off employees not because AI is replacing them, but because they need more money to fund their AI. I can't remember the last time I saw sunk cost fallacy at this scale.
David Chisnall (*Now with 50% more sarcasm!*)4h ago
BeyondMachines 13h ago
Strong Password Policy 101
Edit: for bonus points it messes with your OCD. There's a method to the madness
David Chisnall (*Now with 50% more sarcasm!*)8h ago
Dissent Doe  11h ago
#dogsofmastodon
David Chisnall (*Now with 50% more sarcasm!*)13h ago
the japing jester1d ago
LLMs are actually great at business-speak because everybody already talked like that. “This sounds like an LLM” wrong it sounds like a senior business development manager named brad.
David Chisnall (*Now with 50% more sarcasm!*)13h ago

I learned an interesting thing about human biology this weekend. If you tilt your head back, don't think about swallowing, and pour water into your mouth, you can pour it directly into your lungs.

Anyone who thinks humans are the product of intelligent design should not be allowed to design anything.

David Chisnall (*Now with 50% more sarcasm!*)15h ago

Did I imagine it? I could have sworn that FCA issued guidance a few years ago that said 'if you are calling a customer, you must provide them with a mechanism to verify that the person on the phone is, in fact, calling from you before you ask for any personal information? Doing anything else is just training people to fall for phishing scams.

And yet, a couple of weeks ago, I had a call from someone at Admiral Insurance (FCA regulated) who had no mechanism to verify that she was actually from Admiral. Fidelity (also FCA regulated) has the same problem. In both cases, the only way I had of ensuring that they were really them was to take their name and then find the number on their web site, call back, and then ask to be put through to them (by which time they may be on another call so I need to hold).

The Admiral one was really bad. Her only suggestions were that she could send me a text message or an email confirming that she had called me. Anyone who can spoof caller ID can easily send a fake SMS and anyone can send a fake email (I have a better chance of being able to tell that it's fake than most of the population, but definitely not 100%).

The only place I've seen do this properly is Barclays. When they call me, they can send me a message in the app that says the name of the person who called me and the number that they called me on, which avoids most MITM problems as well (unless someone has done SIM cloning things and is doing a MITM attack and that's just really hard).

I blame a lot of this kind of thing on #Signal not having a permissively licensed client library. If they did, the recommendation for any company that needs to talk to me securely would be 'send me a message on Signal'. The choice of APLv3 means that anyone wanting to do this would need to write their own implementation of the (moving target) Signal protocol.

David Chisnall (*Now with 50% more sarcasm!*)15h ago
ESUG Smalltalk Usergroup15h ago
Don’t miss “Advancing Modern Web Architectures in Seaside” with Johan Brichau — rethinking how we build the web, the Smalltalk way. #esug2025
David Chisnall (*Now with 50% more sarcasm!*)17h ago
Bison20h ago
Goose
×
Show threadTormod5d ago

@dennisfaucher

Which original?

https://en.wikipedia.org/wiki/Tears_in_rain_monologue has the exact text, and I've attached the first instance I have found of this meme.

Show threadDennis Faucher  5d ago
@airwhale Awesome. Thanks.