Emilio Cobos Álvarez

@[email protected]
345 Followers
130 Following
44 Posts
GitHubhttps://github.com/emilio
Websitehttps://crisal.io
Show threadEmilio Cobos ÁlvarezMar 20

@mia @cwilcox808 @andreu

If you're curious, in Firefox it starts around here: https://searchfox.org/firefox-main/rev/a729ef7f53b9b53b4cb6651b16618c462c8f0674/layout/style/GeckoBindings.cpp#749

Depending on the color name and settings (effective color-scheme, forced-colors, printing, ...) it might end up in a list of hard-coded "stand-ins" list, in a user pref value, or in the OS color (NativeGetColor): https://searchfox.org/firefox-main/rev/a729ef7f53b9b53b4cb6651b16618c462c8f0674/widget/nsXPLookAndFeel.cpp#1009-1022

GeckoBindings.cpp - mozsearch

Emilio Cobos ÁlvarezMar 5
Gabriele SveltoMar 4
A few years ago I designed a way to detect bit-flips in Firefox crash reports and last year we deployed an actual memory tester that runs on user machines after the browser crashes. Today I was looking at the data that comes out of these tests and now I'm 100% positive that the heuristic is sound and a lot of the crashes we see are from users with bad memory or similarly flaky hardware. Here's a few numbers to give you an idea of how large the problem is. 🧵 1/5
Emilio Cobos ÁlvarezMar 1
Sven A. SchmidtFeb 28
A rare moment where you root for regime change in all three countries involved
Emilio Cobos ÁlvarezFeb 28
mhoyeFeb 28
What if I could convince you that taking the same time to explain detailed requirements and carefully validate results with a junior colleague instead of a chatbot would not only give you two people who understood the code instead of zero, but if you do it a few times in a row you eventually get a senior colleague out of the deal for free.
Show threadEmilio Cobos ÁlvarezFeb 27

@hdv @jaffathecake @jcsteh @pikesley

The only real risk IMO is being overwhelmed with tons of crappy AI patches, but so far people have been reasonable with their usage.

The more common pattern I see is a coworker uploading an AI-written patch as work in progress and saying "Before wasting your time, I tried to fix X with Claude and it came up with this approach, not sure it's on the right track, can you take a look?", and that's honestly... fine? I would've asked directly but... :)

Show threadEmilio Cobos ÁlvarezFeb 27

@hdv @jaffathecake @jcsteh @pikesley

FWIW as someone who reviews a lot of Firefox code (and is a bit unimpressed by AI coding), FF developers tend to disclose when they're using AI if they're not quite sure about what they're submitting.

That said, there's tons of bad human-written patches too, so the standards are pretty similar: If I don't understand the code you're sending me I'll request changes (be it "explain why this is the right approach" or "document stuff better" or...).

Emilio Cobos ÁlvarezFeb 23
Frederik Braun �Feb 22

RE: https://infosec.exchange/@attackanddefense/116115800055258835

Watch this documentary and hear me say that I am not nervous at all and just a tiny bit excited while speaking really fast and gesturing like a mad man. This was awesome!

Emilio Cobos ÁlvarezFeb 16
@efialto Nooooo
Emilio Cobos ÁlvarezFeb 16

TFW you need to send multiple patches to your goverment to send a pdf to your city's goverment (https://github.com/ctt-gob-es/clienteafirma/pull/490 / https://github.com/ctt-gob-es/clienteafirma/pull/487).

On one hand, extremely frustrating that something that should've been 10 minutes took hours... On the other, I'm actually happy I could do that? I wish more goverment software was FOSS...

Now let's see how responsive they are... :)

Deal with Linux profiles in RestoreConfigFirefox.installRootCAMozillaKeyStore by emilio · Pull Request #490 · ctt-gob-es/clienteafirma

This code was only looking at Windows. Use the other helper that also looks at Linux paths. This fixes the issue described in Mozilla bug 2016917 1. Tested this only on Linux.

GitHub
Emilio Cobos ÁlvarezFeb 14
mhoyeFeb 14

I suppose we're not supposed to ask where the information in these proprietary machine learning models came from.

https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use