Loren Kohnfelder

@[email protected]
60 Followers
163 Following
479 Posts
Author of Designing Secure Software: A guide for developers
#securedesign
日本語ローレン・コンフェルダー
Bookhttps://designingsecuresoftware.com/
Loren Kohnfelder11h ago

RE: https://masto.deoan.org/@neurovagrant/116284084317566458

@neurovagrant 💯 One of two things must have happened: [1] CEOs gung ho for AI asked how to make security better; or [2] a C programming went beyond zero trust by subtracting 1 and got 65535.

Show threadLoren Kohnfelder1d ago
@evacide Beyond why, I'm working on how to make inroads to turn it around even a little. I'm always interested in ideas along that line if anyone cares to share.
Show threadLoren KohnfelderMar 14
@SETIEric Yes, I was trying to keep it dirt simple to introduce the concept. Obviously this works for centralized social sites but didn't mention because here we are on ActivityPub. Hard to know what retention policies are configured to but I believe I read that local posts are kept a long time. Thanks for commenting back.
Loren KohnfelderMar 14
I was thinking about an zero cost and easy way to prove primacy creating a document. While there's no serious security here, at all, thanks to federation a post gets quickly propagated publicly so it would be very hard to hack all the host servers later. Like this, but etiquette requires only occasional use, this isn't a blockchain. Hashtag #dibs
12036e414db4c1ec821f7b1f21f72afced91562248d1c8c1690d4a99f091a06b00f3e9fbfa25469d17102a2911283da79e7b57eecb682e10b441e4f6f7673db1 (sha512) or 6bfc959c1abeed8c9b1d832824cf0083302b6f7cc1951178cae06217cfe785ed (sha256)
Show threadLoren KohnfelderMar 13
@geniodiabolico @bruces What you said about eXtreme Programming sure sounds like vibe coding, and the name is fitting.
Show threadLoren KohnfelderMar 10
@malwarejake I'd love to see the thread model they worked from that was judged an acceptable risk ... or maybe they don't have one?
https://arxiv.org/pdf/2511.08295
Show threadLoren KohnfelderMar 10
@neurovagrant Well we do have humans carelessly accepting AI submits without an review: one could consider them an even weaker chain.
Show threadLoren KohnfelderMar 7
@cstross Hey, I'm no expert, didn't test is, but that sure looks like AI to me - the hair too neat; zoom in and weird vertical lines around the head ...
Show threadLoren KohnfelderMar 4
@rogeragrimes Not to defend AI, but I'd like to see the prompts (setting a limit would have been a good idea).
Loren KohnfelderMar 1
@lcamtuf Funny how the huge jerks have the biggest fanciest graves.