| GitHub | https://github.com/lojikil |
| Homepage | https://lojikil.github.io |
| https://twitter.com/lojikil |
RE: https://mastodon.social/@Electrospaces/116177619999380943
It’s fascinating too that the proposed solution is “AI.” If they mean ML, sure, you can probably do some decent training there; but they likely mean LLMs which is… problematic, for various reasons
This paper just came up on lobste.rs:
https://arxiv.org/pdf/2507.12713
But the issue seems moot if all you’ll get is scrapers hitting whatever forge or storage system. My thought is I’d much rather have source that is licensed such that community members can use it for various purposes, as defined by authors (or even community), and cannot be posted externally. Like TLP:GREEN for source code.
RE: https://mastodon.social/@jeffjarvis/116041242464510649
Watching from the outside, it’s wild to me to see how quickly the Post has started to shift and decline of late; stranding journos in eg Ukraine during layoffs is a wild position to take
Has anyone switched to community source licensing in light of LLMs? I feel like the calculus has changed now that companies are asserting that hosting gives them exclusive rights to reuse regardless of license, and open source is no longer really what I want (I know open source folks have said for years that companies will just use it to devalue software, but still).
Folks like @stevelord may have thoughts already on this.
In case you missed it, my piece yesterday on the 176 CISA employees fired last Friday, which will not go behind the customary archive paywall.
It's critical to note that sources told me more RIFs are in store for the nation's embattled cybersecurity agency.
https://www.metacurity.com/the-white-house-fired-176-cisa-employees-on-friday-with-more-layoffs-feared/
Scattered Lapsus$ Hunters leaked 5m Qantas, 23m Vietnam Air customers' records, Spanish cops dismantle GXC Team, Dutch gov't warns of China's Nexperia security risks, Breach of crypto betting platform Shuffle exposes user data, FCC chair says sites have removed barred Chinese electronics, much more
For us, the major issues are still the basics, such as infrastructure exposure, and maintaining an inventory of software or third-party services.
As an example, we provide vulnerability.circl.lu , where organisations can register their software/vendors for notifications but many still fail at that level.
In "hunting" (detection engineering), the main challenge is often the basic TI (from free MISP communities) integration with existing equipment and services.
Metacurity
circl
Robin Adams