PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?

Like https://github.com/i3/i3/pull/6564 for example

Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!

This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.

AI Controls (formerly 'kill switch') are landing in today's Firefox Nightly, and will land with Firefox 148 later this month.

For the full details, see the Firefox blog https://blog.mozilla.org/en/firefox/ai-controls/

RE: https://mastodon.social/@andrewnez/115972642272191870

Self-recommending if you’re interested in software #sovereignty .

RE: https://mastodon.social/@sbrunthaler/115928978574847952

The funny thing about this piece is that it strongly places exploits in the category of spam messages — they don't have to be correct, robust, or legible, they just have to generate the desired result enough of the time. Given that, I'll say that I do actually see a serious use for AI code generation in the development process for the first time: as a fuzzing tool to run against human-written code that does need to be correct, robust, and legible.

Amusingly, I predict that this use case is, in a decade or two if these tools are still used, significantly slow progress in the art of exploitation. You don't get brilliant exploit writers without a large pool of folks spending years honing their craft, not at the highest tiers but at the lowest. Sure, we have a bunch of folks already at the top of the field who will keep working for another twenty years, but no one will be coming up after them. Eventually, stagnation and likely with it, a resurgence in poorly thought out mitigations just complex enough that the reasoning work required to create novel exploitation techniques will be forever out of reach of LLM-category models.

That said, there's a useful lesson and incentive structure shift for development teams here too, coming from the new assumption that all exploitable vulnerabilities will have readily available exploits, regardless of whether or not creating them would otherwise be economically viable. That should, hopefully, push teams toward development styles that prioritize affordable guarantees of functional correctness — memory- and type-safety, use of parser and state machine generators and type-based functional correctness checks, and strong test suites.

Sadly, the appeal of much lower-effort generated code of unknowable correctness will likely steer most development teams in the opposite direction; hopefully strict liability regulations for commercial software can correct this pressure.

I feel like people who are using LLMs for their work are not considering the motives and impact of the corporations hosting and serving the model. The goal isn't to make you a better developer, or even a more productive developer, its to make you dependent on their service and start driving up the rents to access it.

The goal is to extract your time, your money, and your knowledge feeding these models your plans for the work you want to achieve. They are not benevolent.

J'espérais le soleil. J'ai eu mieux.

Cité médiévale de Gruyères - Canton de Fribourg - Suisse - janvier 2026

#photographie #photography #photo #suisse #village #gruyere #fribourg #paysage #montagne

Matin / Morning 👋

#caféAnimé