Mastodawn

Will you please stop wasting time on Mythos-associated FUD and try to understand that you need to build reliable and dependable software, not stuff which changes weekly, to get security?

Mythos & LLM only bring breadth and depth to automated searching, they find nothing conceptually new, if no-one had come up with buffer overflows there would be no buffer overflows coming out of Mythos.

There will be a flood of issues, as if suddenly thousands of people were dedicated to finding bugs, then it will stop.

It is an excellent chance to ask yourselves "why?" and realise that no, we don't need software like it is being built now, you need software like it was built back when downtime mattered.

none 8h ago

Le aujourd'hui midi, après avoir récupéré #01, le rituel est d'aller chez dans le meilleur relais gastro naan kebab de la ville. Et chaque semaine il y a une incertitude, y serons-nous avant "la horde" ? La horde est composée de collégiens et lycéens des établissements autour, qui de surcroît ont eu goût puisqu'ils viennent ici, et dont le top départ est donné à peu près au même moment. Et aujourd'hui, semi échec, mais surtout je note que la horde ne comporte que des filles, pas l'aréopage habituel de tous les mêmes avec leur coupe de lama et leur moustache d'épicier

none 1d ago

Mark Dominus 1d ago

On police body cams:

“We assumed that the justice system was eager to hold bad cops accountable and that all it was missing was the necessary evidence. It turns out the justice system is actually rather ambivalent about holding bad cops accountable, and so it handles additional evidence as halfheartedly as it handled all of the evidence it already had. A camera can allow you to see, but it can’t make you look.”

(Adam Mastroianni)

https://www.experimental-history.com/p/shame-them-shun-them-ban-them-beat

Shame them, shun them, ban them, beat them!

OR: crock pots and lightning bolts

Experimental History

none 1d ago

❤️ It's Gonna Be Maystodon 💚4d ago

If you were curious about how much websites can gleam about you, check this out:

https://sinceyouarrived.world/taken

Edit: glean, not gleam

taken.

A web page that tells you what your browser gave away the moment you arrived. No login, no form, no permission. Most pages do this. None of them tell you.

Since You Arrived

none 2d ago

Tim Bray 🇨🇦2d ago

In my Masto/Fedi feed, I see AI output:

(please boost)
#GenAI

Regularly

7.1%

Rarely

59.9%

Never

33%

Poll ended at May 12 at 4:08pm.

none 3d ago

Best of MLTSHP 5d ago

https://mltshp.com/p/1RPBZ “Insurance.”

none 5d ago

La dame vient de se faire emboucaner par #01 qui lui a vendu l'idée de regarder Suzume. La dame n'a jamais vu ce film, #01 le ponce régulièrement. C'est parti pour des pierres, des portes, une chaise, des vers et tellement de trucs

none May 6

Stefan Eissing May 6

"That 'responsible disclosure' Thing"

A post with the details of CVE-2026-23918, the double free vulnerability fixed in Apache httpd 2.4.67.

#apache
https://eissing.org/icing/posts/responsible-disclosure/

none May 6

Les trucs dans lesquels tu prends le temps de cocher ou bien de décocher, c'est selon le sac à merde en charge des dark patterns, la case "oh oui spammez-moi avec vos offres dont je me fiche complètement" et qui te les envoie tout de même, je vous souhaite des torrents de douleur

none May 4

da_667 May 4

I'm going to say something that's been festering in my mind for a while now. In my two decades of practice in information security, I have yet to see responsible disclosure result in measurably better security posture.

Code quality hasn't improved, patch management hasn't improved, minimum viable product hasn't improved, automated security updates, especially for IoT devices... Jesus Fucking Christ haven't improved. The cost of failure for organizations losing your data due to gross negligence has in no way improved, why should responsibility be the domain of the security researcher when nobody else is willing to share in that responsibility?

I'm half-tempted to say if you have 0-days you might as well get paid for them than be responsible. Because even with a tilted playing field, nothing has measurably improved since I've been here and I would argue with "vibe coding" and the tech industry's view of "Let the AI handle it" that software quality is the worst it has been since the 90s. I lived through windows millennium edition. I've seen shit you wouldn't believe.

"Hardware's fucked because we can't buy any, software is fucked because the LLMs trained by reddit and stack overflow are in charge now. You might as well fucking guess at this point."

Pronouns	he/him
Location	Pau, 🇲🇫