Mastodawn

RE: https://mastodon.social/@verge/116257260071112037

More accurate title: Human Meta developer caused security incident by following GenAI advice and lack of secure Meta development controls

This was not a "rogue AI" that misbehaved. The GenAI bot was performing as expected: providing believable, yet garbage and dangerous output.

More importantly, it was a human that performed the actual changes by acting on inaccurate GenAI information and lack of technical controls and policies by Meta. It should be clear by now that GenAI output is not to be trusted, yet this human followed the GenAI output without properly understanding or validating the provided information. Additionally, Meta's development controls and security tools failed to stop the harmful changes from being made by the human.

#AiSlop #GenAI #LLM #Meta #Facebook

Sean 4d ago

Seth Larson 4d ago

The popular #Python library “Requests” needs your help! @nateprewitt plans to add type hints to the API and is requesting feedback:

https://sethmlarson.dev/python-library-requests-is-adding-type-hints-and-needs-your-help

#typing #http #typehints

Python library “Requests” needs you to test type hints

Requests is a popular HTTP client library available on the Python Package Index (PyPI). Sitting in the top 10 packages by downloads on PyPI, this library is used by many, many projects. This librar...

sethmlarson.dev

Sean 4d ago

Kevin Beaumont 4d ago

We winning. https://www.bbc.co.uk/news/articles/cvg1gr5v333o

The UK government has backtracked on its position on copyright and AI, stating it must take time to "get this right".

Its original position - allowing AI companies to use copyrighted works to train their models with an opt-out option - received major backlash.

"We have listened," Technology Secretary Liz Kendall said on Wednesday, saying the government no longer favours that approach.

Government backtracks on AI and copyright after outcry

However, the government's position is now unclear, saying it "no longer has a preferred option" for what to do next.

BBC News

Show thread

Sean Jan 6, 2025

The real culprit is the Amazon AWS team that maintains the Chime SDK. Another billion dollar company, though. So, still no excuse.

Between Slack and Amazon, they should be able to assign an engineer or two to fix this after two years.

I'm not asking for anything free or for it to be fixed immediately. I'm a paying customer of Slack (who I presume is a paying customer of AWS). And, I just want it fixed on a shorter timescale than two years, especially given other communication platforms have figured it out.

https://github.com/aws/amazon-chime-sdk-js/issues/2044

#Amazon #AWS #Chime #Firefox #Linux #Slack

Browser support on Linux/Ubuntu (Firefox, Gnome Web etc.) · Issue #2044 · aws/amazon-chime-sdk-js

Hey Chime SDK team. 👋 What are you trying to do? I was checking out your documentation regarding supported devices and platforms and saw that for Linux, only Ubuntu is supported and only by using G...

GitHub

Show thread

Sean Jan 6, 2025

Cisco WebEx and Microsoft Teams work fine with Firefox for Linux.

#Linux #Firefox #Cisco #WebEx #Microsoft #Teams

Sean Jan 6, 2025

It is 2025 and Slack still doesn't have proper support for Linux and Firefox. They blame their usage of the Amazon Chime SDK. Sorry, but Slack is a billion dollar company and they've known about this issue for years. Either fix the dependency yourselves (Slack) or use a better one. Don't tell paying customers to suck it up.

#Slack #Linux #Firefox

Edit: This is the issue that Slack points to:
https://github.com/aws/amazon-chime-sdk-js/issues/2044

Browser support on Linux/Ubuntu (Firefox, Gnome Web etc.) · Issue #2044 · aws/amazon-chime-sdk-js

GitHub

Sean Oct 24, 2024

Lauren Weinstein Oct 24, 2024

APNIC Chief Scientist on whether the IPv6 transition is even really needed to finish now

https://blog.apnic.net/2024/10/22/the-ipv6-transition/

The IPv6 transition | APNIC Blog

How much longer is this transition to IPv6 going to take and does it even matter?

APNIC Blog

Sean Oct 24, 2024

Show thread

Molly White Oct 24, 2024

The BlogSpot website that is rehosting my post and claiming to be the original is full of other such posts from other websites, suggesting this is part of a wider campaign to scrub information about Ziemian.

Sean Oct 22, 2024

shellsharks Oct 21, 2024

@SecurityWriter I wrote this up (and regularly try to update it) on the topic of "getting into" the #infosec field

https://shellsharks.com/getting-into-information-security

In there is general advice, tips, links to resources, a 10-step “playbook”, etc...

Some other useful resources...

- Security Training: https://shellsharks.com/online-training
- My security learning/origin story & cert reviews: https://shellsharks.com/training-retrospective
- Blogs to follow: https://shellsharks.com/infosec-blogs
- I also have a ton of assorted "notes" on infosec: https://shellsharks.com/tags?tag=infosec

Getting Into Information Security

A field-guide for getting into information security.

shellsharks

Sean Oct 22, 2024

Pamela Fox Oct 21, 2024

Nice short explanation of __init__.py files, and why you should use them to mark your importable modules: https://dev.arie.bovenberg.net/blog/still-use-init-py/

init.py files are optional. Here’s why you should still use them

If you’ve ever googled the question “Why do Python packages have empty __init__.py files?”, you could get the idea that Python packages wouldn’t work without them. This is a common misconception—they’ve been optional since Python 3.3! Why then, do most Python projects still have them?

Arie Bovenberg