Conversation
Notices
-
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 03:47:01 JST 
feld
> qemu has an fpu bug and can't run some games
> I thought about opening a PR but they have a no AI policy, so
I guess we'll be keeping the fixes to ourselves now-
Embed this notice
lainy (lain@lain.com)'s status on Saturday, 30-May-2026 03:47:00 JST 
lainy
@feld it's really hard to find a good reason to upstream fixes by now. you can always easily take any of their changes, and don't have to fight to get your changes integrated. either way, age of the personal software is here. -
Embed this notice
lainy (lain@lain.com)'s status on Saturday, 30-May-2026 04:06:46 JST
lainy
@pingviini @feld it's literally a one line fix, but i have a day job, a wife, a social network and a whole bunch of other stuff that i can fill my day with that's much more appealing than to navigate how i can tell the qemu maintainers that there's an issue i found and fixed without someone throwing the book at me. -
Embed this notice
Cheetah Meld (pingviini@pleroma.shunderdo.me)'s status on Saturday, 30-May-2026 04:06:48 JST 
Cheetah Meld
@lain @feld FWIW they watered down their no-ai policy literally just yesterday. But submitting AI-generated natural language descriptions of bugs and possible fixes in AI-generated pseudo code in lieu of directly applicable patches is a) kind of funny and b) does not really increase the required effort on the part of the reporter, so why not do that -
Embed this notice
Cheetah Meld (pingviini@pleroma.shunderdo.me)'s status on Saturday, 30-May-2026 04:21:34 JST
Cheetah Meld
@lain @feld Perfectly valid, especially when the party throwing the book at you is IBM in a Red Hat suit. lainy likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 04:24:43 JST
feld
@lain
> age of the personal software is here.
it was already here if you had enough motivation. If my memory is correct about the person involved:
There's a private variant of FreeBSD which I've seen referred to (perhaps only on IRC?) as BruceBSD. Bruce Simpson is a long time developer and has made massive changes to the kernel that were never upstreamed. :)lainy likes this. -
Embed this notice
lainy (lain@lain.com)'s status on Saturday, 30-May-2026 04:25:43 JST
lainy
@feld yeah, but i think it's coming for regular people. a non-programmer will be able to have their own software stack. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Saturday, 30-May-2026 04:44:19 JST 
Phantasm
@lain @feld
>it's really hard to find a good reason to upstream fixes by now
And it's only getting worse. I couldn't get a <20 lines of mostly CMake that made an optional dependency actually optional merged into upstream for reason "we don't do that."lainy likes this. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Saturday, 30-May-2026 04:44:28 JST
Phantasm
@7666 @feld @lain Who cares when the software runs on your system anyway. Good luck exploiting my ls clone or whatever. lainy likes this. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 04:44:29 JST 
7666
@lain @feld >non-programmer will be able to have their own software stack
CVE hunters be eating good! -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 04:57:26 JST
feld
@7666 @phnt @lain
> Think about all the accountants who made giant Excel macros that are totally unmaintainable. Think about all the customer service departments that made Access DBs off a shared drive that ran into scaling issues.
both of these are 100% fine. The business operated and was successful. Perfect is the enemy of good. Prematurely optimizing especially in tech is one way to guarantee your business fails. You should always use what is cheap and works for as long as possible and then address the issue when the time is right.
> Think of all the software devs who thought it was a good idea to store CVVs.
Let's roll back the clock to when this was really popular. The issue was recurring billing. The only way to charge the card was to keep the CVV. We had to wait for the credit card companies to solve this problem for us. At least as far as I'm aware, when the CVV was invented they didn't provide any mechanism to keep billing the same card without keeping the CVV on file.lainy likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 04:57:27 JST
feld
@7666 @phnt @lain so we shouldn't embrace technological progress because someone somewhere might hold it wrong? -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 04:57:27 JST
7666
@feld @phnt @lain I'm saying people don't read the safety labels and end up chainsawing their arm off because they don't know better.
Think about all the accountants who made giant Excel macros that are totally unmaintainable. Think about all the customer service departments that made Access DBs off a shared drive that ran into scaling issues. Think of all the software devs who thought it was a good idea to store CVVs.
It's not that technological progress should be stopped, it's that people who don't know better won't stop and someone will pay the price. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 04:57:28 JST
7666
@phnt @feld @lain Nah it's about footguns, hallucinations, "do at all costs" thinking, etc. When you write some giant stack of slop to help you do X and it ends up doing something unexpected, the possibilities are endless.
"Write me software to share these pictures with Grandma"
"Okay, just open these ports on your router!"
Not everyone is smart enough to understand the implications of what they are trying to do, and AI will generally not stop you because argumentative agents don't sell well. It's a fast track to fucking up. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 05:10:57 JST 
Blurry Moon
@7666 @phnt @feld @lain you're never supposed to store CVV or CVV2, many intermediate vendors though didn't have any recurring transaction apis so yes a lot of people would break the rules and store it which was a major no-no. there used to be a loophole in the spec that you could "store the cvv long enough to execute a transaction" which meant like, in memory or something until it finished, but online vendors interpreted as "store it in the database so I can charge them 3 months later" don't ask me how I know. but they closed the loophole. cvv literally means "the card is present" if it's not present, you're breaking the rules. lainy likes this. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 05:10:58 JST
7666
@feld @phnt @lain >both of these are 100% fine.
Only if you're not the guy who has to clean it up when it should have been in a bloody SQL DB in the first place. Technical debt should be burned with a flamethrower at all times. The endless pursuit of scale without discipline is what gets people into these messes and it will be cheaper in labor cost every time to just think it through prior.
>The only way to charge the card was to keep the CVV.
Recurring "card not present" transactions never required the CVV as far as I'm aware, and at no time was it allowed, even to solve a business problem, because it defeated the purpose of what CVV was trying to do (stop stolen cards). In almost all cases it was better to find a payment provider and iframe their shit in unless you were a bespoke payment processor, or find a tokenizer service which yes, they did exist back then.
But again, this proves my point that the "do it at all costs" mentality is a *human* flaw. We can't help ourselves, when handed a hammer, to treat everything as a nail. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 05:16:28 JST
Blurry Moon
@7666 @phnt @feld @lain yep been there lol. all of it. we straight up had the money people say "you're telling me that transactions with the cvv code included are cheaper to execute? just store the cvv2 code" you fucking asshole, the reason that's cheaper is they're giving you a discount for giving them greater assurance your transaction isn't fake lainy likes this. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 05:16:29 JST
7666
@sun @phnt @feld @lain Yeah and you get the business types going "is it really so bad? we need monies!" and I'd rather those people shot on sight because they are asking for PCI and legal penalties in the seven figures. Blurry Moon likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 05:22:40 JST
feld
@sun @7666 @phnt @lain I once had to write a perl script that was run inline of the apache logging to replace credit card numbers in the logs with a salted hash so at least we could search for transactions by the full card number. It was super dumb but hey it worked. I can't remember why those logs were important anyway but apparently they were Blurry Moon likes this. -
Embed this notice
lainy (lain@lain.com)'s status on Saturday, 30-May-2026 05:23:48 JST
lainy
@feld @7666 @phnt @sun either way, SOTA llms are all super security conscious and will scold you if you ever save secret data -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 05:26:25 JST
7666
@lain @phnt @feld @sun I had opus 4.7 try to sneak a sudo apt-get on me.
Basic regex detection on potential secrets just ain't enough if the models are designed to be helpful at all costs.Blurry Moon likes this. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 05:26:47 JST
Blurry Moon
@feld @7666 @phnt @lain in around 2005-2006 I wrote an entire pci-compliant company-wide card store for a big nonprofit, i wrote a great system that completely isolated cards from the calling program but still let the calling program do repeat transactions etc. my boss called it "too elegant" and requested a bunch of simplifications. years later the guy in charge of infrastructure architecture for the company comes to me and bitches about the design we're stuck with and says "it should have done x, y and z". and I told him "open the Word design document and go into the history and roll it back to version 1 from three years ago, there, it's designed." lainy likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 05:27:21 JST
feld
@lain @7666 @phnt @sun idk if I can trust this, someone on Bluesky got a lot of re-skeets from saying the exact opposite :jerkbag: lainy and Blurry Moon like this. -
Embed this notice
Gabriel (gabriel@mstdn.starnix.network)'s status on Saturday, 30-May-2026 05:43:37 JST 
Gabriel
@sun
This kind of story is why I worry that the slop machines are what we deserve until we actually start (collectively, rather than as rare exceptions) giving a damn.
But that's a problem way bigger than technology.
@7666 @phnt @feld @lainBlurry Moon likes this. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 05:45:11 JST
Blurry Moon
@gabriel @7666 @phnt @feld @lain that is why to some extent I'm not as terrified conceptually by AI, because we already live in slop world, we have forever. of course quantity is its own quality and AI enables extreme slop proliferation at a previously unimaginable scale and that is a problem. but please don't pretend everything was okay and AI showed up and ruined everything lol -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 05:45:22 JST
7666
@gabriel @sun @phnt @feld @lain Yeah I said something some time ago about AI magnifying our worst tendencies (and later leading to something about the most concrete realization of the acceleratonist viewpoint but we can ignore that teehee), those just don't go away. that's been the core point of my argument.
There are absolutely people who will be 5x as capable as others because they see a tool and figure out how it works before applying it and it works well for them. Others will just punch it full throttle and complain when they wrap themselves around a tree.Blurry Moon likes this. -
Embed this notice
ᴏᴏᴍ-ᴋɪʟʟᴇʀ: 333 (jae@mastodon.bsd.cafe)'s status on Saturday, 30-May-2026 05:55:30 JST 
ᴏᴏᴍ-ᴋɪʟʟᴇʀ: 333
@sun @7666@comp.lain.la @phnt @feld @lain @gabriel cosigned. reminds me of when anyone and their cousin got internet access. some people should be given aptitude tests before spinning the footgun
prior to ai the world was a mess, hasn't really changed. the ai rush is just one more thing to think about, but i don't think it's something to crash about as most people end up doing.
Blurry Moon likes this. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 05:57:34 JST
Blurry Moon
@lain @phnt @feld @jae @gabriel just keep instagram and facebook as the tard corral -
Embed this notice
lainy (lain@lain.com)'s status on Saturday, 30-May-2026 05:57:35 JST
lainy
@jae @sun @phnt @feld @gabriel smh elitists. i'm a man of the people. retards have rights too -
Embed this notice
lainy (lain@lain.com)'s status on Saturday, 30-May-2026 05:57:57 JST
lainy
@sun @phnt @feld @jae @gabriel we already have the fediverse for that -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 05:58:22 JST
Blurry Moon
@lain @phnt @feld @jae @gabriel no, fedi is the schizo corral -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 30-May-2026 05:59:55 JST
feld
@sun @7666 @phnt @lain @gabriel if you want rigorous engineering practices stick to academia. Even critical infrastructure and code that keeps people alive is full of garbage. Blurry Moon likes this. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 06:02:07 JST
Blurry Moon
@feld @7666 @phnt @lain @gabriel no, you need to write extremely elegant and hand-written carefully constructed code or you're making slop. then, run it on your pick of one of the three popular operating systems that are all based on 1980s codebases and have test suites with trillions of edge case tests -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 06:03:25 JST
Blurry Moon
@7666 @phnt @feld @lain @gabriel to a large extent that is why I started building FRUTE VM, it was an attempt to explore the best versions of everything because no current system is the best of anything, to large extent they are all the worst of everything but pushed as far as possible. lainy likes this. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 06:03:26 JST
7666
@feld @phnt @lain @gabriel @sun psst
it doesn't have to be
garbage companies and garbage people beget garbage. don't surround yourself with garbageBlurry Moon likes this. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Saturday, 30-May-2026 06:05:54 JST
7666
@sun @phnt @feld @lain @gabriel The fun part is that making actually decent things is well within reach now. You don't technically have to be some L7 mega engineer anymore to make big things work well, but to get there you do need to understand good design, good principles, concept of scope creep, fundamentals, discipline, lifecycle management, etc. Blurry Moon likes this. -
Embed this notice
Blurry Moon (sun@shitposter.world)'s status on Saturday, 30-May-2026 06:10:59 JST
Blurry Moon
@7666 @phnt @feld @lain @gabriel even on small things its gotten so good. people want to shit all over llms but they made it possible for me to finally grok several concepts like capability-based operating system because before you needed either a mentor or academic track that gave you full time to read SEL4/Genode source code for a month. lainy likes this. -
Embed this notice
mothball蛾玉 (西洋巣酸の木) (moth_ball@shitposter.world)'s status on Saturday, 30-May-2026 06:11:35 JST 
mothball蛾玉 (西洋巣酸の木)
@sun @lain @feld @gabriel @jae @phnt I'm tempted to argue that the schizo corral is elsewhere but I've seen enough to know we're not quite free of the menace Blurry Moon likes this.
-
Embed this notice
All GNU social JP content and data are available under the