GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Taggart :ifin: (mttaggart@infosec.exchange), page 3

  1. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 10-Apr-2026 22:31:22 JST Taggart :ifin: Taggart :ifin:

    When AI pops, I'm looking forward to watching LinkedIn eat itself alive searching for a take.

    In conversation about 3 months ago from infosec.exchange permalink
  2. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Thursday, 09-Apr-2026 12:09:25 JST Taggart :ifin: Taggart :ifin:

    Yeah so let's refocus on the real perspective here. It doesn't matter at all how good these models are at code or finding vulnerabilities if we destroy our ability to seek and share knowledge.

    https://futurism.com/artificial-intelligence/google-ai-overviews-misinformation

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: futurism.com
      Analysis Finds That Google's AI Overviews Are Providing Misinformation at a Scale Possibly Unprecedented in the History of Human Civilization
      from Frank Landymore
      A new analysis commissioned by The New York Times suggests that Google's AI Overviews are wrong an astonishing percentage of the time.
  3. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 08-Apr-2026 00:07:01 JST Taggart :ifin: Taggart :ifin:

    This is the one.

    Although I would have preferred it not be called "Earthset," good grief.

    https://images.nasa.gov/details/art002e009288

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/363/613/331/709/915/original/d18dadb8744c41f4.png
  4. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Tuesday, 07-Apr-2026 01:59:58 JST Taggart :ifin: Taggart :ifin:
    in reply to

    I've been burned so many times; I've learned my lesson. You really need to read each of these things carefully if you want to understand what the researchers are concluding. Reading a news article—even worse, just the headline—is at best no information, at worse disinformation.

    In conversation about 3 months ago from infosec.exchange permalink
  5. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Tuesday, 07-Apr-2026 01:59:41 JST Taggart :ifin: Taggart :ifin:

    I am begging AI researchers trying to study human impact to get very rapidly better at methodology so I don't constantly read halfway through these papers only to find some ridiculous experiment design that will throw the conclusions into the air.

    In conversation about 3 months ago from infosec.exchange permalink
  6. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Sunday, 05-Apr-2026 06:53:07 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • Rolle Laukkarinen
    • Christine Lemmer-Webber

    @rolle @cwebber It's very possible I would experience the tool that way were I to grip the thing a little more loosely. I wanted to maximize scrutiny in this experiment so I understood the process as granularly as possible, which absolutely contributed to the tedium.

    For me though, I have to say that going faster would, while less annoying, be no more enjoyable, if that makes sense. Slow is fine as long as I'm enjoying the process. A dull process that is not creative (at least to me) is unappealing. I also suspect it's still a great way to fall into dangerous patterns. And while I understand there's six or seven different ways to hold it more correctly to avoid those patterns, they are not default, and we know where most users will land.

    In conversation about 3 months ago from infosec.exchange permalink
  7. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Sunday, 05-Apr-2026 05:01:41 JST Taggart :ifin: Taggart :ifin:
    • Christine Lemmer-Webber

    @elebertus @cwebber This is a lot of why I wrote it. I was tired of the "It doesn't work but I've never used it" discourse. I'm a big believer in knowing more than your opponent in a debate, and that's extra true for things you want to regulate or ban.

    Ignorance about a topic undermines credibility. If we are to oppose generative models and how they're deployed, we should do so based on facts.

    In conversation about 3 months ago from infosec.exchange permalink
  8. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Sunday, 05-Apr-2026 04:51:38 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • Christine Lemmer-Webber

    @cwebber I read that thread and was very surprised by Simon's recommendation to let it rip, and review changes in larger chunks. I see the rationale, but I don't see how that can do anything but increase the possibility for mistakes. Of course, additional guardrails should be in place. At what point does the energy investment in guardrails obviate the initial benefit? I'm not sure.

    But I'll also add that one big reason I didn't just let it make changes autonomously is because I wanted to understand the model's process. The journey was the point. What I read in that thread was so output-focused that it missed the point entirely.

    In conversation about 3 months ago from infosec.exchange permalink
  9. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 04-Apr-2026 04:51:51 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • fhekland
    • Christine Lemmer-Webber

    @cwebber @fhekland Ah hey, thanks!

    And yeah, this question was really to get at the "We don't know," related to your point a while ago about the danger of attempting to license generated code. Basically I wanted more citations on that claim, and it sure seems like the best case scenario is "We don't know," and the worst case scenario is "Almost certainly not licensable." Either way, definitely not safe for us in open source.

    In conversation about 3 months ago from infosec.exchange permalink
  10. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 04-Apr-2026 04:32:15 JST Taggart :ifin: Taggart :ifin:

    I have what may be a very ignorant question: if model-generated code may not be copyrighted due to a requirement of human authorship (current US Copyright Office policy), does it therefore follow that model-generated code may not be licensed under any terms whatsoever? Meaning anything from MIT to GPLv3?

    I recognize no answers here would constitute legal advice, but I would love to hear from legal experts on this.

    In conversation about 3 months ago from infosec.exchange permalink
  11. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 04-Apr-2026 04:32:14 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • fhekland
    • Christine Lemmer-Webber

    @fhekland Hey @cwebber ☝️ this was really bothering me. If the current precedent stands, it's absolutely the case that no open source license is enforceable on generative code, as the copyright is a prerequisite for any license.

    I imagine there's a test of amount still, like if most of the code is human-authored, you could still claim copyright. But for example, the tool I just made with Claude Code as an experiment? Full public domain, no terms available to me.

    In conversation about 3 months ago from infosec.exchange permalink
  12. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 04-Apr-2026 04:32:14 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • fhekland

    @fhekland

    Can you license something without owning the copyright?

    No, you need to own the copyright or have permission from the copyright holder to license the work.

    So if no copyright is possible, no license is possible?

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: work.So
      Work.so
      Work.soは国内最大級のバイト情報サイトです。アナタが探す希望のアルバイトを掲載しております。最新のバイト情報をチェックしたいなら見るしかない!!
  13. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 03-Apr-2026 01:35:32 JST Taggart :ifin: Taggart :ifin:

    The Linux Foundation getting in bed with Coinbase to develop a web payments standard.

    No thanks very much

    https://www.linuxfoundation.org/press/linux-foundation-is-launching-the-x402-foundation-and-welcoming-the-contribution-of-the-x402-protocol

    In conversation about 3 months ago from infosec.exchange permalink
  14. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 03-Apr-2026 01:35:31 JST Taggart :ifin: Taggart :ifin:
    in reply to

    No wait, it's worse than you thought!

    Membership [of the x402 governing body] will be comprised of participants from multiple verticals with initial intent and support being expressed by Adyen, Amazon Web Services, American Express, Ampersend.ai, Base, Circle, Cloudflare, Coinbase, Fiserv Merchant Solutions, Google, KakaoPay, Mastercard, Merit Systems, Microsoft, Polygon Labs, PPRO, Shopify, Sierra, Solana Foundation, Stripe, thirdweb, and Visa.

    This is a list of people I don't want in charge of my money. And yes, I am forced to use some of them. Doesn't mean I trust them.

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: www.ampersend.ai
      Ampersend
      from @edgeandnode
      A new product laying the foundation for the emerging agent-to-agent economy
  15. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 03-Apr-2026 01:35:30 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • feld

    @feld I do not think letting the payment processors govern the standard could be anything but status quo

    In conversation about 3 months ago from gnusocial.jp permalink
  16. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 03-Apr-2026 01:35:28 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • feld

    @feld Do you get the difference between being a service provider and standards maintainer? Do you get why you want a firewall between them? And why, for financial material, that firewall is extra important?

    In conversation about 3 months ago from gnusocial.jp permalink
  17. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 01-Apr-2026 06:59:53 JST Taggart :ifin: Taggart :ifin:

    So listen.

    All LLM "red teaming" is kind of a joke because of the impossibility of verifiably defending the space. There will always be a smarter mouse/jailbreak/prompt injection. But embedded application testing—that is, testing AI features once incorporated into a separate application—is uniquely pointless.

    Most of the tooling to automate the drudgery of LLM red teaming assumes API access to the model/application, against which it will fire endless prompts and evaluate responses. But once the app is embedded in an application, that access is almost never available. What's left is direct application access—in other words, clicking your way to glory. Maybe you want to try to Computer Use your way to a solution, but odds are you'll just end up doing this manually. And so doing a less thorough job. And so defending even less of the possibility space.

    LLMs are fundamentally insecurable, but if you only get to them once they're baked into another application, that's somehow even more the case.

    In conversation about 4 months ago from infosec.exchange permalink
  18. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 01-Apr-2026 00:19:42 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • Christine Lemmer-Webber

    @cwebber Also that! Apparently though components of it use smaller, purposed models that are not Claude? I don't know what the thinking is here, other than an unshakeable belief that generative code must be the way to do things now, and all other reasoning walks backwards from that starting position.

    In conversation about 4 months ago from infosec.exchange permalink
  19. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 01-Apr-2026 00:11:04 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • Christine Lemmer-Webber

    @cwebber Paul's reply here has been living in my head.

    https://bsky.app/profile/pfrazee.com/post/3mid65y6jws2j

    I fundamentally can't understand this position. Pinning all your hopes for free and open computing on "open models," a thing that doesn't meaningfully exist, is so confusing to me.

    But this does appear to be dogma for them.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Bluesky
  20. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Tuesday, 31-Mar-2026 22:36:53 JST Taggart :ifin: Taggart :ifin:

    Claude Code's source was apparently leaked via a source map inclusion in NPM? Oh NPM, you're the gift that keeps on giving.

    Here's a link to what appears to be the source: https://github.com/abubakarsiddik31/leaked-claude-code

    And here is an insta-Python port of the same code: https://github.com/instructkr/claude-code

    Honestly, kinda silly it wasn't open source already.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments



  • After
  • Before

User actions

    Taggart :ifin:

    Taggart :ifin:

    Displaced Philly boy. Threat hunter. Educator. :ifin: Executive Director. #infosec, #programming #rust :rust:, #python :python: #haskell :haskell:, and #javascript :javascript:. #opensource advocate. General in the AI Resistance. Runs @thetaggartinstitute. Made https://wtfbins.wtf. Not your bro. All opinions my own. Dad. #fedi22 #searchablePronouns: He/him.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          117593
          Member since
          8 May 2023
          Notices
          325
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.