When we fight, we win
https://www.theregister.com/2026/03/30/github_copilot_ads_pull_requests
When we fight, we win
https://www.theregister.com/2026/03/30/github_copilot_ads_pull_requests
Feeling good about the security posture of the federal government during a war.
Aww yiss another critical Citrix vuln under active exploitation:
Detection/remediation details here: https://docs.netscaler.com/en-us/netscaler-console-service/instance-advisory/remediate-vulnerabilities-cve-2026-3055
Phenomenal reporting from ProPublica. Big takeaways:
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
Office 365 and Copilot are down.
Run. Now's your chance. Don't look back; just GO
"If you want to improve the model's output, you can write skill files with more specific instructions!"
"Oh wow so like a file that tells the computer to do exactly what you want?"
"Yep!"
"You're never gonna believe this."
Holy crap this story knocked me over. It is everything I'm feeling about the machines right now.
https://sightlessscribbles.com/the-colonization-of-confidence/
What a nightmare. If you can read this and still think autonomous agents like OpenClaw are worth the risk, you're beyond help.
Web version: https://agentsofchaos.baulab.info/
https://www.researchgate.net/publication/401123335_Agents_of_Chaos
@Sempf Also, do not mistake the imperfect for evil, which keeps happening and it's extremely not helpful
Listen,
It is possible to criticize something without abjectly despising it. 404 can have bad takes; I'm still paying for their journalism because it's usually very good.
Proton's marketing and social team are kind of yutzes, but the service is very good for what it is, and much better than the normative choice.
Seeking infallibility will eat all your time and get you nowhere.
@mcc @cwebber I concur with the assessment, and have been sharing similar warnings. In fact, we are beginning to see a pivot in stealer activity to install OpenClaw, etc. for exactly these purposes. It's a botnet, compute miner, and worm all in one.
RE: https://infosec.exchange/@mttaggart/116168638948762892
Yeah so add PCWorld to the list of outlets you can't trust anymore. This report was bogus.
As of 2026-03-02, the state of the art in quantum decryption has cracked a:
https://forklog.com/en/quantum-computer-cracks-tiny-cryptographic-key
The IBM QC that cracked the 6-bit key uses 133 qubits.
Some new research suggests that RSA-2048 could be cracked with as "few" as 100,000 qubits.
Such a machine...is not feasible to build any time soon.
So when your CISO or a vendor starts going off about "post-quantum" security, feel free to use this to remind them that we still have SMB1 in some places and Telnet in others. Plenty of work to do around the house.
Sounds like we're about to get a lot more Linux users!
Claude is down again and I am seeing people basically go through withdrawal.
If you are feeling it, recognize it for what it is.
@soatok I remember this post, and I remember bumping on this line:
We would need existing identity verification services (e.g., ID.me in the USA) to vend PrivacyPass tokens that can be redeemed on third party websites.
This is where I think a lot of privacy advocates are gonna get off the bus.
I'm asking because I honestly can't imagine a solution to this particular problem that is both:
Okay, obviously Persona is terribad. There is a real problem to address here though: how are organizations supposed to perform reasonable identity verification at a distance? Sophisticated impersonation attacks hit customer support lines every day. We need a reasonable defense against this.
Anthropic has addressed some of the concerns raised here, but the fact remains that Claude Code will run code in configuration files with minimal visibility to the end user. In this way, it presents similar dangers to VS Code and Cursor.
Remember kids, any promise from corpos to stop doing a thing that is making money is a bald-faced lie.
Displaced Philly boy. Threat hunter. Educator. :ifin: Executive Director. #infosec, #programming #rust :rust:, #python :python: #haskell :haskell:, and #javascript :javascript:. #opensource advocate. General in the AI Resistance. Runs @thetaggartinstitute. Made https://wtfbins.wtf. Not your bro. All opinions my own. Dad. #fedi22 #searchablePronouns: He/him.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.