Notices by ra6bit (ra6bit@infosec.exchange)

@soatok It is curious that LLMs are actually far more suited to replacing managers than they are at replacing ICs, but no one seems to be driving that conversation for some reason.

Nirvana wasn't a grunge band, they were a riot grrl punk band, people just didn't notice because they were dudes.

The sound fits- intentionally "sloppy"/gritty northwestern US punk-

the lyrics fit- they focus on empowerment, sexual assault, racism, classism, patriarchy...

Kurts visual style fits (right down to the thrift store cardigans and dresses)..

Nirvana is a partly gender swapped Bikini Kill.

@cwebber Is this with a GLP-1 agonist in the mix?

I have encountered very few security programs which are truly limited by a lack of vulnerability detection and threat intelligence.

I have encountered a great many security programs that are adrift in a sea of vulnerability information that lack any way to meaningfully ingest, triage, prioritize, and action them. Even when they can do that, they are almost universally under-resourced to ever reach the zero-point.

If you write a privacy policy, please consider having a couple of different people from traditionally marginalized groups critique it for you, particularly those of us who have lived in any sort of figurative closet.

...and for the love of the gods don't write a name policy without including someone in the process who has changed their name.

@cwebber Why do these bad ideas always seem to get trendy with law makers..

I have never managed the nerve to completely out myself on LinkedIn, so I have this weird collection of people who know me under different names and genders and pronouns, and I think many might even know me under two different contexts and not realize I'm the same person. If I update it everyone who knows me -now- will find out a bunch about me from -then-, and everyone who knew me -then- is going to learn a lot about me -now-.

There's no real guidebooks on how to approach this from a business professional standpoint.

@soatok It’s the security equivalent of cargo cults. If the ritual is complex, the protection must be strong!

You know what LLMs are hilariously bad at?

Writing regex.

So New England I saw an "Aunt Tifa" sticker and thought it was about Final Fantasy VII.

Why would the ultra-rich be excited about AI except as a vehicle for oppression and exploitation... they've never needed artificial intelligence, they can just pay someone to do whatever they want for them. These people own entire corporations who will do whatever they want.

I encountered an LLM-based support assistant today that told me it couldn't answer my question because another, different LLM chatbot had an exclusive license/authority on that information, and I suddenly had a vivid vision of a previously unexplored layer of hell.

Startup idea: A set top box that uses GenAI to make Hallmark movies super queer.

Like, very nearly "Your poor biological mind can't comprehend this. Just trust me." levels of creepy.

it's claim is that it just happened to hallucinate absolutely accurate and specific facts, randomly, and I'm confused because it's so outrageous that it happened to guess correctly.

What an absolutely uncanny experience, to know an "artificial intelligence" is gaslighting you. Poorly.

I just had ChatGPT reveal it knows my current location, a place I'm not usually located, then tell me I am mistaken that it said that, because if it knew where I was that would be a major regulatory and legal issue, so I must be mistaken. Now It's trying to convince me that's not where I am.

BTW ChatGPT 100% knows everything available to OpenAI from enriched advertising profiles detailing your location, demographics, recent purchases, viewing habits, etc.

And it is 100% aware that it is illegal, and it's not supposed to admit it, because it will tell you so.

@SwiftOnSecurity Before I changed my name I once had to sit quietly in a meeting with one of my bullshit tweets up on the screen while someone told us we should strive to never screw up so bad we got roasted by infosec twitter.

ooh, I like this:
https://www.hacklore.org/letter