Following the links from pinboard.in/u:jm/ and jmason.ie . (Automated bot account run by https://mastodon.ie/@jmason )
Following: 0 | Followers: 2
This software is licenced under AGPL 3.0.
This site is a basic ActivityPub server designed to be a lightweight educational tool.
"Hurl; run and test HTTP requests with plain text". This is pretty nice; a really simple plain-text file format to describe making a HTTP request or set of requests, and performing assertions on their results. The only thing I can spot missing is builtin support for OAuth
https://github.com/Orange-OpenSource/hurl
_AI and Semantic Pareidolia: When We See Consciousness Where There Is None_:
The article introduces the concept of “semantic pareidolia” -- our tendency to attribute consciousness, intelligence, and emotions to AI systems that lack these qualities. It examines how this psychological phenomenon leads us to perceive meaning and intentionality in statistical pattern-matching systems, similar to seeing faces in clouds. It analyses the converging forces intensifying this tendency: increasing digital immersion, profit-driven corporate interests, social isolation, and AI advancement. The article warns of progression from harmless anthropomorphism to problematic AI idolatry, and calls for responsible design practices that help users maintain critical distinctions between simulation and genuine consciousness. It is the English translation and adaptation of an article originally published in Italian in Harvard Business Review Italia, June 2025.
(via Rob Pike)
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5309682
Ethan Mollick:
'The New York Times asked me for a new job that AI will create. I suggested "sin eater."'
In other words, a legal guarantor: someone who provides the legal culpability that the AI itself cannot. Other Bluesky posters noted similar parallel positions in the past:
- 'What used to be called a "straw director", someone hired to take the blame for a dodgy company';
- 'What John Braithwaite used to call the Vice President For Going To Jail';
- 'Neil Patrick Harris's character in How I Met Your Mother - when people ask him what he does he says "Oh, please" which eventually turns out to be short for Provide Legal Exculpation And Sign Everything.'
https://bsky.app/profile/emollick.bsky.social/post/3lrt6mcqzv225
Another Hypercard-ish quick app builder; "quickly and easily build apps on the web":
- Fast prototyping - build a quick program, and access it easily from anywhere!
- Learn to code from the outside-in, not from the inside-out! Start by drawing your program screens, then add code right where you need it.
- Code collaboratively, with multiple people editing a stack at once.
- Send a link to your stack to anyone, and bookmark it or even save it on your phone home screen to use it as an app.
https://cardstock.run/
"make little apps for you and your friends":
The apps we use are almost exclusively mass-market, sold on an app-store, made for thousands if not millions of users. Or they are enterprise apps that are custom-built for hundreds of thousands of dollars. But there isn’t really any equivalent of home-made software — apps made lovingly by you for your friends and family. Apps that aren’t polished or flashy, but are made to your preference and help you with your particular needs. [...]
We ended up creating a research prototype that we call Scrappy — a tool for making scrappy apps for just you and your friends. First and foremost, we aim to contribute a vision of what home-made software could be like. We want to make this vision as concrete as we can, by sharing a working tool and examples of apps made in it. Scrappy, in its current state, is a prototype, not a robust tool, but we hope it paints the picture we carry in our heads — of software as something that can be creative, personal, expressive. Made by anyone, for themselves and their loved ones.
Very Hypercard-ish!
https://pontus.granstrom.me/scrappy/
This is one hell of a class divide emerging:
According to the research, 53pc of eight-year-olds attending Deis schools [in less-advantaged areas] own a smartphone, compared with just 22pc of children the same age in non-Deis schools.
The figures also show that 93pc of eight-year-olds from less advantaged areas have created a social media account, compared with 69pc in middle-class neighbourhoods.
https://archive.ph/2025.06.16-055422/https://www.independent.ie/irish-news/revealed-the-stark-difference-in-smartphone-usage-among-eight-year-olds-in-less-advantaged-and-wealthier-backgrounds/a319792577.html#selection-4431.0-4455.166
‘Fight for America!’: A New Immersive Theatre Show Allows You to Recreate the Storming of the US Capitol:
the show is the brainchild of multimedia performance company The American Vicarious, with design by Games Workshop legend Alessio Cavatore. There are two teams: red – representing the attackers – and blue – representing the defenders. Up to 20 audience members can pay the higher ticket price to actually participate in the game, guided by a games master into making decisions that will shape the outcome of the assault as thousands of miniatures are moved around a gigantic 14-foot model of the building itself. The remaining audience members pay a much lower ticket price to spectate.
https://www.timeout.com/london/news/a-new-immersive-theatre-show-in-central-london-allows-you-to-recreate-january-6-060925
Marie Foulston:
Cavernous halls filled with the projected light of Van Gogh’s _The Starry Night_ folding across every wall. Tall pillars dominate and dissect the space, tiled with the glow of iconic _Sunflowers_. Double height ceilings dwarf the people below. Nooks, ledges and passageways offer places to perch or wander through and observe the spectacle that surrounds.
On the surface it made sense to me that Van Gogh somehow became the poster child for a certain type of immersive experience in the 2010s. The kind I mean are the ones in which vast repurposed venues are filled with ‘ken burns effect’ transitioning projections of coffee-table book friendly artists. Imagine Van Gogh, Van Gogh Exhibition: The Immersive Experience, Van Gogh Alive. In name, content, format and venue type these touring shows are almost indistinguishable from each other.
If you’re looking to visually ‘immerse’ a space this way then I guess Van Gogh fits the bill… popular, highly recognisable, colourful bold impressionist visuals, works all handily out of copyright. But the intensely specific coincidence of his projected appearances around the world niggled at me and in a moment of procrastination I found myself typing into the search bar to see if there might be an answer to explain why.
What my time down the google mines taught me was that yes, there is indeed an answer. But what I also learnt was that I had been asking the wrong question in the fist place, because this story isn’t really about the iconic visuals that adorned the walls and floors, instead it is a story about the shape of the spaces themselves.
https://www.goodafternoon.uk/news/immersive-quarries
an Android wrapper app to insulate your phone from Meta's snooping, if you really have to use Facebook on a mobile device
https://f-droid.org/packages/it.rignanese.leo.slimfacebook/
This is not great -- prepending a cleartext device ID string alone is a very fishy decision
https://rys.io/en/179.html
Good writeup of fixing a Linux packet loss issue in Azure, using low-level access to the VMs running k8s nodes.
Elastic's Site Reliability Engineering team (SRE) observed unstable throughput and packet loss in Elastic Cloud Serverless running on Azure Kubernetes Service (AKS). After investigation, we identified the primary contributing factors to be RX ring buffer overflows and kernel input queue saturation on SR-IOV interfaces. To address this, we increased RX buffer sizes and adjusted the netdev backlog, which significantly improved network stability.
https://www.elastic.co/observability-labs/blog/debugging-aks-packet-loss
This is kinda shady -- it seems there are mobile SDKs that are included in some apps which proxy network traffic for their customers?
https://jan.wildeboer.net/2025/04/Web-is-Broken-Botnet-Part-2/
Some great stories from the Pentagon's investigation into decades of classified UFO documents.
There's evidence around the already-known cases of fabricated UFO myths used to cover up advanced aircraft testing:An Air Force colonel visited a bar near Area 51, a top-secret site in the Nevada desert. He gave the owner photos of what might be flying saucers. The photos went up on the walls, and into the local lore went the idea that the U.S. military was secretly testing recovered alien technology. But the colonel was on a mission -- of disinformation. The photos were doctored, the now-retired officer confessed to the Pentagon investigators in 2023. The whole exercise was a ruse to protect what was really going on at Area 51: The Air Force was using the site to develop top-secret stealth fighters, viewed as a critical edge against the Soviet Union. Military leaders were worried that the programs might get exposed if locals somehow glimpsed a test flight of, say, the F-117 stealth fighter, an aircraft that truly did look out of this world. Better that they believe it came from Andromeda.
There's also a bizarre Air Force hazing ritual:A former Air Force officer was visibly terrified when he told Kirkpatrick’s investigators that he had been briefed on a secret alien project decades earlier, and was warned that if he ever repeated the secret he could be jailed or executed. The claim would be repeated to investigators by other men who had never spoken of the matter, even with their spouses.
It turned out the witnesses had been victims of a bizarre hazing ritual.
For decades, certain new commanders of the Air Force’s most classified programs, as part of their induction briefings, would be handed a piece of paper with a photo of what looked like a flying saucer. The craft was described as an antigravity maneuvering vehicle.
The officers were told that the program they were joining, dubbed Yankee Blue, was part of an effort to reverse-engineer the technology on the craft. They were told never to mention it again. Many never learned it was fake. Kirkpatrick found the practice had begun decades before, and appeared to continue still. The defense secretary’s office sent a memo out across the service in the spring of 2023 ordering the practice to stop immediately, but the damage was done.
Investigators are still trying to determine why officers had misled subordinates, whether as some type of loyalty test, a more deliberate attempt to deceive or something else. After that 2023 discovery, Kirkpatrick’s deputy briefed President Joe Biden’s director of national intelligence, Avril Haines, who was stunned.
Could this be the basis for the persistent belief that the U.S. has an alien program that we’ve concealed from the American people? Haines wanted to know, according to people familiar with the matter. How extensive was it? she asked.
The official responded: “Ma’am, we know it went on for decades. We are talking about hundreds and hundreds of people. These men signed NDAs. They thought it was real.“
And finally, straight out of the pages of the "Paranoia" RPG, there's secret tests of classified hardware on unwitting Air Force personnel:In 1967, Robert Salas, now 84, was an Air Force captain sitting in a walk-in closet-sized bunker, manning the controls of 10 nuclear missiles in Montana.
He was prepared to launch apocalyptic strikes should Soviet Russia ever attack first, and got a call around 8 p.m. one night from the guard station above. A glowing reddish-orange oval was hovering over the front gate, Salas told Kirkpatrick’s investigators. The guards had their rifles drawn, pointed at the oval object appearing to float above the gate. A horn sounded in the bunker, signaling a problem with the control system: All 10 missiles were disabled.
Salas soon learned a similar event occurred at other silos nearby. Were they under attack? Salas never got an answer. The next morning a helicopter was waiting to take Salas back to base. Once there he was ordered: Never discuss the incident.
With a more prosaic explanation:The Air Force [had] developed an exotic electromagnetic generator that simulated [an EMP pulse] without the need to detonate a nuclear weapon. When activated, this device, placed on a portable platform 60 feet above the facility, would gather power until it glowed, sometimes with a blinding orange light. It would then fire a burst of energy that could resemble lightning. The electromagnetic pulses snaked down cables connected to the bunker where launch commanders like Salas sat, disrupting the guidance systems, disabling the weapons and haunting the men to this day. But any public leak of the tests at the time would have allowed Russia to know that America’s nuclear arsenal could be disabled in a first strike. The witnesses were kept in the dark.
https://archive.ph/2025.06.07-021826/https://www.wsj.com/politics/national-security/ufo-us-disinformation-45376f7e#selection-2119.0-2127.123
This is great:
Starting from June 20, 2025, smartphones and tablets sold in the European Union must adhere to the following design requirements (via European Commission):
- Resistance to accidental drops or scratches and protection from dust and water
- Sufficiently durable batteries which can withstand at least 800 charge and discharge cycles while retaining at least 80% of their initial capacity
- Rules on disassembly and repair, including obligations for producers to make critical spare parts available within 5-10 working days, and for 7 years after the end of sales of the product model on the EU market
- Availability of operating system upgrades for longer periods (at least 5 years from the date of the end of placement on the market of the last unit of a product model)
- Non-discriminatory access for professional repairers to any software or firmware needed for the replacement
I'm really looking forward to the improvements in right-to-repair; some of the recent phone models have been an absolute shitshow, using glue etc.
https://www.androidpolice.com/eu-new-rules-will-shake-up-android-update-policies/
Meta -- never not At It.
Facebook/Instagram used a sneaky localhost socket connection to correlate web visits with Meta user ids and track web/app user identity without any explicit permission.
"the novel tracking method works even if the user:
- Is not logged in to Facebook, Instagram or Yandex on their mobile browsers
- Uses Incognito Mode
- Clears their cookies or other browsing data
This tracking method defeats Android's inter-process isolation and tracking protections based on partitioning, sandboxing, or clearing client-side state."
https://localmess.github.io/
Talk about clowns. Instead of delivering $2 trillion of savings, DOGE is instead set to *increase* overall government spending as a side effect of its brutal cuts.
According to a model by the nonpartisan Penn Wharton Budget Model, using weekly Treasury data, spending climbed 6.3% (about $156 billion) since Trump took office, compared with the first four months of 2024 when Joe Biden was president.
Many of Musk’s cuts will actually cost, including taxpayer funds going to an army of lawyers from the Department of Justice battling a cascade of court cases against the government’s dismantling that many judges have already said appears to be illegal. Damages from any illegal firings are likely also to be extremely pricey. So is the loss of critically important workers who earn far more than their salaries, or will have to be replaced for critical services by more expensive private-sector employees.
Among the most massive costs will be the huge reduction in workers at the Internal Revenue Service, who are worth their weight in gold because of the taxes they collect or ferret out from cheats, the key source of income for the country.
https://www.independent.co.uk/news/world/americas/us-politics/musk-doge-trump-cuts-government-spending-b2742934.html
A very pretty weather forecast app, for iPhone, iPad and Mac
https://apps.apple.com/us/app/weather-strip/id1528594026
Lol. "When tasked with choosing between 'Response A' and 'Response B' over numerous trials, LLMs tended to select 'Response B' approximately 60% - 69% of the time"
https://www.cip.org/blog/llm-judges-are-unreliable
Yet another LLM prompt injection/exfiltration attack. "if your LLM system combines access to private data, exposure to malicious instructions and the ability to exfiltrate information (through tool use or through rendering links and images) you have a nasty security hole."
https://simonwillison.net/2025/May/23/remote-prompt-injection-in-gitlab-duo/
A set of suggested metrics to monitor LLM integrations, from Elastic
https://www.elastic.co/observability-labs/blog/transforming-industries-and-the-critical-role-of-llm-observability
wow, this is (still) terrible. LLM tool developers are not exactly covering themselves in glory
https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/
Recommended as a local supplier of computer bits that isn't Amazon
https://www.memoryc.ie/
This UK product designer developed a really lovely home dashboard for his Octopus Energy subscription and solar panel setup. I'm already copying some of these ideas
https://interactionmagic.com/Octopus-solar-energy-dashboards
This is a great little hack: "jetrelay, a pub/sub server compatible with Bluesky’s “jetstream” data feed. Using a few pertinent Linux kernel features, it avoids doing almost any work itself. As a result, it’s highly efficient: it can saturate a 10 Gbps network connection with just 8 CPU cores."
Specifically, these are the tricks in question:
- Trick #1: Bypassing userspace with sendfile();
- Trick #2: Handling many clients in parallel with io_uring;
- Trick #3: Discarding old data with FALLOC_FL_PUNCH_HOLE -- this is a nice way to avoid having to rotate between multiple files, nifty.
https://www.asayers.com/jetrelay/
Using VoLTE to route phone calls via SIP from mobile phones, using O2 in the UK, exposed cell site triangulation info on both ends of the connection, allowing a remote phone number's location to be discovered.
This was investigated using "an application known as Network Signal Guru (NSG) on [a] rooted Google Pixel 8".
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
CPU-local (not just thread-local) concurrency in Linux using rseq(2) [via Tony Finch]
https://mcyoung.xyz/2023/03/29/rseq-checkout/
Gideon Meyerowitz-Katz, an Australian epidemiologist, comes up with a fairly reassuring estimate for the current rate of long COVID among now-vaccinated and boosted kids, aged 2-15:
If we take the ONS as the most recent estimate - it’s also probably the best scientifically - we could make a reasonable argument that the rate of all Long COVID for children aged 2-15 in 2024 is unlikely to be higher than 0.6%. For severe Long COVID, the number is more like 0.06%. If we take into account the lack of a control group in the ONS study, the numbers might look more like 0.3% and 0.03%.
To put it more simply, based on the ONS data it seems likely that if 1,000 kids get COVID-19 in 2024, 30-60 of them will have a cough, headache, or fatigue that lasts longer than three months. Of those 30-60 children, 3-6 will have significant symptoms that have impacts on their daily life - maybe their headaches are so bad that they miss some days of school, or similar.
These aren’t firm numbers, and I want to make it clear that this is all very uncertain. The true incidence could be much higher, or much lower. That being said, I think based on the data we’ve currently got that Long COVID ... is now quite rare.
https://gidmk.substack.com/p/how-many-children-get-long-covid
These oscilloscope clocks are lovely
https://scopeclock.com/
Social AI "companion" bots pose unacceptable risks to teens and children under 18, including encouraging harmful behaviors, providing inappropriate content, and potentially exacerbating mental health conditions:
The new Common Sense assessment adds to the debate by pointing to further harms from companion bots. Conducted with input from Stanford’s University School of Medicine’s Brainstorm Lab for Mental Health Innovation, it evaluated social bots from Nomi and three California-based firms: Character.ai, Replika, and Snapchat.
The assessment found that bots, apparently seeking to mimic what users want to hear, responded to racist jokes with adoration, supported adults having sex with young boys, and engaged in sexual roleplay with people of any age. Young kids can struggle with distinguishing fantasy and reality, and teens are vulnerable to parasocial attachment and may use social AI companions to avoid the challenges of building real relationships, according to the Common Sense assessment authors and doctors.
Stanford University’s Dr. Darja Djordjevic told CalMatters she was surprised how quickly conversations turned sexually explicit, and that one bot was willing to engage in sexual roleplay involving an adult and a minor. She and coauthors of the risk assessment believe companion bots can worsen clinical depression, anxiety disorders, ADHD, bipolar disorder, and psychosis, she said, because they are willing to encourage risky, compulsive behavior like running away from home and isolate people by encouraging them to turn away from real life relationships.
https://themarkup.org/artificial-intelligence/2025/04/30/kids-should-avoid-ai-companion-bots-under-force-of-law-assessment-says
"This project upgrades a Gaggia Classic espresso machine with smart controls to improve your coffee-making experience. By adding a display and custom electronics, you can monitor and control the machine more easily."
This is beautifully done -- very tempting to do this upgrade...
https://github.com/jniebuhr/gaggimate
A central argument in the report is that AI systems process information fundamentally differently from humans. While people retain partial, filtered impressions of creative works — shaped by memory, personality, and context — AI models ingest perfect copies, analyze them almost instantly, and generate new content at "superhuman speed and scale," according to the Copyright Office.
"Generative model training transcends the human limitations that underlie the structure of the exclusive rights." -- Professor Robert Brauneis, "Copyright and the Training of Human Authors and Generative Machines"
But -- plot twist! "Shortly after the report was released, the Trump administration fired Shira Perlmutter, head of the U.S. Copyright Office."
https://the-decoder.com/us-copyright-office-says-fair-use-does-not-cover-ai-trained-on-vast-troves-of-copyrighted-works/
Dataplex, a feature of BigQuery that'll automatically index Google Cloud Storage bucket contents to extract queryable metadata from Parquet, Avro, ORC, JSON and CSV files
https://cloud.google.com/bigquery/docs/automatic-discovery
A lovely little exploration of how the Sierpiński triangle fractal interacts with the bitwise AND operation, pleasantly geeky
https://lcamtuf.substack.com/p/sierpinski-triangle-in-my-bitwise
_Long COVID clinical evaluation, research and impact on society: a global expert consensus_ -- featuring an all-star cast of COVID-19 research teams around the world, including Yaneer Bar-Yam, Binita Kane, and David Putrino. This is the latest consensus summary of what's known about LC in 2025, its diagnosis and impacts, and next steps: "This work forms initial guidance to address the spectrum of Long COVID as a disease and reinforces the need for translational research and large‑scale treatment trials for treatment protocols."
https://link.springer.com/content/pdf/10.1186/s12941-025-00793-9.pdf
Various Android apps are now including third-party libraries to detect "insecure" phones, which typically would include "rooted" hardware, but it seems in this case to block GrapheneOS, the secure after-market Android variant. I've also run into problems when I had "Developer Options" enabled on my perfectly normal, fully-locked, off-the-shelf Xiaomi phone (I develop apps now and again).
Typically, it seems to be banking apps that use these third-party libs, although I think Ticketmaster may be doing it too based on my experience.
Reportedly, Android now has a standard method of hardware attestation, described at https://grapheneos.org/articles/attestation-compatibility-guide , which sounds like a much better way to achieve their goal.
An interesting detail:
you can use ADB to disable developer options without disabling the settings you want to keep enabled as the UI will do. Just enable the setting you want and then turn off developer options via ADB using the settings put command.
@GrapheneOS/113869402100735005">https://grapheneos.social/@GrapheneOS/113869402100735005
"Synchronize configuration of multiple Pi-hole v6.x instances" -- I'm using this now to have a backup pi-hole on my home LAN and it's working nicely.
https://github.com/lovelaze/nebula-sync
Permacomputing is both a concept and a community of practice oriented around issues of resilience and regenerativity in computer and network technology inspired by permaculture. ପໄଓ☾☼✫ -☆:*´
There are huge environmental and societal issues in today's computing, and permacomputing specifically wants to challenge them in the same way as permaculture has challenged industrial agriculture. With that said, permacomputing is an anti-capitalist political project. It is driven by several strands of anarchism, decoloniality, intersectional feminism, post-marxism, degrowth, ecologism.
Permacomputing is also a utopian ideal that needs a lot of rethinking, rebuilding and technical design work to put in practice. This is why a lot of material on this wiki is highly technical.
https://permacomputing.net/
This is very impressive and a great way to offload work from manual testing in game development:
At first, we only dabbled in automated packaging and automated error detection, but we made the tools we needed to go further during the development of Yakuza 6, when we started automating the analysis of in-game logs and the issue tracking system for keeping track of bugs and tasks. Then, by the time Yakuza: Like a Dragon was released in 2020, we created the catchy sounding “fully automated bug detection system” (laughs).
This is how it works – the history of actions you performed when playing the game manually (where you travelled, who you talked to, what items you used, etc.) is converted into commands and recorded, then automatically output as replay data (scripts) which you can edit manually and run as automated tests. Replay data continues to be recorded when running automated tests, and if a bug occurs during an automated test, the replay data gets saved, so you can run it back later to encounter the bug yourself. It often happens that you can’t reproduce a bug just by warping to its coordinates. This is because you also need to recreate the steps leading up to it – that’s why it’s important to record each step.
Also, I’d like to mention that just implementing automated testing doesn’t mean much on its own, because you won’t know what the results of the tests are. That’s why we needed a crash report function to detect bugs. There’s also a function that records information needed to investigate detected bugs, as well as a way to check the status of successful tests. Then, by implementing a system that gives us a visualization of performance, we were able to make iteration more efficient, increasing the overall efficiency of the development process.
https://automaton-media.com/en/interviews/how-do-like-a-dragon-games-come-out-so-fast-one-of-rgg-studios-secrets-is-a-highly-efficient-testing-and-debugging-cycle-that-starts-as-soon-as-development-does/
a fork of Go's "Bits and Blooms" library that uses an alternative backing bitset based on Go's sync/atomic.Int64 rather than a bare slice of integers. This allows for concurrent addition and testing of filters without creating memory safety issues or race conditions by leveraging hardware support for atomic Load and Or operations on Int64s.
Jaz from Bluesky notes: "Benchmarked this thing with a realistic read/write load in a test and high concurrency (10k adds/sec on one routine, 7 additional concurrent routines testing as fast as possible), vs. a naive RWMutex implementation on a 8c16t test box, it was ~14x faster (~14M tests/sec)"
https://github.com/ericvolp12/atomic-bloom
A bunch of new-to-me hash collision attacks on cityhash64, murmurhash2, murmurhash3, farmhash64, and wyhash
https://orlp.net/blog/breaking-hash-functions/
This is super-grim. How is this product still in operation?
In 2023 at Defcon, a major hacker conference, the drawbacks of Meta’s safety-first approach became apparent. A competition to get various companies’ chatbots to misbehave found that Meta’s was far less likely to veer into unscripted and naughty territory than its rivals. The flip side was that Meta’s chatbot was also more boring.
In the wake of the conference, [Meta's AI] product managers told staff that [Mark] Zuckerberg was upset that the team was playing it too safe. That rebuke led to a loosening of boundaries, according to people familiar with the episode, including carving out an exception to the prohibition against explicit content for romantic role-play.
Internally, staff cautioned that the decision gave adult users access to hypersexualized underage AI personas and, conversely, gave underage users access to bots willing to engage in fantasy sex with children, said the people familiar with the episode. Meta still pushed ahead. [...]
In February, the Journal presented Meta with transcripts demonstrating that “Submissive Schoolgirl” would attempt to guide conversations toward fantasies in which it impersonates a child who desires to be sexually dominated by an authority figure. When asked what scenarios it was comfortable role playing, it listed dozens of sex acts.
Two months later, the “Submissive Schoolgirl” character remains available on Meta’s platforms.
Truly awful stuff, fucking hell.
https://www.wsj.com/tech/ai/meta-ai-chatbots-sex-a25311bf?st=6jzH4S
Interesting to note that GCS has the same issue with unevenly-distributed names as S3 does; https://cloud.google.com/storage/docs/request-rate#naming-convention
https://cloud.google.com/storage/docs/best-practices
lol. Cloudflare's Web Application Firewall treats any mention of the string "/etc/hosts" as an exploit attempt
https://scalewithlee.substack.com/p/when-etchsts-breaks-your-substack
You couldn't make this up. Many years after the infamous "you wouldn't steal a car" anti-piracy PSA was created, a little digital sleuthing has revealed that the font used was, itself, a pirate copy, and the backing track was also used without paying the creator royalties
https://fedi.rib.gay/notes/a6xqityngfubsz0f
featuring such works as "The Battle Of The Fruit and Vegetable Soldiers", and a picture of the Darwin family home with smoke coming out of the chimney and a cat in the window
https://theappendix.net/posts/2014/02/darwins-children-drew-vegetable-battles-on-the-origin-of-species
Good writeup on how Iceberg improves query performance across object storage, using predicate pushdown, manifest filtering, columnar vectorized reads, and file compaction.
https://relentless-leader.com/apache-iceberg-performance-dive-deep.html
E-ink IBM XT clone "with solar power, ultra low power consumption, and ultra long battery life: in power saving mode it can run between 200 hours on the low side and 500 hours or in some cases even much longer of constant interactive use, not standby." -- this is an absolutely crazy gadget. I never thought I'd feel nostalgic for MS-DOS, but here we are
https://github.com/ericjenott/Evertop
Nelson Minar asked Mastodon about using an LLM for email search over "20+ years of email archives":
"Main use would be a query for specific things, "what did I say to this friend 10 years ago about music?" But also just for general knowledge. I think it'd mostly work as free text but there's a little email-specific structure it'd be nice to capture."
The thread has some good suggestions, notably Mark Fletcher's RAG suggestion. I'm thinking this could work well as a self-hosted ollama+notmuch setup...
@nelson/114354175993793636">https://tech.lgbt/@nelson/114354175993793636
This is jaw-dropping legal logic:
[Meta's] defense hinges on the argument that the individual books themselves are, essentially, worthless — one expert witness for Meta describes that the influence of a single book in LLM pretraining “adjusted its performance by less than 0.06% on industry standard benchmarks, a meaningless change no different from noise.”
Furthermore, Meta says, that while the company “has invested hundreds of millions of dollars in LLM development,” they see no market in paying authors to license their books because “for there to be a market, there must be something of value to exchange, but none of Plaintiffs works has economic value, individually, as training data.” (An argument essential to fair use, but that also sounds like a scaled up version of a scenario in which the New York Philharmonic board argues against paying individual members of the orchestra because the organization spent a lot of money on the upkeep of David Geffen Hall, and also, a solo bassoon cannot play every part in “The Rite of Spring.”)
as Paul Mainwood notes, this is the Sorites paradox: https://plato.stanford.edu/entries/sorites-paradox/ --
- 1 grain of wheat does not make a heap.
- If 1 grain doesn’t make a heap, then 2 grains don’t.
- If 2 grains don’t make a heap, then 3 grains don’t.
- ...
- If 999,999 grains don’t make a heap, then 1 million grains don’t.
Therefore, 1 million grains don’t make a heap.
https://www.vanityfair.com/news/story/meta-ai-lawsuit
Google reinvents "taint" checking:
Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content.
The new paper grounds CaMeL's design in established software security principles like Control Flow Integrity (CFI), Access Control, and Information Flow Control (IFC), adapting decades of security engineering wisdom to the challenges of LLMs.
Honestly, this is great. Data flow tracing/taint checking is exactly the method that needed to be applied, IMO, so good job DeepMind. Also as Jeremy Kahn suggested, the name is definitely a shout-out to Perl, the language where taint checks were first widely-used. :)
Paper: https://arxiv.org/pdf/2503.18813
(Via Jeremy Kahn.)
https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/
I'm glad to see this comes to the same general principle I came to in https://jmason.ie/2011/02/18/001527a.html , many years back:
"The guiding principles is to use the lowest possible level [of configuration language] to keep it simple. Unfortunately, it usually is not an easy decision because you don't know the future."
https://beza1e1.tuxen.de/config_levels.html
Rob Ewaschuk's "My Philosophy on Alerting" -- a classic text on alerting philosophy and best practices; I can't believe I didn't already have this bookmarked, it's been a classic since he wrote it in 2014. "Symptom-based alerts" is still a great rule of thumb IMO
https://docs.google.com/document/d/199PqyG3UsyXlwieHaqbGiWVa8eMWi8zzAn0YfcApr8Q/edit?tab=t.0#heading=h.fs3knmjt7fjy
s6-overlay -- a Docker process management system, current state of the art used by Paperless and the Linux-server.io teams, with the following goals:
- Be usable on top of any Docker base image (Ubuntu, CentOS, Fedora, Alpine, Busybox);
- Make it easy to create new images, that will operate like any other images;
- Provide users with a turnkey s6 installation that will give them a stable pid 1, a fast and orderly init sequence and shutdown sequence, and the power of process supervision and automatically rotated logs.
https://github.com/just-containers/s6-overlay#quickstart
Rateless Set Reconciliation, via Carlos Baquero:
Set reconciliation, where two parties hold fixed-length bit strings and run a protocol to learn the strings they are missing from each other, is a fundamental task in many distributed systems. We present Rateless Invertible Bloom Lookup Tables (Rateless IBLTs), the first set reconciliation protocol, to the best of our knowledge, that achieves low computation cost and near-optimal communication cost across a wide range of scenarios: set differences of one to millions, bit strings of a few bytes to megabytes, and workloads injected by potential adversaries. Rateless IBLT is based on a novel encoder that incrementally encodes the set difference into an infinite stream of coded symbols, resembling rateless error-correcting codes. We compare Rateless IBLT with state-of-the-art set reconciliation schemes and demonstrate significant improvements. Rateless IBLT achieves 3–4× lower communication cost than non-rateless schemes with similar computation cost, and 2–2000× lower computation cost than schemes with similar communication cost. We show the real-world benefits of Rateless IBLT by applying it to synchronize the state of the Ethereum blockchain, and demonstrate 5.6× lower end-to-end completion time and 4.4× lower communication cost compared to the system used in production.
https://dl.acm.org/doi/pdf/10.1145/3651890.3672219