in many ways they are truly next-level and can find so many things we didn't see before. Code that previously had zero defects detected now suddenly has a lot of them...
@joshbressers @Migueldeicaza I've been most impressed by them when they also "know" lots of details about the surrounding: like the protocols involved and 3rd party library's APIs etc, so they can detect when code abuses protocols specs or bad assumptions about data that is returned from another library etc. Those in-between areas that are so hard for humans to keep track of and see the mistakes in are perfect to have AI scan and poke holes at.
@schnedan I don't claim to understand either, but I have worked with them for a while and I have received many reports generated from their toolset. They're good.
Most of "AI" is human labor misrepresented as something the machine did, to defraud customers and investors.
I wouldn't be surprised if we find out that their "AI-powered code analyzer" did little or nothing here, and that they spent a lot of money on actual labor for the sake of promoting their product.
@dalias I know that's not the case because I also have access to such tools (made by others) and as I can run them on my own code I can see what they do and what they can find.
AI powered code analyzers is a real thing, and they make better code analyzers than the ones without the AI component.
It's certainly plausible that they find common patterns of error better than a simple grep would. But my default hypothesis will always be that this is marketing.
I do wonder though if you have access to the tools and the tools themselves can find the errors themselves, why it took Aisle employees reporting them in order for them to be found.
@dalias all these tools, like code analyzers have for ages, find and easily report a lot of things. The filtering, the assessing and the confirming still need a human involved to get really good.
@dalias I can tell you're too busy denying this and haven't actually tried this yourself. That's fine, but also a little amusing that you thus insist that I'm lying.
I think you're giving undue credit to an industry that's vastly over-promising and that has extremely bad externalities. And that doing so lowers your credibility among folks who care about this.
@dalias I have not argued against them over-promising and doing all sorts of crap. They do. And will continue to most likely. That's certainly problematic.
What I *am saying* though, is that some of the AI (powered code analyzer) tools are better than most non-AI ones. And I think I've seen one or two in my days and I have written a line of code or two.
AI can be used to do good. Is it worth the cost? That's a separate question.
"AI can be used to do good." is a statement that lacks meaning without clarifying what "AI" means, and that excuses all sorts of other things under the umbrella of "AI" that fundamentally cannot be used for good. Because "AI" is and always has been a strategically vague marketing term not a technical category.
It's likely that statistical models of source code correlated with vulnerabilities can be used for good. I don't think they can be built without massive scale license infringement enclosing the commons, nor lots of other types of harm.
@dalias this exact case is one of my "this is what AI is actually good at" examples. It's a carefully tuned tool used on the correct problem domain by experts - perfect application.
do you have any interesting contextually important information about what they mean when they saying ai reasoning system? E.g. are they describing a somewhat conventional and non-new deep learning static analysis as being an AI reasoning system product?
besides the point but... grinding my teeth at calling these zero-day vulnerabilities, words have meanings, ffs, we aren't gonna call a vulnerabilities zero-day if they are following standard coordinated disclosure, are we?
This is all so great and a plausible use of the technology, only if not fueled with hype and click-bait: saying that LLM is successful here instead of "AI" would sound more plausible to me. But likely less audience (CEOs) would buy that, so it's all gotta be "AI" hand-waving 😒 Surely enough it's far more advanced than fuzzy testing, pity there are little details on the actual technology published, just hype.
KUALA LUMPUR, Jan 14 — Malaysia is among 81 countries where the manipulation of public opinion through social media remains a growing threat to democracies around the world, a...
I went to pottery class today and opened by asking several of my classmates if they knew how to use the slab roller upstairs. Nobody did but everyone wanted to, so when the teacher got in I’m like “hey teach, do you know how to use the slab roller upstairs” and she’s like “no” (she’s a visiting artist who only got here a couple months ago so this is not very surprising) “but I’ve used a lot of different ones and I bet we can figure it out.” Me: “do you want to go on a Journey of Discovery?” Everyone: yes. YES. *cue sickos faces* so we all thunder up the stairs periodically shouting JOURNEY OF DISCOVERY and our teacher snags another person who uses the slab roller A Lot and this person gives us a very thorough lesson and demonstration and every so often someone else wanders through and asks what’s happening and we all go JOURNEY OF DISCOVERY at them and now everyone knows how to use the slab roller and honestly I cannot recommend this approach enough as a way to make learning new skills and life generally more exciting.
I had a dream last night that Linux was renamed “systemdOS”. My reptilian brain seems to be too in touch with reality. Bring back the man eating snakes made out of rolls of insulation. At least that was tolerable.
Tady potichu sleduju konverzace o MeshCore a protože kolem HK je to s repeatery docela slabota, tak jsem objednal jeden na náš dům. Nemáme 100% ideální polohu, na jih a západ jsou lesy a na sever dálnice. Ale určitě to v současné situaci neublíží. Pokud to bude fungovat bezúdržbově, tak se zkusím domluvit s někým, kdo má střechu položenou lépe.
já měl v tomhle ohromné štěstí. Mám repeater 300 m od baráku, ale i tak si budu na střechu dávat vlastní. Úplně nechci být závislý na jednom nodu. Repeater na střeše dosáhne na další. Asi včetně toho, který budeme zítra dávat u nás v práci na střechu. Z práce domů to tak budu mít na jeden hop.
@sesivany To jsou ta velkoměsta 🙂 Já tu mám okolo jeden repeater co mi odpověděl a není na téhle mapě. Ten jeden, co je na mapě, jsem neslyšel ani z vysoké budovy v HK. A z domu nechytnu nic. Doufám, že až dám něco na střechu, tak se to někam dobouchá.
Na Meshtastic si tu i pokecám a vidím zprávy třeba až z Prahy, ale taky zprávy často nedorazí a MeshTastic appka žere hrozně moc baterku.
ani to Brno ještě není zdaleka tak dobře pokryté. Třeba v práci to je čistá nula, proto tam ten repeater dáváme. Měl jsem fakt štěstí. Pokud není nic v okolí, tak to chce ideálně kopec. V Meshcore ty repeatery na kopcích klidně dávají desítky až stovky km. Akorát tohle si fakt nelajznu dát jenom tak někde na pankáře do lesa na strom. Přece jenom to od těch baterek může zahořet a v létě z toho klidně chytnout celý les.
jo, to je dilema. Máme tu v Brně možnost to dát na pár ideálních míst jako vysoké komíny. Ale s přístupem jen jednou za půl roku. Jak by se na tom něco vy..., tak by to bylo v háji.
ale to je o tom, že si stabilní spojení dovedeš do vaší lokality, ale myslím si, že repeater u sebe na střeše pořád má smysl, takže s tím bych začal. Já mám repeater 300 metrů daleko a i tak se stává, že z T1000-e zpráva někdy neodejde. Až budu mít na střeše SenseCAP P1 s Mikrotikem 6,5 dBi, tak doufám, že se to stávat nebude.
SenseCAP P1 je taky čínský bazmek, ale aktuálně má nejlepší poměr cena/výkon, tak se z něj v české komunitě stává nejpoužívanější zařízení a budou s ním největší zkušenosti. Tady ho mají za 90 dolarů, za tu cenu si to neposkládáš ani sám, jen teď v evropském skladu nemají naskladněno, máme objednané tři kusy. seeedstudio.com/SenseCAP-Solar…
It is a solar-powered communication node that integrates the XIAO nRF52840 Plus main controller, the Wio-SX1262 LoRa module, and the XIAO L76K GPS module. It is specifically designed for areas without network coverage.
@sesivany Myslím, že s RAK deskami to postavíš levněji, třeba o 30 %, ale budeš na tom pracovat měsíc, takže se to vyplatí jen když jich potřebuješ víc.
@sesivany vim ze aktuálně řešíte repeatery, ale na cem to prijmate? mate nejakou tu lora krabicku s baterkou v kapse a k ni se pripojujete z mobilni aplikace?
@adamhavelka Já mám tyhle dvě: seeedstudio.com/Wio-Tracker-L1… seeedstudio.com/SenseCAP-Card-… Ten T1000-E má fakt super form factor, je to taková tlustější kreditka. Dá se to strčit do kapsy, je to nenápadné. Nevypadám s tím jako divnočlověk s vysílačkou. :) Má to mírně horší odesílání, ale to je obecná vlastnost všech těch companionů, že mají lepší příjem než vysílání a nepřijde mi, že bych zažil moc situací, kdy se T1000-E nechytá a Wio L1 ano.
Pokud chceš ale něco s co nejlepším dosahem, tak to Wio L1 nebo něco s Heltecem v3.
It features open-source software. It integrates diverse sensors and positioning tech, transmitting data to the cloud via LoRaWAN for real-time device monitoring and management.
@sesivany Znam cloveka, co to na vysokym strome nekde u Benesova zkousi. Napajeni solarnim panelem, k tomu LiFePO baterky, co nehorej. Zarizeni je zalozene na MCU nRF52840, to ma 10x mensi spotrebu nez zarizeni s MCU od ESPressif. Vylezt na vysokej strom ale vyzaduje vybaveni a sikovnost.
Well... there are definitely a bunch of fedi posts complaining about the "special attention" the Jews get on Holocaust remembrance day. Cool cool cool. 🙄
Looking on forums, I keep seeing people say things like "everyone is in the hive mind, therefore having sex with it is okay since they consent" or "the hive kind can't say no, so it can't consent". For some reason though, very few people are asking if the person whose body is being used would have consented at all? Would the women Diabate interacts with have consented to sex with him? The hive drives their bodies to engage sexually, but those women had lives, their own opinions on sex, their own sexual orientations, etc.
It feels wrong to consider that, for example, an asexual woman or someone religiously celibate is now forced to be a sexual object for his pleasure. The existence of the hive mind has made it so that the individual is used with no respect to the former individual's boundaries. And if that person gains their mind back, they would feel violated by that
Next time some politician tell they can't close tax loopholes that the rich exploit to pay less taxes than majority of Canadians, ask them why one can't save on PST anymore by ordering out of province?
For years, the payments industry was aggressive about cutting off access to websites accused of containing child sexual abuse material. Elon Musk changed that.
For those of you worried about the exposure of the UK state to the activities & money of Palantir, here's a diagram from The Nerve that is going to do nothing to reassure you at all....
For more details see the investigation published today by The Nerve.
EXCLUSIVE Nerve investigation finds Trump ally Peter Thiel's surveillance firm has won at least 34 contracts, including management services for Britain's nuclear deterrent, with MPs warning of 'gaping vulnerability' as US president threatens Nato all…
Every year, I share the memory book of the lost shtetl of Zaromb, near Treblinka. It is a haunting catalogue of horrors, compiled in 1946. One of the recurring themes of the accounts: Zarombers faced as much danger from Poles as they did from Germans.
“As we saw later, the Poles took an active part in the massacre of the Jews of Zaromb. Several days before, a number of Polish cart drivers had been given orders to be ready to transport the "Zshides" (derogatory term for Jews) of Zaromb. They kept that order secret.”
BTW, in Russian the word "zhid" (the first sound like S in meaSure), although coming from Yid (cf. Yiddish, the language of Yidn, i.e., Jews), is EXTREMELY rude. Just FYI, if you hear it (even if you don't understand Russian), 99% you're listening to an antisemite. 1% is for ironiccl use (as in "damned zionists still don't want to die and continue fighting hamas").
In Ukrainian though that word was absolutely normative far longer, maybe because much higher Yiddish influence. I saw a New Testament (yes, printed in Soviet Union or maybe in Western Ukraine before occupation) where Epistle to the Hebrews was translated using this word — a thing absolutely impossible in Russian. And even knew a Jewish woman that called herself with this word in feminine, in Ukrainian.
Die Kirchenzeitung hat mit mir einen Podcast gemacht. Es geht um: “Liebet eure Feinde”. Es geht auch ein bisschen um die #TZI und um die #Mediation (meine Lieblings-Arbeitsfelder neben dem Pfarramt).
Leider nur innerhalb des E-Papers (mit Anmeldung) und über Spotify zu hören. Bei Spotify könnt ihr ihn aber auch ohne Abo oder Anmeldung hören: open.spotify.com/episode/5qLpV…
Ist Anmeldung und Registrieren etwas unterschiedliches?
Wenn ich auf den Link gehe, werde ich eingeladen mich zu registrieren - wenn ich das nicht tue und nur auf Play drücke, bekomme ich eine Nachricht Spotify kann dies zurzeit nicht abspielen...
Hm, keine Ahnung. Ich hab's probiert und es läuft entweder oder (bei Brave) er sagt mir, der Browser werde vom Player nicht unterstützt. Ich kenne mich halt mit Spotify null aus.
In the hours after a man was shot in Minneapolis, but before his name was released, @theverge's creative director Kristen Radtke was working on coverage of the aftermath. Then his name was announced, Alex Pretti, and she realized he was her childhood best friend. She writes about how they met, when he was three and she was four, the things they did together, and the person he was. "As social media does its work putting bits and pieces together about each day of unfolding tragedy, more and more of us will realize that those pieces belong to someone we know."
I have switched the repeater on my balcony in Munich from #meshtastic to #Meshcore and after 1 hour I already see nodes and repeaters in Zürich, Switzerland and many other places. Impressive. My repeater, a Heltec T114 with a decent antenna, named DE81827_01 is solar powered and has a 2200 mAh battery so it should JustWork™️ at all times :) Oh. And use the „EU/UK narrow“ radio settings as that is the popular default, but not the default after installing the firmware. Why? Dunno.
it's a pity that the Czech Meshcore community is using its own preset 'CZ narrow' making us effectively an island in 'EU narrow' networks. At least they are considering "bridges" in repeaters in bordering areas. But it's kinda amazing that I can communicate with someone 300 km away using just a community-built, resilient network.
yeah, it definitely defeats the united Europe spirit. I don't know the reasons behind it, it predates my involvement. I hope we will eventually make a switch to 'EU narrow' because it's better together.
@aquarius I heard it was one of the reasons. The other one was that when they were testing the EU narrow preset the repeat time was quite long (5s compared to 1s with the CZ preset) which makes it less useful for chat. But I don't know any details, I wasn't around when the decision was made.
Just curious, are people offering connections to other networks? So maybe carving out 2 Mbps on a fast internet link to route traffic onto it, or is the network only the meshcore network? Still very cool if it's the latter.
@lyda As far as I can see it’s Meshcore traffic on LoRa only over here. But I’m just starting my Meshcore journey so I might learn a few things in the next few weeks on that :)
@lyda it is LoRa only. There are some ideas how to combine it with networks based on other protocols such as Internet, but Meshcore stays LoRa only because routing traffic through Internet would not really make it resilient and independent. The network should withstand large blackouts because most repeaters run on solar energy. The Meshcore maximum throughput is something like 20 kbps, so really slow by today's standards, but enough for text.
@lyda true, but it's for integration on the end points. I haven't really seen something like bypassing traffic through a faster channel between two Meshcore nods. It's really all LoRa hops between repeaters. My maximum is 14 hops. I wonder what it's like in larger networks like in Germany. If the network really scales to dozens of hops (theoretical maximum is AFAIK 64).
An interview with Mozilla president Mark Surman about plans to deploy its ~$1.4B in reserves to fund an AI "rebel alliance" to challenge companies like OpenAI?
Mozilla is looking to deploy its roughly $1.4 billion in reserves to support "mission driven" companies and nonprofits, and is particularly focused on AI.
really? Huh. I know they changed some stuff about what constituted a presence in the province which triggered having to collect provincial tax. I used to order from a shoe store in Calgary (to ottawa) and they ended way back
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
As a proof of concept, we built a Matrix homeserver to Cloudflare Workers — delivering encrypted messaging at the edge with automatic post-quantum cryptography.
Rather than implementing the critical state resolution algorithm that's the core of Matrix, they just directly insert the latest state into the database. That'll instantly lead to diverging views of the room and incompatibility with every other implementation - and it's also a massive security hole.
Honestly this is almost insulting to me, as someone who has spent a nontrivial amount of effort developing a Matrix homeserver, with how low effort it is. And what’s the point? Marketing? I’m not gonna be trusting anything Cloudflare after this.
The pricing comparisons are stupid, by the way, too - a bunch of us in the matrix chatrooms got out how many HTTP requests per day we were serving and the per-request cost of Workers would be more expensive than dedicated VPSs - not even counting CPU time or storage costs!
For those of you that don't know, I develop continuwuity.org - a Rust based Matrix homeserver that actually works, and that you can run on a Raspberry Pi, rather than someone else's centralized cloud infrastructure
I'm really happy to share I'll be at #FOSDEM - I'll be giving a talk with @nex@fedi.transgender.ing about Continuwuity on Sunday. I'll also be at the @matrix@mastodon.matrix.
Tomorrow night join @Liz, for Full Circle from 7 P.M. eastern (US time). This week, the showcase returns for 2026, and in the third hour, Chickenman also returns. So tune in tomorrow night, and see who is hiding in the first showcase for 2026. HKCRadio.com
Franz-Josef Strauß, 25.01.1957: „Atomenergie wird eines Tages elektrische Energie in so großen Mengen und zu so niedrigen Kosten liefern, daß sie praktisch nichts mehr kostet.“
Friedrich #Merz, 27.01.2026: Deutschland solle „den ersten #Fusionsreaktor der Welt ans Netz nehmen“. Dann werde Strom so günstig, „dass es keine anderen Erzeugungsmethoden mehr brauche“.
Deutsches Schulbuch, 2095: „Jahrzehntelang hielten konservative Politiker an teuren Technologien fest und verursachten hohe Kosten“
Ich bin definitiv pro Fusion. Das sollte massiv ausgebaut werden! Auf jedem Dach, an den Balkonen, und überhaupt. Wir können diesen riesigen Fusionsreaktor, den wer-auch-immer vor Milliarden Jahren da ins Zentrum unseres Sonnensystems gesetzt hat, doch nicht auf ewig halb im Leerlauf belassen! Der liefert so viel, dass wir eigentlich keine anderen Erzeu… oh, der wird doch nicht etwa DAS gemeint haben? 🤪
Okay, so our generator's doing the weird thing again. We've all diagnosed it as a partially frozen regulator on our propane tank. What you're about to hear is AC hum recorded while this is going on. UPS's do not like what you're about to hear, almost certainly because the AC frequency is wobbling back and forth all the time. This is *not* normal!
"Die Regierung in Spanien will den Aufenthaltsstatus hunderttausenden Migranten ohne Papiere legalisieren - und verfolgt damit einen deutlich anderen Kurs als viele EU-Staaten. (...) begründet die migrationsfreundliche Politik seiner Koalition mit der Gefährdung des Sozialstaats und der Rentensicherung aufgrund fehlender Arbeitskräfte und einer überalterten Bevölkerung."
Driving my kid to school today, we passed a crowd on a street corner. She asked what they were doing. I said my guess was that it’s observers conferring about ICE.
That wasn’t really a guess What I knew that she didn’t know is that they were gathering because somebody was just abducted there.
Faltblatt zum Digital Independance Day (englischsprachige Ausgabe)
Hier: XMPP / Jabber
Dieses Faltblatt wurde von Freiwilligen ausgearbeitet, um auf das gute freie ...
#HardenedBSD applies the following compiler flags to #OpenSSL in the base operating system:
-ftrivial-var-auto-init=zero
-fsanitize=safe-stack
-fzero-call-used-regs=used
The OpenSSL port (in the HardenedBSD ports tree exclusively) only enables the first option.
I wonder if the combination of these features would mitigate the OpenSSL stack-based buffer overflow vulnerability announced today. I hope to answer that question this evening unless someone else beats me to it.
![// Process incoming PDUs Nick Kuntz, 6 days ago
for (const pdu of pdus || []) {
try {
// TODO: Validate PDU signature
// TODO: Check authorization
// TODO: Store event
pduResults[pdu.event_id] = {};
} catch (e: any) {
pduResults[pdu.event_id] = {
error: e.message || 'Unknown error',
};
}
}](https://fedi.ml/photo/preview/640/754159 "// Process incoming PDUs Nick Kuntz, 6 days ago
for (const pdu of pdus || []) {
try {
// TODO: Validate PDU signature
// TODO: Check authorization
// TODO: Store event
pduResults[pdu.event_id] = {};
} catch (e: any) {
pduResults[pdu.event_id] = {
error: e.message || 'Unknown error',
};
}
}")
And feel welcome in the Droidiverse 😜
Miguel de Icaza ᯅ🍉
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Miguel de Icaza ᯅ🍉 • • •Josh Bressers
in reply to daniel:// stenberg:// • • •@Migueldeicaza security code reviews are brutal to do, especially if the codebase is large
There’s almost no way an LLM won’t outperform a human doing this stuff
daniel:// stenberg://
in reply to Josh Bressers • • •pitch R.
in reply to daniel:// stenberg:// • • •After all its a tool like any other.
schnedan
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to schnedan • • •Cassandrich
in reply to daniel:// stenberg:// • • •Most of "AI" is human labor misrepresented as something the machine did, to defraud customers and investors.
I wouldn't be surprised if we find out that their "AI-powered code analyzer" did little or nothing here, and that they spent a lot of money on actual labor for the sake of promoting their product.
daniel:// stenberg://
in reply to Cassandrich • • •@dalias I know that's not the case because I also have access to such tools (made by others) and as I can run them on my own code I can see what they do and what they can find.
AI powered code analyzers is a real thing, and they make better code analyzers than the ones without the AI component.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Cassandrich
in reply to daniel:// stenberg:// • • •Cassandrich
in reply to Cassandrich • • •daniel:// stenberg://
in reply to Cassandrich • • •Cassandrich
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Cassandrich • • •Cassandrich
in reply to daniel:// stenberg:// • • •I don't think you're "lying".
I think you're giving undue credit to an industry that's vastly over-promising and that has extremely bad externalities. And that doing so lowers your credibility among folks who care about this.
daniel:// stenberg://
in reply to Cassandrich • • •@dalias I have not argued against them over-promising and doing all sorts of crap. They do. And will continue to most likely. That's certainly problematic.
What I *am saying* though, is that some of the AI (powered code analyzer) tools are better than most non-AI ones. And I think I've seen one or two in my days and I have written a line of code or two.
AI can be used to do good. Is it worth the cost? That's a separate question.
Cassandrich
in reply to daniel:// stenberg:// • • •"AI can be used to do good." is a statement that lacks meaning without clarifying what "AI" means, and that excuses all sorts of other things under the umbrella of "AI" that fundamentally cannot be used for good. Because "AI" is and always has been a strategically vague marketing term not a technical category.
It's likely that statistical models of source code correlated with vulnerabilities can be used for good. I don't think they can be built without massive scale license infringement enclosing the commons, nor lots of other types of harm.
daniel:// stenberg://
in reply to Cassandrich • • •@dalias > It's likely that statistical models of source code correlated with vulnerabilities can be used for good.
Great. That seems to be roughly what I said too.
Valerie Aurora 🇺🇦
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •screwlisp
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to screwlisp • • •screwlisp
in reply to daniel:// stenberg:// • • •Thanks. When they say
> have been building an automated AI system for deep cybersecurity discovery and remediation
it does not sound like they are talking about slopbots being infosec employees, and does sound quite a lot like deep learning code static analysis.
nyanbinary
in reply to daniel:// stenberg:// • • •Kris
in reply to daniel:// stenberg:// • • •