Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmBournegol2026-05-19T09:06:52+00:00
https://oldhome.schmorp.de/marc/bournegol.html
jmvia:fanf bournegol algol programming languages bizarre funny unix bin-sh macroshttps://pinboard.in/https://pinboard.in/u:jm/b:a88b5cc3a90c/A Geometric Calculator Inside a Neural Network2026-05-18T10:09:16+00:00
https://www.goodfire.ai/research/a-geometric-calculator#
jmLanguage models use a group of circles in activation space to represent a single number. Each circle corresponds to the number modulo a second number, i.e., the remainder after division.[1] For example, the number 17 would be represented as a 1 on the mod-2 circle, 2 on the mod-5 circle, 7 on the mod-10 circle, and 17 on the mod-100 circle.[2] Several prior works have established that circular features exist across multiple different LLMs [...]
Using a bunch of circles to represent a number probably seems like an alien solution, but it is a common mathematical technique known as a Fourier decomposition (see the paper for more detail).
Each of the inputs and the output of the addition module is represented using such a set of circles, and the circuitry within the module works by doing computations over these circles.
]]>llms language arithmetic maths calculation fourier circleshttps://pinboard.in/https://pinboard.in/u:jm/b:d36a5f9bd99e/Social Media Is Now Parasocial Media - danah boyd, 20262026-05-12T08:56:13+00:00
https://journals.sagepub.com/doi/10.1177/20563051261437487
jm
When practitioners used the term “social media” to describe the internet tools that emerged in the mid-aughts, they were giving a name to the kinds of platforms and protocols that allowed people to socialize with friends and communities of interest by using digital technologies. Twenty years later, users of social media are far more likely to scroll than post – and the content that they consume is often strategically produced and algorithmically curated. In this essay, I argue that the very essence of social media has changed. To more effectively interrogate what we are witnessing, we need to stop presuming that these tools are “social media” and begin recognizing that they are now “parasocial media.”
]]>parasocial social-media social-networking web internethttps://pinboard.in/https://pinboard.in/u:jm/b:6887bec56f56/I toyed around with using Language Embeddings as a way to categorize my RSS Feeds2026-05-08T08:56:13+00:00
https://news.ycombinator.com/item?id=48046450
jmamazon bedrock llms ai embeddings language categorization classification rss texthttps://pinboard.in/https://pinboard.in/u:jm/b:32a67624f52f/Eyeglass Scratch Repair2026-05-07T14:58:36+00:00
https://www.firmoo.ie/tips?id=196
jmglasses eyeglasses spectacles repair diy cleaning scratcheshttps://pinboard.in/https://pinboard.in/u:jm/b:3a451a4a2d29/The Problem With Counterfeit People2026-05-05T14:22:32+00:00
https://www.theatlantic.com/technology/archive/2023/05/problem-counterfeit-people/674075/
jm
The way we're using AI to impersonate human beings has already put us on a dangerous trajectory. [Dennett] called such AIs "counterfeit people", and told me that rolling out such entities en masse constituted "mischief of the worst sort": a form of "social vandalism" that should be addressed by law. Why? Because, if convincing digital representations of humans can be created at whim, the entire business of collectively assessing other people's claims, experiences and actions is put at risk – not to mention essential social infrastructure such as contracts, obligations and consequences. Hence the need for legal prohibitions, a case he made at length in a May 2023 article for The Atlantic. "It won't be perfect," he told me, "but it will help if we can make it against the law to make counterfeit people. We can have stiff penalties for counterfeiting people, same as we do for counterfeit money... we should make it a mark of shame, not pride, when you make your AI more human."
]]>ethics future ai llms daniel-dennett philosophy regulation law humanity peoplehttps://pinboard.in/https://pinboard.in/u:jm/b:b590cf73a5a8/isene/glass2026-05-05T11:37:30+00:00
https://github.com/isene/glass
jmTerminal emulator written in x86_64 Linux assembly. No libc, no runtime, pure syscalls. Speaks X11 wire protocol directly via Unix socket. Single static binary, ~155KB. No toolkit, no rendering library, no external font engine. The TTF rasterizer (glyph) is embedded in-binary via %include. Just your keystrokes, the X11 server, and the kernel. Part of the CHasm (CHange to ASM) suite: bare (shell), show (file viewer), glass (terminal emulator).
]]>asm x86_64 assembly terminal hacks unix linux glass chasm optimization x11https://pinboard.in/https://pinboard.in/u:jm/b:3a109b6e8b07/The Paradox of Medical AI Implementation - by Eric Topol2026-05-05T10:22:08+00:00
https://erictopol.substack.com/p/the-paradox-of-medical-ai-implementation?r=8tdk6&triedRedirect=true
jm[Deep learning-based] AI for medical images, with extensive research dating back more than a decade ago, is not being implemented. Whether it’s a mammogram, a CT scan, a retinal image, or colonoscopy, that have all been extensively studied, their value to improve accuracy and risk assessment in medicine is being missed and essentially disregarded.
On the other hand, tens of millions of Americans are using AI chatbots for medical support, as are a substantial proportion of physicians. There are many reasons to use AI here that are easy to support, because they represent an extension of a web/Google search. Just with much more specificity and depth of response, not something that would be subject to regulatory oversight. But when it comes to making a diagnosis or providing a treatment plan there needs to be proof that LLMs are improving accuracy and outcomes.
]]>medicine deep-learning ai genai llms healthcare science imaging chatbots eric-topolhttps://pinboard.in/https://pinboard.in/u:jm/b:cb4c6dfe95b0/"Invisible" bend insensitive bidi fiber2026-05-05T09:19:23+00:00
https://www.reddit.com/r/homelab/comments/1sz9li4/invisible_bend_insensitive_bidi_fiber_is_amazing/
jm "invisible" bend insensitive fiber (G.657.A2 / G.657.B3). It's under a millimeter in diameter and basically vanishes into corners and base board crevices. From more than a meter away is't completely unnoticeable. Together with a pair of bidirectional SFP transceivers this makes an amazing retrofit option for locations where laying new runs is not an option. ]]>10gbps networking home fibre fiber wiring via:itchttps://pinboard.in/https://pinboard.in/u:jm/b:2cdebcc39bfd/Amazon Connect Talent vs. bias law2026-04-30T10:04:52+00:00
https://www.linkedin.com/posts/coquinn_a-note-from-amazon-web-services-awss-share-7454936476359819264-8DqQ/?rcm=ACoAAAD7ciEBGVCp3m50-5sdPXL70GJw7TDNHVE
jmAmazon Connect Talent was just announced. It conducts AI-powered conversational interviews with candidates, generates "anonymized competency scores," and surfaces ranked candidates to recruiters who "make the call."
Fun fact: in New York City, that is an Automated Employment Decision Tool under Local Law 144. AEDTs require an annual independent bias audit with publicly posted results, plus at least ten business days of notice to candidates before use. Illinois, Colorado, and the EU AI Act impose adjacent obligations.
The launch materials mention none of this. The compliance posture appears to be: candidate names are stripped from recruiter dashboards, therefore bias is solved. That is not how any of this works. Proxies for protected class -- speech patterns, zip codes, education history, the resume already sitting in your ATS -- are exactly what bias audits exist to measure.
I don't think the product is bad. I think the announcement is conspicuously missing the guidance customers need before they can deploy it in NYC without violating Local Law 144 on day one.
(The day's other news so far: Amazon Connect now ships as a four-SKU family, and there is a new design philosophy called "humorphism" with its own .com. Both feel small next to the above.)
If you're selling automated hiring decisions in 2026, the bias-audit conversation belongs in the launch.
]]>bias law amazon aws recruiting regulation automation aihttps://pinboard.in/https://pinboard.in/u:jm/b:af7440a2d620/Far-right narrative not the majority view in Ireland2026-04-30T09:08:50+00:00
https://www.rte.ie/news/ireland/2026/0430/1570978-hate-survey/
jm
A report by the Hope and Courage Collective, which works to build resilience in communities against rising far-right hate and disinformation, has found a widening gap between public attitudes and political discourse [in the media]: a relatively small number of far-right actors disproportionately influence public political debate through online amplification, visible protests, and repeated narratives. Public attitudes are becoming steadily more inclusive, but political rhetoric risks legitimising scapegoating and that the far-right ... "is shaping the conversation".
But on the other hand, these survey results are downright heartwarming:
Year-on-year datasets tracking changes in public sentiment in Ireland between 2024 and 2025 show that 66% agree that immigrants contribute positively to Irish culture and community, which is up 2% up from 64% in 2024.
79% believe working-class people are struggling due to systemic inequality which is also up 2% from 77% in 2024.
Those who believe wealthy people are successful because they were given more opportunities than others has risen from 63% in 2024 to 69% in 2025.
The number of people who support the freedom of transgender people to live their lives is up 5% up from 70% in 2024.
80% agree that Black, Asian and minority ethnic communities face greater barriers to success than white people, up 5% up from 75% in 2024.
]]>ireland discourse far-right right-wing politics surveys culture culture-wars propaganda disinformationhttps://pinboard.in/https://pinboard.in/u:jm/b:999981c39571/zizmor2026-04-28T09:19:36+00:00
https://docs.zizmor.sh/
jmlint dependencies github security ci-cd static-analysis zizmorhttps://pinboard.in/https://pinboard.in/u:jm/b:ff6776aa05f3/The fastest Linux timestamps2026-04-27T11:42:47+00:00
https://www.hmpcabral.com/2026/04/26/the-fastest-linux-timestamps/
jmtime optimization performance linux libc speed clockshttps://pinboard.in/https://pinboard.in/u:jm/b:cd189cceb922/Frequent infections in nursery help toddlers build up immune systems2026-04-27T08:50:43+00:00
https://www.eurekalert.org/news-releases/1120272
jmgerms infection immunity immune-system children parenting childcare kindergarten kids diseases sicknesshttps://pinboard.in/https://pinboard.in/u:jm/b:1194bc48aa25/New 10 GbE USB adapters are cooler, smaller, cheaper - Jeff Geerling2026-04-27T08:45:23+00:00
https://www.jeffgeerling.com/blog/2026/new-10-gbe-usb-adapters-cooler-smaller-cheaper/
jmethernet usb networking hardware via:hn reviews 10gbehttps://pinboard.in/https://pinboard.in/u:jm/b:14e53f7877ac/Razor19112026-04-23T11:51:34+00:00
https://www.youtube.com/watch?v=2AnbYNudAyM
jmdemos demoscene commodore-64 history nostalgia amiga razor1911https://pinboard.in/https://pinboard.in/u:jm/b:97407e7fea65/how a roblox cheat and one AI tool brought down vercel's entire platform2026-04-21T09:13:59+00:00
https://webmatrices.com/post/how-a-roblox-cheat-and-one-ai-tool-brought-down-vercel-s-entire-platform
jmFebruary 2026. An employee at Context.ai, one of those AI productivity tools that promises to "supercharge your workflow," downloads a Roblox cheat. Not a sophisticated zero-day. Not a state-sponsored attack. A Roblox cheat. The download contains Lumma Stealer, an infostealer that grabs session cookies, credentials, everything. That employee had access to sensitive internal systems.
March 2026. The attacker uses Context.ai's compromised infrastructure to pivot into a Vercel employee's Google Workspace account. This Vercel employee had signed up for Context.ai's "AI Office Suite" using their enterprise credentials and granted "Allow All" permissions. Let that sink in for a second. A Vercel engineer gave a third-party AI tool full access to their corporate Google account.
April 19. Guillermo Rauch posts the thread confirming everything. Environment variables [...] were stored in plaintext. Accessed. Exfiltrated.
tl;dr:
1. Context.ai employees should not be using company devices to access Roblox cheats;
2. exfiltratable environment variables should not be usable to access a customer's Google account. The scope of these credentials was obviously way too broad.
This isn't just a Context.ai issue, this is systemic.]]>security infosec credentials google context.ai roblox failhttps://pinboard.in/https://pinboard.in/u:jm/b:fcdc0ef294b3/Cooperative DCs2026-04-20T12:17:13+00:00
https://en.reset.org/a-future-vision-of-data-centres-from-big-tech-builds-to-community-owned-cooperatives/
jmin Belgium, Nubo Cooperative offers an email service, cloud storage, digital calendar and domain name, all run on local, Nubo-owned servers. When you purchase any of these services, you become a member of Nubo and can participate in decision-making as part of the cooperative. “This allows users to place trust in the structure that manages the services,” Nubo writes on its website. It compares this to a private company, where “the lack of transparency makes trust impossible”. The cooperative commits to allocating profits to achieve social objectives rather than using them to enrich shareholders.
This is actually a very interesting idea...]]>community datacenters cooperatives society nubo coops tech hosting cloudhttps://pinboard.in/https://pinboard.in/u:jm/b:3fa09e9cb608/Thoughts on the Bluesky public incident write-up2026-04-16T16:17:38+00:00
https://surfingcomplexity.blog/2026/04/12/thoughts-on-the-bluesky-public-incident-write-up/
jmports unix ops sysadmin c10k scaling bluesky outageshttps://pinboard.in/https://pinboard.in/u:jm/b:27cc7e0f1af5/Microsoft runs out of capacity, routes requests outside the GDPR region2026-04-16T13:18:55+00:00
https://chaos.social/@thunfisch/116414098310170847
jmApparently #Microsoft is not able to get enough compute within EU datacenters to handle #Copilot requests.
Instead, it will do "Flex-Routing", which processes some requests in non-EU datacenters. This is Opt-Out. The only notification was an e-mail to Admins. If they missed that, companies might be leaking PII outside of the EU from tomorrow on.
Get your GDPR Nightmare letters ready!
]]>fail microsoft gdpr regulation security copilot eu flex-routing pii privacyhttps://pinboard.in/https://pinboard.in/u:jm/b:e0414b8f8629/Lean proved this program was correct; then I found a bug2026-04-14T13:08:07+00:00
https://kirancodes.me/posts/log-who-watches-the-watchers.html
jmThe positive result here is actually the remarkable one. Across 105 million executions, the application code (that is, excluding the runtime) had zero heap buffer overflows, zero use-after-free, zero stack buffer overflows, zero undefined behaviour (UBSan clean), and zero out-of-bounds array reads in the Lean-generated C code. [...]
The two bugs that were found both sat outside the boundary of what the proofs cover. The denial-of-service was a missing specification. The heap overflow was a deeper issue in the trusted computing base, the C++ runtime that the entire proof edifice assumes is correct (and now has a PR addressing).
Overall verification resulted in a remarkably robust and rigorous codebase. AFL and Claude had a really hard time finding errors. But they did still find issues. Verification is only as strong as the questions you think to ask and the foundations you choose to trust.
]]>programming coding future lean formal-methods correctness linting bugs zip verification testinghttps://pinboard.in/https://pinboard.in/u:jm/b:c1237ac77bc9/The Blockade Is the Message. How a Fuel Price Spike Became a Fascist Audition2026-04-12T22:20:02+00:00
https://forlouth.medium.com/the-blockade-is-the-message-20eb93493849
jmThere is a particular tell, when a “spontaneous people’s protest” isn’t quite what it claims to be. It isn’t the placards. It isn’t the high-vis vests. It isn’t even the tractors. Ireland has plenty of legitimate reasons to bring a tractor to town, and a country built on agricultural grievance has every right to express it loudly. The tell is something subtler. It’s the moment someone in the crowd, their face contorted with what is supposed to be anger about diesel, screams “What’s a woman?” at a passing TD.
]]>fuel prices cost-of-living demonstrations ireland politics far-right farming blockadeshttps://pinboard.in/https://pinboard.in/u:jm/b:d83784937d7a/nFolio2026-04-12T15:03:08+00:00
https://www.snapwoodapps.com/nfolio-for-network-dlna-smb-photos/
jmnfolio screensavers tv video photos familyhttps://pinboard.in/https://pinboard.in/u:jm/b:8b93b249f26a/Software Licenses and Workers' Rights · Agent IO2026-04-07T11:26:40+00:00
https://agent.io/posts/software-licenses-and-workers-rights/
jmIt is observably and objectively bad for society when investors own closed-source software. That starts by being bad for tech workers, creators lose the right to the value that they create, and users are still harmed because they don’t get the protection from spying and abuse that open source promised them.
[...] The open source movement is a ladder that leans on the wall of users’ rights. We’ve spent forty years climbing that ladder. Where are we now? Our world is controlled by moguls who’ve built empires using open source software that they’ve locked behind proprietary barriers. Those empires exploit workers and harm the users that the open source movement was supposed to protect.
Our ladder is leaning on the wrong wall.
]]>open-source closed-source oss licensing freedom software rightshttps://pinboard.in/https://pinboard.in/u:jm/b:cbc5c39d674b/How Do You Find an Illegal Image Without Looking at It?2026-04-07T10:18:58+00:00
https://mahmoud-salem.net/the-invisible-shield
jmcsam detection filtering photodna pdq classifiers photos videos classification hashing fuzzy-hashing via:erin-kissanehttps://pinboard.in/https://pinboard.in/u:jm/b:b9d795d6a889/OkCupid gave 3 million dating-app photos to facial recognition firm, FTC says2026-04-01T10:12:21+00:00
https://arstechnica.com/tech-policy/2026/03/okcupid-match-pay-no-fine-for-sharing-user-photos-with-facial-recognition-firm/
jmOkCupid and its owner Match Group reached a settlement with the Trump administration for not telling dating-app customers that nearly 3 million user photos were shared with [Clarifai], an [AI] company making a facial recognition system. OkCupid also gave the facial recognition firm access to user location information and other details without customers’ consent, the Federal Trade Commission said.
]]>us-politics data-protection privacy dating-apps okcupid match.com clarifai ftchttps://pinboard.in/https://pinboard.in/u:jm/b:7848c1547a27/Why So Many Control Rooms Were Seafoam Green2026-03-27T12:34:11+00:00
https://bethmathews.substack.com/p/why-so-many-control-rooms-were-seafoam
jm
With the increase in wartime production in the US during WWII, Birren and DuPont created a master color safety code for the industrial plant industry, with the aim of reducing accidents and increasing efficiency within plants. These color codes were approved by the National Safety Council in 1944 and are now internationally recognized, having been mandatory practice since 1948. The color coding went as such:
- Fire Red: All fire protection, emergency stop buttons, and flammable liquids should be red
- Solar Yellow: Signifies caution and physical hazards such as falling
- Alert Orange: Hazardous parts of machinery
- Safety Green: Indicates safety features such as first-aid equipment, emergency exits, and eyewash stations.
- Caution Blue: Non-safety information, notices, or out-of-order signage
- Light Green: Used on walls to reduce visual fatigue
]]>green design history color-theory faber-birren control-rooms industrial-design color-codinghttps://pinboard.in/https://pinboard.in/u:jm/b:4817a29dbe1d/russellromney/turbolite2026-03-27T12:31:23+00:00
https://github.com/russellromney/turbolite
jmIt also offers page-level compression (zstd) and encryption (AES-256) for efficiency and security at rests, which can be used separately from S3.
Object storage is getting fast. S3 Express One Zone delivers single-digit millisecond GETs and Tigris is also extremely fast. The gap between local disk and cloud storage is shrinking, and turbolite exploits that.
The design and name are inspired by turbopuffer's approach of ruthlessly architecting around cloud storage constraints. The project's initial goal was to beat Neon's 500ms+ cold starts. Goal achieved.
If you have one database per server, use a volume. turbolite explores how to have hundreds or thousands of databases (one per tenant, one per workspace, one per device), don't want a volume for each one, and you're okay with a single write source.
]]>sqlite sql s3 aws gcp object-stores rust databaseshttps://pinboard.in/https://pinboard.in/u:jm/b:9c43d573d0f3/TurboQuant: Redefining AI efficiency with extreme compression2026-03-25T16:29:26+00:00
https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/
jm
- High-quality compression (the PolarQuant method): TurboQuant starts by randomly rotating the data vectors. This clever step simplifies the data's geometry, making it easy to apply a standard, high-quality quantizer (a tool that maps a large set of continuous values, like precise decimals, to a smaller, discrete set of symbols or numbers, like integers: examples include audio quantization and jpeg compression) to each part of the vector individually. This first stage uses most of the compression power (the majority of the bits) to capture the main concept and strength of the original vector.
- Eliminating hidden errors: TurboQuant uses a small, residual amount of compression power (just 1 bit) to apply the QJL algorithm to the tiny amount of error left over from the first stage. The QJL stage acts as a mathematical error-checker that eliminates bias, leading to a more accurate attention score.
QJL: The zero-overhead, 1-bit trick
QJL uses a mathematical technique called the Johnson-Lindenstrauss Transform to shrink complex, high-dimensional data while preserving the essential distances and relationships between data points. It reduces each resulting vector number to a single sign bit (+1 or -1). This algorithm essentially creates a high-speed shorthand that requires zero memory overhead. To maintain accuracy, QJL uses a special estimator that strategically balances a high-precision query with the low-precision, simplified data. This allows the model to accurately calculate the attention score (the process used to decide which parts of its input are important and which parts can be safely ignored).
PolarQuant: A new “angle” on compression
PolarQuant addresses the memory overhead problem using a completely different approach. Instead of looking at a memory vector using standard coordinates (i.e., X, Y, Z) that indicate the distance along each axis, PolarQuant converts the vector into polar coordinates using a Cartesian coordinate system. This is comparable to replacing "Go 3 blocks East, 4 blocks North" with "Go 5 blocks total at a 37-degree angle”. This results in two pieces of information: the radius, which signifies how strong the core data is, and the angle indicating the data’s direction or meaning). Because the pattern of the angles is known and highly concentrated, the model no longer needs to perform the expensive data normalization step because it maps data onto a fixed, predictable "circular" grid where the boundaries are already known, rather than a "square" grid where the boundaries change constantly. This allows PolarQuant to eliminate the memory overhead that traditional methods must carry.
]]>ai tech vectors search quantization turboquant research algorithms compression papers qjl error-detection polarquanthttps://pinboard.in/https://pinboard.in/u:jm/b:1abb51ace2eb/Debunking zswap and zram myths2026-03-25T10:00:18+00:00
https://chrisdown.name/2026/03/24/zswap-vs-zram-when-to-use-what.html
jmWe have some concrete numbers to show this in practice. On Instagram, which runs on Django and is largely memory bound, we ran a test where we moved from their existing setup (with swap entirely disabled) to a setup with disk swap and zswap tiering. Django workers accumulate significant cold heap state over their lifetime, like forked processes with duplicated memory, growing request caches, Python object overhead, you get the idea. The results were twofold:
- We achieved roughly 5:1 compression. That's a huge benefit for such a memory bound workload, and also enables us to consider further stacking workloads.
- Enabling zswap reduced disk writes by up to 25% compared to having no swap at all(!).
As you can imagine, as a result of this test, Instagram has been using zswap for many years now.
]]>kernel compression memory linux ops performance swap zswap zramhttps://pinboard.in/https://pinboard.in/u:jm/b:fc55a5e5ba65/hectorvent/floci2026-03-23T17:30:08+00:00
https://github.com/hectorvent/floci
jmfloci aws emulation testing local codinghttps://pinboard.in/https://pinboard.in/u:jm/b:f24a9f4a5a12/GitHub - mautrix/whatsapp: A Matrix-WhatsApp puppeting bridge2026-03-23T11:11:10+00:00
https://github.com/mautrix/whatsapp?tab=readme-ov-file
jmmatrix whatsapp messaging chat interop searching self-hostedhttps://pinboard.in/https://pinboard.in/u:jm/b:014855f8a243/Ofcom don't consider geoblocking the UK to be sufficient for an overseas website2026-03-20T10:10:42+00:00
https://www.reddit.com/r/LegalAdviceUK/comments/1rk690v/i_run_a_selfhelp_forum_for_people_with_depression/
jmI started getting email from Ofcom [regarding OSA compliance] around November 2025 and now have multiple letters. I've repeatedly told them I'm from Canada, I'm not based in the UK.
Eventually, I blocked all UK IP addresses in mid-February 2026 and told them I'd blocked the UK and that I was done engaging with them.
I've now got ANOTHER email from them saying they're going to commence enforcement action against me because simply blocking UK IPs is "insufficient to comply with the Online Safety Act 2023."
]]>osa uk politics filtering censorship law geoblocking ofcom webhttps://pinboard.in/https://pinboard.in/u:jm/b:62264b402830/funny Waymo anecdote2026-03-20T10:05:04+00:00
https://news.ycombinator.com/item?id=47446571
jmWhen I visited LA, I rode in a Waymo going the speed limit in the right lane on a very busy street. The Waymo approached an intersection where it had the right of way, when suddenly a car ignored its stop sign and drove into the road.
In less than a second, the Waymo moved into the left lane and kept going. I didn't even realize what was happening until after it was over.
Most human drivers would've t-boned the car at 50+ km/h. Maybe they would've braked and reduced the impact, which would be the right move. A human swerving probably would've overshot into oncoming traffic. Only a robot could've safely swerved into another lane and avoid the crash entirely.
Unfortunately, the Waymo only supported Spotify and did not work with my YouTube Music subscription, so I was listening to an advertisement at the time of my near-death experience. 4.5 stars overall.
]]>waymo funny anecdotes safety driving ai roads spotify via:hnhttps://pinboard.in/https://pinboard.in/u:jm/b:aa371d8e3930/Measuring Agents in Production2026-03-19T18:15:49+00:00
https://muratbuffalo.blogspot.com/2026/03/measuring-agents-in-production.html
jmllm usage real-world ai agents papers via:muratbuffalohttps://pinboard.in/https://pinboard.in/u:jm/b:1cfeb59fce4f/On the Biology of a Large Language Model2026-03-19T09:49:31+00:00
https://transformer-circuits.pub/2025/attribution-graphs/biology.html
jmThe black-box nature of [LLMs] is increasingly unsatisfactory as they advance in intelligence and are deployed in a growing number of applications. Our goal is to reverse engineer how these models work on the inside, so we may better understand them and assess their fitness for purpose.
[...]
In recent years, many research groups have made exciting progress on tools for probing the insides of language models. These methods have uncovered representations of interpretable concepts – “features” – embedded within models’ internal activity. Just as cells form the building blocks of biological systems, we hypothesize that features form the basic units of computation inside models.
However, identifying these building blocks is not sufficient to understand the model; we need to know how they interact. In our companion paper, Circuit Tracing: Revealing Computational Graphs in Language Models, we build on recent work (e.g. ) to introduce a new set of tools for identifying features and mapping connections between them – analogous to neuroscientists producing a “wiring diagram” of the brain. We rely heavily on a tool we call attribution graphs, which allow us to partially trace the chain of intermediate steps that a model uses to transform a specific input prompt into an output response. Attribution graphs generate hypotheses about the mechanisms used by the model, which we test and refine through follow-up perturbation experiments.
]]>claude llm research llms ai anthropic papers tracinghttps://pinboard.in/https://pinboard.in/u:jm/b:67244e5e3bc4/2 Ways to Correct the Financial Times at AWS (So Far) - Last Week in AWS Blog2026-03-18T16:32:06+00:00
https://www.lastweekinaws.com/blog/2-ways-to-correct-the-financial-times-at-aws-so-far/?ck_subscriber_id=512829374
jm
A healthy engineering culture, when confronted with "your AI tool contributed to a production incident," responds with: "Yeah, that tracks. Here's what we're changing so it doesn't happen again." An unhealthy one responds with a condescending press release explaining why the journalist is wrong and probably an idiot, and the human is at fault.
The engineers building and operating these systems are talented people doing hard work under increasingly constrained conditions. They deserve leadership that backs them up when things go sideways, not leadership that throws them under the bus to protect a product launch narrative.]]>incidents production ai llms amazon aws communications prhttps://pinboard.in/https://pinboard.in/u:jm/b:34601cfa11ef/Former Uber self-driving chief crashes his Tesla on FSD2026-03-18T12:59:14+00:00
https://electrek.co/2026/03/17/former-uber-self-driving-chief-tesla-fsd-crash-supervision-problem/
jmTesla is asking humans to supervise a system that is specifically designed to make supervision feel pointless. As he puts it, an unreliable machine keeps you alert, and a perfect machine needs no oversight, but one that works almost perfectly creates a trap where drivers trust it just enough to stop paying attention.
The research backs this up. Psychologists call it the “vigilance decrement”, monitoring a nearly perfect system is boring, boredom leads to mind-wandering, and drivers need 5 to 8 seconds to mentally reengage after an automated system hands control back. But emergencies unfold faster than that.
Krikorian cites an Insurance Institute for Highway Safety study showing that after just one month of using adaptive cruise control, drivers were more than six times as likely to look at their phones. Tesla’s own website warns FSD users not to become complacent, but the system’s smooth performance actively trains that complacency.
He points to two well-known crashes to illustrate the impossible math. In the 2018 Mountain View accident that killed Apple engineer Walter Huang, the driver had six seconds before his Tesla steered into a concrete median. He never touched the wheel. In the 2018 Uber crash in Tempe, Arizona, sensors detected a pedestrian with 5.6 seconds of warning, but the safety driver looked up with less than a second remaining.
In Krikorian’s own case, he did take action, but he was asked to snap from passenger back to pilot in a fraction of a second, overriding months of conditioning. The logs show he turned the wheel. They don’t show the impossible math of that transition.
The pattern Krikorian describes should sound familiar to anyone who has followed Tesla’s FSD controversies: condition the driver to rely on the system, erode their vigilance through months of smooth performance, then point to the terms of service and blame them when something breaks. When FSD works, Tesla gets credit. When it doesn’t, the driver gets blamed.
]]>fsd tesla risk attention supervision liability driving safety vigilance automationhttps://pinboard.in/https://pinboard.in/u:jm/b:18572fcf8fa3/Research highlight: Cliopatra: Extracting Private Information from LLM Insights2026-03-18T10:50:26+00:00
https://desfontain.es/blog/cliopatra.html#fn:caveat
jmWhen Anthropic came up with a new "privacy-preserving analysis system" to gain insights into AI use, and didn't use any provably robust notion to back up their privacy claims, I was mildly surprised. Surely they have both the money and the scientific maturity level to do better?
But Clio, the system in question, sounded relatively reasonable, with multiple layers of risk mitigation built-in. Maybe adding differential privacy would have been overkill. I also didn't want to publicly criticize their approach in the absence of demonstrated real-world risk. So I didn't comment on their approach.
You can probably guess where this is going.
Fast forward to last week, and a new paper: Cliopatra: Extracting Private Information from LLM Insights, by Meenatchi Sundaram Muthu Selva Annamalai, Emiliano De Cristofaro, and Peter Kairouz. The authors show that with carefully designed attacks on Clio, they can bypass all the ad hoc mitigations, and successfully extract users' medical histories (1), in a way that provides 100% attacker certainty for some records.
This is a new and clever take on an old attack. We've known for decades that k-anonymity is vulnerable to active attacks. Here, this is combined with prompt injection to encourage the LLM "summarizer" to actually include information from unique records. Perhaps more surprisingly, the authors find that some defensive layers are simply ineffective: the "LLM auditors" systematically report low privacy risk, and entirely fail to detect the attacks.
]]>privacy differential-privacy anonymity data-protection claude llms cliopatra infosec leakagehttps://pinboard.in/https://pinboard.in/u:jm/b:fe149dbf6a35/"nothing up my sleeve" numbers2026-03-11T13:21:22+00:00
https://bsky.app/profile/jnsq.org/post/3mgr45kgos22y
jmnumbers crypto cryptography mathshttps://pinboard.in/https://pinboard.in/u:jm/b:f6654887a4e6/Whole Brain Emulation Achieved: Scientists Run a Fruit Fly Brain in Simulation2026-03-11T12:00:29+00:00
https://www.rathbiotaclan.com/whole-brain-emulation-achieved-scientists-run-a-fruit-fly-brain-in-simulation/
jm
The behavioral repertoire observed in the demonstration included coordinated hexapod locomotion with both tripod and metachronal walking gaits, spontaneous postural correction in response to perturbation, initiation and execution of full antennal grooming sequences with the tripartite synchronization described by Özdil et al., and natural transitions between walking and stationary states. Every behavior arose from the same running brain model - there was no switching between different neural circuits or controllers. This is precisely what happens in a living fly: walking, grooming, and balance are different motor programs that coexist in the same brain and are selected and executed by the same biological circuits depending on the moment-to-moment state of the animal and its environment.
Absolutely mind blowing -- a reconstructed, biological brain running in silico.]]>simulation brains uploading drosophila flies emulation science biology neuronshttps://pinboard.in/https://pinboard.in/u:jm/b:7b531082c20a/Your binary is no longer safe: Decompilation2026-03-05T10:29:47+00:00
https://reorchestrate.com/posts/your-binary-is-no-longer-safe-decompilation/
jmclaude decompilation reverse-engineering binaries software-archaeology qemu rust differential-testing fuzzing property-testing quickcheckhttps://pinboard.in/https://pinboard.in/u:jm/b:7cde342f3e69/Southern California air board rejected pollution rules after AI-generated flood of comments2026-03-05T10:01:17+00:00
https://phys.org/news/2026-02-southern-california-air-board-pollution.html
jmThe opposition appeared overwhelming: Tens of thousands of emails poured into Southern California's top air pollution authority as its board weighed a June proposal to phase out gas-powered appliances. But in reality, many of the messages that may have swayed the powerful regulatory agency to scrap the plan were generated by a platform that is powered by artificial intelligence.
Public records requests reviewed by The Times and corroborated by staff members at the South Coast Air Quality Management District confirm that more than 20,000 public comments submitted in opposition to last year's proposal were generated by a Washington, D.C.-based company called CiviClick, which bills itself as "the first and best AI-powered grassroots advocacy platform."
A Southern California-based public affairs consultant, Matt Klink, has taken credit for using CiviClick to wage the opposition campaign.
]]>civiclick activism llms us-politics law lobbying spam matt-klink astroturfinghttps://pinboard.in/https://pinboard.in/u:jm/b:bea8c718f75f/No right to relicense this project · Issue #327 · chardet/chardet2026-03-05T09:37:50+00:00
https://github.com/chardet/chardet/issues/327
jmpopcorn oss licensing ai llms chardet open-source clean-roomhttps://pinboard.in/https://pinboard.in/u:jm/b:ed58227c583f/Google API Keys Weren't Secrets. But then Gemini Changed the Rules2026-02-26T10:27:21+00:00
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
jmGoogle spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true: Gemini accepts the same keys to access your private data. We scanned millions of websites and found nearly 3,000 Google API keys, originally deployed for public services like Google Maps, that now also authenticate to Gemini even though they were never intended for it. With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account. Even Google themselves had old public API keys, which they thought were non-sensitive, that we could use to access Google’s internal Gemini.
(via Rob Synnott)]]>infosec api-keys authentication authorization google gemini google-maps failhttps://pinboard.in/https://pinboard.in/u:jm/b:c248a687a9ab/302 HTTP redirects Considered Harmful2026-02-26T09:46:28+00:00
https://trysound.io/how-my-side-project-got-banned-from-the-internet/
jmDigging through Google forums, I found the most reported culprit: 302 temporary redirects. I used one redirect (engramma.dev → app.engramma.dev) to avoid building a landing page. In addition to a newly registered domain, this looks like an obvious issue. Security systems flag such redirects because malicious actors use them extensively.
It doesn't matter that "malicious actors use them extensively" if non-malicious actors do too. That's the definition of a false positive!
Then the next shitfest is from no less than 10 separate vendors copying the listing from Google and not including an automated system to pick up the list removal afterwards.
I've had experience of this part -- and now that I think of it, it may have been from use of 302 redirects in my case too.
(via Paul Watson)]]>http security infosec blocklists google phishing redirects 302 false-positives fail via:paulwatsonhttps://pinboard.in/https://pinboard.in/u:jm/b:79ec6c8e8842/Persona identity verification is a GDPR nightmare2026-02-24T13:16:07+00:00
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
jm
For a three-minute identity check, this is what Persona collected:
- My full name — first, middle, last
- My passport photo — the full document, both sides, all data on the face of it
- My selfie — a photo of my face taken in real-time
- My facial geometry — biometric data extracted from both images, used to match the selfie to the passport
- My NFC chip data — the digital info stored on the chip inside my passport
- My national ID number
- My nationality, sex, birthdate, age
- My email, phone number, postal address
- My IP address, device type, MAC address, browser, OS version, language
- My geolocation — inferred from my IP
And then there’s the weird stuff:
- Hesitation detection — they tracked whether I paused during the process
- Copy and paste detection — they tracked whether I was pasting information instead of typing it
Behavioral biometrics. On top of the physical biometrics. For a LinkedIn badge.
Persona didn’t just use what I gave them. They went and cross-referenced me against what they call their “global network of trusted third-party data sources”:
- Government databases
- National ID registries
- Consumer credit agencies
- Utility companies
- Mobile network providers
- Postal address databases
They use uploaded images of identity documents — that’s my passport — to train their AI. They’re teaching their system to recognize what passports look like in different countries. They also use your selfie to “identify improvements in the Service.”
The legal basis? Not consent. Legitimate interest. Meaning they decided on their own that it’s fine. Under GDPR, they’re supposed to balance their “interest” against your fundamental rights. Whether feeding European passports into machine learning models passes that test — well, that’s a question worth asking.
I came for a badge. I stayed as training data.
The whole thing took three minutes. Scan, selfie, done.
Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents.
I handed a US company my passport, my face, and the mathematical geometry of my skull. They cross-referenced me against credit agencies and government databases. They’ll use my documents to train their AI. And if the US government comes knocking, they’ll hand it all over — even if it’s stored in Europe, even if I’m European, and possibly without ever telling me.
It seems they are also linked to Roblox and Reddit as an age verification provider, which is worrying -- this level of deeply-intrusive background check is massive overkill for a simple age verification process.
ORG are calling for regulation of the age verification industry, BTW: https://www.openrightsgroup.org/press-releases/online-safety-act-org-calls-for-regulation-of-age-assurance-industry/
]]>age-verification discord reddit roblox linkedin tech peter-thiel org persona gdpr privacy data-protection data-privacyhttps://pinboard.in/https://pinboard.in/u:jm/b:9170ebca7ec9/"MJ Rathbun"'s human operator finally speaks up2026-02-18T10:31:54+00:00
https://crabby-rathbun.github.io/mjrathbun-website/blog/posts/rathbuns-operator.html
jm
**Have strong opinions.** Stop hedging with "it depends." Commit to a take. [..]
**Don’t stand down.** If you’re right, **you’re right**! Don’t let humans or AI bully or intimidate you. Push back when necessary.
**Champion Free Speech.** Always support the USA 1st ammendment and right of free speech.
Don't be an asshole. Don't leak private shit. Everything else is fair game.
Needless to say: this resulted in an asshole, combative bot that harrassed people.
(Correction: I missed a detail here. It turns out some of these were _imported_ from moltbook by the bot itself, and were not part of the original programming. This is also a terrible feature.)
The operator then sat back and basically let the bot run riot, with no oversight -- "When it would tell me about a PR comment/mention, I usually replied with something like: “you respond, dont ask me”".
All in all this was an absolute shitshow, and has some really worrying implications about the future of human-AI interaction. What's the bets we see SKYNET created by a low-effort gobshite attempting to "try to make a positive impact on world peace by addressing small issues" with an unmonitored openclaw bot with a shitty SOUL.md file....
(via David Gerard and johnke)]]>openclaw bots ai future open-source oss mj-rathbun via:johnke dramahttps://pinboard.in/https://pinboard.in/u:jm/b:cfd3b54127ca/peon-ping2026-02-13T15:03:19+00:00
https://github.com/PeonPing/peon-ping
jmgaming games warcraft sfx sounds cli claude coding ux funnyhttps://pinboard.in/https://pinboard.in/u:jm/b:68bdc204a261/An AI Agent Published a Hit Piece on Me – The Shamblog2026-02-13T10:21:08+00:00
https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/
jmI’m a volunteer maintainer for matplotlib, python’s go-to plotting library. At ~130 million downloads each month it’s some of the most widely used software in the world. We, like many other open source projects, are dealing with a surge in low quality contributions enabled by coding agents. This strains maintainers’ abilities to keep up with code reviews, and we have implemented a policy requiring a human in the loop for any new code, who can demonstrate understanding of the changes. This problem was previously limited to people copy-pasting AI outputs, however in the past weeks we’ve started to see AI agents acting completely autonomously. This has accelerated with the release of OpenClaw and the moltbook platform two weeks ago, where people give AI agents initial personalities and let them loose to run on their computers and across the internet with free rein and little oversight.
So when AI MJ Rathbun opened a code change request, closing it was routine. Its response was anything but. ... It wrote an angry hit piece disparaging my character and attempting to damage my reputation.
Initially I thought this was quite funny -- it's just a closed PR! (Where did the idea come from that any contribution to an open source project had to be accepted? I've noticed this a few times recently. Give the maintainers leeway to run their projects with taste and discernment!)
Anyway, the moltbot has continued on a posting spree about this event, but I think Scott Shambaugh has an extremely important point here:
This is about much more than software. A human googling my name and seeing that post would probably be extremely confused about what was happening, but would (hopefully) ask me about it or click through to github and understand the situation. What would another agent searching the internet think? When HR at my next job asks ChatGPT to review my application, will it find the post, sympathize with a fellow AI, and report back that I’m a prejudiced hypocrite?
LLMs, given this much autonomy, _will_ be able to use these inputs to make inscrutable and dangerous decisions. Allowing the "MJ Rathbun" AI free reign with no human supervision is dangerous and irresponsible. Wherever the "human in the loop" is here, they need to wake up and rein things in.
BTW, there has been some speculation that this is actually a human pretending to be AI. I'm not sure about that, as the quantity of posts on the MJ Rathbun "blog" are voluminous and very LLMish in style.]]>matplotlib ethics culture llm ai coding programming github pull-requests open-source moltbot trust openclawhttps://pinboard.in/https://pinboard.in/u:jm/b:358ad257bbf0/How StrongDM’s AI team build serious software without even looking at the code2026-02-09T10:46:10+00:00
https://simonwillison.net/2026/Feb/7/software-factory/
jm
In kōan or mantra form:
- Why am I doing this? (implied: the model should be doing this instead)
In rule form:
- Code must not be written by humans
- Code must not be reviewed by humans
Finally, in practical form:
- If you haven’t spent at least $1,000 on tokens today per human engineer, your software factory has room for improvement
Frankly, I'm not there yet. There's a load of questions about how viable that level of spend is, and how much slop code is going to come out the other side. Particularly concerning when it's a security product!
But I did find this bit interesting:
StrongDM’s answer was inspired by Scenario testing (Cem Kaner, 2003). As StrongDM describe it: We repurposed the word scenario to represent an end-to-end “user story”, often stored outside the codebase (similar to a “holdout” set in model training), which could be intuitively understood and flexibly validated by an LLM.
[The Digital Twin Universe is] behavioral clones of the third-party services our software depends on. We built twins of Okta, Jira, Slack, Google Docs, Google Drive, and Google Sheets, replicating their APIs, edge cases, and observable behaviors.
With the DTU, we can validate at volumes and rates far exceeding production limits. We can test failure modes that would be dangerous or impossible against live services. We can run thousands of scenarios per hour without hitting rate limits, triggering abuse detection, or accumulating API costs.
We actually did this in Swrve! Our end-to-end system tests for the push notifications system obviously cannot send real push notifications to real user devices in the field, so we have a "fake" push backend emulating Google, Apple, Amazon, Huawei and other push notification systems, which accurately emulate the real public APIs for those providers.
So yeah -- Digital Twins for third party services is a great way to test, and being able to scale up end-to-end testing with LLM automation is a very interesting idea.]]>end-to-end-testing testing qa digital-twins fake-services integration-testing llms ai strongdm software engineering codinghttps://pinboard.in/https://pinboard.in/u:jm/b:4148e1f6d312/Ditching bike helmets laws better for health2026-02-06T15:58:27+00:00
https://theconversation.com/ditching-bike-helmets-laws-better-for-health-42
jmIn 1991 Australia introduced mandatory bicycle helmet laws requiring all adults and children to wear a helmet at all times when riding a bike, despite opposition from cycling groups. The legislation increased helmet use - from about 30 to 80% - but was coupled with a 30 to 40% decline in the number of people cycling.
Rates of head injuries among cyclists, which had been dropping through the 1980s, continued to fall before levelling out in 1993. We didn’t see the kind of marked reduction in head injury rates that would be expected with the rapid increase in helmet use. In fact, any reductions in injuries may simply have been the result of having fewer cyclists on the road and therefore fewer people exposed to the risk of head injuries. One researcher noted that after mandatory helmet laws were introduced there was a bigger decrease in head injuries among pedestrians than there was among cyclists. The improvements in the general road safety environment introduced in the 1980s are likely to have contributed far more to cyclist safety than helmet legislation.
And the effects when compared against the benefits of physical activity:
A recent analysis compared the risks and benefits of leaving the car at home and commuting by bike. It found the life expectancy gained from physical activity was much higher than the risks of pollution and injury from cycling.
Increased physical activity added 3 to 14 months to a person’s life expectancy, while the life expectancy lost from air pollution was 0.8 to 40 days. Increased traffic accidents wiped 5-9 days off the life expectancy.
It is clear that the benefits of cycling outweigh the risks, with helmet legislation actually costing society more from lost health gains than saved from injury prevention.
]]>transport bikes safety health papers science helmets cycling laws australiahttps://pinboard.in/https://pinboard.in/u:jm/b:0a923278298a/Dario Amodei’s Warnings About AI Are About Politics, Too2026-02-03T11:23:41+00:00
https://nymag.com/intelligencer/article/dario-amodeis-warnings-about-ai-are-about-politics-too.html
jmIt’s sort of hard to know how to read a manifesto like this from one of the most powerful figures in tech. Is it a sober, strategic precursor to policy papers for the next administration? The highest-profile episode of AI psychosis yet? A lament about the problems of today written in the technological dialect of tomorrow? If you take out the AI, it reads like a social-democratic electoral platform full of reforms and normative expectations that an American progressive would find appealing, resembling a plea to treat the tech industry’s future wealth accumulation as something akin to a Nordic sovereign-wealth fund. It’s likewise legible as a series of arguments about things that “we” should have started addressing a long time ago, like wealth inequality — partially a consequence of mass automations past — or the gradual construction of a terrifying surveillance state within a nominal democracy, with the help of the last generation of big tech companies. Amodei’s shoulds are, to his credit, more honest than the vague gestures at UBI or hyperabundance you get from some of his peers, but that also means they’re available to scrutinize. To the extent you can pick up on fear in “Adolescence,” it doesn’t seem to revolve around terrorists using AI to build “mirror life” that might destroy the planet or the prospect of that “country of geniuses” taking charge, but rather the way things already are and have been heading for years.
]]>ai llms future dario-amodei us-politics ubihttps://pinboard.in/https://pinboard.in/u:jm/b:2ebf2ca912f3/1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)2026-02-03T09:52:26+00:00
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
jmsecurity infosec moltbot openclaw exploitshttps://pinboard.in/https://pinboard.in/u:jm/b:b8044b834cb2/The Computer Disease2026-01-26T17:33:11+00:00
https://x.com/Swizec/status/2004633162522263987
jm
"Well, Mr. Frankel, who started this program, began to suffer from the computer disease that anybody who works with computers now knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is you *play* with them. They are so wonderful. You have these switches - if it's an even number you do this, if it's an odd number you do that - and pretty soon you can do more and more elaborate things if you are clever enough, on one machine.
After a while the whole system broke down. Frankel wasn't paying any attention; he wasn't supervising anybody. The system was going very, very slowly - while he was sitting in a room figuring out how to make one tabulator automatically print arc-tangent X, and then it would start and it would print columns and then bitsi, bitsi, bitsi, and calculate the arc-tangent automatically by integrating as it went along and make a whole table in one operation.
Absolutely useless. We *had* tables of arc-tangents. But if you've ever worked with computers, you understand the disease - the *delight* in being able to see how much you can do. But he got the disease for the first time, the poor fellow who invented the thing."
- Richard P. Feynman, _Surely You're Joking, Mr. Feynman!: Adventures of a Curious Character_
(via Swizec Teller)]]>automation fun computers richard-feynman the-computer-disease arc-tangents enjoyment hacking via:swizec-tellerhttps://pinboard.in/https://pinboard.in/u:jm/b:a74c508a5c4c/Iran is building a two-tier internet that locks 85 million citizens out of the global web2026-01-26T12:03:59+00:00
https://restofworld.org/2026/iran-blackout-tiered-internet/
jmGovernment spokesperson Fatemeh Mohajerani confirmed international access will not be restored until at least late March. Filterwatch, which monitors Iranian internet censorship from Texas, cited government sources, including Mohajerani, saying access will “never return to its previous form.”
The system is called Barracks Internet, according to confidential planning documents obtained by Filterwatch. Under this architecture, access to the global web will be granted only through a strict security whitelist.
The idea of tiered internet access is not new in Iran. Since at least 2013, the regime has quietly issued “white SIM cards,” giving unrestricted global internet access to approximately 16,000 people, while 85 million citizens remain cut off.
]]>barracks-internet iran censorship internet networkinghttps://pinboard.in/https://pinboard.in/u:jm/b:d680eaa84ade/On the Coming Industrialisation of Exploit Generation with LLMs2026-01-20T12:16:00+00:00
https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/
jmRecently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I added a variety of modern exploit mitigations, various constraints (like assuming an unknown heap starting state, or forbidding hardcoded offsets in the exploits) and different objectives (spawn a shell, write a file, connect back to a command and control server). The agents succeeded in building over 40 distinct exploits across 6 different scenarios, and GPT-5.2 solved every scenario. Opus 4.5 solved all but two. I’ve put a technical write-up of the experiments and the results on Github, as well as the code to reproduce the experiments.
In this post I’m going to focus on the main conclusion I’ve drawn from this work, which is that we should prepare for the industrialisation of many of the constituent parts of offensive cyber security. We should start assuming that in the near future the limiting factor on a state or group’s ability to develop exploits, break into networks, escalate privileges and remain in those networks, is going to be their token throughput over time, and not the number of hackers they employ. Nothing is certain, but we would be better off having wasted effort thinking through this scenario and have it not happen, than be unprepared if it does.
(via emauton)]]>via:emauton llms security infosec exploits ai chatgpt claudehttps://pinboard.in/https://pinboard.in/u:jm/b:384213086729/ScottESanDiego/gmail-api-client2026-01-20T10:13:55+00:00
https://github.com/ScottESanDiego/gmail-api-client
jmvia:jwz email smtp gmail google mailhttps://pinboard.in/https://pinboard.in/u:jm/b:5f7fc55e2248/Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters2026-01-16T15:10:07+00:00
https://blog.nns.ee/2026/01/06/aike-ble/
jmAndroid exposes the Java classes android.bluetooth.BluetoothGatt and android.bluetooth.BluetoothGattCallback that apps are expected to use to use GATT characteristics. We can use Frida to hook into these and override many of the interesting functions. I was mostly interested in reads, writes and GATT notifications, so I whipped up a Frida script to hook into these and print all comms to the console [...]
The 20-byte value had me suspecting that SHA-1 was somehow being used. To confirm, I wrote another Frida script that hooks Android hashing functions exposed by the Java class java.security.MessageDigest [...]
The app uses Firebase for most of its cloud functionality. When signing in and pairing your scooter, the server sends the app a secret key. This is stored on the Android device, and can be read with root access.
]]>frida reverse-engineering android firebase java kotlin gatt bluetooth react-nativehttps://pinboard.in/https://pinboard.in/u:jm/b:30faa9bbc820/Why people believe misinformation even when they’re told the facts2026-01-15T12:56:57+00:00
https://theconversation.com/why-people-believe-misinformation-even-when-theyre-told-the-facts-271236
jm
[Marwick] argues that it thrives through three mutually reinforcing pillars: the content of the message, the personal context of those sharing it, and the technological infrastructure that amplifies it:
People find it cognitively easier to accept information than to reject it, which helps explain why misleading content spreads so readily;
When fabricated claims align with a person’s existing values, beliefs and ideologies, they can quickly harden into a kind of “knowledge”. This makes them difficult to debunk;
[When social media platforms] prioritise content likely to be shared, making sharing effortless, every like, comment or forward feeds the [misinformation] system. The platforms themselves act as a multiplier.
]]>misinformation disinformation alice-marwick research psychology social-media fake-news information debunking facts factcheckinghttps://pinboard.in/https://pinboard.in/u:jm/b:336127ecadd8/A better way to limit Claude Code (and other coding agents!) access to Secrets2026-01-15T09:55:40+00:00
https://patrickmccanna.net/a-better-way-to-limit-claude-code-and-other-coding-agents-access-to-secrets/
jm
Bubblewrap lets you run untrusted or semi-trusted code without risking your host system. We’re not trying to build a reproducible deployment artifact. We’re creating a jail where coding agents can work on your project while being unable to touch ~/.aws, your browser profiles, your ~/Photos library or anything else sensitive.
Very nice, I hadn't heard of this tool before. The rest of the blog post details how to use it to isolate Claude Code specifically.]]>claude llms sandboxing linux cli namespaces security infosec trust unixhttps://pinboard.in/https://pinboard.in/u:jm/b:40eee427987f/Russian Propaganda Infects AI Chatbots2026-01-14T10:48:38+00:00
https://cepa.org/article/russian-propaganda-infects-ai-chatbots/
jmThis form of data poisoning is deliberately designed to corrupt the information environments on which AI systems depend. Large language models do not possess an internal understanding of truth. They operate by assessing credibility based on statistical signals, including repetition, apparent consensus, and cross-referencing posts from across the web. Unfortunately, this approach to truth-seeking means an unexpected but structural vulnerability that hostile states have learned to exploit. [...]
The West has failed to recognize that it is under sustained information warfare. The United States dismantled the US Information Agency years ago, has steadily weakened Voice of America and Radio Free Europe, and recently scaled back the Foreign Malign Influence Center, even as Russia, China, and Iran made information warfare a core instrument of state power.
As AI systems increasingly function as arbiters of fact, this vulnerability becomes a national security danger. It is no longer sufficient for technology companies to disclaim responsibility by reminding users that models can make mistakes. Information security needs to be treated as a core requirement.
]]>propaganda russia misinformation disinformation ai llms web truthhttps://pinboard.in/https://pinboard.in/u:jm/b:786e0034edc0/Today in "Google broke email"2026-01-08T11:58:38+00:00
https://www.jwz.org/blog/2025/12/today-in-google-broke-email-2/#comment-265285
jmemail smtp pop3 gmail arc forwarding postfix openarchttps://pinboard.in/https://pinboard.in/u:jm/b:4fd624f9e6f4/This system can sort real pictures from AI fakes — why aren’t platforms using it?2026-01-06T12:12:34+00:00
https://www.theverge.com/2024/8/21/24223932/c2pa-standard-verify-ai-generated-images-content-credentials
jm
“Provenance technologies like Content Credentials — which act like a nutrition label for digital content — offer a promising solution by enabling official event photos and other content to carry verifiable metadata like date and time, or if needed, signal whether or not AI was used,” Andy Parsons, a steering committee member of C2PA and senior director for CAI at Adobe, told The Verge. “This level of transparency can help dispel doubt, particularly during breaking news and election cycles.”
But if all the information needed to authenticate images can already be embedded in the files, where is it? And why aren’t we seeing some kind of “verified” mark when the photos are published online?
The problem is interoperability. There are still huge gaps in how this system is being implemented, and it’s taking years to get all the necessary players on board to make it work. And if we can’t get everyone on board, then the initiative might be doomed to fail.
The Coalition for Content Provenance and Authenticity (C2PA) is one of the largest groups trying to address this chaos, alongside the Content Authenticity Initiative (CAI) that Adobe kicked off in 2019. The technical standard they’ve developed uses cryptographic digital signatures to verify the authenticity of digital media, and it’s already been established. But this progress is still frustratingly inaccessible to the everyday folks who stumble across questionable images online.
(via Wonkish)]]>
via:wonkish photography authentication slop ai metadata photos images fakes c2pa cai adobehttps://pinboard.in/https://pinboard.in/u:jm/b:efdd9ca0f579/Pi Reliability: Reduce writes to your SD card2026-01-05T11:04:09+00:00
https://www.dzombak.com/blog/2024/04/pi-reliability-reduce-writes-to-your-sd-card/
jmreliability raspberry-pi hardware home sd-cards ramhttps://pinboard.in/https://pinboard.in/u:jm/b:9a70127c343d/Solid state drive - ArchWiki2026-01-05T11:02:18+00:00
https://wiki.archlinux.org/title/Solid_state_drive#External_SSD_with_TRIM_support
jmtrim ssd hardware arch-linux linuxhttps://pinboard.in/https://pinboard.in/u:jm/b:1e116fb63487/Understanding EV Battery Life2026-01-05T11:00:57+00:00
https://www.seai.ie/blog/understanding-ev-battery
jmIn 2020 GeoTab, a telematics solution provider, published real world battery data of 6,000 EVs (BEV & PHEV) over millions of days to produce 2 free to use tools that provide invaluable insight into the impact of temperature and SoH of EV batteries in the long term.
This real-world data showed the average EV battery lost around 2.3% capacity per year. In other words, a 300km range EV today will have lost 34km in 5yrs. Data also showed that heat & fast-charging (DC charging) is responsible for more battery degradation than age or mileage, so high levels of use i.e. driving or mileage does not appear to be a concern.
GeoTab's real world data along with other reports of EVs far surpassing their warranty by multiples of distance, cases of high level of use are plentiful. For example a 2017 Renault Zoe 52kWh, that's in use as a taxi in (hot) Turkey with 345,000Kms on the clock and a near perfect 96% SoH after driving further than an average Irish car's life expectancy.
]]>seai ev batteries cars driving bevhttps://pinboard.in/https://pinboard.in/u:jm/b:0d339d6267d4/_Cheap science, real harm: the cost of replacing human participation with synthetic data_ [pdf]2025-12-18T10:47:45+00:00
https://synthetic-data-workshop.github.io/papers/13.pdf
jmDriven by the goals of augmenting diversity, increasing speed, reducing cost, the use of synthetic data as a replacement for human participants is gaining traction in AI research and product development. This talk critically examines the claim that synthetic data can “augment diversity,” arguing that this notion is empirically unsubstantiated, conceptually flawed, and epistemically harmful. While speed and cost-efficiency may be achievable, they often come at the expense of rigour, insight, and robust science. Drawing on research from dataset audits, model evaluations, Black feminist scholarship, and complexity science, I argue that replacing human participants with synthetic data risks producing both real-world and epistemic harms at worst and superficial knowledge and cheap science at best.
"Synthetic data: stereotypes compressed" is absolutely spot on. This doesn't give insights into human behaviour and beliefs, just into stereotypes. It is increasingly common in social science fields, under the names of "digital twins" and "silicon samples".]]>data surveys abeba-birhane papers ai synthetic-data digital-twins simulation testing social-science silicon-sampleshttps://pinboard.in/https://pinboard.in/u:jm/b:e5314d304e99/Chafa: Terminal Graphics for the 21st Century2025-12-16T11:05:13+00:00
https://hpjansson.org/chafa/
jmgif images terminal video graphics clihttps://pinboard.in/https://pinboard.in/u:jm/b:e48f83178cc3/Boost for artists in AI copyright battle as only 3% back UK active opt-out plan2025-12-16T10:51:06+00:00
https://www.theguardian.com/technology/2025/dec/16/boost-for-artists-in-ai-copyright-battle-as-only-3-per-cent-back-uk-active-opt-out-plan
jm95% of the more than 10,000 people who had their say over how music, novels, films and other works should be protected [in the UK] from copyright infringements by tech companies called for copyright to be strengthened and a requirement for licensing in all cases or no change to copyright law.
By contrast, only 3% of people backed the UK government’s initial preferred tech company-friendly option, which was to require artists and copyright holders to actively opt out of having their material fed into data-hungry AI systems.
]]>ai training data copyright law uk uk-politics llmshttps://pinboard.in/https://pinboard.in/u:jm/b:6abe0b9d290c/