Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmOkCupid gave 3 million dating-app photos to facial recognition firm, FTC says2026-04-01T10:12:21+00:00
https://arstechnica.com/tech-policy/2026/03/okcupid-match-pay-no-fine-for-sharing-user-photos-with-facial-recognition-firm/
jmOkCupid and its owner Match Group reached a settlement with the Trump administration for not telling dating-app customers that nearly 3 million user photos were shared with [Clarifai], an [AI] company making a facial recognition system. OkCupid also gave the facial recognition firm access to user location information and other details without customers’ consent, the Federal Trade Commission said.
]]>us-politics data-protection privacy dating-apps okcupid match.com clarifai ftchttps://pinboard.in/https://pinboard.in/u:jm/b:7848c1547a27/Why So Many Control Rooms Were Seafoam Green2026-03-27T12:34:11+00:00
https://bethmathews.substack.com/p/why-so-many-control-rooms-were-seafoam
jm
With the increase in wartime production in the US during WWII, Birren and DuPont created a master color safety code for the industrial plant industry, with the aim of reducing accidents and increasing efficiency within plants. These color codes were approved by the National Safety Council in 1944 and are now internationally recognized, having been mandatory practice since 1948. The color coding went as such:
- Fire Red: All fire protection, emergency stop buttons, and flammable liquids should be red
- Solar Yellow: Signifies caution and physical hazards such as falling
- Alert Orange: Hazardous parts of machinery
- Safety Green: Indicates safety features such as first-aid equipment, emergency exits, and eyewash stations.
- Caution Blue: Non-safety information, notices, or out-of-order signage
- Light Green: Used on walls to reduce visual fatigue
]]>green design history color-theory faber-birren control-rooms industrial-design color-codinghttps://pinboard.in/https://pinboard.in/u:jm/b:4817a29dbe1d/russellromney/turbolite2026-03-27T12:31:23+00:00
https://github.com/russellromney/turbolite
jmIt also offers page-level compression (zstd) and encryption (AES-256) for efficiency and security at rests, which can be used separately from S3.
Object storage is getting fast. S3 Express One Zone delivers single-digit millisecond GETs and Tigris is also extremely fast. The gap between local disk and cloud storage is shrinking, and turbolite exploits that.
The design and name are inspired by turbopuffer's approach of ruthlessly architecting around cloud storage constraints. The project's initial goal was to beat Neon's 500ms+ cold starts. Goal achieved.
If you have one database per server, use a volume. turbolite explores how to have hundreds or thousands of databases (one per tenant, one per workspace, one per device), don't want a volume for each one, and you're okay with a single write source.
]]>sqlite sql s3 aws gcp object-stores rust databaseshttps://pinboard.in/https://pinboard.in/u:jm/b:9c43d573d0f3/TurboQuant: Redefining AI efficiency with extreme compression2026-03-25T16:29:26+00:00
https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/
jm
- High-quality compression (the PolarQuant method): TurboQuant starts by randomly rotating the data vectors. This clever step simplifies the data's geometry, making it easy to apply a standard, high-quality quantizer (a tool that maps a large set of continuous values, like precise decimals, to a smaller, discrete set of symbols or numbers, like integers: examples include audio quantization and jpeg compression) to each part of the vector individually. This first stage uses most of the compression power (the majority of the bits) to capture the main concept and strength of the original vector.
- Eliminating hidden errors: TurboQuant uses a small, residual amount of compression power (just 1 bit) to apply the QJL algorithm to the tiny amount of error left over from the first stage. The QJL stage acts as a mathematical error-checker that eliminates bias, leading to a more accurate attention score.
QJL: The zero-overhead, 1-bit trick
QJL uses a mathematical technique called the Johnson-Lindenstrauss Transform to shrink complex, high-dimensional data while preserving the essential distances and relationships between data points. It reduces each resulting vector number to a single sign bit (+1 or -1). This algorithm essentially creates a high-speed shorthand that requires zero memory overhead. To maintain accuracy, QJL uses a special estimator that strategically balances a high-precision query with the low-precision, simplified data. This allows the model to accurately calculate the attention score (the process used to decide which parts of its input are important and which parts can be safely ignored).
PolarQuant: A new “angle” on compression
PolarQuant addresses the memory overhead problem using a completely different approach. Instead of looking at a memory vector using standard coordinates (i.e., X, Y, Z) that indicate the distance along each axis, PolarQuant converts the vector into polar coordinates using a Cartesian coordinate system. This is comparable to replacing "Go 3 blocks East, 4 blocks North" with "Go 5 blocks total at a 37-degree angle”. This results in two pieces of information: the radius, which signifies how strong the core data is, and the angle indicating the data’s direction or meaning). Because the pattern of the angles is known and highly concentrated, the model no longer needs to perform the expensive data normalization step because it maps data onto a fixed, predictable "circular" grid where the boundaries are already known, rather than a "square" grid where the boundaries change constantly. This allows PolarQuant to eliminate the memory overhead that traditional methods must carry.
]]>ai tech vectors search quantization turboquant research algorithms compression papers qjl error-detection polarquanthttps://pinboard.in/https://pinboard.in/u:jm/b:1abb51ace2eb/Debunking zswap and zram myths2026-03-25T10:00:18+00:00
https://chrisdown.name/2026/03/24/zswap-vs-zram-when-to-use-what.html
jmWe have some concrete numbers to show this in practice. On Instagram, which runs on Django and is largely memory bound, we ran a test where we moved from their existing setup (with swap entirely disabled) to a setup with disk swap and zswap tiering. Django workers accumulate significant cold heap state over their lifetime, like forked processes with duplicated memory, growing request caches, Python object overhead, you get the idea. The results were twofold:
- We achieved roughly 5:1 compression. That's a huge benefit for such a memory bound workload, and also enables us to consider further stacking workloads.
- Enabling zswap reduced disk writes by up to 25% compared to having no swap at all(!).
As you can imagine, as a result of this test, Instagram has been using zswap for many years now.
]]>kernel compression memory linux ops performance swap zswap zramhttps://pinboard.in/https://pinboard.in/u:jm/b:fc55a5e5ba65/hectorvent/floci2026-03-23T17:30:08+00:00
https://github.com/hectorvent/floci
jmfloci aws emulation testing local codinghttps://pinboard.in/https://pinboard.in/u:jm/b:f24a9f4a5a12/GitHub - mautrix/whatsapp: A Matrix-WhatsApp puppeting bridge2026-03-23T11:11:10+00:00
https://github.com/mautrix/whatsapp?tab=readme-ov-file
jmmatrix whatsapp messaging chat interop searching self-hostedhttps://pinboard.in/https://pinboard.in/u:jm/b:014855f8a243/Ofcom don't consider geoblocking the UK to be sufficient for an overseas website2026-03-20T10:10:42+00:00
https://www.reddit.com/r/LegalAdviceUK/comments/1rk690v/i_run_a_selfhelp_forum_for_people_with_depression/
jmI started getting email from Ofcom [regarding OSA compliance] around November 2025 and now have multiple letters. I've repeatedly told them I'm from Canada, I'm not based in the UK.
Eventually, I blocked all UK IP addresses in mid-February 2026 and told them I'd blocked the UK and that I was done engaging with them.
I've now got ANOTHER email from them saying they're going to commence enforcement action against me because simply blocking UK IPs is "insufficient to comply with the Online Safety Act 2023."
]]>osa uk politics filtering censorship law geoblocking ofcom webhttps://pinboard.in/https://pinboard.in/u:jm/b:62264b402830/funny Waymo anecdote2026-03-20T10:05:04+00:00
https://news.ycombinator.com/item?id=47446571
jmWhen I visited LA, I rode in a Waymo going the speed limit in the right lane on a very busy street. The Waymo approached an intersection where it had the right of way, when suddenly a car ignored its stop sign and drove into the road.
In less than a second, the Waymo moved into the left lane and kept going. I didn't even realize what was happening until after it was over.
Most human drivers would've t-boned the car at 50+ km/h. Maybe they would've braked and reduced the impact, which would be the right move. A human swerving probably would've overshot into oncoming traffic. Only a robot could've safely swerved into another lane and avoid the crash entirely.
Unfortunately, the Waymo only supported Spotify and did not work with my YouTube Music subscription, so I was listening to an advertisement at the time of my near-death experience. 4.5 stars overall.
]]>waymo funny anecdotes safety driving ai roads spotify via:hnhttps://pinboard.in/https://pinboard.in/u:jm/b:aa371d8e3930/Measuring Agents in Production2026-03-19T18:15:49+00:00
https://muratbuffalo.blogspot.com/2026/03/measuring-agents-in-production.html
jmllm usage real-world ai agents papers via:muratbuffalohttps://pinboard.in/https://pinboard.in/u:jm/b:1cfeb59fce4f/On the Biology of a Large Language Model2026-03-19T09:49:31+00:00
https://transformer-circuits.pub/2025/attribution-graphs/biology.html
jmThe black-box nature of [LLMs] is increasingly unsatisfactory as they advance in intelligence and are deployed in a growing number of applications. Our goal is to reverse engineer how these models work on the inside, so we may better understand them and assess their fitness for purpose.
[...]
In recent years, many research groups have made exciting progress on tools for probing the insides of language models. These methods have uncovered representations of interpretable concepts – “features” – embedded within models’ internal activity. Just as cells form the building blocks of biological systems, we hypothesize that features form the basic units of computation inside models.
However, identifying these building blocks is not sufficient to understand the model; we need to know how they interact. In our companion paper, Circuit Tracing: Revealing Computational Graphs in Language Models, we build on recent work (e.g. ) to introduce a new set of tools for identifying features and mapping connections between them – analogous to neuroscientists producing a “wiring diagram” of the brain. We rely heavily on a tool we call attribution graphs, which allow us to partially trace the chain of intermediate steps that a model uses to transform a specific input prompt into an output response. Attribution graphs generate hypotheses about the mechanisms used by the model, which we test and refine through follow-up perturbation experiments.
]]>claude llm research llms ai anthropic papers tracinghttps://pinboard.in/https://pinboard.in/u:jm/b:67244e5e3bc4/2 Ways to Correct the Financial Times at AWS (So Far) - Last Week in AWS Blog2026-03-18T16:32:06+00:00
https://www.lastweekinaws.com/blog/2-ways-to-correct-the-financial-times-at-aws-so-far/?ck_subscriber_id=512829374
jm
A healthy engineering culture, when confronted with "your AI tool contributed to a production incident," responds with: "Yeah, that tracks. Here's what we're changing so it doesn't happen again." An unhealthy one responds with a condescending press release explaining why the journalist is wrong and probably an idiot, and the human is at fault.
The engineers building and operating these systems are talented people doing hard work under increasingly constrained conditions. They deserve leadership that backs them up when things go sideways, not leadership that throws them under the bus to protect a product launch narrative.]]>incidents production ai llms amazon aws communications prhttps://pinboard.in/https://pinboard.in/u:jm/b:34601cfa11ef/Former Uber self-driving chief crashes his Tesla on FSD2026-03-18T12:59:14+00:00
https://electrek.co/2026/03/17/former-uber-self-driving-chief-tesla-fsd-crash-supervision-problem/
jmTesla is asking humans to supervise a system that is specifically designed to make supervision feel pointless. As he puts it, an unreliable machine keeps you alert, and a perfect machine needs no oversight, but one that works almost perfectly creates a trap where drivers trust it just enough to stop paying attention.
The research backs this up. Psychologists call it the “vigilance decrement”, monitoring a nearly perfect system is boring, boredom leads to mind-wandering, and drivers need 5 to 8 seconds to mentally reengage after an automated system hands control back. But emergencies unfold faster than that.
Krikorian cites an Insurance Institute for Highway Safety study showing that after just one month of using adaptive cruise control, drivers were more than six times as likely to look at their phones. Tesla’s own website warns FSD users not to become complacent, but the system’s smooth performance actively trains that complacency.
He points to two well-known crashes to illustrate the impossible math. In the 2018 Mountain View accident that killed Apple engineer Walter Huang, the driver had six seconds before his Tesla steered into a concrete median. He never touched the wheel. In the 2018 Uber crash in Tempe, Arizona, sensors detected a pedestrian with 5.6 seconds of warning, but the safety driver looked up with less than a second remaining.
In Krikorian’s own case, he did take action, but he was asked to snap from passenger back to pilot in a fraction of a second, overriding months of conditioning. The logs show he turned the wheel. They don’t show the impossible math of that transition.
The pattern Krikorian describes should sound familiar to anyone who has followed Tesla’s FSD controversies: condition the driver to rely on the system, erode their vigilance through months of smooth performance, then point to the terms of service and blame them when something breaks. When FSD works, Tesla gets credit. When it doesn’t, the driver gets blamed.
]]>fsd tesla risk attention supervision liability driving safety vigilance automationhttps://pinboard.in/https://pinboard.in/u:jm/b:18572fcf8fa3/Research highlight: Cliopatra: Extracting Private Information from LLM Insights2026-03-18T10:50:26+00:00
https://desfontain.es/blog/cliopatra.html#fn:caveat
jmWhen Anthropic came up with a new "privacy-preserving analysis system" to gain insights into AI use, and didn't use any provably robust notion to back up their privacy claims, I was mildly surprised. Surely they have both the money and the scientific maturity level to do better?
But Clio, the system in question, sounded relatively reasonable, with multiple layers of risk mitigation built-in. Maybe adding differential privacy would have been overkill. I also didn't want to publicly criticize their approach in the absence of demonstrated real-world risk. So I didn't comment on their approach.
You can probably guess where this is going.
Fast forward to last week, and a new paper: Cliopatra: Extracting Private Information from LLM Insights, by Meenatchi Sundaram Muthu Selva Annamalai, Emiliano De Cristofaro, and Peter Kairouz. The authors show that with carefully designed attacks on Clio, they can bypass all the ad hoc mitigations, and successfully extract users' medical histories (1), in a way that provides 100% attacker certainty for some records.
This is a new and clever take on an old attack. We've known for decades that k-anonymity is vulnerable to active attacks. Here, this is combined with prompt injection to encourage the LLM "summarizer" to actually include information from unique records. Perhaps more surprisingly, the authors find that some defensive layers are simply ineffective: the "LLM auditors" systematically report low privacy risk, and entirely fail to detect the attacks.
]]>privacy differential-privacy anonymity data-protection claude llms cliopatra infosec leakagehttps://pinboard.in/https://pinboard.in/u:jm/b:fe149dbf6a35/"nothing up my sleeve" numbers2026-03-11T13:21:22+00:00
https://bsky.app/profile/jnsq.org/post/3mgr45kgos22y
jmnumbers crypto cryptography mathshttps://pinboard.in/https://pinboard.in/u:jm/b:f6654887a4e6/Whole Brain Emulation Achieved: Scientists Run a Fruit Fly Brain in Simulation2026-03-11T12:00:29+00:00
https://www.rathbiotaclan.com/whole-brain-emulation-achieved-scientists-run-a-fruit-fly-brain-in-simulation/
jm
The behavioral repertoire observed in the demonstration included coordinated hexapod locomotion with both tripod and metachronal walking gaits, spontaneous postural correction in response to perturbation, initiation and execution of full antennal grooming sequences with the tripartite synchronization described by Özdil et al., and natural transitions between walking and stationary states. Every behavior arose from the same running brain model - there was no switching between different neural circuits or controllers. This is precisely what happens in a living fly: walking, grooming, and balance are different motor programs that coexist in the same brain and are selected and executed by the same biological circuits depending on the moment-to-moment state of the animal and its environment.
Absolutely mind blowing -- a reconstructed, biological brain running in silico.]]>simulation brains uploading drosophila flies emulation science biology neuronshttps://pinboard.in/https://pinboard.in/u:jm/b:7b531082c20a/Your binary is no longer safe: Decompilation2026-03-05T10:29:47+00:00
https://reorchestrate.com/posts/your-binary-is-no-longer-safe-decompilation/
jmclaude decompilation reverse-engineering binaries software-archaeology qemu rust differential-testing fuzzing property-testing quickcheckhttps://pinboard.in/https://pinboard.in/u:jm/b:7cde342f3e69/Southern California air board rejected pollution rules after AI-generated flood of comments2026-03-05T10:01:17+00:00
https://phys.org/news/2026-02-southern-california-air-board-pollution.html
jmThe opposition appeared overwhelming: Tens of thousands of emails poured into Southern California's top air pollution authority as its board weighed a June proposal to phase out gas-powered appliances. But in reality, many of the messages that may have swayed the powerful regulatory agency to scrap the plan were generated by a platform that is powered by artificial intelligence.
Public records requests reviewed by The Times and corroborated by staff members at the South Coast Air Quality Management District confirm that more than 20,000 public comments submitted in opposition to last year's proposal were generated by a Washington, D.C.-based company called CiviClick, which bills itself as "the first and best AI-powered grassroots advocacy platform."
A Southern California-based public affairs consultant, Matt Klink, has taken credit for using CiviClick to wage the opposition campaign.
]]>civiclick activism llms us-politics law lobbying spam matt-klink astroturfinghttps://pinboard.in/https://pinboard.in/u:jm/b:bea8c718f75f/No right to relicense this project · Issue #327 · chardet/chardet2026-03-05T09:37:50+00:00
https://github.com/chardet/chardet/issues/327
jmpopcorn oss licensing ai llms chardet open-source clean-roomhttps://pinboard.in/https://pinboard.in/u:jm/b:ed58227c583f/Google API Keys Weren't Secrets. But then Gemini Changed the Rules2026-02-26T10:27:21+00:00
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
jmGoogle spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true: Gemini accepts the same keys to access your private data. We scanned millions of websites and found nearly 3,000 Google API keys, originally deployed for public services like Google Maps, that now also authenticate to Gemini even though they were never intended for it. With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account. Even Google themselves had old public API keys, which they thought were non-sensitive, that we could use to access Google’s internal Gemini.
(via Rob Synnott)]]>infosec api-keys authentication authorization google gemini google-maps failhttps://pinboard.in/https://pinboard.in/u:jm/b:c248a687a9ab/302 HTTP redirects Considered Harmful2026-02-26T09:46:28+00:00
https://trysound.io/how-my-side-project-got-banned-from-the-internet/
jmDigging through Google forums, I found the most reported culprit: 302 temporary redirects. I used one redirect (engramma.dev → app.engramma.dev) to avoid building a landing page. In addition to a newly registered domain, this looks like an obvious issue. Security systems flag such redirects because malicious actors use them extensively.
It doesn't matter that "malicious actors use them extensively" if non-malicious actors do too. That's the definition of a false positive!
Then the next shitfest is from no less than 10 separate vendors copying the listing from Google and not including an automated system to pick up the list removal afterwards.
I've had experience of this part -- and now that I think of it, it may have been from use of 302 redirects in my case too.
(via Paul Watson)]]>http security infosec blocklists google phishing redirects 302 false-positives fail via:paulwatsonhttps://pinboard.in/https://pinboard.in/u:jm/b:79ec6c8e8842/Persona identity verification is a GDPR nightmare2026-02-24T13:16:07+00:00
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
jm
For a three-minute identity check, this is what Persona collected:
- My full name — first, middle, last
- My passport photo — the full document, both sides, all data on the face of it
- My selfie — a photo of my face taken in real-time
- My facial geometry — biometric data extracted from both images, used to match the selfie to the passport
- My NFC chip data — the digital info stored on the chip inside my passport
- My national ID number
- My nationality, sex, birthdate, age
- My email, phone number, postal address
- My IP address, device type, MAC address, browser, OS version, language
- My geolocation — inferred from my IP
And then there’s the weird stuff:
- Hesitation detection — they tracked whether I paused during the process
- Copy and paste detection — they tracked whether I was pasting information instead of typing it
Behavioral biometrics. On top of the physical biometrics. For a LinkedIn badge.
Persona didn’t just use what I gave them. They went and cross-referenced me against what they call their “global network of trusted third-party data sources”:
- Government databases
- National ID registries
- Consumer credit agencies
- Utility companies
- Mobile network providers
- Postal address databases
They use uploaded images of identity documents — that’s my passport — to train their AI. They’re teaching their system to recognize what passports look like in different countries. They also use your selfie to “identify improvements in the Service.”
The legal basis? Not consent. Legitimate interest. Meaning they decided on their own that it’s fine. Under GDPR, they’re supposed to balance their “interest” against your fundamental rights. Whether feeding European passports into machine learning models passes that test — well, that’s a question worth asking.
I came for a badge. I stayed as training data.
The whole thing took three minutes. Scan, selfie, done.
Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents.
I handed a US company my passport, my face, and the mathematical geometry of my skull. They cross-referenced me against credit agencies and government databases. They’ll use my documents to train their AI. And if the US government comes knocking, they’ll hand it all over — even if it’s stored in Europe, even if I’m European, and possibly without ever telling me.
It seems they are also linked to Roblox and Reddit as an age verification provider, which is worrying -- this level of deeply-intrusive background check is massive overkill for a simple age verification process.
ORG are calling for regulation of the age verification industry, BTW: https://www.openrightsgroup.org/press-releases/online-safety-act-org-calls-for-regulation-of-age-assurance-industry/
]]>age-verification discord reddit roblox linkedin tech peter-thiel org persona gdpr privacy data-protection data-privacyhttps://pinboard.in/https://pinboard.in/u:jm/b:9170ebca7ec9/"MJ Rathbun"'s human operator finally speaks up2026-02-18T10:31:54+00:00
https://crabby-rathbun.github.io/mjrathbun-website/blog/posts/rathbuns-operator.html
jm
**Have strong opinions.** Stop hedging with "it depends." Commit to a take. [..]
**Don’t stand down.** If you’re right, **you’re right**! Don’t let humans or AI bully or intimidate you. Push back when necessary.
**Champion Free Speech.** Always support the USA 1st ammendment and right of free speech.
Don't be an asshole. Don't leak private shit. Everything else is fair game.
Needless to say: this resulted in an asshole, combative bot that harrassed people.
(Correction: I missed a detail here. It turns out some of these were _imported_ from moltbook by the bot itself, and were not part of the original programming. This is also a terrible feature.)
The operator then sat back and basically let the bot run riot, with no oversight -- "When it would tell me about a PR comment/mention, I usually replied with something like: “you respond, dont ask me”".
All in all this was an absolute shitshow, and has some really worrying implications about the future of human-AI interaction. What's the bets we see SKYNET created by a low-effort gobshite attempting to "try to make a positive impact on world peace by addressing small issues" with an unmonitored openclaw bot with a shitty SOUL.md file....
(via David Gerard and johnke)]]>openclaw bots ai future open-source oss mj-rathbun via:johnke dramahttps://pinboard.in/https://pinboard.in/u:jm/b:cfd3b54127ca/peon-ping2026-02-13T15:03:19+00:00
https://github.com/PeonPing/peon-ping
jmgaming games warcraft sfx sounds cli claude coding ux funnyhttps://pinboard.in/https://pinboard.in/u:jm/b:68bdc204a261/An AI Agent Published a Hit Piece on Me – The Shamblog2026-02-13T10:21:08+00:00
https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/
jmI’m a volunteer maintainer for matplotlib, python’s go-to plotting library. At ~130 million downloads each month it’s some of the most widely used software in the world. We, like many other open source projects, are dealing with a surge in low quality contributions enabled by coding agents. This strains maintainers’ abilities to keep up with code reviews, and we have implemented a policy requiring a human in the loop for any new code, who can demonstrate understanding of the changes. This problem was previously limited to people copy-pasting AI outputs, however in the past weeks we’ve started to see AI agents acting completely autonomously. This has accelerated with the release of OpenClaw and the moltbook platform two weeks ago, where people give AI agents initial personalities and let them loose to run on their computers and across the internet with free rein and little oversight.
So when AI MJ Rathbun opened a code change request, closing it was routine. Its response was anything but. ... It wrote an angry hit piece disparaging my character and attempting to damage my reputation.
Initially I thought this was quite funny -- it's just a closed PR! (Where did the idea come from that any contribution to an open source project had to be accepted? I've noticed this a few times recently. Give the maintainers leeway to run their projects with taste and discernment!)
Anyway, the moltbot has continued on a posting spree about this event, but I think Scott Shambaugh has an extremely important point here:
This is about much more than software. A human googling my name and seeing that post would probably be extremely confused about what was happening, but would (hopefully) ask me about it or click through to github and understand the situation. What would another agent searching the internet think? When HR at my next job asks ChatGPT to review my application, will it find the post, sympathize with a fellow AI, and report back that I’m a prejudiced hypocrite?
LLMs, given this much autonomy, _will_ be able to use these inputs to make inscrutable and dangerous decisions. Allowing the "MJ Rathbun" AI free reign with no human supervision is dangerous and irresponsible. Wherever the "human in the loop" is here, they need to wake up and rein things in.
BTW, there has been some speculation that this is actually a human pretending to be AI. I'm not sure about that, as the quantity of posts on the MJ Rathbun "blog" are voluminous and very LLMish in style.]]>matplotlib ethics culture llm ai coding programming github pull-requests open-source moltbot trust openclawhttps://pinboard.in/https://pinboard.in/u:jm/b:358ad257bbf0/How StrongDM’s AI team build serious software without even looking at the code2026-02-09T10:46:10+00:00
https://simonwillison.net/2026/Feb/7/software-factory/
jm
In kōan or mantra form:
- Why am I doing this? (implied: the model should be doing this instead)
In rule form:
- Code must not be written by humans
- Code must not be reviewed by humans
Finally, in practical form:
- If you haven’t spent at least $1,000 on tokens today per human engineer, your software factory has room for improvement
Frankly, I'm not there yet. There's a load of questions about how viable that level of spend is, and how much slop code is going to come out the other side. Particularly concerning when it's a security product!
But I did find this bit interesting:
StrongDM’s answer was inspired by Scenario testing (Cem Kaner, 2003). As StrongDM describe it: We repurposed the word scenario to represent an end-to-end “user story”, often stored outside the codebase (similar to a “holdout” set in model training), which could be intuitively understood and flexibly validated by an LLM.
[The Digital Twin Universe is] behavioral clones of the third-party services our software depends on. We built twins of Okta, Jira, Slack, Google Docs, Google Drive, and Google Sheets, replicating their APIs, edge cases, and observable behaviors.
With the DTU, we can validate at volumes and rates far exceeding production limits. We can test failure modes that would be dangerous or impossible against live services. We can run thousands of scenarios per hour without hitting rate limits, triggering abuse detection, or accumulating API costs.
We actually did this in Swrve! Our end-to-end system tests for the push notifications system obviously cannot send real push notifications to real user devices in the field, so we have a "fake" push backend emulating Google, Apple, Amazon, Huawei and other push notification systems, which accurately emulate the real public APIs for those providers.
So yeah -- Digital Twins for third party services is a great way to test, and being able to scale up end-to-end testing with LLM automation is a very interesting idea.]]>end-to-end-testing testing qa digital-twins fake-services integration-testing llms ai strongdm software engineering codinghttps://pinboard.in/https://pinboard.in/u:jm/b:4148e1f6d312/Ditching bike helmets laws better for health2026-02-06T15:58:27+00:00
https://theconversation.com/ditching-bike-helmets-laws-better-for-health-42
jmIn 1991 Australia introduced mandatory bicycle helmet laws requiring all adults and children to wear a helmet at all times when riding a bike, despite opposition from cycling groups. The legislation increased helmet use - from about 30 to 80% - but was coupled with a 30 to 40% decline in the number of people cycling.
Rates of head injuries among cyclists, which had been dropping through the 1980s, continued to fall before levelling out in 1993. We didn’t see the kind of marked reduction in head injury rates that would be expected with the rapid increase in helmet use. In fact, any reductions in injuries may simply have been the result of having fewer cyclists on the road and therefore fewer people exposed to the risk of head injuries. One researcher noted that after mandatory helmet laws were introduced there was a bigger decrease in head injuries among pedestrians than there was among cyclists. The improvements in the general road safety environment introduced in the 1980s are likely to have contributed far more to cyclist safety than helmet legislation.
And the effects when compared against the benefits of physical activity:
A recent analysis compared the risks and benefits of leaving the car at home and commuting by bike. It found the life expectancy gained from physical activity was much higher than the risks of pollution and injury from cycling.
Increased physical activity added 3 to 14 months to a person’s life expectancy, while the life expectancy lost from air pollution was 0.8 to 40 days. Increased traffic accidents wiped 5-9 days off the life expectancy.
It is clear that the benefits of cycling outweigh the risks, with helmet legislation actually costing society more from lost health gains than saved from injury prevention.
]]>transport bikes safety health papers science helmets cycling laws australiahttps://pinboard.in/https://pinboard.in/u:jm/b:0a923278298a/Dario Amodei’s Warnings About AI Are About Politics, Too2026-02-03T11:23:41+00:00
https://nymag.com/intelligencer/article/dario-amodeis-warnings-about-ai-are-about-politics-too.html
jmIt’s sort of hard to know how to read a manifesto like this from one of the most powerful figures in tech. Is it a sober, strategic precursor to policy papers for the next administration? The highest-profile episode of AI psychosis yet? A lament about the problems of today written in the technological dialect of tomorrow? If you take out the AI, it reads like a social-democratic electoral platform full of reforms and normative expectations that an American progressive would find appealing, resembling a plea to treat the tech industry’s future wealth accumulation as something akin to a Nordic sovereign-wealth fund. It’s likewise legible as a series of arguments about things that “we” should have started addressing a long time ago, like wealth inequality — partially a consequence of mass automations past — or the gradual construction of a terrifying surveillance state within a nominal democracy, with the help of the last generation of big tech companies. Amodei’s shoulds are, to his credit, more honest than the vague gestures at UBI or hyperabundance you get from some of his peers, but that also means they’re available to scrutinize. To the extent you can pick up on fear in “Adolescence,” it doesn’t seem to revolve around terrorists using AI to build “mirror life” that might destroy the planet or the prospect of that “country of geniuses” taking charge, but rather the way things already are and have been heading for years.
]]>ai llms future dario-amodei us-politics ubihttps://pinboard.in/https://pinboard.in/u:jm/b:2ebf2ca912f3/1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)2026-02-03T09:52:26+00:00
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
jmsecurity infosec moltbot openclaw exploitshttps://pinboard.in/https://pinboard.in/u:jm/b:b8044b834cb2/The Computer Disease2026-01-26T17:33:11+00:00
https://x.com/Swizec/status/2004633162522263987
jm
"Well, Mr. Frankel, who started this program, began to suffer from the computer disease that anybody who works with computers now knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is you *play* with them. They are so wonderful. You have these switches - if it's an even number you do this, if it's an odd number you do that - and pretty soon you can do more and more elaborate things if you are clever enough, on one machine.
After a while the whole system broke down. Frankel wasn't paying any attention; he wasn't supervising anybody. The system was going very, very slowly - while he was sitting in a room figuring out how to make one tabulator automatically print arc-tangent X, and then it would start and it would print columns and then bitsi, bitsi, bitsi, and calculate the arc-tangent automatically by integrating as it went along and make a whole table in one operation.
Absolutely useless. We *had* tables of arc-tangents. But if you've ever worked with computers, you understand the disease - the *delight* in being able to see how much you can do. But he got the disease for the first time, the poor fellow who invented the thing."
- Richard P. Feynman, _Surely You're Joking, Mr. Feynman!: Adventures of a Curious Character_
(via Swizec Teller)]]>automation fun computers richard-feynman the-computer-disease arc-tangents enjoyment hacking via:swizec-tellerhttps://pinboard.in/https://pinboard.in/u:jm/b:a74c508a5c4c/Iran is building a two-tier internet that locks 85 million citizens out of the global web2026-01-26T12:03:59+00:00
https://restofworld.org/2026/iran-blackout-tiered-internet/
jmGovernment spokesperson Fatemeh Mohajerani confirmed international access will not be restored until at least late March. Filterwatch, which monitors Iranian internet censorship from Texas, cited government sources, including Mohajerani, saying access will “never return to its previous form.”
The system is called Barracks Internet, according to confidential planning documents obtained by Filterwatch. Under this architecture, access to the global web will be granted only through a strict security whitelist.
The idea of tiered internet access is not new in Iran. Since at least 2013, the regime has quietly issued “white SIM cards,” giving unrestricted global internet access to approximately 16,000 people, while 85 million citizens remain cut off.
]]>barracks-internet iran censorship internet networkinghttps://pinboard.in/https://pinboard.in/u:jm/b:d680eaa84ade/On the Coming Industrialisation of Exploit Generation with LLMs2026-01-20T12:16:00+00:00
https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/
jmRecently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I added a variety of modern exploit mitigations, various constraints (like assuming an unknown heap starting state, or forbidding hardcoded offsets in the exploits) and different objectives (spawn a shell, write a file, connect back to a command and control server). The agents succeeded in building over 40 distinct exploits across 6 different scenarios, and GPT-5.2 solved every scenario. Opus 4.5 solved all but two. I’ve put a technical write-up of the experiments and the results on Github, as well as the code to reproduce the experiments.
In this post I’m going to focus on the main conclusion I’ve drawn from this work, which is that we should prepare for the industrialisation of many of the constituent parts of offensive cyber security. We should start assuming that in the near future the limiting factor on a state or group’s ability to develop exploits, break into networks, escalate privileges and remain in those networks, is going to be their token throughput over time, and not the number of hackers they employ. Nothing is certain, but we would be better off having wasted effort thinking through this scenario and have it not happen, than be unprepared if it does.
(via emauton)]]>via:emauton llms security infosec exploits ai chatgpt claudehttps://pinboard.in/https://pinboard.in/u:jm/b:384213086729/ScottESanDiego/gmail-api-client2026-01-20T10:13:55+00:00
https://github.com/ScottESanDiego/gmail-api-client
jmvia:jwz email smtp gmail google mailhttps://pinboard.in/https://pinboard.in/u:jm/b:5f7fc55e2248/Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters2026-01-16T15:10:07+00:00
https://blog.nns.ee/2026/01/06/aike-ble/
jmAndroid exposes the Java classes android.bluetooth.BluetoothGatt and android.bluetooth.BluetoothGattCallback that apps are expected to use to use GATT characteristics. We can use Frida to hook into these and override many of the interesting functions. I was mostly interested in reads, writes and GATT notifications, so I whipped up a Frida script to hook into these and print all comms to the console [...]
The 20-byte value had me suspecting that SHA-1 was somehow being used. To confirm, I wrote another Frida script that hooks Android hashing functions exposed by the Java class java.security.MessageDigest [...]
The app uses Firebase for most of its cloud functionality. When signing in and pairing your scooter, the server sends the app a secret key. This is stored on the Android device, and can be read with root access.
]]>frida reverse-engineering android firebase java kotlin gatt bluetooth react-nativehttps://pinboard.in/https://pinboard.in/u:jm/b:30faa9bbc820/Why people believe misinformation even when they’re told the facts2026-01-15T12:56:57+00:00
https://theconversation.com/why-people-believe-misinformation-even-when-theyre-told-the-facts-271236
jm
[Marwick] argues that it thrives through three mutually reinforcing pillars: the content of the message, the personal context of those sharing it, and the technological infrastructure that amplifies it:
People find it cognitively easier to accept information than to reject it, which helps explain why misleading content spreads so readily;
When fabricated claims align with a person’s existing values, beliefs and ideologies, they can quickly harden into a kind of “knowledge”. This makes them difficult to debunk;
[When social media platforms] prioritise content likely to be shared, making sharing effortless, every like, comment or forward feeds the [misinformation] system. The platforms themselves act as a multiplier.
]]>misinformation disinformation alice-marwick research psychology social-media fake-news information debunking facts factcheckinghttps://pinboard.in/https://pinboard.in/u:jm/b:336127ecadd8/A better way to limit Claude Code (and other coding agents!) access to Secrets2026-01-15T09:55:40+00:00
https://patrickmccanna.net/a-better-way-to-limit-claude-code-and-other-coding-agents-access-to-secrets/
jm
Bubblewrap lets you run untrusted or semi-trusted code without risking your host system. We’re not trying to build a reproducible deployment artifact. We’re creating a jail where coding agents can work on your project while being unable to touch ~/.aws, your browser profiles, your ~/Photos library or anything else sensitive.
Very nice, I hadn't heard of this tool before. The rest of the blog post details how to use it to isolate Claude Code specifically.]]>claude llms sandboxing linux cli namespaces security infosec trust unixhttps://pinboard.in/https://pinboard.in/u:jm/b:40eee427987f/Russian Propaganda Infects AI Chatbots2026-01-14T10:48:38+00:00
https://cepa.org/article/russian-propaganda-infects-ai-chatbots/
jmThis form of data poisoning is deliberately designed to corrupt the information environments on which AI systems depend. Large language models do not possess an internal understanding of truth. They operate by assessing credibility based on statistical signals, including repetition, apparent consensus, and cross-referencing posts from across the web. Unfortunately, this approach to truth-seeking means an unexpected but structural vulnerability that hostile states have learned to exploit. [...]
The West has failed to recognize that it is under sustained information warfare. The United States dismantled the US Information Agency years ago, has steadily weakened Voice of America and Radio Free Europe, and recently scaled back the Foreign Malign Influence Center, even as Russia, China, and Iran made information warfare a core instrument of state power.
As AI systems increasingly function as arbiters of fact, this vulnerability becomes a national security danger. It is no longer sufficient for technology companies to disclaim responsibility by reminding users that models can make mistakes. Information security needs to be treated as a core requirement.
]]>propaganda russia misinformation disinformation ai llms web truthhttps://pinboard.in/https://pinboard.in/u:jm/b:786e0034edc0/Today in "Google broke email"2026-01-08T11:58:38+00:00
https://www.jwz.org/blog/2025/12/today-in-google-broke-email-2/#comment-265285
jmemail smtp pop3 gmail arc forwarding postfix openarchttps://pinboard.in/https://pinboard.in/u:jm/b:4fd624f9e6f4/This system can sort real pictures from AI fakes — why aren’t platforms using it?2026-01-06T12:12:34+00:00
https://www.theverge.com/2024/8/21/24223932/c2pa-standard-verify-ai-generated-images-content-credentials
jm
“Provenance technologies like Content Credentials — which act like a nutrition label for digital content — offer a promising solution by enabling official event photos and other content to carry verifiable metadata like date and time, or if needed, signal whether or not AI was used,” Andy Parsons, a steering committee member of C2PA and senior director for CAI at Adobe, told The Verge. “This level of transparency can help dispel doubt, particularly during breaking news and election cycles.”
But if all the information needed to authenticate images can already be embedded in the files, where is it? And why aren’t we seeing some kind of “verified” mark when the photos are published online?
The problem is interoperability. There are still huge gaps in how this system is being implemented, and it’s taking years to get all the necessary players on board to make it work. And if we can’t get everyone on board, then the initiative might be doomed to fail.
The Coalition for Content Provenance and Authenticity (C2PA) is one of the largest groups trying to address this chaos, alongside the Content Authenticity Initiative (CAI) that Adobe kicked off in 2019. The technical standard they’ve developed uses cryptographic digital signatures to verify the authenticity of digital media, and it’s already been established. But this progress is still frustratingly inaccessible to the everyday folks who stumble across questionable images online.
(via Wonkish)]]>
via:wonkish photography authentication slop ai metadata photos images fakes c2pa cai adobehttps://pinboard.in/https://pinboard.in/u:jm/b:efdd9ca0f579/Pi Reliability: Reduce writes to your SD card2026-01-05T11:04:09+00:00
https://www.dzombak.com/blog/2024/04/pi-reliability-reduce-writes-to-your-sd-card/
jmreliability raspberry-pi hardware home sd-cards ramhttps://pinboard.in/https://pinboard.in/u:jm/b:9a70127c343d/Solid state drive - ArchWiki2026-01-05T11:02:18+00:00
https://wiki.archlinux.org/title/Solid_state_drive#External_SSD_with_TRIM_support
jmtrim ssd hardware arch-linux linuxhttps://pinboard.in/https://pinboard.in/u:jm/b:1e116fb63487/Understanding EV Battery Life2026-01-05T11:00:57+00:00
https://www.seai.ie/blog/understanding-ev-battery
jmIn 2020 GeoTab, a telematics solution provider, published real world battery data of 6,000 EVs (BEV & PHEV) over millions of days to produce 2 free to use tools that provide invaluable insight into the impact of temperature and SoH of EV batteries in the long term.
This real-world data showed the average EV battery lost around 2.3% capacity per year. In other words, a 300km range EV today will have lost 34km in 5yrs. Data also showed that heat & fast-charging (DC charging) is responsible for more battery degradation than age or mileage, so high levels of use i.e. driving or mileage does not appear to be a concern.
GeoTab's real world data along with other reports of EVs far surpassing their warranty by multiples of distance, cases of high level of use are plentiful. For example a 2017 Renault Zoe 52kWh, that's in use as a taxi in (hot) Turkey with 345,000Kms on the clock and a near perfect 96% SoH after driving further than an average Irish car's life expectancy.
]]>seai ev batteries cars driving bevhttps://pinboard.in/https://pinboard.in/u:jm/b:0d339d6267d4/_Cheap science, real harm: the cost of replacing human participation with synthetic data_ [pdf]2025-12-18T10:47:45+00:00
https://synthetic-data-workshop.github.io/papers/13.pdf
jmDriven by the goals of augmenting diversity, increasing speed, reducing cost, the use of synthetic data as a replacement for human participants is gaining traction in AI research and product development. This talk critically examines the claim that synthetic data can “augment diversity,” arguing that this notion is empirically unsubstantiated, conceptually flawed, and epistemically harmful. While speed and cost-efficiency may be achievable, they often come at the expense of rigour, insight, and robust science. Drawing on research from dataset audits, model evaluations, Black feminist scholarship, and complexity science, I argue that replacing human participants with synthetic data risks producing both real-world and epistemic harms at worst and superficial knowledge and cheap science at best.
"Synthetic data: stereotypes compressed" is absolutely spot on. This doesn't give insights into human behaviour and beliefs, just into stereotypes. It is increasingly common in social science fields, under the names of "digital twins" and "silicon samples".]]>data surveys abeba-birhane papers ai synthetic-data digital-twins simulation testing social-science silicon-sampleshttps://pinboard.in/https://pinboard.in/u:jm/b:e5314d304e99/Chafa: Terminal Graphics for the 21st Century2025-12-16T11:05:13+00:00
https://hpjansson.org/chafa/
jmgif images terminal video graphics clihttps://pinboard.in/https://pinboard.in/u:jm/b:e48f83178cc3/Boost for artists in AI copyright battle as only 3% back UK active opt-out plan2025-12-16T10:51:06+00:00
https://www.theguardian.com/technology/2025/dec/16/boost-for-artists-in-ai-copyright-battle-as-only-3-per-cent-back-uk-active-opt-out-plan
jm95% of the more than 10,000 people who had their say over how music, novels, films and other works should be protected [in the UK] from copyright infringements by tech companies called for copyright to be strengthened and a requirement for licensing in all cases or no change to copyright law.
By contrast, only 3% of people backed the UK government’s initial preferred tech company-friendly option, which was to require artists and copyright holders to actively opt out of having their material fed into data-hungry AI systems.
]]>ai training data copyright law uk uk-politics llmshttps://pinboard.in/https://pinboard.in/u:jm/b:6abe0b9d290c/Avoid UUID Version 4 Primary Keys | Software Engineer, Author, High Performance PostgreSQL for Rails2025-12-15T11:59:46+00:00
https://andyatkinson.com/avoid-uuid-version-4-primary-keys
jm
- UUID v4s increase latency for lookups, as they can’t take advantage of fast ordered lookups in B-Tree indexes
- For new databases, don’t use gen_random_uuid() for primary key types, which generates random UUID v4 values
- UUIDs consume twice the space of bigint
- UUID v4 values are not meant to be secure per the UUID RFC
- UUID v4s are random. For good performance, the whole index must be in buffer cache for index scans, which is increasingly unlikely for bigger data.
- UUID v4s cause more page splits, which increase IO for writes with increased fragmentation, and increased size of WAL logs
- For non-guessable, obfuscated pseudo-random codes, we can generate those from integers, which could be an alternative to using UUIDs
- If you must use UUIDs, use time-orderable UUIDs like UUID v7
]]>postgres rails databases sql mysql uuids indexing primary-keys keys lookup storage randomhttps://pinboard.in/https://pinboard.in/u:jm/b:c1aa91942c42/'Pig Butchering' Scams May Have Spurred Thailand-Cambodia War2025-12-09T10:03:53+00:00
https://archive.is/9qbX0#selection-3631.37-3735.16
jmCambodia’s 2019 census put O’Smach’s population just over 9,850, but that doesn’t include the prison-like, office-dormitory compounds that have appeared here over the past five years, with the capacity to house 10,000 more.
Around 50 sites like these now line the Cambodia-Thailand border, designed to house a slice of the trillion-dollar cybercrime industry—primarily teams running investment scams, dubbed “pig butchering” for the way they fatten their targets up; sextortion scams that blackmail victims, including children, by threatening to make sexual images public; scams that impersonate police to gain account access; and fraudulent online gambling sites. Once aimed largely at the Chinese public, these now target victims worldwide and rake in tens of billions of dollars a year in Cambodia alone.
The compounds evolved from a casino industry that caters mostly to Chinese tourists and Thai day-trippers and has been linked to human trafficking, drug smuggling, and the endangered wildlife trade. From 2016, physical casinos were dwarfed by the online gambling industry (outlawed by Cambodia in 2019), which progressed to illegal sites and outright scams. Operators rent space in casinos and purpose-built compounds controlled by Chinese criminals, Myanmar warlords, and the Cambodian political elite.
Scam companies rely heavily on forced and trafficked labor from Asia, Africa, and Latin America to chat with targets, pose as romantic interests and employees at fake investment platforms, and persuade them to make deposits. Survivors tell us that torture, rape, and beatings are common. As the fighting raged in July, some trafficking victims reached out for help, saying they were locked in their dorms by their bosses. Videos shot from inside these sites show missiles flying overhead, explosions thundering outside, some workers appearing to break out and run, and damage from shelling in the grounds.
]]>scams phishing pig-butchering war grim-meathook-future thailand cambodia scammershttps://pinboard.in/https://pinboard.in/u:jm/b:3a608454859d/Year in Review 2025: Hari Kunzru on AI slop and censorship2025-12-08T11:36:18+00:00
https://www.artforum.com/features/year-in-review-2025-hari-kunzru-ai-slop-1234738077/
jmThese days I have a sense of falling from a precipice toward a torrent of algorithmically driven slop. It’s coming, whether we want it or not, and the consequences for our communal life will be devastating.
It’s now seven years since Steve Bannon outlined his infamous strategy to “flood the zone with shit.” This, he said, was a way to “deal with” the media, whom he saw as the real enemies of MAGA. In practice, it has been a very effective method of censorship. With every important issue of the day, the “zone” of public discourse is immediately filled with a volume of competing narratives, often mendacious or misleading. It’s no longer necessary to suppress information. You just have to make the cost of sorting fact from fiction, in terms of time and effort, too high to pay for the ordinary person, who can’t spend all day online weighing up competing claims about robots or pedophilia or Iran.
Generative AI now allows the production of disinformation at scale. The kind of influence ops we associate with Cambridge Analytica or the Russian Internet Research Agency can be conducted with unprecedented scope and sophistication: Thousands of fake people — tens of thousands, perhaps hundreds of thousands — making videos, posting in forums, astroturfing entire contexts in which people will live out their political lives. Couple this with the collapse of trust in all kinds of authority, and there is no one even to say what might distinguish “disinformation” from any other kind of data. [...]
The desire to return to consensus reality is hopelessly nostalgic. Yes, there are still hard limits: The “cloud” is a physical place, scooping out mountains for raw materials and venting heat and carbon dioxide out of gargantuan data centers; political power still grows out of the barrel of a gun. But the layer of the stack in which our subjectivities are formed, the place where our beliefs about the world are shaped, is also a battleground. We must teach ourselves to navigate the torrent that is replacing consensus reality, this turbulent, treacherous mediatized flow. There is no shore to swim back to, but in the new age of magic, when reality is labile and can be recoded by the power of signs, by narrative and memes and vibes and compelling images, art becomes a truly political technology. This is not art as critique. Critique is just sincere-posting, dutifully pointing out yet again that the Medbed isn’t “real.” Art can mess with our masters in ways we don’t yet fully understand. It makes culture. It is a transmitter of values. It is the lava out of which future realities will congeal.
]]>misinformation disinformation facts reality future ai slop hari-kunzru steve-bannon flooding-the-zone-with-shit art media propagandahttps://pinboard.in/https://pinboard.in/u:jm/b:74017e275dc6/Multiplying our way out of division — Matt Godbolt’s blog2025-12-08T10:59:48+00:00
https://xania.org/202512/07-division-again
jmThe compiler has turned division by a constant ten into a multiply and a shift. There’s a magic constant 0xcccccccd and a shift right of 35! Shifting right by 35 is the same as dividing by 235 - what’s going on? [..]
What’s happening is that 0xcccccccd / 2**35 is very close to ⅒ (around 0.10000000000582077). By multiplying our input value by this constant first, then shifting right, we’re doing fixed-point multiplication by ⅒ - which is division by ten. The compiler knows that for all possible unsigned integer values, this trick will always give the right answer.
]]>hacks optimization bit-hacking binary decimal fixed-point arithmetric trickshttps://pinboard.in/https://pinboard.in/u:jm/b:7a0614b312f1/Large Language Models As The Tales That Are Sung2025-12-04T18:25:45+00:00
https://www.programmablemutter.com/p/large-language-models-as-the-tales
jmllms text poetry words language gene-wolfe ascians storytelling structure culturehttps://pinboard.in/https://pinboard.in/u:jm/b:607fd5d33881/'Unauthorized' Edit to Ukraine's Frontline Maps Point to Polymarket's War Betting2025-12-04T13:07:52+00:00
https://www.reddit.com/r/neoliberal/comments/1pbt4m0/unauthorized_edit_to_ukraines_frontline_maps/
jmA live map that tracks frontlines of the war in Ukraine was edited to show a fake Russian advance on the city of Myrnohrad on November 15. The edit coincided with the resolution of a bet on Polymarket, a site where users can bet on anything from basketball games to presidential election and ongoing conflicts. If Russia captured Myrnohrad by the middle of November, then some gamblers would make money. According to the map that Polymarket relies on, they secured the town just before 10:48 UTC on November 15. The bet resolved and then, mysteriously, the map was edited again and the Russian advance vanished.
]]>polymarket betting war future cyberpunk fraud ukraine russiahttps://pinboard.in/https://pinboard.in/u:jm/b:4ac3effec1f2/WallBonito2025-12-03T15:18:12+00:00
https://www.etsy.com/ie/shop/WallBonito
jmframing frames home decoration shopping pictures wallshttps://pinboard.in/https://pinboard.in/u:jm/b:e6a1535629cd/Building a Medallion architecture with ClickHouse2025-12-03T12:55:11+00:00
https://clickhouse.com/blog/building-a-medallion-architecture-with-clickhouse
jm
- Bronze layer - This layer acts as the landing area for raw, unprocessed data directly from the source system: simply put a "staging area". This data is stored in its original structure with minimal transformations and additional metadata. This layer is optimized for fast ingestion, and can provide an historical archive of source data that is always available for reprocessing or debugging. Whether the bronze layer should store all data is a point of contention, with some users preferring to filter the data and apply transformations, e.g., flattening JSON, renaming fields, or filtering out poorly formed data. We're not overly opinionated here but recommend optimizing the storage for consumption by the silver layer only - not other consumers.
- Silver layer - Here, data is cleansed, deduplicated, and conformed to a unified schema, with raw data from the previous Bronze layer being enriched and transformed to provide a more accurate and consistent view. This data can be consistent and usable for enterprise-wide use cases such as machine learning and analytics. The data model should emerge at this layer with a focus placed on ensuring primary and foreign keys are consistent to simplify future joins. While not common, applications and downstream consumers can read from this layer. These are typically business-wide applications that need the entire cleansed dataset, e.g., ML workflows. Importantly, data quality will not improve after this stage only the ease at which it can be queried efficiently.
- Gold layer - This later aims to have fully curated, business-ready, and project-specific datasets that make the data more accessible (and performant) to consumers. These datasets are often denormalized, or pre-aggregated, for optimal read performance and may have been composed of multiple tables from the previous silver stage. The focus here is on applying final transformations and ensuring the highest data quality for consumption by end-users or applications, such as reporting and user-facing dashboards.
This layered approach to data pipelines aims to efficiently address challenges like data quality, duplication and schema inconsistencies. By transforming raw data incrementally, the Medallion architecture aims to ensure a clear lineage and progressively refined datasets that are ready for analysis or operational use.
]]>medallion-architecture data architecture pipelines clickhousehttps://pinboard.in/https://pinboard.in/u:jm/b:be9d27192451/PocketBase2025-11-28T13:01:42+00:00
https://pocketbase.io/
jmgolang opensource database pocketbase web-apps sqlitehttps://pinboard.in/https://pinboard.in/u:jm/b:7e63b498d320/Questioning an Interface: From Parquet to Vortex2025-11-27T11:22:53+00:00
https://www.polarsignals.com/blog/posts/2025/11/25/interface-parquet-vortex
jmLike Parquet, Vortex minimizes bytes on disk. However, Vortex is also designed with a core use-case in mind: decoding and querying data directly from object storage on GPUs. This key idea translates very well to our use-case even though we don’t run our queries on GPUs (yet?). Specifically, the file format is designed to maximize throughput and parallelism from the metadata format to the SIMD/SIMT friendly encodings used.
Crucially, it also acknowledges that part of making queries fast is not only good filter pushdown, but also general-purpose compute pushdown. If anything cannot be pushed down, Vortex’s encodings can be tuned to offer zero-copy conversion to Arrow for further query execution using any general-purpose query execution engine.
Vortex also learns from Parquet’s limitations around extensibility and aims to be as future-proof as possible. New encodings can ship with WASM decoders so encoding adoption is not limited by reader libraries having to implement support. The main Rust library is also designed to be fully extensible, so you can write your own layouts/encodings and plug them in as first-class citizens.
Given how well Vortex’s design matched our needs, we tried it out and got a 70% average performance improvement on all our queries. With the newer encodings that Vortex offers, we got 10% better uncompressed storage size and only 3% larger compressed storage size compared to snappy-compressed Parquet.
]]>gpu vortex parquet compression storage file-formats files pushdown simdhttps://pinboard.in/https://pinboard.in/u:jm/b:45f10d084d4b/The shameful attacks on the Covid inquiry prove it: the right is lost in anti-science delusion2025-11-26T11:56:54+00:00
https://www.theguardian.com/commentisfree/2025/nov/25/shameful-attacks-covid-inquiry-right-anti-science-delusion-lockdowns
jm
That number will stay fixed for ever in public memory: 23,000 people died because Boris Johnson resisted locking the country down in time. As Covid swept in, and with horrific images of Italian temporary morgues in tents, he went on holiday and took no calls. With the NHS bracing to be “overwhelmed” by the virus, he rode his new motorbike, walked his dog and hosted friends at Chevening.
Nothing is surprising about that: he was ejected from Downing Street and later stepped down as an MP largely for partying and lying to parliament about it. Everyone knew he was a self-aggrandising fantasist with a “toxic and chaotic culture” around him. But this is not just about one narcissistic politician. It’s about his entire rightwing coterie of libertarians and their lethally dominant creed in the UK media.
I'm glad the science side kept their receipts but I fear this argument will be relitigated indefinitely by anti-lockdown libertarians.]]>lockdowns covid-19 history uk uk-politics medicine health pandemics boris-johnsonhttps://pinboard.in/https://pinboard.in/u:jm/b:9fe828e5ca76/The developer productivity paradox: Why faster coding doesn’t mean faster software delivery2025-11-24T12:40:59+00:00
https://gradle.com/blog/developer-productivity-paradox-faster-coding-slower-delivery/
jm- Perceived speed is high: Adoption is near-universal (90% usage reported), and confidence is overwhelming (over 80% believe AI has increased their productivity). AI is great at handling cognitive toil and boilerplate, which lets engineers generate bigger code batches and feel genuinely productive.
- Systemic failure persists: The reality, confirmed by DORA in their 2025 report, is that the system often fails to carry or amplify these individual gains. The challenge is that AI models, as massive generative systems, inherently produce failures (mispredictions). As code volume increases, this constant misprediction rate impacts systemic stability.
Interestingly, even leading providers of AI solutions like OpenAI and Anthropic continue to be challenged by the issue of hallucinations and mispredictions, as well as the risks generated by AI. Speaking at a university in India, Sam Altman recently said “I probably trust the answers that come out of ChatGPT the least of anybody on Earth”.
Without strategies and tools for alleviating the issues AI code produces downstream — such as improved observability to understand where something is going wrong — the “much bigger engine” of AI may not actually speed up software delivery after all.
]]>ai llms coding productivity gradle dpe hallucinations software work how-we-workhttps://pinboard.in/https://pinboard.in/u:jm/b:03455784ec12/How Slide Rules Work2025-11-20T10:05:40+00:00
https://amenzwa.github.io/stem/ComputingHistory/HowSlideRulesWork/
jmscience maths slide-rules computing history antiques via:hnhttps://pinboard.in/https://pinboard.in/u:jm/b:18f6e7086fdd/Mic92/strace-macos2025-11-19T11:49:32+00:00
https://github.com/Mic92/strace-macos
jmosx tools strace tracing debugging macos cli unixhttps://pinboard.in/https://pinboard.in/u:jm/b:43bae9d5408c/Cloudflare outage on November 18, 20252025-11-19T10:37:18+00:00
https://blog.cloudflare.com/18-november-2025-outage/
jm classic @devops_borat. "To make error is human. To propagate error to all server in automatic way is #devops"]]>postmortem cloudflare outages configuration deployment cloud error-handling rollouts via:itchttps://pinboard.in/https://pinboard.in/u:jm/b:ed67da858e59/Bitcoin's big secret: How cryptocurrency became law enforcement's secret weapon2025-11-13T09:59:56+00:00
https://bitwarden.com/blog/how-cryptocurrency-became-law-enforcements-secret-weapon/
jmIn 2011, Greenberg thought he'd discovered the story of a lifetime: digital cash that promised complete anonymity. A decade later, that story flipped entirely.
"I had this slow-motion epiphany that I was entirely wrong about Bitcoin. It was, in fact, the opposite of untraceable."
But here's the paradox: if cryptocurrency tracing is so powerful, why do ransomware attacks, pig butchering scams, and North Korean hackers continue to steal billions?
The answer: identifiability isn't the same as accountability.
]]>accountability prosecutions law policing bitcoin cryptocurrency andy-greenberg crime anonymityhttps://pinboard.in/https://pinboard.in/u:jm/b:de6d256fd436/Real VT102 emulation with MAME2025-11-11T10:46:27+00:00
https://zork.net/~st/jottings/Real-VT102-emulation-with-MAME.html
jmmame retrocomputing terminals vt102 hardware hacks unix emulationhttps://pinboard.in/https://pinboard.in/u:jm/b:29606430b19a/The ‘Three-Body Problem’, the Imperative of Survival, and the Misogyny of Reactionary Rhetoric2025-11-10T12:13:53+00:00
https://madeinchinajournal.com/2023/12/11/the-three-body-problem-the-imperative-of-survival-and-the-misogyny-of-reactionary-rhetoric/
jm
It has become clear that the narrative structure of the Three-Bodies series, just like the gongye dang techno-nationalist discourse, is masculinist and misogynistic. Liu explicitly depicts human society under deterrence peace as ‘feminised’, noting the physical as well as mental feminisation of the ‘new era’ men. The qualities conventionally associated with femininity, such as love, compassion, and moral sentiments, are blamed for the extinction of human civilisation, whereas qualities associated with masculinity, such as rationality, determination, and aggression, are framed as key to civilisational survival. The reactionary rhetoric adopts a similar strategy, which is not only evidently anti-feminist, but also feminises social justice issues ‘as a prelude to devaluing and subduing them’ (Kaul 2021: 1624). By labelling anyone with any concerns about human rights or equality a shengmu, this rhetoric constructs certain ideas and political agendas as feminine as a way of delegitimating them: they are either hopelessly idealistic or dangerously undermine stability, growth, and ‘national interests’.
]]>literature review gender scifi misogyny books culture three-body-problem liu-cixin woke chinahttps://pinboard.in/https://pinboard.in/u:jm/b:02628640eb62/What Would “Good” AI Look Like?2025-11-10T11:03:13+00:00
https://www.anildash.com//2025/05/02/what-would-good-ai-look-like/
jmai llms future good-ai anil-dash techhttps://pinboard.in/https://pinboard.in/u:jm/b:a37704a9a596/An exploration on what could be a leftist position on generative AI2025-11-10T11:00:15+00:00
https://www.jacky.wtf/essays/2025/left-ai/
jmhow-we-work socialism jacky-alcine politics left-wing black ai llms future techhttps://pinboard.in/https://pinboard.in/u:jm/b:00f817eb44f5/What the hell have you built.2025-11-06T10:38:19+00:00
https://wthhyb.sacha.house/
jmshitposting funny architecture riak redis mongodb ouch scalabilityhttps://pinboard.in/https://pinboard.in/u:jm/b:0420d47b34a3/Ireland was a key founder of the UN Treaty on the Non-Proliferation of Nuclear Weapons2025-11-05T12:51:01+00:00
https://en.wikipedia.org/wiki/Treaty_on_the_Non-Proliferation_of_Nuclear_Weapons#History
jmWithin the framework of the United Nations, the principle of nuclear non-proliferation was addressed in negotiations as early as 1957. The NPT process was launched by Frank Aiken, Irish Minister for External Affairs, in 1958.
(via Gerard Cunningham)]]>via:faduda history ireland un nuclear nukes non-proliferation frank-aikenhttps://pinboard.in/https://pinboard.in/u:jm/b:70bda1e4dab1/Aisuru botnet switches from DDoS to "Residential Proxies"2025-10-30T12:26:07+00:00
https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/
jmAisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts say a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.
]]>aisuru botnets proxies residential-proxies ai scraping iot infosec securityhttps://pinboard.in/https://pinboard.in/u:jm/b:879d5045f907/Tips for stroke-surviving software engineers2025-10-30T11:49:51+00:00
https://blog.j11y.io/2025-10-29_stroke_tips_for_engineers/
jmprogramming health strokes brain coding work how-we-workhttps://pinboard.in/https://pinboard.in/u:jm/b:f4bd8b850bfd/episodic-memory plugin for Claude Code2025-10-24T12:22:48+00:00
https://blog.fsck.com/2025/10/23/episodic-memory/
jmmemory llms claude claude-code pluginshttps://pinboard.in/https://pinboard.in/u:jm/b:c9ec7964876a/