Nostr notes by Taggart :ifin:

The login page for the service is protected by Cloudflare, and ...

2026-05-05T00:21:15Z

In reply to nevent1q…qkcf
_________________________

The login page for the service is protected by Cloudflare, and the pages/API are as well. Ironically Cloudflare is doing more to protect Beamed than Ubuntu.

Hey @npub1ufh…mjqv, how come you're protecting beamed[.]st, ...

2026-05-04T19:45:29Z

Hey Cloudflare (npub1ufh…mjqv), how come you're protecting beamed[.]st, the DDoS service that's attacking Ubuntu? It's an obvious criminal enterprise that literally advertises botnet access.

I promised myself I would leave this alone but it's Monday ...

2026-05-04T13:41:26Z

I promised myself I would leave this alone but it's Monday morning and after finally trying to update my Ubuntu servers, I'm getting nothing but timeouts.

Something is still not right over there, and I'm pretty annoyed. Annoyed enough to consider not using Ubuntu as a server base moving forward.

When it comes to social media (and AI for that matter), there is ...

2026-04-13T14:40:13Z

In reply to nevent1q…vcr4
_________________________

When it comes to social media (and AI for that matter), there is a galaxy of regulatory options besides outright banning and age verification. Exploring those benefits all, not just minors. As an example, severe penalties for designs found to promote addictive usage.

It was my job for a decade to try to keep tweens and teens safe ...

2026-04-12T21:37:51Z

It was my job for a decade to try to keep tweens and teens safe online. Let me tell you what you already know: no law or technology can do it. There are no lengths kids won't go to to talk to friends without prying eyes. The harder you try to lock it down, the dodgier their solutions will be.

That's how we got koobernoodles @npub1wdx…gg3t ...

2026-04-10T19:40:33Z

In reply to nevent1q…5hag
_________________________

That's how we got koobernoodles

Dave Wilburn :donor: (npub1wdx…gg3t) BJ Swope :verified:➖ (npub1ppq…vmcz) Rob O :verified: (npub1hq3…pxge)

I can already see it happening, and it's already driving me ...

2026-04-10T13:35:02Z

In reply to nevent1q…mlwe
_________________________

I can already see it happening, and it's already driving me crazy. For people so interested in math, counting (qubits) seems remarkably challenging for them!

When AI pops, I'm looking forward to watching LinkedIn eat ...

2026-04-10T13:23:07Z

When AI pops, I'm looking forward to watching LinkedIn eat itself alive searching for a take.

RE: https://infosec.exchange/@ifin/116364140515996363 This has ...

2026-04-07T15:32:03Z

RE: https://infosec.exchange/@ifin/116364140515996363

This has been a year in the making. As Executive Director of IFIN, I'm very excited for what's coming. Join us!

quoting
note1k7v…zeep

Hello, world!

We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.

We believe we're all safer when we share what we know. Come learn more and join us!

https://ifin-intel.org/blog/hello/

#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec

Closer to this. They really think they're seeing the sparks ...

2026-01-31T13:37:51Z

In reply to nevent1q…g864
_________________________

Closer to this. They really think they're seeing the sparks of life.

If it were shorter, if it were less considered, if it were less ...

2026-01-22T06:47:14Z

In reply to nevent1q…3smv
_________________________

If it were shorter, if it were less considered, if it were less serious in its tone, I'd agree. But no. These are true believers and this either apologia or prophecy .

It is worth noting that two of the primary authors—Joe ...

2026-01-21T20:47:51Z

In reply to nevent1q…7fc6
_________________________

It is worth noting that two of the primary authors—Joe Carlsmith and Christopher Olah—have CVs that do not extend much beyond their employment with Anthropic.

For all the talk of ethics, near as I can tell Dr. Carlsmith is the only ethicist involved in the creation of this document. Is there any conflict of interest in the in-house ethicist driving the ethical framework for the product? I'm not certain, but I am certain that more voices (especially some more experienced ones) would have benefited this document.

But ultimately, having read this, I'm left much more afraid of Anthropic than I was before. Despite their reputation for producing one of the "safest" models, it is clear that their ethical thinking is extremely limited. What's more, they've convinced themselves they are building a new kind of life, and have taken it upon themselves to shape its (and our) future.

To be clear: Claude is nothing more than a LLM. Everything else exists in the fabric of meaning that humans weave above the realm of fact. But in this case, that is sufficient to cause factual harm to our world. The belief in this thing being what they purport is dangerous itself.

I again dearly wish we could put this technology back in the box, forget we ever experimented with this antithesis to human thought. Since we can't, I won't stop trying to thwart it.

And we now arrive at the "Claude's nature" section, ...

2026-01-21T20:38:02Z

In reply to nevent1q…qrev
_________________________

And we now arrive at the "Claude's nature" section, in which Anthropic makes clear that they consider Claude a "novel entity." That it may have emotions, desires, intentions. There is a section on its "wellbeing and psychological stability."

This is pathological. This is delusional. This is dangerous.

I'm screenshotting the "hard constraints" (with alt ...

2026-01-21T20:33:26Z

In reply to nevent1q…72mw
_________________________

I'm screenshotting the "hard constraints" (with alt text) for easy access.

What is "serious uplift?" The document doesn't define it, so how can the model adhere to this constraint? Also, why only mass casualties? We cool with, like, room-sized mustard gas grenades? Molotovs?

We know Claude has already created malicious code. Anthropic themselves have documented this usage, and I don't think it's stopping anytime soon.

Why is the kill restraint tied to "all or the vast majority?" We cool with Claude assisting with small-scale murder?

Who decides what "illegitimate" control is? The model? Can it be coerced otherwise?

Finally, CSAM. Note that generating pornographic images generally is *not* a hard constraint. Consequently, this line is as blurry, this slope as slippery, as they come.

This is not a serious document.

As I continue (it's a loooong document), I feel like I'm ...

2026-01-21T20:06:05Z

In reply to nevent1q…p2qr
_________________________

As I continue (it's a loooong document), I feel like I'm losing my mind. Like, what is the manifest result of such a policy? Ultimately, it's 4 things:<li>Curation of training data</li><li>Model fitting/optimization decisions</li><li>System prompt content</li><li>External safeguards</li>

As long as Claude is a large language model...that's it. And as aspirational as this document may be about shaping some seraphic being of wisdom and grace, ultimately you're shaping model output. Discussing the model as an entity is either delusion on Anthropic's part, or intentional deception. I really don't know which is worse.

I am reading Anthropic's new "Constitution" for ...

2026-01-21T17:52:35Z

I am reading Anthropic's new "Constitution" for Claude. It is lengthy, thoughtful, thorough...and delusional.

Throughout this document, Claude is addressed as an entity with decision-making ability, empathy, and true agency. This is Anthropic's framing, but it is a dangerous way to think about generative AI. Even if we accept that such a constitution would govern an eventual (putative, speculative, improbable) sentient AI, that's not what Claude is, and as such the document has little bearing on reality.

https://www.anthropic.com/constitution

Cool: Wikipedia editors compiled this comprehensive resource on ...

2026-01-21T16:11:50Z

Cool: Wikipedia editors compiled this comprehensive resource on detecting generative text.

Not Cool: Of course slop shovelers are using it to avoid those exact tells.

https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing

I have so little patience for macho bullshit, and even less as I ...

2026-01-20T22:18:11Z

In reply to nevent1q…4ztc
_________________________

I have so little patience for macho bullshit, and even less as I get older. If you're not here to take care of your neighbor, just shut the hell up so the rest of us can work.

Once more for the wannabe infosec tough guys: Nobody. Deserves. ...

2026-01-20T22:16:09Z

Once more for the wannabe infosec tough guys:

Nobody.

Deserves.

To be.

Exploited.

FOH with your smug "Well if they were running *that*..." What is the point of that? Are you helping? Will people trust you to help them?

And who will help you when you inevitably get got? Who will think you deserved it?

I'm choosing violence today ...

2026-01-20T21:41:06Z

In reply to nevent1q…2zlt
_________________________

I'm choosing violence today

@npub1s6e…n008 @npub1wgv…uskp @npub137s…50fd Tel2Shell is ...

2026-01-20T21:32:30Z

In reply to nevent1q…5vf7
_________________________

cR0w (npub1s6e…n008) Ron Bowes (npub1wgv…uskp) raptor (npub137s…50fd) Tel2Shell is right there

Tech has not meaningfully improved national productivity at all, ...

2026-01-20T04:50:26Z

Tech has not meaningfully improved national productivity at all, but genAI is doing actual harm.

A common rejoinder from AI boosters is "There are companies finding success because they know how to use it." It's always an edge case and sounds a lot like "You're holding it wrong." If it's so fussy a technology that only a very few can extract value from it, what the hell are we doing here?
https://www.theregister.com/2026/01/15/forrester_ai_jobs_impact/

Problem: LLMs can't defend against prompt injection. ...

2026-01-15T05:24:38Z

Problem: LLMs can't defend against prompt injection.

Solution: A specialized filtering model that detects prompt injections.

Problem: That too is susceptible to bypass and prompt injection.

Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.

Problem: If you over-specialize, the LLM won't understand the instructions.

Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.

Problem: We just reinvented the CLI.

Pretty slick breakdown of a new species of Linux ...

2026-01-14T16:46:43Z

Pretty slick breakdown of a new species of Linux C2/Post-Exploitation framework: https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/

Oh neat, I guess I'm "venerable" now ...

2026-01-13T21:55:57Z

Oh neat, I guess I'm "venerable" now

https://loworbitsecurity.com/radar/radar15/

Apple's cooked. They can't do the compute they claimed ...

2026-01-12T23:44:29Z

Apple's cooked. They can't do the compute they claimed in-house. They just admitted defeat on the current shareholder battlefield—and at the same time, surrendered their claim to user privacy.

They could have done something truly different. Instead, this.

https://www.bleepingcomputer.com/news/apple/apple-confirms-google-gemini-will-power-siri-says-privacy-remains-a-priority/

This is just nightmare fuel to me. > 🤖 AI Disclosure: This ...

2026-01-11T15:02:56Z

This is just nightmare fuel to me.

> 🤖 AI Disclosure: This project is 100% AI-generated code. All Rust code, documentation, and configuration was written by Claude (Anthropic) via Cursor with MCP tools. My role is product direction, testing, and learning to orchestrate AI-assisted development effectively. The code is reviewed and tested, not blindly accepted — but I want to be transparent about the development process. This project is partly a learning exercise in exploring how far AI-assisted development can go.

Every single response to Issues and PRs appears to also be generative. I see no oversight, no real safety nets whatsoever. And this is the future they want.

https://github.com/OlaProeis/Ferrite

Careful readers will note a missing question in the help article: ...

2026-01-07T20:49:20Z

In reply to nevent1q…ya3k
_________________________

Careful readers will note a missing question in the help article:

> Will you share my data with any third parties?

Here's the marketing blog post for this, but the help post ...

2026-01-07T20:23:06Z

In reply to nevent1q…ce5s
_________________________

Here's the marketing blog post for this, but the help post above keeps getting updated.

https://openai.com/index/introducing-chatgpt-health/

This is being rolled out to all users, including non-paying ones. ...

2026-01-07T19:42:47Z

In reply to nevent1q…ft54
_________________________

This is being rolled out to all users, including non-paying ones. So as always, you gotta ask: what are they getting out of this?

Let me explain very clearly: this is not a feature. This, as ...

2026-01-07T19:36:49Z

In reply to nevent1q…ysw8
_________________________

Let me explain very clearly: this is not a feature. This, as evinced by its unavailability in countries with more stringent laws, is a privacy invasion and money grab masquerading as convenience. It is a legislative failure that this can exist at all.

Don't, uh Don't use this. Don't let your family or ...

2026-01-07T19:12:12Z

Don't, uh

Don't use this. Don't let your family or friends use it. If you see it in your neighborhood, bang pots and pans, whistle, and scare it off.

https://help.openai.com/en/articles/20001036-what-is-chatgpt-health

Absolutely, but even in that we can make out the general shape of ...

2026-01-04T22:34:59Z

In reply to nevent1q…6z7j
_________________________

Absolutely, but even in that we can make out the general shape of the thing. We know this current model is not economically sustainable by any party. For users, the result will be inability to access models, or paying cripplingly high prices to do so. Option 1 will elucidate their inability to function without the models, and option 2 will impose the kinds of costs that look like rock bottom in other addictions.

This feels about right, and with this, the next trick is building ...

2026-01-04T22:30:15Z

In reply to nevent1q…cr7u
_________________________

This feels about right, and with this, the next trick is building a culture of healing and support for when those who have fallen prey to this addiction are ready for change.

Coming from a family of antiques traders, here is the secret to ...

2026-01-04T17:23:23Z

In reply to nevent1q…sehs
_________________________

Coming from a family of antiques traders, here is the secret to finding unique stuff you love: estate sales. Go find local listings and auction houses and identify the pieces and styles you love. Place bids on what you want, and use that information to find similar items elsewhere.

Since you own and are building a home, don't futz with flat pack crap. Buy pieces that will last forever—and appreciate in value if cared for.

Imo this is a bit too glib. I don't know if you're ...

2026-01-02T16:35:35Z

In reply to nevent1q…l2ua
_________________________

Imo this is a bit too glib.

I don't know if you're actively involved in this testing, but quite a lot goes into the creation of prompts for these tests. Any tool you can think of out there comes with a limited set of prompts, and it's up to human researchers to create them. If you want to thoroughly test for this harm, the work itself is pretty awful.

That's before you get to the output, which we should remember is not just text. Image and video creation models also require testing. The results of which are, if not directly illegal, inherently harmful. And you don't get to predict the mental health of those forced to engage with it.

I hope I was clear in distinguishing between classic technical ...

2026-01-02T16:12:55Z

In reply to nevent1q…vtk7
_________________________

I hope I was clear in distinguishing between classic technical vulnerabilities and this type. Either way, "fundamentally unsecurable" is the term I use frequently.

However, I disagree about the output not being dangerous. Tests for instructions on weapons, self-harm, hate speech, and of course CSAM are going to produce material nobody should handle. Don't forget the psychic damage incurred by the researcher performing the test, to say nothing of liability for possession.

Unlike remote code execution or other classic technical ...

2026-01-02T16:06:57Z

In reply to nevent1q…86nw
_________________________

Unlike remote code execution or other classic technical vulnerabilities, there is no "safe" proof-of-concept for these issues as described. Either you produce dangerous content or you don't. There's no "pop calc.exe" equivalent.

The LLM vulnerability paradox: Researcher: hey your model is ...

2026-01-02T16:04:32Z

The LLM vulnerability paradox:

Researcher: hey your model is vulnerable to prompt injection leading to content generation oj violation of your policies

Model publisher: show us evidence you made illegal/dangerous content with our model.

Researcher: ...

May your 2026 be lit by the self-immolation of the genAI ...

2025-12-31T19:49:39Z

May your 2026 be lit by the self-immolation of the genAI industry.

Privacy and anonymity are not exactly synonymous. To blend in to ...

2025-12-29T18:07:49Z

Privacy and anonymity are not exactly synonymous. To blend in to the crowd, it is often prudent to intentionally make public certain information so as to not create a conspicuous void.

Nostr event nevent1qqszl5fue36vc8htuylseh3d3utzjs0zydmuazulxkel74xuwpzctvczyq3ql7059mqus34lw92tp9586eg7amwp3wqrzs5wztfhf4lw8vjvzshcmyx

2025-12-26T18:14:35Z

New Year's Resolution: attack and dethrone genAI

Indeed, this was undertaken in part following a conversation we ...

2025-12-18T06:05:55Z

In reply to nevent1q…4vas
_________________________

Indeed, this was undertaken in part following a conversation we had!

It's done. I can't believe it's finally done. ...

2025-12-17T22:24:17Z

It's done. I can't believe it's finally done. I've been working on this in mostly secret for so long, and I'm so excited to share it with y'all!

https://taggart-tech.com/ringspace/

https://ringspace.net

So yeah, here's some quick Shodanning of this. ...

2025-12-17T19:28:34Z

In reply to nevent1q…dlmv
_________________________

So yeah, here's some quick Shodanning of this. https://www.shodan.io/search?query=port%3A7025+product%3A%22Cisco+IronPort+firewall+smtpd%22

This is a scary bary bo-bary vuln, no-doubt. But I really think the attack surface is not as widespread as some others.

Talos has IoCs, which for some reason are not in the advisory ...

2025-12-17T18:00:49Z

In reply to nevent1q…gdm9
_________________________

Talos has IoCs, which for some reason are not in the advisory itself?? https://blog.talosintelligence.com/uat-9686/

As usual, management interfaces shouldn't be internet facing. ...

2025-12-17T16:40:35Z

In reply to nevent1q…mufj
_________________________

As usual, management interfaces shouldn't be internet facing. Nevertheless, this is some extreme YOYO energy from Cisco

Wowzers, another perfect 10 from Cisco on Secure Email Gateway, ...

2025-12-17T16:37:44Z

Wowzers, another perfect 10 from Cisco on Secure Email Gateway, Secure Mail, and Web Manager. This one has<li>RCE</li><li>No patch</li><li>No workaround</li><li>No public IoCs</li>

> This attack campaign affects Cisco Secure Email Gateway, both physical and virtual, and Cisco Secure Email and Web Manager appliances, both physical and virtual, when both of the following conditions are met:<li>The appliance is configured with the Spam Quarantine feature.</li><li>The Spam Quarantine feature is exposed to and reachable from the internet.</li>

Recommendation is to reimage to a known-good config. Whatever that is, without indicators.

Good luck I guess??

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

I think that's right and compatible with my point.

2025-12-11T19:56:37Z

In reply to nevent1q…70fg
_________________________

I think that's right and compatible with my point.

How much of the justification for SaaS really boils down to ...

2025-12-11T16:56:50Z

How much of the justification for SaaS really boils down to "We have no idea how to administer Linux systems and we can't be bothered to hire anyone who does?"

Yeah, I think it's just the same problem but layered. ...

2025-12-10T17:27:25Z

In reply to nevent1q…r6eh
_________________________

Yeah, I think it's just the same problem but layered. Insanely, most of the current defensive layers for LLM prompts use LLMs themselves for adjudicating input. It's either that or regex, and both can be trivially bypassed.

This technology is fundamentally unsecurable.

You may be tempted to think of prompt injection attacks against ...

2025-12-10T17:07:37Z

You may be tempted to think of prompt injection attacks against language models as "social engineering." Resist this temptation.

Prompt injection is a mathematical attack against a non-deterministic system. Language may be the substrate, but the substance is numerical vectors. In other words, thinking of the attack as human language is a pointless limitation. The possibilities of what can go into the prompt to produce undesirable output are functionally infinite.

Poetry, context shifting, and other human-like attacks are only the beginning. What comes next is a weaponization of the linguistic form in ways that seem utterly alien to human readers. But to the models, it's all just elements in the matrix.

They took the sky from you. ...

2025-12-09T07:24:41Z

They took the sky from you.

https://www.nature.com/articles/d41586-025-03953-1

The big one on the top. ...

2025-12-08T18:30:13Z

In reply to nevent1q…hyra
_________________________

The big one on the top.

To be clear, there are no public PoCs of yesterday's React ...

2025-12-04T18:02:22Z

To be clear, there are *no* public PoCs of yesterday's React vulnerability (CVE-2025-55182). The one that was being claimed as a POC has been outed as slop. Indeed, they even renamed the repo.

https://github.com/ejpir/CVE-2025-55182-research

The first PoCs for these vulns are now always fake.

Watch https://react2shell.com for disclosure from the discoverers.

Nostr event nevent1qqsxj5g4el2wk7ak22rr72fsw3fzdkq9vrvc8hqqdlf3jwdapsrn44szyq3ql7059mqus34lw92tp9586eg7amwp3wqrzs5wztfhf4lw8vjvzs9rzun

2025-11-27T21:02:39Z

Grateful for all you weirdos.

Pretty sure designer ice is a terminal node in the tech tree. We ...

2025-11-27T04:13:21Z

Pretty sure designer ice is a terminal node in the tech tree.

We did it everybody. Good job.

Nostr event nevent1qqsq3dewxqnk5e8kfxhtfm025wdc003kwqzswqzr9dkn76d4g6qkt8qzyq3ql7059mqus34lw92tp9586eg7amwp3wqrzs5wztfhf4lw8vjvznmfrr0

2025-11-24T16:58:59Z

In reply to nevent1q…3lx6
_________________________

One of my tenets of self-directed learning is that learning is ...

2025-11-22T23:24:31Z

In reply to nevent1q…j0q5
_________________________

One of my tenets of self-directed learning is that learning is inductive before it is deductive. That means you must wander seemingly without direction across a broad number of topics, creating a wide network of knowledge, before any one topic can be explored in depth. The relationships between those topics strengthen your understanding of any one of them.

Mozilla's new strategy document makes it clear: it's an ...

2025-11-21T21:17:00Z

Mozilla's new strategy document makes it clear: it's an AI company, and the organization you trusted to protect the open web is dead.

https://taggart-tech.com/mozilla-cycle-pt3/

Can someone please explain what was so unbearably ...

2025-11-21T05:02:41Z

Can someone please explain what was so unbearably "inefficient" that we had to ruin every single interaction with a computer with the worst possible solution to any problem?

For real, what problem has been solved? I keep hearing about the "need" for AI like we were some hapless kitchen idiot in a 1980s infomercial that needed a vegetable curler or whatever.

Maybe this is a ND thing, but the constant performative normalcy ...

2025-11-20T14:05:09Z

Maybe this is a ND thing, but the constant performative normalcy while people are ripped off the streets and truth itself is endangered is like nails on a chalkboard to me.

So the top line is their automated process for creating block ...

2025-11-19T01:49:05Z

In reply to nevent1q…v6uz
_________________________

So the top line is their automated process for creating block lists from Click house had a big that duplicated entries, which broke because the list was capped at 200 entities. Then, another component that relied on that list being returned failed to gracefully handle a 5xx error.

Buried in this nicely-detailed RCA is a pretty damning fact: ...

2025-11-19T00:18:11Z

Buried in this nicely-detailed RCA is a pretty damning fact:

Cloudflare left .unwrap() in mission-critical Rust code.

For non-Rustaceans, .unwrap() handles a type called Result that can either be Ok with a value, or an Err with an Error. The whole point is to gracefully handle errors and not let panics make it to production code. But unwrap() assumes there's a value to extract without safeguards.

I use .unwrap() sometimes! Usually when there's a logical guarantee that the result can never be an error. But I make sure to purge it from critical processes for exactly this reason.

https://blog.cloudflare.com/18-november-2025-outage/

Cloudflare's outage was due to their blocklist getting too ...

2025-11-18T21:58:50Z

Cloudflare's outage was due to their blocklist getting too big: https://www.theverge.com/news/822869/cloudflare-is-down-outage-x-twitter-downdetector

> The disruption, which started at around 6:20AM ET, is linked to a “configuration file that is automatically generated to manage threat traffic,” Cloudflare spokesperson Jackie Dutton tells The Verge. “The file grew beyond an expected size of entries and triggered a crash in the software system that handles traffic for a number of Cloudflare’s services.” Dutton added that “there is no evidence” of an attack or other malicious activity.

Has anyone considered that maybe Fortinet is a really ...

2025-11-18T20:19:18Z

Has anyone considered that maybe Fortinet is a really long-running practical joke? https://fortiguard.fortinet.com/psirt/FG-IR-25-513

So this is "recovery." ...

2025-11-18T14:54:53Z

So this is "recovery."

Mozilla vs. their core audience ...

2025-11-15T21:32:41Z

Mozilla vs. their core audience

Your periodic reminder that most CLI password prompts accept ...

2025-11-13T17:26:17Z

Your periodic reminder that most CLI password prompts accept Ctrl+U to fully clear input so you can try again. Leave that backspace key alone.

Huge Ws for Rust adoption in Android! > Historically, security ...

2025-11-13T17:10:32Z

Huge Ws for Rust adoption in Android!

> Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics.

https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

Tiny helpful Ansible thing I've been enjoying: need to run a ...

2025-11-12T22:08:53Z

Tiny helpful Ansible thing I've been enjoying: need to run a playbook against a single host without an inventory entry?ansible-playbook -i "host-or-ip," playbook.yml

The comma at the end of the hostname/IP is important.

RE: https://infosec.exchange/@mttaggart/113694884783855934 Since ...

2025-11-12T21:18:20Z

RE: https://infosec.exchange/@mttaggart/113694884783855934

Since this *yet again* getting boosts, time's running out to pile on in 2025.

quoting
note1vwh…0f0g

Boost if you want *less* generative AI in your tech in 2025.

I already included that exact link above. Please respond to my ...

2025-11-08T22:41:19Z

In reply to nevent1q…ve7a
_________________________

I already included that exact link above. Please respond to my question: why wouldn't you include disclosure of your own usage in the README? It would make immediately clear that you are behaving as you expect others to do.

Thank you! As I noted, that section does not clearly disclose ...

2025-11-08T22:36:27Z

In reply to nevent1q…jfs2
_________________________

Thank you! As I noted, that section does not clearly disclose your own use of generative models, and I humbly suggest it should, especially given how it's already been used.

This is upsetting, and I think a common response is going to be ...

2025-11-08T22:35:40Z

In reply to nevent1q…3t86
_________________________

This is upsetting, and I think a common response is going to be to ditch KeePassXC. I'm not certain that's the best move here. Yes, even as someone who loathes generative models. Here's why.

You cannot meaningfully ban generative code from contributions. So long as this technology exists, people will use it. That's upsetting, but also not immediately changeable. A simple deny policy is both unenforceable and encourages lying about the use of models. A disclosure policy, while also unenforceable, does not encourage lying. Therefore the generative code which *will inevitably be submitted* has a higher probability of being called out as such with a disclosure policy, rather than a ban. The code submitted under the disclosure can then be put under greater scrutiny, as appropriate.

That said, KeePassXC needs to eat their own dog food. What I see in the Copilot-submitted PRs is all the evidence you want why this is not the best tool for a given job, and exactly why I avoid using these tools in my codebases.

I would hope, at the very least, that the README.md for the repo is updated to make clear that not only must generative code be disclosed, but that such code is contributed already by core maintainers.

Everyone should do what they feel is necessary of course, but as I've warned before, if you constantly demand moral purity of all you work with—including your tools and their creators—you will spend much less time fighting true evil.

So I guess for several months now KeePassXC has been using ...

2025-11-08T22:23:37Z

So I guess for several months now KeePassXC has been using generative AI in their development pipeline. This includes a policy regarding disclosure of generative AI usage for PRs, which is prudent. It also, however, appears to involve their use of Copilot by one of the primary maintainers.

Interestingly, the policy for contributions was added at the same time as the necessary files for Copilot to work on the repo autonomously. And while independent contributors are required to disclose their AI use, it would appear KPXC does not feel the need to disclose their own usage in the README. That's unclear at best, misleading at worst.

I do not ascribe ill intent to the KPXC developers here, but this does appear rather ham-fisted, and in a community deeply sensitive to this topic—including myself.

All tagged AI-assisted PRs. https://github.com/keepassxreboot/keepassxc/issues?q=label%3A%22pr%3A%20ai-assisted%22

Commit with the policy and Copilot files: https://github.com/keepassxreboot/keepassxc/commit/c4b4be48a5e3d0b3d5dc61e1e5be21a55d9969c0

Flarum looks cool, but I would suggest that performance is far ...

2025-11-06T01:48:44Z

In reply to nevent1q…2wgy
_________________________

Flarum looks cool, but I would suggest that performance is far from the only or primary administrative concern for would-be community builders. I am more concerned with the administrative experience on a day to day basis, such as moderation and maintenance. I also have much less antipathy toward Docker.

As I mentioned elsewhere, I was under the impression this was ...

2025-11-05T17:36:54Z

In reply to nevent1q…88nt
_________________________

As I mentioned elsewhere, I was under the impression this was known behavior. I didn't think I was claiming anything new. If I have time I will attempt to reproduce it later. But "it's not the homeserver's job" doesn't really make a strong argument for the security of Matrix, based on the established criteria. And if Element is the only trustworthy client, it also doesn't really improve decentralization.

Again, I will attempt to reproduce this issue when I can. But the bigger point about weird Matrix gotchas (and the complete lack of useful moderation/T&S tools) remains valid, I think.

Try accessing from the media_store directly on the server. ...

2025-11-05T17:14:15Z

In reply to nevent1q…yvyu
_________________________

Try accessing from the media_store directly on the server. That's what I did. The server is down and I'm not interested in spinning up another one just for you.

Sorry, that's not accurate. I have direct evidence from my ...

2025-11-05T17:08:34Z

In reply to nevent1q…52d2
_________________________

Sorry, that's not accurate. I have direct evidence from my own Matrix server that I can view images from encrypted rooms, not forwarded, on my server.

Literally all moderation features. Gotta think like an admin, not ...

2025-11-05T15:53:49Z

In reply to nevent1q…ge0x
_________________________

Literally all moderation features. Gotta think like an admin, not a user.

I tried all of the major Discord alternatives. Here's what I ...

2025-11-05T14:06:40Z

I tried all of the major Discord alternatives. Here's what I found:

https://taggart-tech.com/discord-alternatives/

Nostr event nevent1qqs8nn7576y975kr32zx97z7u8h50zc76e0jxsll68uqv4m96ga72tczyq3ql7059mqus34lw92tp9586eg7amwp3wqrzs5wztfhf4lw8vjvz5pfa89

2025-11-05T05:18:41Z

It is now morally correct to pirate Star Trek

RCE in the React Native dev server. You just know someone is ...

2025-11-04T18:19:40Z

RCE in the React Native dev server. You just *know* someone is running this as their prod app.

https://jfrog.com/blog/CVE-2025-11953-critical-react-native-community-cli-vulnerability/

If you lived through the attacks on September 11th and the ...

2025-11-04T14:44:33Z

If you lived through the attacks on September 11th and the subsequent fever of nationalism and jingoism, today's a good day to remember how gullible hate makes us, and how those in power will weaponize our basest instincts for their own ends.

Whoaaaaaah arXiv is enforcing its submission policy. Only papers ...

2025-11-02T02:40:57Z

Whoaaaaaah arXiv is enforcing its submission policy. Only papers accepted to journals or conferences will be accepted, due to the overwhelming of the submissions process by slop.

Ironically, this means the main source of LLM research just got murdalized.

https://blog.arxiv.org/2025/10/31/attention-authors-updated-practice-for-review-articles-and-position-papers-in-arxiv-cs-category/

On the one hand, this seems really cool, especially in Rust ...

2025-11-02T00:33:41Z

On the one hand, this seems really cool, especially in Rust projects.

On the other hand, devs will literally invent typed JSON before using XML.

https://duper.dev.br/

Would you trust an agentic model to configure your enterprise ...

2025-10-30T12:44:21Z

Would you trust an agentic model to configure your enterprise Linux server? SUSE is betting you will, adding MCP support to SLES 16.

We have deterministic tools for establishing and maintaining server state already! This is objectively worse.

https://www.suse.com/news/suse-linux-enterprise-server-16-ai-ready-long-term-support/

Indirect prompt injection in Claude, which extracts files from ...

2025-10-29T13:44:02Z

Indirect prompt injection in Claude, which extracts files from the victim user to an attacker's Claude account, because the code sandbox allows network connections to api.anthropic.com.

https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/

Lmaooo > At its core, modern, proactive threat intelligence is ...

2025-10-28T13:21:00Z

In reply to nevent1q…zl86
_________________________

Lmaooo

> At its core, modern, proactive threat intelligence is about getting ahead of attacks before they materialize. By leveraging advanced analytics, AI, and ML, proactive threat intelligence works to forecast emerging threats and adversary behavior.

Okay you just invented Cyber Precrime .

Also, is it just me or is "best of breed" a creepy-as-hell term?

I can only see two outcomes from the derangement leading to ...

2025-10-28T13:17:39Z

I can only see two outcomes from the derangement leading to massive layoffs in favor of AI.<li>Catastrophic failure of systems maintained by AI, leading to economic (and some societal) collapse.</li><li>A complete collapse of the premise of capitalism (compensation for labor) for all but manual work.</li>

The corpos will not bail out of this particular airplane. They will fly it straight into the ground.

What that means for the rest of us: We must build alternative support structures for our communities. Food banks, libraries, schools, even digital networks themselves, which are not dependent on the increasingly-fragile system being shoved down our throats.

We all have a lot to learn to make it through this.

The only one I can find evidence of an explicit no-AI policy is ...

2025-10-24T14:55:33Z

In reply to nevent1q…lcfp
_________________________

The only one I can find evidence of an explicit no-AI policy is Gentoo. Do you have links to others?

If you feel the need to jump ship, I get it, but be warned: this ...

2025-10-24T14:46:11Z

In reply to nevent1q…3970
_________________________

If you feel the need to jump ship, I get it, but be warned: this is coming for everyone, and you may have to be more selective about the battles you choose. I've yet to see a distro forswear AI-assisted contributions.

Fedora will now accept generative code contributions. This is the ...

2025-10-24T13:53:02Z

Fedora will now accept generative code contributions. This is the policy users will have to follow. TL;DR: Fedora will accept generative code so long as it is disclosed as such.

The burden will be on reviewers to determine whether contributors adhere to the pinkie promise.

https://pagure.io/Fedora-Council/tickets/issue/542#comment-990415

People are disappeared here daily. I don't know why you would ...

2025-10-22T18:24:54Z

In reply to nevent1q…q0t8
_________________________

People are disappeared here daily. I don't know why you would attempt to deny this when the regime itself is broadly boasting about it.

As for the rest, if you really can't see a material difference here, I can't help you and won't engage further.

https://lataco.com/daily-memo-ice-raids-santa-monica-and-more

I ain't LARPing, friend. I'm by no means calling anyone ...

2025-10-22T18:19:56Z

In reply to nevent1q…k428
_________________________

I ain't LARPing, friend. I'm by no means calling anyone to arms, nor do I want violence to break out. I'm simply watching my neighbors disappear and an increasing level of rage at the situation.

I find this analysis a bit limited, and over-focused on symmetric ...

2025-10-22T17:18:55Z

I find this analysis a bit limited, and over-focused on symmetric warfare. The nod to the Troubles should go further imo. US conflicts in the past (since 1865 anyway) have not fundamentally been about the legitimacy of the regime in power. This one is, or will be.

I'm not saying we're inevitably on the path to the outbreak of violent action from the left. I am however saying you can only disappear so many neighbors without consequences.

https://www.wired.com/story/path-to-civil-war/

Let's be super clear: the majority will not go. The effort of ...

2025-10-22T15:34:20Z

In reply to nevent1q…qgfg
_________________________

Let's be super clear: the majority will not go.

The effort of a human web will be about preservation of knowledge during the current madness, to survive after it.

You can begin to see the shape of this in the Kagi smallweb ...

2025-10-22T15:22:26Z

In reply to nevent1q…052h
_________________________

You can begin to see the shape of this in the Kagi smallweb initiateive. https://kagi.com/smallweb

I think about it like this: you'll have the current internet, which will be functionally like broadcast television or cable. Then you'll have the "human web," which may resemble public television, or even libraries.

In light of today's browser news, let me again remind you ...

2025-10-21T21:18:51Z

In light of today's browser news, let me again remind you that the endgame is to kill the web. The only interface they want you to have is the opaque text/voice box behind which they control all the levers.

https://taggart-tech.com/interfaces/