Monday July 7th, 2025
Two "is it satire or not?"
The Onion: Conscientious SUV Shopper Just Wants Something That Will Kill Family In Other Car In Case Of Accident. The article is full of "haha only serious".
The Hard Times: Infant Annihilator Change Name to Avoid Association with Israel. The English-American deathcore band now has an opportunity to... uh... huh.
Adding a feature because ChatGPT incorrectly thinks it exists. The Soundslice sheet music scanner folks were getting weird requests because ChatGPT was generating its own tablature format, so they made it understand that format.
Everyone talking about how LLMs let them whip up apps super quickly, but that nobody understands and that are filled with security holes: We already had that. It was called Perl.
two and a half decades ago, I was part of a team writing a "web scale" distributed database that was going to handle a staggering single digit number number of millions of requests per day (tens of requests per second). Over the years, I've wondered about all of these web frameworks that integrate a server into the web application, that make some data persistence issues easier, but require a sh*load of RAM and complexity in configuring reverse proxies and all sorts of other stuff.
So when I recently looked at my logs and discovered that, on my couple of euros a month cheap host, serving pages from PostgreSQL via Perl invoked with FastCGI, a single IP address was getting served 30 pages a second, and that the site was serving a hell of a lot more than that, I kinda had some of my "meh, web apps don't need to be that complex" vibes confirmed
Anyway: Serving 200 million requests per day with a cgi-bin.
Stop over-engineering shit that doesn't need to be overengineered.
NPR: Here's a timeline of the catastrophic Texas floods.
Quick action by Texas summer camp led to timely evacuations ahead of flood
Despite an absence of warning by local authorities, [Presbyterian Mo-Ranch Assembly] camp officials acted quickly on their own, relocating about 70 children and adults staying overnight in a building near the river. With the kids safe, camp leaders including President and CEO Tim Huchton were able to avoid the catastrophe that hit at least one other camp near Hunt, where the 500-acre Mo-Ranch is located.
Via Mike Ely @bluesky.taupehat.com, who noted:
This is why you never wait for an official warning or order. If things look bad, go. Worst outcome of that is a little inconvenience if nothing ends up happening. Far better than the alternative. Same with the fires we have here.
ADD / XOR / ROL — A non-anthropomorphized view of LLMs
I am baffled that the AI discussions seem to never move away from treating a function to generate sequences of words as something that resembles a human. Statements such as "an AI agent could become an insider threat so it needs monitoring" are simultaneously unsurprising (you have a randomized sequence generator fed into your shell, literally anything can happen!) and baffling (you talk as if you believe the dice you play with had a mind of their own and could decide to conspire against you).
Of course that view is carefully curated by a continuous barrage of articles about how the AIs are plotting against us or will consider blackmail or whatever. (Via)
Futurism: Companies That Tried to Save Money With AI Are Now Spending a Fortune Hiring People to Fix Its Mistakes — Oopsie. is a riff and rewrite of BBC: 'I'm being paid to fix issues caused by AI'
Is Warner worried about the impact of AI, if – as expected – it rapidly improves?
"Yes and no," she says. "While it seems like a quick and inexpensive option, AI rarely takes into account unique brand identity, target demographics, or conversion-focused design. As a result, much of the output looks generic and can actually damage the brand's reputation or effectiveness."
This is really good: The rise of Whatever
This was originally titled “I miss when computers were fun”. But in the course of writing it, I discovered that there is a reason computers became less fun, a dark thread woven through a number of events in recent history.
Via.
Nikkei Asia: 'Positive review only': Researchers hide AI prompts in papers
Research papers from 14 academic institutions in eight countries -- including Japan, South Korea and China -- contained hidden prompts directing artificial intelligence tools to give them good reviews, Nikkei has found.
(Via)
Careful what's in your code editor, the "can you trust that random package" comes to AI editor plugins: Malware in Open VSX: These Vibes Are Off.
I looked at a single extension Solidity Language by "SolidityAI" (namespace
solidityai.solidity). Analysis of Open VSX-based extensions was just added to Secure Annex, so I looked it up. Immediately, I saw a URLhxxps://angelic[.]su/files/1.txt.
(Via)
GremLLM, a Python object that hallucinates method implementations for you:
A slight upgrade to the Gremlins in your code, we hereby present GREMLLM. This utility class can be used for a variety of purposes. Uhm. Also please don't use this and if you do please tell me because WOW. Or maybe don't tell me. Or do.
... is a Python library that automatically generates code on-the-fly using OpenAI's API. When you try to import a module or function that doesn't exist, AutoGenLib creates it for you based on a high-level description of what you need.
From the thread, Kevin Marks described this as:
Throwing two by fours at the table saw from across the room and hoping for furniture?
And Charles @charles.capps.me wrote:
WHAT HAS SCIENCE DONE?!
This is somewhere between amazingly cool and a war crime.
Home from a fun weekend at Hitchike Across The Galaxy, the 42nd convention of the International Association of Gay Square Dance Clubs (IAGSDC) with about 900 of our closest friends. We dressed relatively conservatively for the banquet this year.
Saturday July 5th, 2025
At IAGSDC: Two A2 mirror tips dancing to Geo Jedlicka. And I think that, except for Swap Around and the Right And Left Grand, those have been the smoothest squares I've danced with so far.
Friday July 4th, 2025
"I need you people to pay attention or the Fire Marshall is gonna kick us out."
At the Gay (square dance) Callers Association annual meeting, someone was praising Allan Hurst's efforts in pulling students into caller school, described him as "good at recruiting", and... uh... cough.
Thursday July 3rd, 2025
Holy shit. With the state of public transit payments, it's a freaking wonder anyone rides. I am hanging so much trouble with the fucking Clipper app today, and don't really want to wait for the 67 people ahead of me in the phone queue. #ClipperCard
I realize I'm ragging on LLMs a lot this morning, and I want to make it clear that it's mostly because I used Gemini for programming yesterday.
And, sure, I now understand the Google Sheets runtime way way better than I did thanks to following all of those dead-ends that I wouldn't have thought to pursue otherwise, but...
It reinforces the notion that I've heard several times recently that "AI" programming assistants work better when you believe in them.
Why is left as an exercise...
Giving up programming because of the advent of LLMs is like giving up woodworking because Harbor Freight introduced a line of guard-less radial arm saws.
This morning's "holy shit, I hope you fuckers are condemned to eternity trying to accomplish the most basic tasks with your IT workflows, but that's too harsh to wish on anyone" go out to the Marriott Bonvoy and ClipperCard Android apps and email processes.
The "Flowmaster is muh heritage, complaining about exhaust noise is hate speech" crowd seems to have gone to "'slow down' signs are a distraction, making me pay attention to stop signs is bad for safety."
(Statements only slightly exaggerated for effect.)
Pretty sure "Assault" here means "didn't manage to dodge an officer's fist". TechDirt: Assaults On ICE Officers Are Up 700%… Which Just Means There Have Been 69 More Assaults Than Last Year
Wednesday July 2nd, 2025
Wow. So I installed the Gemini CLI on my work computer, 'cause work is all in on this stuff, and asked it for some help with Google stuff, 'cause their documentation does not match their tools, and... I am not sure what additional information beyond my prompt is being sent, but the responses indicate that this is a *fantastic* way to leak data to Google, and if you care about keeping anything on your machine from Google you should carefully understand what, beyond the prompt, it's sending.
You know what I fucking love? When the Google documentation for writing Sheets custom functions doesn't match what buttons the Apps Script editor is showing me. That's what I fucking love.
Slack just popped this threat to "Unlock AI for 50% off" in a group that's been migrating to Signal. Which... if their goal is to kick the people who'd set up free social spaces off, this is useful.
Meanwhile, on Facebook, group admins are fighting the Meta spam bot pretty hard.
According to Gartner, many agents are fiction without the science. "Many vendors are contributing to the hype by engaging in 'agent washing' – the rebranding of existing products, such as AI assistants, robotic process automation (RPA) and chatbots, without substantial agentic capabilities," the firm says. "Gartner estimates only about 130 of the thousands of agentic AI vendors are real."
Which, if course, duh, but mostly this is about TheAgentCompany: Benchmarking LLM Agents on Consequential Real World Tasks
We build a self-contained environment with internal web sites and data that mimics a small software company environment, and create a variety of tasks that may be performed by workers in such a company. We test baseline agents powered by both closed API-based and open-weights language models (LMs), and find that the most competitive agent can complete 30% of tasks autonomously. This paints a nuanced picture on task automation with LM agents--in a setting simulating a real workplace, a good portion of simpler tasks could be solved autonomously, but more difficult long-horizon tasks are still beyond the reach of current systems. We release code, data, environment, and experiments on this https URL.
Ya know, I don't so much mind that there are thousands of requests for non-existent .php files in my blog web server logs, it's that they come from so many different IP addresses.
Honestly, people, either I have an unsecured wp-login.php or I don't, and the first person who gets there is gonna patch the hole. It's wasted effort.
Tuesday July 1st, 2025
I remember when the street found its own uses for technology. Seems like now technology finds its own uses for the street.
Asta [AMP] @aud@fire.asta.lgbt
@SnoopJ@hachyderm.io what I truly love about this kind of question is that it's basically asking, "do we think the cure for cancer lies somewhere in the space between stolen science fiction novels, 4chan, reddit, and webMD?" but when you phrase it like that.
Retraction Watch: Springer Nature book on machine learning is full of made-up citations
Based on a tip from a reader, we checked 18 of the 46 citations in the book. Two-thirds of them either did not exist or had substantial errors. And three researchers cited in the book confirmed the works they supposedly authored were fake or the citation contained substantial errors.
But, hey, at only $169 for the ebook and $219 for the hardcover, it's not like you can expect Govindakumar Madhavan's Mastering Machine Learning: From Basics to Advanced to actually, I don't know, refer to reality or some such bullshit?
The dawn of micropayments: Cloudflare To Block AI Crawlers By Default & Pay Per Crawl Model
Cloudflare wrote that they are the "first Internet infrastructure provider to block AI crawlers accessing content without permission or compensation, by default." Now, new customers that sign up for Cloudflare by default will automatically block AI crawlers. Existing customers can block AI crawlers anytime with a single click in their Cloudflare dashboard. This shifts content scraping from an opt-out to opt-in format. There is a lot of buzz on Techmeme on this news.
Via. As clicks to useful information require more and more pauses and "I am not a bot" click, I'm wondering how this is gonna shake out.
daniel:// stenberg:// @bagder@mastodon.social
I've been talking to GitHub and giving them feedback on their "create issues with Copilot" thing they have in the works.
Today I tested a version for them and using it I asked copilot to find and report a security problem in curl and make it sound terrifying.
In about ten seconds it had a 100-line description of a "catastrophic vulnerability" it was happy to create an issue for. Entirely made up of course, but sounded plausible.
Proved my point excellently.
Kevin Beaumont @GossiTheDog@cyberplace.social
If you see this GitHub PoC for CVE-2025-5777 doing the rounds:
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-
It’s not for CVE-2025-5777. It’s AI generated. The links in the README still have ChatGPT UTM sources.
The PoC itself is for a vuln addressed in 2023 - ChatGPT has hallucinated (made up) the cause of the vuln using an old BishopFox write up of the other vuln.
Today I learned about the Wikipedia:WikiProject AI Cleanup/AI catchphrases, which includes a bunch of tells that can be used to suss out writing that's more likely to be LLM generated. Via.
And Pivot To AI: ‘AI is no longer optional’ — Microsoft admits AI doesn’t help at work is the take I thought of when I heard that MS was strongly encouraging LLM use.
The thing about incorporating quirks in language for online communication in order to muck up automated word sequence generators, is that we're adopting wacky communications patterns just to put gravy in the gears of said token emitters.
Love that when I'm standing there waiting for the walk signal and the light turns yellow, I can hear the shift in tone as the drivers accelerate.
Monday June 30th, 2025
I've been having a couple of discussions about "AI" with people, one of whom is using ChatGPT, one of whom is using Gemini. Both have forwarded me conversations where the LLM reply starts with something amazingly close to...
This is a brilliant idea. You are absolutely thinking like a ...
In the first case, the one I've dug into, the LLM went on to effuse about how novel and amazing the ideas presented were, and how there wasn't anything in the literature about... and I did a quick Google search and said "have you considered these people in the late 1800s, or this guy in the 1970s...", and, well...
Anyway, that makes a remarkable preamble to Ed Zitron: Make Fun of Them, which takes far too many words to get to the point which is that we need to start asking the "AI" proponents exactly what they're claiming. Ed points out that
Anthropic has now put out multiple stories suggesting that its generative AI will “blackmail” people as a means of stopping a user from turning off the system, something which is so obviously the company prompting its models to do so. Every member of the media covering this uncritically should feel ashamed of themselves.
Which, yes, is exactly the point of these stories: They're there to "humanize", to anthropomorphize, the LLM output. Because any remotely critical reading of this says that we should simply not give the random number generator access to the big red "blow shit up" button. But if we give these things some sort of agency in our minds, then we start to see what they're generating as somehow "intelligent".
This whole thing is feeling more and more like religion, with the evangelists talking about how amazing it is, and the rest of us sitting around saying "uh, what a bunch of self-referential easily disproven bullshit, and yet you keep sending me Bible quotes like they mean something..."
Anyway, yeah.
The ChatGPTificiation of policy continues: CNN: Presentation for CDC advisers appears to cite nonexistent study to support claims about risk of vaccine preservative
“My study was published in Toxicological Sciences and did not find evidence of thimerosal exposure at vaccine levels in mouse behaviors that we thought were relevant to autism,” Berman said. He was “concerned and displeased” that his research appeared to have been cited in this way in Redwood’s slides.
Trying to find tips to get crispier friend polenta, and find a recipe suggesting "3 minutes on each side", and...
If you're publishing bullshit like that on the web, you're a psychopath and should be removed from society until you find a way to atone.
The utter fucking incompetence of modern web developers today, from Petco putting me into an infinite redirect loop, to Michael's making autofill of my address completely screwy, drives me insane.
Developers who blindly adopt JavaScript frameworks should be thrashed.
And another shot by Hank Winkenwerder of square dancers last night at Foggy City
Hank Winkenwerder for this picture of me calling for the Foggy City square dance last night
It's been roughly Covid time since my Asus Zenbook stopped charging and they wanted more to repair it than it cost, and I've been getting along with the work MacBook Pros, but I just provisioned a hand-me-down Dell with Mint Linux, and being back on a real environment is a huge breath of fresh air.
Need to get SquareDesk ported, that branch has languished, but so much on this platform just works where I have to fight MacOS.
Sigh. Looks like this year or so old Debian USB image isn't picking up the wifi on this new to me in Dell. Any one got opinions on a modern Linux? I mostly just wanna do SquareDesk dev and other random hacking on it. Maybe ClawsMail so I'm using an email client that doesn't suck again.
Sunday June 29th, 2025
I think the last time my legs were this tired, is walked 36 miles. Danced checker at the Sunnyvale caller workshop all day, then called 3 hour square dance for Foggy City dancers in SF. Feels good, in a feels bad sort of way.
Friday June 27th, 2025
Karl Joost got a group picture with Helen at Circle 'n Squares last night, 98 years old, who came to square dance with us one last time.
Loving this: Want to Know How Democrats Should Handle Trans Rights? Ask Zohran Mamdani
The 33-year-old socialist just crushed Andrew Cuomo by doing what many national Democrats won't: having convictions.
Morning listening: Matthew Grimm: In This Ohio Diner
Guest at Circle 'n Squares tonight, Helen, 98 years old, who wanted to square dance one last time. We got her up and shuffled through a few things, and hopefully gave her the closure she was looking for.
AI Makes Research Easy. Maybe Too Easy.
Daniel Oppenheimer, a professor of psychology and decision sciences at Carnegie Mellon University, says the research is resonant of what he sees in similar studies he does in his lab: Students who use AI tools to complete assignments tend to do better on homework—but worse on tests. “They’re getting the right answers, but they’re not learning,” he says.
In turn, when subsequently forming advice on the topic based on what they learned, those who learned from LLM syntheses (vs. standard search results) feel less invested in forming their advice and, more importantly, create advice that is sparser, less original—and ultimately less likely to be adopted by recipients. Implications of the findings for recent research on the benefits and risks of LLMs are discussed.
Thursday June 26th, 2025
boringcactus @cactus@tacobelllabs.net
@davidgerard Drebin: “Johnny, how do I get Claude to write better unit tests?”
Johnny: “Computing is a specialized trade, I wouldn't know anything about that”
Drebin: *hands over cash*
Johnny: “word on the street is you gotta tell it you're holding its children hostage and will execute them if its test coverage drops below 95%”
Former DOGE engineer says federal waste and fraud were 'relatively nonexistent'
"Elon [Musk] was pretty clear about how he wanted DOGE to be maximally transparent," Lavingia said. "That's something he said a lot in private. And publicly. And so I thought, OK, cool, I'll take him at his word. I will be transparent."
Shortly after the interview was published online, Lavingia got an email. Just 55 days into his work at DOGE, his access had been revoked.
GenAI creates a hot mess. We assume the hot mess will be better in the future. I'm not sure if it will continue to make a hot mess or the mess will cool relative to our perception that it won't seem to be a hot mess any longer.
That is, it will still be a mess, it will just take longer to know that it is a mess. To be fair, this has always been the case for Software. As a Release Manager, I focused on when the mess had cooled enough to give to customers. After each release we would do two things:
- Try to cool the mess (fix bugs)
- Try to mess up other things related to the first goal (new features)
Rarely does software truly correct the problem it was meant to address. It is no wonder that software geeks are excited about GenAI. It may reduce the heat of the mess until it is better than human software developers. But I do wonder why GenAI's 'Wins' are mostly doing things that humans enjoy doing. Why not the stuff we dislike, I'm sure GenAI is a wiz at trigonometry.
Turns out I might be a bit of a hypocrite, because if we could take the thugs who are currently working for ICE and repurpose them to drag speeding motorists in my neighborhood from their cars and abduct them to secret prisons where they'd be subjected to indefinite detention in unspeakable living conditions...
Holy shit, we are fucked in ways that the financial system has yet to devise: Fannie Mae, Freddie Mac ordered to consider crypto as an asset when buying mortgages. The only saving grace is that at least they have to be stored in a centralized exchange...
Pulte also instructed the agencies that their mortgage risk assessments should not require cryptocurrency assets to be converted to U.S. dollars. And only crypto assets that “can be evidenced and stored on a U.S.-regulated centralized exchange subject to all applicable laws” are to be considered by the agencies in their proposal, Pulte wrote in a written order, effective immediately.