Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youā€™ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cutā€™nā€™paste it into its own post ā€” thereā€™s no quota for posting and the bar really isnā€™t that high.

The post Xitter web has spawned soo many ā€œesotericā€ right wing freaks, but thereā€™s no appropriate sneer-space for them. Iā€™m talking redscare-ish, reality challenged ā€œculture criticsā€ who write about everything but understand nothing. Iā€™m talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyā€™re inescapable at this point, yet I donā€™t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldnā€™t be surgeons because they didnā€™t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canā€™t escape them, I would love to sneer at them.

(Semi-obligatory thanks to @dgerard for starting this)

  • David Gerard@awful.systemsM
    link
    fedilink
    English
    arrow-up
    12
    Ā·
    3 months ago

    that dude advocates LLM code autocomplete and heā€™s a cryptographer

    like that codeā€™s gotta be a bug bounty bonanza

    • self@awful.systems
      link
      fedilink
      English
      arrow-up
      9
      Ā·
      3 months ago

      dear fuck:

      From 2018 to 2022, I worked on the Go team at Google, where I was in charge of the Go Security team.

      Before that, I was at Cloudflare, where I maintained the proprietary Go authoritative DNS server which powers 10% of the Internet, and led the DNSSEC and TLS 1.3 implementations.

      Today, I maintain the cryptography packages that ship as part of the Go standard library (crypto/ā€¦ and golang.org/x/crypto/ā€¦), including the TLS, SSH, and low-level implementations, such as elliptic curves, RSA, and ciphers.

      I also develop and maintain a set of cryptographic tools, including the file encryption tool age, the development certificate generator mkcert, and the SSH agent yubikey-agent.

      I donā€™t like go but I rely on go programs for security-critical stuff, so their crypto guyā€™s bluesky posts being purely overconfident ā€œyou canā€™t prove Iā€™m using LLMs to introduce subtle bugs into my codeā€ horseshit is fucking terrible news to me too

      but wait, mkcert and age? is that where I know the name from? mkcertā€™s a huge piece of shit nobody should use that solves a problem browsers created for no real reason, but I fucking use age in all my deployments! this is the guy Iā€™m trusting? the one whoā€™s currently trolling bluesky cause a fraction of its posters donā€™t like the unreliable plagiarization machine enough? thatā€™s not fucking good!

      maybe I shouldnā€™t be taking this so hard ā€” realistically, this is a Google kid whoā€™s partially funded by a blockchain company; this is someone who loves boot leather so much that most of their posts might just be them reflexively licking. they might just be doing contrarian trolling for a technology they donā€™t use in their crypto work (because itā€™s fucking worthless for it) and maybe what weā€™re seeing is the cognitive dissonance getting to them.

      but boy fuck does my anxiety not like this being the personality behind some of the code I rely on

      • gerikson@awful.systems
        link
        fedilink
        English
        arrow-up
        8
        Ā·
        3 months ago

        Oh shit, thatā€™s where I recognize his name from. Very disappointing heā€™s full on the LLM train.

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          8
          Ā·
          3 months ago

          cryptographers: need strict guarantees on code ordering and timing because even compiler optimizations can introduce exploitable flaws into code that looks secure

          the go cryptographer: thereā€™s no reason not to completely trust a system that pastes plagiarized code together so loosely it introduces ordering-based exploits into ordinary C code and has absolutely no concept of a timing attack (but will confidently assert it does)

      • froztbyte@awful.systems
        link
        fedilink
        English
        arrow-up
        5
        Ā·
        3 months ago

        yeah. Been following valsorda for a while because reasons, but thereā€™s a certain type of thing they frequently go for. ā€œItā€™s popular and thus worth it, who cares about the side effectsā€ isnā€™t something they seem to concern themselves with in respect to the gallery of shit

        I know that rage exists, but havenā€™t really tried to make serious use of it yet. Probably worth checking out

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          7
          Ā·
          3 months ago

          I know that rage exists, but havenā€™t really tried to make serious use of it yet.

          oh I make serious use of rage all the time in my work

          not the program, but that looks cool too