Asad R

found this in the comments of @antirez's old blog. interesting reframe of the whole 10x programmer thing. antirez.com/news/112

Half of offsec lives on platforms whose ToS prohibit half of offsec. Rootshell, Packet Storm, hack.co.za, milw0rm had this figured out 20 years ago. Maybe it's time to stop pretending GitHub/Lab is neutral infrastructure.

I can share an interesting experience from last week. We have a person who is incharge of buying hardware, software and data sets. This might sound stupid but when you are buying 100s of servers, workstations and laptops a month, it's complicated. This dude used Claude to create an entire tracking and maintanence portal that inventoried everything. He even managed to integrate the portal with our monitoring software to display the status of every server vm. He then modified it to store invoices and so on. He's been at it for a couple of weeks and we've been able to identify wastage and needs. Without Claude, this would have been a maze of spreadsheets and a lot of manual labor. But we wouldn't have hired a developer for this. To me, this kind of software is the killer use case for AI. Enough to simplify your life, but not enough to justify hiring someone or buying a product. Is the code great? Is it scalable? Is it good software engineering? No, no and no. But that's besides the point.

1/ Some things I've learned recently running coding agents on large-scale projects. Most of this contradicts advice from 6 months ago!

I’ve been around long enough to remember when source code/binary auditing was how bugs were found. Then there was 20 years where fuzzing was best. Now source code analysis (via LLM) is the jam again.

👀

rewriting Bun to Rust was faster than writing the blog post about it

Quick, someone re-write nginx in Rust.

I broke Kindle's DRM protection tonight through a mix of static and dynamic analysis. AES key is derived from accountSecrets, kindle device ID, and voucher path. Book is decrypted in parts using OpenSSL from Ion blobs and then decompressed with LZMA.

I get how uncomfortable it feels to disengage from the syntax, from the sequence, selection, and iteration of code, from the dopamine hit of getting a complicated function to execute properly. I get it. I've been coding for longer than most of you have been alive -- I get it. But the bar has been raised. And if I, someone who has been coding for more than six decades, can clear that bar, you should be able to clear it too. And fear not, I've found plenty of joy on the topside of that bar. It just take a leap...

Sometimes it confuses me how the security field today fails to remember why things like least privilege and privilege separation were built into qmail, postfix, and SSH long ago. Then I remember that an astonishingly small percentage of the field today were around back then.

When we first obtained this document, we deemed it too risky to publish in full. For a variety of reasons we don’t need to get into, the risk equation has changed and it’s important this memo be in the historical record.

If a lobby can buy an election, it's not a democracy, period. And if an evil lobby can buy an election, it's far worse than any form of autocracy. Let that sink in.

I'll tell you why so many people upset about the "no hallucinated citations" ban on the arxiv: because they've all been copying citation lists from each other without checking them since the beginning of time. And why did they do this? Because half of the citations in scientific papers are politics and not to the benefit of the reader. If you don't list the right papers, your paper doesn't look 'right' and reviewers will complain that you didn't cite this-and-that other unrelated work. For what I am concerned, these are all bullshit citations that shouldn't be in the papers in the first place. They can easily be automated by "related papers" links, that are (wait for it) provided by... AI...

today we are releasing a qemu escape

Today I shall discourse on the tangled history of the Meta key. Long long ago, in the dark and backwards abysm of time, there was a keyboard of exceeding beauty and complexity called the Space Cadet keyboard. It was attached to a device called the Lisp Machine, around which many arcane legends have gathered. What bears on my tale is that on the Lisp Machine, a byte was nine bits rather than the now usual eight. Thus there was the potential for the Space Cadet keyboard to ship no fewer than 512 distinct characters. To add to this plurabundance, the Space Cadet did not stop with the Shift and Control keys that were usual on the serial terminals of the time; nay, it had also Meta, Super, and Hyper keys that twiddled in their various ways the high bits of the keystroke returned to the machine. This was the origin of the Meta key. Now we must speak of Emacs, most ancient and powerful of editors, tool of wizards. One of its earliest versions ran on the Lisp Machine, and the splendiferous Space Cadet keyboard greatly influenced its interface design. This is why on the versions that run even today you often see command sequences documented as beginning with "Meta". However, the serial terminals on which most instances of Emacs actually ran in those days were not blessed with a Meta key. So the Escape key was pressed into service; and for this reason some people still pronounce Esc as "Meta". Then, in the fullness of time, there arose a second great keyboard of legend - the Model M, which after 1987 became the keyboard shipped with IBM PCs and related machines. It was said of this mighty and weighty keyboard that you could not only type with it, but use it as a rather effective bludgeon in the event of a zombie or velociraptor attack. The key layout of the Model M was primarily based on the extremely popular DEC VT220 terminal from a few years earlier. But, miraculously, in addition to the expected Esc, the Model M added one detail that harked back to the earlier Space Cadet keyboard: an Alt key. The Alt key was intended to do the same thing that Meta had - set the 8th bit of the returned character. In this way "Meta" acquired a third meaning - the Alt key. This was less confusing than it might have become because in Emacs, an Esc prefix was treated identically to the Alt modifier. So it might be said that there were *two* Meta keys. Around 1995, PC keyboards grew another modifier key. This has variously been called the Windows or Command key - but in the Unix documentation, and among those of us who remember the ancient lore, it is called "Super". Alas, it seems unlikely that the Hyper key will ever return to this fallen world.

Gentle reminder on how, in the recent DS4 fiesta, not just me but every other contributor found GPT 5.5 able to help immensely and Opus completely useless.

What happens when you post a real Monet and say it’s AI? The coolest art social experiment I’ve seen in a while. Thank you @SHL0MS

When a pilot flies in clear air with an unobstructed view of the horizon they can use Visual Flight Rules. No instruments necessary. You just fly because you can see. When a pilot flies in the clouds where there is no view of the horizon they must use Instrument Flight Rule (or they die within a few seconds). This requires a lot of specialized training and an intense amount of discipline. Things happen fast as you approach an airport and you have GOT TO BE ON YOUR GAME. Programming with Agents is like flying under IFR. You can't see. But you trust your instruments and you are disciplined as hell (if you want to live).

@v12sec Man even that exploit progress visualization looks nice.

another day, another universal linux LPE