ypsehlig

2am A pirate curse on the murder of raucous teenagers who woke me from hard earned sleep at 1am. May you and all your descendants have kids

@UK_Daniel_Card @rrespectorr

@rrespectorr Haha I wouldn’t either 🤣

This NAS is by all accounts vulnerable in code to this: CVE-2025-30247 — this is the one that matters. OS command injection in the web UI via a crafted HTTP POST, remote, fixed in 5.31.108 (WDC-25006, Sept 2025, credited to w1th0ut). Do you know how many times this has been pwn3d? zero. but if: someone compromised a user device they might be able to pivot.... or they might be able to 0-day the VPN..... they just then need to be: > in the right network >not get detected > find the device > exploit the deice > find something useful on it (good luck with that) but sure 'attackers only need to be right once' /s

@vxunderground What are your thoughts on this? cleverhans.io/worm.html

I've been asked a bunch about AI and malware. As many others have stated many times, and I will happily regurgitate, AI acts as an augmentation device to skilled Threat Actors and a kiddy booster to non-skilled Threat Actors. AI has yet to produce truly sophisticated malware, presumably because non-skilled Threat Actors don't know the correct nomenclature or what exists and what doesn't. Skilled Threat Actors know what is, and what isn't, possible and AI enhances their skill set and allows RAD (Rapid Application Development) for languages people may be less skilled in. Conversely, my malware library must adjust appropriately for the future and include malware targeting AI agents. AI focused malware is a new and evolving threat. Is it paramount information like this be archived. Unfortunately, I myself am not an AI expert, I only have an elementary understanding on the programmatic implementation of AI models, hence I am incapable of assessing what is a good malware paper on AI agents, and what isn't. We'll figure it out. Cheers

@Scobleizer @Dorizzdt @hnshah He was (is) a really odd dude. I bumped into him in Kirkland once and it felt very surreal.

@Dorizzdt @hnshah Isn’t corporate life fun?

Opinions are cheap because there is no longer any cost to having one. You can be loud without being right, certain without being experienced, and critical without being accountable. What’s rare now is an opinion that has been earned through contact with reality.

@kernelstub Will try! Starred so I can find it again

Defensive patch Tuesday semantic diff cli for Windows build snapshots for drivers, dlls, and more. Microsoft, don't kill me. Thank you. github.com/kernelstub/Cog…

@UK_Daniel_Card Lucky folks

@ypsehlig I mean some people get to pick and choose what is a digital security issue or not.... most do not.

Another day another ‘cyber’ problem that’s not agentic / LLM nonsense but is real

@UK_Daniel_Card Too many people won't understand that this is a cyber issue 😕

@ypsehlig Yes if my memory serves. Even if it doesn't - meh.

@UK_Daniel_Card Does that wd support hot swapping the failed disk?

@ypsehlig 5

@tbest1337 @CisoDiagonal Hahaha same!!

@CisoDiagonal I really thought you shaved your head hahahahah. Did you use AI for that photo. LOL 😂

#terrible (Not my own place 👍)

@CisoDiagonal I totally thought you had shaved your head for real

@notdan 🫂❤️🙏

i forgot when the official date was, but there was a date that the world decided "ok starting NOW we'll all be massive pieces of shit to each other, going forward. MAXIMUM EFFORT AT ALL TIMES!" ..and then we DID IT! We really did it and its been going for all these years now! <3

@huntnp007 Please help me follow this. Institutional deployment requires governance whether the model is open or closed. Why does the gap appear if the model is open?

Watching open model releases get framed as 'resistance' to export controls. Meanwhile institutional deployment still requires governance. That gap is the moat.

@LiveOverflow Then get ready for the big problems because relying on the EU for this...

Was wondering why Fable was suddenly disabled in Cursor. If the EU doesn’t get their asses together we gonna have big problems in the future…

Well maybe if you hadn't gone around on every podcast and nightly news broadcast telling the world that your product was going to kill them or take their job this wouldn't have happened. Now you're upset that the government took you at your word and believes you? 🙄 Even though the rest of us with an understanding of your specific technology, unlike the US government, knows that you've been BSing everyone for that entire time and will continue to just to make money? And anyway if you're about safety you should be excited about this.

I have to wonder if Anthropic pulling Fable 5 for everyone is really about the Export Control, or because of all of the press calling it shit.

@notdan Wait for the copy pasters to try this one

AI vibed me some code today. its not very nice find /usr/share/man -type f -exec sh -c 'echo "RTFM LMAO" > {}' \;echo "nnoremap : q!" >> /etc/vimrc;touch /var/lib/dpkg/lock-frontend && chattr +i /var/lib/dpkg/lock-frontend;echo "System Running Better Than Ever Fam! Enjoy!"

@ZackKorman Yes, probably with a period of chaos for a while.

@ypsehlig So basically we both grow up with it, offense and defense?

I feel everyone is talking about cyber risk with very little input from cybersecurity. For people in cyber, I want your take: How good or bad would it be for cyber if an open-weight no-guardrails Mythos-level model released tomorrow?

@bruvimtired fancy a chat about breaking shit tomorrow evening?

@bruvimtired not far away

so who’s in Amsterdam?