Stubsack: weekly thread for sneers not worth an entire post, week ending Sunday 15 September 2024 - eviltoast

Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Semi-obligatory thanks to @dgerard for starting this)

  • David Gerard@awful.systemsM
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 months ago

    that dude advocates LLM code autocomplete and he’s a cryptographer

    like that code’s gotta be a bug bounty bonanza

    • self@awful.systems
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 months ago

      dear fuck:

      From 2018 to 2022, I worked on the Go team at Google, where I was in charge of the Go Security team.

      Before that, I was at Cloudflare, where I maintained the proprietary Go authoritative DNS server which powers 10% of the Internet, and led the DNSSEC and TLS 1.3 implementations.

      Today, I maintain the cryptography packages that ship as part of the Go standard library (crypto/… and golang.org/x/crypto/…), including the TLS, SSH, and low-level implementations, such as elliptic curves, RSA, and ciphers.

      I also develop and maintain a set of cryptographic tools, including the file encryption tool age, the development certificate generator mkcert, and the SSH agent yubikey-agent.

      I don’t like go but I rely on go programs for security-critical stuff, so their crypto guy’s bluesky posts being purely overconfident “you can’t prove I’m using LLMs to introduce subtle bugs into my code” horseshit is fucking terrible news to me too

      but wait, mkcert and age? is that where I know the name from? mkcert’s a huge piece of shit nobody should use that solves a problem browsers created for no real reason, but I fucking use age in all my deployments! this is the guy I’m trusting? the one who’s currently trolling bluesky cause a fraction of its posters don’t like the unreliable plagiarization machine enough? that’s not fucking good!

      maybe I shouldn’t be taking this so hard — realistically, this is a Google kid who’s partially funded by a blockchain company; this is someone who loves boot leather so much that most of their posts might just be them reflexively licking. they might just be doing contrarian trolling for a technology they don’t use in their crypto work (because it’s fucking worthless for it) and maybe what we’re seeing is the cognitive dissonance getting to them.

      but boy fuck does my anxiety not like this being the personality behind some of the code I rely on

      • gerikson@awful.systems
        link
        fedilink
        English
        arrow-up
        8
        ·
        2 months ago

        Oh shit, that’s where I recognize his name from. Very disappointing he’s full on the LLM train.

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          8
          ·
          2 months ago

          cryptographers: need strict guarantees on code ordering and timing because even compiler optimizations can introduce exploitable flaws into code that looks secure

          the go cryptographer: there’s no reason not to completely trust a system that pastes plagiarized code together so loosely it introduces ordering-based exploits into ordinary C code and has absolutely no concept of a timing attack (but will confidently assert it does)

      • froztbyte@awful.systems
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        yeah. Been following valsorda for a while because reasons, but there’s a certain type of thing they frequently go for. “It’s popular and thus worth it, who cares about the side effects” isn’t something they seem to concern themselves with in respect to the gallery of shit

        I know that rage exists, but haven’t really tried to make serious use of it yet. Probably worth checking out

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          7
          ·
          2 months ago

          I know that rage exists, but haven’t really tried to make serious use of it yet.

          oh I make serious use of rage all the time in my work

          not the program, but that looks cool too