And, whilst I’m here, a post from someone who tried using copilot to help with software dev for a year.

I think my favourite bit was

Don’t use LLMs for autocomplete, use them for dialogues about the code.

Tried that. It’s worse than a rubber duck, which at least knows to stay silent when it doesn’t know what it’s talking about.

https://infosec.exchange/@david_chisnall/113690087142854474

(and also https://en.m.wikipedia.org/wiki/Rubber_duck_debugging for those who haven’t come across it)

Interesting article about netflix. I hadn’t really thought about the scale of their shitty forgettable movie generation, but there are apparently hundreds and hundreds of these things with big names attached and no-one watches them and no-one has heard of them and apparently Netflix doesn’t care about this because they can pitch magic numbers to their shareholders and everyone is happy.

“What are these movies?” the Hollywood producer asked me. “Are they successful movies? Are they not? They have famous people in them. They get put out by major studios. And yet because we don’t have any reliable numbers from the streamers, we actually don’t know how many people have watched them. So what are they? If no one knows about them, if no one saw them, are they just something that people who are in them can talk about in meetings to get other jobs? Are we all just trying to keep the ball rolling so we’re just getting paid and having jobs, but no one’s really watching any of this stuff? When does the bubble burst? No one has any fucking clue.”

What a colossal waste of money, brains, time and talent. I can see who the market for stuff like sora is, now.

https://www.nplusonemag.com/issue-49/essays/casual-viewing/

For VPNs, at least, I can offer some suggestions. If you wanted to securely access a specific box or network of yours, tailscale is pretty great and very painless to use. If you wanted to do stuff without various folk noticing then that’s a bit trickier but I’ve been happy using mullvad… they’re not the cheapest, though they have some splendid anonymous payment mechanisms (you can literally mail them a wad of banknotes with a magic code on a bit of paper… you don’t even need to muck about with bitcoin).

In further bluesky news, the team have a bit of an elon moment and forget how public they made everything.

https://bsky.app/profile/miriambo.bsky.social/post/3ldq2c7lu6c25 (only readable if you are logged in to bluesky)

Bluesky’s approach to using domain names to mean identity is now showing cracks that everyone can see: https://tedium.co/2024/12/17/bluesky-impersonation-risks/

(it was always shaky, but mostly only shown by infosec folks who signed up as amazon s3, etc)

TL;DR: scammer buys .com domain for journalist’s name, registers it on bluesky, demands money to hand it over or face reputational damage, uses other fake accounts with plausible names and backgrounds to encourage the mark to pay up. Fun stuff. The best bit is when the sockpuppets got one of the real people they were pretending to be banned from bluesky.

Nvidia doing their part to help consumers associate AI with unwanted useless bloatware that’s foisted upon them.

https://arstechnica.com/gaming/2024/12/the-new-nvidia-app-is-probably-hurting-your-pc-gaming-performance/

It’s a long read, but a good one (though not a nice one).

• learn about how all the people who actually make decisions in c++ world are complete assholes!
• liking go (the programming language) correlated with brain damage!
• in c++ world, it is ok to throw an arbitrary number of highly competent non-bros out of the window in order to keep a bro on board, even if said bro drugged and raped a minor!
• the c++ module system is like a gunshot wound to the ass!
• c++ leadership is delusional about memory safety!
• even more assholes!

Someone on mastodon (can’t remember who right now) joked that they were expecting the c++ committee to publicly support trump, in the hopes he would retract the usg memory safety requirements. I can now believe that they might have considered that, and are probably hoping he’ll come down in their favour now that he’s coming in.

They’re rebranding American Christian milenaranism. Much like the second coming and/or the rapture, the AGI god will be here Real Soon Now, so please pay your tithes and trust that the church fathers are doing the right thing.

Much like the older cults it mirrors, it isn’t capable of delivering on its promises, but it is capable of doing substantial amounts of regular damage in the meantime, and that’s the only thing worth freaking out about.

Proton continuing to do pointlessly stupid and self-destructive things:

https://infosec.exchange/@malwaretech/113257047424000919

They're basically admitting they didn't pay an influencer to spread misinformation about public wifi in order to sell VPN products, they just stole her likeness, used her photo, and attributed completely made up quote to her.

But it was a joke guys! We did a satire! I’m totally certain I know what satire is!

You would choose your nationality like you choose your broadband provider. You would become a citizen of the franchised cyber statelet of your choice.

Ahh, I can’t wait.

Notification of planned maintenance 

Rule of law will be suspended between midnight and 6am 
pacific time to upgrade the constitution. We apologise for 
any inconvenience or loss of life.

Do any “ai” companies have a business plan more sophisticated than

1. steal everything on the web
2. buy masses of compute with vc money
3. become too important to be busted for mass copyright infringement
4. ?
5. profit

I don’t recall seeing any signs of creativity, or even any good ideas as to what their product is even for, so I wouldn’t hold my breath waiting for one of the current crop to manifest creativity now.

Perhaps I missed something, though?

They could have just sat there and slurped up enormous profits from the bubble as all the people who can’t find a use for their “AI” systems buy nvidia hardware, but no. They had to get high from their own supply. I can’t see this boding well for them.