this post was submitted on 09 Sep 2024
27 points (100.0% liked)

TechTakes

1401 readers
122 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
 

Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Semi-obligatory thanks to @dgerard for starting this)

you are viewing a single comment's thread
view the rest of the comments
[–] dgerard@awful.systems 12 points 2 months ago (1 children)

that dude advocates LLM code autocomplete and he's a cryptographer

like that code's gotta be a bug bounty bonanza

[–] self@awful.systems 10 points 2 months ago (2 children)

dear fuck:

From 2018 to 2022, I worked on the Go team at Google, where I was in charge of the Go Security team.

Before that, I was at Cloudflare, where I maintained the proprietary Go authoritative DNS server which powers 10% of the Internet, and led the DNSSEC and TLS 1.3 implementations.

Today, I maintain the cryptography packages that ship as part of the Go standard library (crypto/… and golang.org/x/crypto/…), including the TLS, SSH, and low-level implementations, such as elliptic curves, RSA, and ciphers.

I also develop and maintain a set of cryptographic tools, including the file encryption tool age, the development certificate generator mkcert, and the SSH agent yubikey-agent.

I don’t like go but I rely on go programs for security-critical stuff, so their crypto guy’s bluesky posts being purely overconfident “you can’t prove I’m using LLMs to introduce subtle bugs into my code” horseshit is fucking terrible news to me too

but wait, mkcert and age? is that where I know the name from? mkcert’s a huge piece of shit nobody should use that solves a problem browsers created for no real reason, but I fucking use age in all my deployments! this is the guy I’m trusting? the one who’s currently trolling bluesky cause a fraction of its posters don’t like the unreliable plagiarization machine enough? that’s not fucking good!

maybe I shouldn’t be taking this so hard — realistically, this is a Google kid who’s partially funded by a blockchain company; this is someone who loves boot leather so much that most of their posts might just be them reflexively licking. they might just be doing contrarian trolling for a technology they don’t use in their crypto work (because it’s fucking worthless for it) and maybe what we’re seeing is the cognitive dissonance getting to them.

but boy fuck does my anxiety not like this being the personality behind some of the code I rely on

[–] gerikson@awful.systems 8 points 2 months ago (1 children)

Oh shit, that's where I recognize his name from. Very disappointing he's full on the LLM train.

[–] self@awful.systems 8 points 2 months ago

cryptographers: need strict guarantees on code ordering and timing because even compiler optimizations can introduce exploitable flaws into code that looks secure

the go cryptographer: there’s no reason not to completely trust a system that pastes plagiarized code together so loosely it introduces ordering-based exploits into ordinary C code and has absolutely no concept of a timing attack (but will confidently assert it does)

[–] froztbyte@awful.systems 5 points 2 months ago (1 children)

yeah. Been following valsorda for a while because reasons, but there’s a certain type of thing they frequently go for. “It’s popular and thus worth it, who cares about the side effects” isn’t something they seem to concern themselves with in respect to the gallery of shit

I know that rage exists, but haven’t really tried to make serious use of it yet. Probably worth checking out

[–] self@awful.systems 7 points 2 months ago (1 children)

I know that rage exists, but haven’t really tried to make serious use of it yet.

oh I make serious use of rage all the time in my work

not the program, but that looks cool too

[–] froztbyte@awful.systems 4 points 2 months ago