Today in InfoSec Job Security News:
Uncategorized
144
Posts
111
Posters
11
Views
-
I have an answer to this question, but you need to stick around to the end of the toot.
They've proven time and time again that the result is less than sub par...
"So what? What does that matter? 😐
I was asked to do the thing, I did the thing, I will keep getting my paycheck."That attitude, That's not me. I strongly believe in delivering top quality work A lot of us probably believe that. That's the kind of people Mastodon attracts.
But "top-quality work" is inherently something that only a few people deliver. Most people deliver average quality work, by definition. They are totally fine with being average and this machine helps deliver average. Or close enough.
Average work does not attract a lot of scrutiny. It also doesn't attract pay rises, but most people are basically ineligible for those anyways. If your white collar work went from average to excellent, is there really a promotion waiting there for you? You probably need a new Co... /1
@Fooker @fuzzyfuzzyfungus and if I walk through all the logic, I totally understand these folks.
I don't agree with them, that's not who I am personally. But I understand the incentive structure and they're going to work with what they have.
We have an entire book titled "Bullshit Jobs" talking about how widespread the phenomenon is. And here we have a machine that is basically a bullshit generator, all ready to tackle those bullshit jobs. It's a perfect match!
Is this a great use of human or computer resources? Probably not. But that misuse has nothing to do with either the computers or the humans in the loop. It's entirely part of a bigger system that fails to match incentives correctly.
But that's why humans use the stuff. Not because it's good, but because it's what they were asked for.
I think we should be asking for better things, but that shift is a blog post unto itself. //
-
@unusnemo A repo that has AI slop anywhere it its git history isn't FOSS and has maintainers who have shown gross irresponsibility. Banning use of it as a dependency should not be controversial.
I do not think you read my comment, that is fine, I am not going to say that I agree to disagree with you because I never even broached the topic you responded with at all. Take care and have a great day, I can see this conversation is going nowhere. That is fine, we both have better things to do. 😀
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog is it a concerted attack on open source software to preserve closed source for-profit stuff?
-
@GossiTheDog protip, go to https://github.com/claude and click on Block User and you will see a helpful warning banner on any github repo that contains code from it.
@joeyh @GossiTheDog Works like a g--d--- charm. juanfont/headscale has claude commits if anyone wants a test case.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog that’s quite a bit lower than I would have expected
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog So Claude is "Jia Tan as a Service"?
-
@GossiTheDog @deliberately_me oh goodie. Our global repository has been compromised by a worm.
@GossiTheDog @deliberately_me or actually a nearly infinite number of worms.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog Is Claude a real person
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog Holy yikes.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog may this boost contribute to the fall of the AI bubble
-
@GossiTheDog protip, go to https://github.com/claude and click on Block User and you will see a helpful warning banner on any github repo that contains code from it.
@joeyh @GossiTheDog having checked this, i'm finding that on various repos it gets listed as having contributed, but then seemingly doesn't show up in any commits, issues or prs when you search for it. what's going on?
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog it's been fun digging through this pile of shit
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog I wish more of these fucking vibe coding agent bullshits used the co-authored-by tag, so that
- I can block them
- you can search for shit like this
-
@GossiTheDog
This is more and more feels like a coordinated attack on FOSS by the big software.@hittitezombie @GossiTheDog I could totally see that. Like they're trying to get this Claude to mess up the FOSS projects' code enough that it'll force some people back into the arms of Big Software.
-
@zarchasmpgmr @da_667 @GossiTheDog Or msybe introduce 20 vulnerabilities and show off by then finding 10 of them giving a false sense of competence.
@cxj @zarchasmpgmr @da_667 @GossiTheDog 2016 AI thinkers: AI cannot possibly take over the world, because there just aren't enough security holes to give you root on all nuclear submarines in 30 seconds
2026 AI thinkers: hey AI, can you add security holes to my nuclear submarines?
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Oh, man. Oh, oh, oh.
But as soon as somebody blocks every PR from AI or created with AI support the wailing starts.
-
@joeyh @GossiTheDog having checked this, i'm finding that on various repos it gets listed as having contributed, but then seemingly doesn't show up in any commits, issues or prs when you search for it. what's going on?
@0x9E01 @GossiTheDog I've seen in it a repo that had only Co-Authored-By: Claude, which a usual commit search won't find.
It may also flag repos that have a PR that got edited by the bot along the way, I'm not sure.
-
undefined swelljoe@mas.to shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Beth Humphreys 🌺 (@producrgrl.bsky.social)
https://bsky.app/profile/producrgrl.bsky.social/post/3mezlpwlqhs2s
> #handsoff #nokings #ReleaseALLthefiles #EpsteinFiles #lovemyGov #itsthefuckingguns #midterms26 #getridofElectoralCollege #TheEpsteinBallroom #blackhistorymonth Release ALL the files NOW 25th Ammendment NOW Abolish ICE NOW 👇👇👇
-
Punk Rock History (@punkrockhistory.bsky.social)
https://bsky.app/profile/punkrockhistory.bsky.social/post/3mezpkl3i5s2j
> 47 years ago today Blondie scored their first UK No.1 album when 'Parallel Lines' started a four-week run at the top of the charts, featuring the singles 'Heart Of Glass', 'Hanging On The Telephone' and 'Sunday Girl #blondie #poppunk #newwave #punkrockhistory #otd
-
L’ordine pubblico del governo a caccia di giovani | il manifesto
https://ilmanifesto.it/lordine-pubblico-del-governo-a-caccia-di-giovani
> Diritti (Commenti) Come avviene l’arresto di un manifestante indagato per scontri di piazza? Di solito gli agenti arrivano a notte fonda o alle prime luci dell'alba, entrano in casa mai in meno di quattro con passamontagna e pettorine, l’adrenalina è quella del blitz. Quando una dozzina di agenti tra Digos e Ros alle 4.30 di notte si
-
La Germania non partecipa, nel rispetto della Costituzione | il manifesto
https://ilmanifesto.it/la-germania-non-partecipa-nel-rispetto-della-costituzione
> Germania (Internazionale) Nein danke. Puntuale, secca, inequivocabile è la risposta di Berlino alla suggestione diffusa da Roma sul possibile coinvolgimento del governo tedesco nel Board of Peace su Gaza del presidente Usa. Al contrario dell'Italia, la Germania non parteciperà in alcuna veste al nuovo organismo di governance mondiale costruito da Donald Trump, «né come partecipante, né come
-
«Stupidi e ciechi reazionari». Impressioni di febbraio
@anarchia
Che lo sgombero di Askatasuna non potesse vedere che una risposta partecipata ed energica, era praticamente scontato. Non solo per il carattere “storico” del centro sociale – e la militarizzazione permanente del quartiere Vanchiglia che èhttps://www.rivoluzioneanarchica.it/stupidi-e-ciechi-reazionari-impressioni-di-febbraio/
-
@InternetEh the 00s somehow were even worse for music than the 90s.
-
Inps, parlare con te è un’esperienza
Una (lenta) conversazione surreale che ho avuto:
-
There's a massive WhatsApp account takeover campaign in Armenia right now
This seems to be a commodity spam operation, but investigators believe the attackers are exploiting SS7 👀
