245.8 on the weigh-in!

245.8 on the weigh-in! It was just last week that I was saying "I hope I get under 250 soon"???

Being sick has really accelerated my weight loss this last week. I don't recommend that as a strategy, lol https://dustycloud.org/tmp/org_diet_results.html

I'm feeling better today!

omg I'm so excited I can't believe I'm on *Earth*!!! #dreamvacay

246.6! That's the lowest I've been in well over a decade! https://dustycloud.org/tmp/org_diet_results.html

@alienghic Yes, LLMs are *inherently* confused deputies. This is a thing I've been saying also!

@linear @dlakelan I am aware of Sculpt / Genode and have run it on physical hardware before! I am also working on tech that is also part of the answer.

There is real work happening! It's going to take multiple efforts from multiple angles to get there

@jmax Probably LLMs PLUS fuzzing would be extremely powerful.

@thomasfuchs Yep!

As said, attacking is easier than defending :)

I don't think human reviewers are going to be able to keep up with the number of vulnerabilities we're seeing appear. I really don't. Humans won't be able to review at scale, and I also think that there's serious risks for blindly accepting AIgen patches, which for critical infrastructure could also be a path to *inserting new* vulnerabilities.

We need to attack this systemically.

I have more to say. More later. But that's the gist for now.

The fact of the matter is, most vulnerabilities fall under extremely common patterns, with known solutions:

- Confused deputies: capability security can fix/contain this in many cases, more on that later
- Injection attacks: primarily caused by string templating, using structured templating also fixes this (quasiquote, functional combinators, etc)
- Memory vulnerabilities: solved by memory-safe languages, and yes that includes Rust, but it also includes Python, Scheme/Lisp, etc etc etc

There are other serious vulnerabilities, such as incorrectly written or used cryptography, and others from there, but my primary point is: most damage can be either avoided in the first place or contained (especially in terms of capability security for containment)

And... patching AIgen patches is going to get tough and tiring... (cotd...)

Significant raise of reports (on the Linux Kernel Mailing List) https://lwn.net/Articles/1065620/

Here's something I think we all will have to contend with, whether you're an AIgen enthusiast or not: attacking is easier than defending, and these things don't get tired and they *are* very good at finding exploits. None of us will be able to ignore that, and we will probably have to listen to real genuine reports from them, even if we reject AIgen input.

However, I don't think that's actually the right solution, and I don't think it's sustainable. 🧵

@LeDiva You're right. Maybe I should write about it.

Welcome to this place of honor.
You can do anything at this place of honor, anything at all.
The only limit is yourself.
Welcome.
And welcome to you, who have come, to this place of honor!
Yes... welcome...

You can still see the original at https://html5zombo.com/

As far as slop goes, I actually would find the slop replacement almost fitting for the weirdness if it were like a separate, tribute site, but it's sad to lose such a longstanding piece of internet history and have a slopwashed version in its place

How very 2026 I guess... the web is a fragile place. :\

Look how they massacred my boy https://zombo.com/

Feeling confident about going with this one, those are some good numbers

@draken it's a reference to the vaporwave garfield "you are not immune to propaganda" meme

wow! this is a place of honor if I've ever seen one

@rdp @neauoire Why am I being cc'ed?

Which is to say, you may be immune to making it, but you aren't immune to falling for it

VAPORGARF: YOU ARE NOT IMMUNE TO AI SLOP