twisteriffic | 1 day ago | on: A GitHub Issue Title Compromised 4k Developer Machines
Evergreen.
https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sq...
twisteriffic's comments
twisteriffic | 1 month ago | on: Claude Code is suddenly everywhere inside Microsoft
Cries in dapper dapr
twisteriffic | 1 month ago | on: Banned C++ features in Chromium
> C# similarly has old warts that are discouraged now. .NET Framework is a great example (completely different from modern c#, which used to be called "dotnet core"). WPF and MAUI are also examples. Or when "dynamic" was used as a type escape hatch before the type system advanced to not need it. ASP being incompatible with ASP.NET, the list goes on.
Almost all of this is incorrect or comparing apples to oranges.
.net framework and .net core are runtime and standard library impl, not languages. C# is a language that can target either runtime or both. Framework is still supported today, and you can still use most modern C# language features in a project targeting it. WPF and Maui are both still supported and widely used. ASP predates .net - c# was never a supported language in it. ASP.net core has largely replaced ASP.net, but it's again a library and framework, not a language feature.
Dynamic in c# and the dlr are definitely not widely used because it's both difficult to use safely and doesn't fit well with the dominant paradigm of the language. If you're looking for STD lib warts binaryserializer would have been an excellent example.
twisteriffic | 2 months ago | on: Ensuring a National Policy Framework for Artificial Intelligence
I don't know if you've heard, but norms don't matter anymore.
twisteriffic | 3 months ago | on: A race condition in Aurora RDS
> How is it possible that other users of Aurora aren't experiencing this issue basically all the time? How could AWS not know it exists?
If it's anything like how Azure handles this kind of issue, it's likely "lots of people have experienced it, a restart fixes it so no one cares that much, few have any idea how to figure out a root cause on their own, and the process to find a root cause with the vendor is so painful that no one ever sees it through"
twisteriffic | 4 months ago | on: Half of America's Voting Machines Are Now Owned by a MAGA Oligarch
> The party affiliation of the owner is irrelevant to that.
Yeah that's a nice thought, but it ignores a whole lot of recent evidence to the contrary.
twisteriffic | 4 months ago | on: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
This exploit seems to be taking advantage of the slow token-at-a-time pattern of LLM conversations to ensure that the extracted data can be reconstructed in order? Seems as though returning the entire response as a single block could interfere with the timing enough to make reconstruction much more difficult.
twisteriffic | 5 months ago | on: Thoughts on Cloudflare
My most recent experience was terrible for two reasons:
1. They didn't take down an obvious banking scam site that was hiding behind their service
2. They forwarded my "report phishing content" submission, including contact information, to the scammer, resulting in a roughly 100x increase in the amount of spam I receive and ensuring that I won't ever use their reporting function again
twisteriffic | 5 months ago | on: The Demon-Haunted World
> Sagan fails to identify any of these and instead dunks on harmless folk superstitions. Show me where the Fed rate or IBM's quarterly earnings or a Fox News chyron were determined by a horoscope.
It's in the same paragraph...
> I have a foreboding of an America in my children's or grandchildren's time — when the United States is a service and information economy; when nearly all the manufacturing industries have slipped away to other countries; when awesome technological powers are in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority
twisteriffic | 5 months ago | on: The story of DOGE, as told by federal workers
https://en.m.wikipedia.org/wiki/Sealioning
They aren't engaging in good faith. You're better off not responding.
twisteriffic | 11 months ago | on: RFK Jr. forces out FDA's top vaccine scientist, Peter Marks
I don't get it either, but I haven't found any other explanation that fits as well.
twisteriffic | 11 months ago | on: RFK Jr. forces out FDA's top vaccine scientist, Peter Marks
The appeal is "I will hurt the people you don't like".
twisteriffic | 11 months ago | on: Cloudflare asks browser devs to sign insane NDAs before fixing browser blocking
Every interaction I've ever had with CloudFlare has left me feeling like I needed a bath. The vertical desperately needs some competition but I don't know how that could happen at this point.
twisteriffic | 11 months ago | on: Azure's Weakest Link? How API Connections Spill Secrets
I think you misunderstood what was meant by "API connections". In azure, they're an entity that is created to represent connectivity to some external service, usually bundled with credentials and the OpenAPI definition of the downstream service. They let you consume an external service from other azure services without having to worry about things like token refresh. The article goes into better detail on this than I can in a comment.
twisteriffic | 1 year ago | on: DigiCert: Threat of legal action to stifle Bugzilla discourse
Entrust is/was doing it with ssl.com after they were detrusted.
twisteriffic | 1 year ago | on: DigiCert: Threat of legal action to stifle Bugzilla discourse
It's refreshing to see folks who're obviously used to hiding behind clouds of bullshit get skewered by people who both know enough to see through it and have the time and energy to follow every thread to completion.
The most recent digicert thread smells suspiciously similar to those that lead up to the Entrust debacle.
twisteriffic | 1 year ago | on: It's OK to hardcode feature flags
We actually did use booleans, I just found it easier to explain using enums, and the code would have been simpler if we'd done it that way.
twisteriffic | 1 year ago | on: It's OK to hardcode feature flags
We did this. Two tables. One for feature flags, with name, desc, id, enum (none, defaultToEnabled, overrideToDisabled). One for user flag overrides, with flagId, userId, enum (enabled, disabled).
The combination of these two has been all we've ever needed. User segmentation, A/B testing, pilot soft launch etc are all easy.
twisteriffic | 1 year ago | on: Brian Krebs Investigates Internet's Most Vicious Hackers–From a Secret Location
twisteriffic | 1 year ago | on: Amazon S3 now supports the ability to append data to an object
Kusto is wonderful. I'd love to be able to use outside of log analytics.
page 1