Jowabels

I think his point is that running speed relies to a great extent on a machine that you don't control, that is, your body, where things like tendon attachment points can't be changed. Whereas mathematical ability relies much more on a machine that you construct and can reconstruct if you choose - not your brain hardware, but the software you make in it. Top running speed is maybe 90% fixed by your accidents of birth; top mathematical ability is maybe 1% fixed by the brain you were born with, and 99% determined by the conceptual machine that ends up getting constructed inside that brain.

In 2017 I left a job, and within a week one of my former employees shut down and physically threw away a system I had set up for some QOL improvements for employees. It was very clearly documented (I've written technical documentation books). It was a dashboard that showed traffic around the office, weather, if there was a ballgame at the ballpark literally next door (building parking got used for ball games), alerts from IT, live IT system statuses, and links to the ticket system, knowledge base, and employee handbook. It was accessible online or by looking at it on a display I put up on a wall for folks. People absolutely loved it. My former number two literally took the display down and threw the physical server into the trash. A couple folks texted me asking why I took it down before I left, I said I didn't. They sent me a picture of it in the e-waste bin. I messaged him asking why, he said, he "always hated how transparent it was what we were working on." He was not picked to be my replacement. The new guy who came in undid more things and then they got nailed in a $200k invoice scam and then he was fired. The company is gone now. :(

Absolutely fantastic talk on software engineering at a tipping point by Adam Bender from the Google I/O conference. Some thoughts from a security perspect: 🚨 The 10x Liability Explosion: AI accelerates code generation, which instantly creates 10x more code and a massive new attack surface. Because human code review is becoming a severe bottleneck, security teams must shift toward scalable automated detection and statistical validation. 🔒 Internal APIs are Now Essentially Public: You can no longer rely on network obscurity. Autonomous agents will aggressively hunt for and call any internal data they can access, meaning all internal APIs must be hardened with the same zero-trust rigor as public-facing services. 🦸‍♂️ Centralized Remediation via "Shared Fate": Tightly linked ecosystems, like monolithic repositories, offer a massive defensive advantage. Security teams can deploy a critical patch in a single file and secure billions of lines of code company-wide within a week. 🧠 Regaining "Intellectual Control": Modern systems have grown too complex for human minds to map. AI gives us the power to build continuously updated, interactive architectural models, allowing us to threat-model effectively and ask dynamic "what if" questions about blast radiuses. 🚧 Building Secure Guardrails: AI agents optimize for the easiest path, which is rarely the most secure or maintainable one. Security engineers must build strict "isolation" boundaries for rapid prototypes and strong abstractions that constrain agents from making dangerous architectural choices. https://t.co/5vVWuuO0IU

Novo Nordisk hackers got in through a GitHub token left in a repo stayed for two months took 1.3TB of data including unreleased drug formulas and internal AI models then asked for $25 million Novo Nordisk said no so now they're selling Ozempic's secrets on the dark web a GitHub token did this

Creator of Sqlite on pull requests: "You say, oh, it's free. No. It's not free. What you're doing is asking me ... to maintain it for you, to to document it for you, to test it for you, to maintain it for you for the next 25 years. That's not free." Yep. Wise words from a wiser man than me. I've told people for the past decade and I have recent posts on here saying the same: the merge button is the easy part. Its the decade+ (Richard says 25 years) that follows where you've accepted the transfer of maintenance thats hard.

I’m actually a child online safety expert and was one of the pioneers in this space with Club Penguin and so I feel uniquely positioned to critique this. The groomer problem is real but it’s also vastly overstated. The far larger issue we saw at Penguin was suicidality or reports of sexual abuse in the home. There is no solution for lazy/bad parenting. You can implement all the ID laws you want but if parents are going to just hand kids their phones unlocked, those kids will have access to all the same things the parents have unfettered. What I found is that these draconian safety laws actually make it harder to be an honest operator of kids apps because on one hand it’s so much legal risk and so much user friction that it simply becomes uninvestible as a business. Parents will just lie to let their kids use the unfettered internet. For example, I have a friend who works in mobile gaming who has two kids, one above and one below the age limit but separated by just 2 yrs, and the two wanted to play and chat together on Roblox - which is reasonable. To do this, he just verified that his younger kid is old enough for the chat feature when he’s not. This happens all the time and will happen with these laws to. How far do we want to go with this? Scan the face of the user in real-time to make sure it’s not a kid using the device? We could do that but it feels like a massive unwanted intrusion of privacy. That’s how you know this law isn’t about kids. COPPA and GDPR-K and so forth already make it illegal to allow chat and other grooming vectors to kids. What’s really being done here is trying to eliminate online anonymity. And this is a far bigger issue that goes to core speech rights because if you cannot criticize the govt anonymously and if wrong speech is a crime then it becomes easy to identify all the detractors of the govt in power, and ban, fine or jail them for speech crimes. Starmer has already been doing this and he wants to do it at a much bigger scale. Starmer won’t even acknowledge the problem of actual grooming gangs in Britain’s neighborhoods but he’s worried about online grooming? No he’s not, and this hypocrisy gives away the game. What he wants is to kill online anonymity so he can enforce censorship of his unpopular policies. No politician should have this power.

Reminder: I am no longer posting new red team jobs on LinkedIn and X. I used to post them every week. Instead, they now live on: https://t.co/9sSZTAzVEN. It’s all the same jobs and same content, just updated more frequently, a longer running list, automated pruning, and honestly just easier to keep track of and maintain.

🚨 New NPM typosquats caught by our artifact scanner: "twcompose-utils" and "classbreeze-utils" impersonating "@tailwindcss/typography". They ship the real plugin + an obfuscated dropper (AES-GCM + RC4 strings). On require() they fetch an OS-specific native 2nd-stage from 194[.]11[.]226[.]41[:]4000, drop it as a fake "GoogleUpdateService" / "WpnUserSvc.exe", run it detached, and set up Startup-folder persistence on Windows. C2: https://t.co/7urRO3wgs1 2nd-stage payloads (SHA-256): agent.exe e76741a1747dde6b4e4dbc88ca16fc8eb59385b6b18f6c64d1b397dfe0843647 agent-darwin-arm64 d8f8c416ebde7d90088d6029a5b9b88a2a021bf3b99896f205d78732d376ef5e agent-linux-amd64 cc5c72e90d7eda42e66a54c0197abbba1951561d3d864963b6aca7fe43a0ab06 agent-linux-arm64 22480680a22ba444a3924f906cbec947d11f011200b89ef6b67afd48b4c71d77

"Cyber wargames, like all wargaming, can convey the wrong training messages. One area in particular to be covered in the after-action game review is that not all the cyber capabilities in the game may be available for operations at a given moment. The mental model of some players was apparently that cyber weapons are built and then stored for years in a digital warehouse, ready for war. Cyber weapons, like all military tools, are shaped by circumstance and chance. Their effects can vary widely, and even well-designed operations can produce outcomes far from what planners intended. The impact of a cyber-attack is notoriously difficult to forecast" https://t.co/xyMk34rtvF