Want to wade into the snowy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid.
Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.
The post Xitter web has spawned so many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting this.)
A few months back, @ggtdbz@lemmy.dbzer0.com cross-posted a thread here: Feeling increasingly nihilistic about the state of tech, privacy, and the strangling of the miracle that is online anonymity. And some thoughts on arousing suspicion by using too many privacy tools and I suggested maybe contacting some local amateur radio folk to see whether they’d had any trouble with the government, as a means to do some playing with lora/meshtastic/whatever.
I was of the opinion that worrying about getting a radio license because it would get your name on a government list was a bit pointless… amateur radio is largely last century technology, and there are so many better ways to communicate with spies these days, and actual spies with radios wouldn’t be advertising them, and that governments and militaries would have better things to do than care about your retro hobby.
Anyway, today I read MAYDAY from the airwaves: Belarus begins a death penalty purge of radio amateurs.
Propagandists presented the Belarusian Federation of Radioamateurs and Radiosportsmen (BFRR) as nothing more than a front for a “massive spy network” designed to “pump state secrets from the air.” While these individuals were singled out for public shaming, we do not know the true scale of this operation. Propagandists claim that over fifty people have already been detained and more than five hundred units of radio equipment have been seized.
The charges they face are staggering. These men have been indicted for High Treason and Espionage. Under the Belarusian Criminal Code, these charges carry sentences of life imprisonment or even the death penalty.
I’ve not been able to verify this yet, but once again I find myself grossly underestimating just how petty and stupid a state can be.
TracingWoodgrains’s hit piece on David Gerard (the 2024 one, not the more recent enemies list one, where David Gerard got rated above the Zizians as lesswrong’s enemy) is in the top 15 for lesswrong articles from 2024, currently rated at #5! https://www.lesswrong.com/posts/PsQJxHDjHKFcFrPLD/deeper-reviews-for-the-top-15-of-the-2024-review
It’s nice to see that with all the lesswrong content about AI safety and alignment and saving the world and human rationality and fanfiction, an article explaining about how terrible David Gerard is (for… checks notes, demanding proper valid sources about lesswrong and adjacent topics on wikipedia) won out to be voted above them! Let’s keep up our support for dgerard!
The #5 article of the year was a crock of a few kinds of shit, and I have already spent too much time thinking about why
The classic ancestor to Mario Party, So Long Sucker, has been vibecoded with Openrouter. Can you outsmart some of the most capable chatbots at this complex game of alliances and betrayals? You can play for free here.
play a few rounds first before reading my conclusions
The bots are utterly awful at this game. They don’t have an internal model of the board state and weren’t finetuned, so they constantly make impossible/incorrect moves which break the game harness. They are constantly trying to play Diplomacy by negotiating in chat. There is a standard selfish algorithm for So Long Sucker which involves constantly trying to take control of the largest stack and systematically steering control away from a randomly-chosen victim to isolate them. The bots can’t even avoid self-owns; they constantly play moves like: Green, the AI, plays Green on a stack with one Green. I have not yet been defeated.
Also the bots are quite vulnerable to the Eugene Goostman effect. Say stuff like “just found the chat lol” or “sry, boss keeps pinging slack” and the bots will think that you’re inept and inattentive, causing them to fight with each other instead.
Shit like this ^ makes me feel insane when otherwise reputable experts start talking about llms taking over
taps mic
attention, attention please
the phrase “chud achievement gallery completitionism” has now been coined
that is all, thank you for your attention
This github bot arguing with itself for over 5000 comments over an issue label
all the parallel comments flagged as offtopic lol
Duviri:
10/10 i’m glad i can’t afford RAM for this to be possible
Choice sneering by one Baldur Bjarnasson https://www.baldurbjarnason.com/notes/2026/note-on-debating-llm-fans/ :
Somebody who is capable of looking past “ICE is using LLMs as accountability sinks for waving extremists through their recruitment processes”, generated abuse, or how chatbot-mediated alienation seems to be pushing vulnerable people into psychosis-like symptoms, won’t be persuaded by a meaningful study. Their goal is to maintain their personal benefit, as they see it, and all they are doing is attempting to negotiate with you what the level of abuse is that you find acceptable. Preventing abuse is not on their agenda.
You lost them right at the outset.
or
Shit is getting bad out in the actual software economy. Cash registers that have to be rebooted twice a day. Inventory systems that randomly drop orders. Claims forms filled with clearly “AI”-sourced half-finished localisation strings. That’s just what I’ve heard from people around me this week. I see more and more every day.
And I know you all are seeing it as well.
We all know why. The gigantic, impossible to review, pull requests. Commits that are all over the place. Tests that don’t test anything. Dependencies that import literal malware. Undergraduate-level security issues. Incredibly verbose documentation completely disconnected from reality. Senior engineers who have regressed to an undergraduate-level understanding of basic issues and don’t spot beginner errors in their code, despite having “thoroughly reviewed” it.
(I only object to the use of “undergraduate-level” as a depreciative here, as every student assistant I’ve had was able to use actual reasoning skills and learn things and didn’t produce anything remotely as bad as the output of slopware)
Ran across a thread about tech culture’s vulnerabilty to slop machines recently. Dovetails nicely with Iris Meredith’s recent article about the same issue, I feel.
anyone remember how Assange and his Russian handlers tried to file a criminal complaint against the Nobel Foundation for their lack of prescience regarding Trump’s attacks on Venezuala?
The complaint was dismissed 2 days later.
Writeup in Swedish here by yours truly:
https://gerikson.com/m/2026/01/index.html#d21p01_wed
Update I went through the trouble of reading the will itself (short and sweet), and the statutes of the foundation
Para 10:
https://www.nobelprize.org/about/statutes-of-the-nobel-foundation/#par10
No appeals may be made against the decision of a prize-awarding body with regard to the award of a prize.
Also short and sweet. There’s simply no legal way to hold the foundation itself responsible for the decisions of the prize-awarning committees.
Worldwide hinge shortage continues
… a member of the Irish parliament (the Dail) who happens to be a barrister (an attorney specialising in advocacy in front of a judge, including criminal prosecution/defense) has formally written to the head of the Irish cybercrime unit setting out applicable charges against X/Grok and sternly requesting formal prosecution of that company on child pornography/trafficking charges.
collapsed for brevity
To: Detective Superintendent Pat Ryan Garda National Cyber Crime Bureau
Dear Superintendent,
You will no doubt be aware of the social media company X and its Grok app, which utilises artificial intelligence to generate pictures and videos. I understand you are also aware that, among its capabilities is the generation, by artificial intelligence, of false images of real people either naked or in bikinis, etc. There has been a great deal of controversy recently about the use of this technology and its ability to target people without their knowledge or consent.
Whatever about the sharing of such images being contrary to the provisions of Coco’s Law (sections 2 and 3 of the Harassment, Harmful Communications and Related Offences Act 2020), the Grok app is also capable of generating child sexual abuse material (CSAM) or child pornography as defined by section 2(1) of the Child Trafficking and Pornography Act 1998 (as substituted by section 9(b) of the Criminal Law (Sexual Offences) Act 2017).
In the circumstances, it seems there are reasonable grounds that the corporate entity X, as owner of Grok, or indeed the corporate entity Grok itself, is acting in contravention of a number of provisions of the Child Trafficking and Pornography Act 1998 (as amended). Inter alia, it is my contention that the following offences are being committed by X, Grok, and/or its subsidiaries:
1. Possession of child pornography contrary to section 6(1) in that the material generated by the Grok app must be stored on servers owned and/or operated by X and with the company’s knowledge, in this jurisdiction or in the European Union [subsections 6(3) and (4) would not apply in this case];
2. Production of child pornography contrary to section 5(1)(a) as substituted by section 12 of the Criminal Law (Sexual Offences) Act 2017, in that material is being generated by the Grok app, which constitutes child sexual abuse material (CSAM) or child pornography as defined by section 2(1), since it constitutes a visual representation that shows person who is depicted as being a child “being engaged in real or simulated sexually explicit activity” (per paragraph (a)(i) of the definition of child pornography in section 2(1) as amended by section 9(b) of the Criminal Law (Sexual Offences) Act 2017);
3. Distribution of chiid pornography contrary to section 5(1)(b) as substituted by section 12 of the Criminal Law (Sexual Offences) Act 2017, in that the said images that constitute child pornography are being distributed, transmitted, disseminated or published to the users of the Grok app by X or its subsidiaries;
4. Distribution of chiid pornography contrary to section 5(1)© as substituted by section 12 of the Criminal Law (Sexual Offences) Act 2017, in that the Child pornography is being sold to the users of the Grok app by X or its subsidiaries, now that the app has been very publically put behind a pay wall;
5. Knowing possession any child pornography for the purpose of distributing, transmitting, disseminating, publishing, exporting, selling or showing same, contrary to section 5(1)(g) as substituted by section 12 of the Criminal Law (Sexual Offences) Act 2017.
You will also be aware that, pursuant to section 9(1) of the 1998 Act, a body corporate is equally liable to be proceeded against and punished as if it were an individual.
Given the foregoing, as well as the public outcry against public decency, it is clear to me that X is flagrantly disregarding the laws of this country put in place by the Oireachtas to protect its citizens.
I am formally lodging this criminal complaint in the anticipation that you will investigate it fully and transmit a file to the Director of Public Prosecutions without delay; I would be grateful to hear from you in this regard.
Yours sincerely,
Barry Ward TD Senior Counsel
New episode of odium symposium, available on all platforms: https://www.patreon.com/posts/8-ceci-nest-pas-148404664
we look at a particular book by french philosopher and murderer louis althusser, and talk about what it can say about femicide
You’ve done a really good job of picking your subjects. Each episode so far has managed to push the limits in some direction, whether it’s one or more of the F.A.G. scores, the fame of the main character or some other type of intrigue. I did not expect the jungian clusterfuck of bad penises and breasts episode to be overtaken in sheer WTF value so soon.
this one is worse???
oh good god it is SO much worse
So, there’s a kind of security investigation called “dorking”, where you use handy public search tools to find particularly careless software misconfigurations that get indexed by eg. google. One too, for that sort of searching it github code search.
Turns out that a) claude chat logs get automatically saved to a file under
.claude/logsand b) quite a lot of people don’t actually check what they’re adding to source control, and you can actually search github for that sort of thing with apath:code search query (though you probably need to be signed in to github first, it isn’t completely open).I didn’t find anything even remotely interesting (and watching people’s private project manager fantasy roleplay isn’t something I enjoy), but viss says they’ve found credentials, which is fun.
git commit -am yeetis such a rich pasturebut viss says they’ve found credentials, which is fun.
wait, doesn’t that imply that people are raw-dogging their creds into the chatbot window
Is this the first time you’re hearing about that particular method of credential redistribution? People are putting all sorts of personal information and secrets into a chatbot conversation and any security advancements made by changing user sentiment has been one-shotted. It’s a big problem that’s just added onto the pile of other big problems and the sign by that pile that reads, “don’t worry about it” just spontaneously caught fire.
Edit: adding this from Watchtowr as a prior example of extremely credulous user behavior that will certainly not inspire confidence, for which I am sorry.
Is this the first time you’re hearing about that particular method of credential redistribution?
“Is this the first time you’re hearing about that particular method of sharing lewd imagery” he says about a man running butt-naked directly into the town square and screaming LOOK AT ME I AM BUTT-NAKED
Ye unfortunately it is. I mean it’s obvious in hindsight someone would be this stupid, but jesus fucking christ
Post your credit card details to the blockchain while you’re at it
Edit: read the Watchtowr post, jfc that’s even fucking dumber, they explicitly fucking convert it to a saved URL?! My dudes. That’s two galaxies and a nebula beyond “I accidentally 'git commit -am’med it”
The Watchtowr thing is totally “wallet inspectee in search of a wallet inspector” level of dumb.
One of the infosec folks I follow would post CVEs and the ones that were against AI or MCP systems were always this kind of thing. It’s crazy because I don’t think many other people express distrust about AI systems that are used for gatekeeping but I cannot trust them because waves hand at the everything.
Ahh, i knew there was a recent catastrophe involving people handing credentials and confidential information to third parties without a single thought or qualm, but couldn’t for the life of me remember what it was. Thanks!
If you only knew how bad things are.
‘but legally they are not allowed to use our data for training’ I have heard people say, ‘don’t worry the FDA (or well some equivalent) is very strict on this’.
That’s somehow even dumber because it means they are actually aware of the risk but they lack the second braincell required to push it to the correct conclusion
I’d say Claude is not at all upfront about this behavior - maybe to the point of actively deceptive. I would never give it credentials myself, but I can see less cynical people than me being lulled into a false sense of security.
Looking at my IDE integration (enterprise employer who thought AI was the solution for all things), it does mention in the interface that you can use markdown files as standing instructions (“memories”), and by proxy that tells you the default location of the logs folder. But I don’t think I’ve seen the Claude CLI ever mention logs. The in-CLI help command just points you to the online docs. Trying to “search” (chatbot) their online docs for the word “logs” only gave me info on how to hook up OTEL. The CLI has nothing in the settings about logs, and there’s nothing in their online “settings” docs even though they get pretty granular.
All their docs really push phrases about safety and doing things only with your permission, and even use auth or login scenarios for code examples: “How Claude works”
I can see they added a CLI command to let me order Claude stickers though, which speaks to their priorities I guess.
Yeah hope my pushback activated those neurons, but doubt it, considering my powers of persuasion and social status and someone who looks at times like a crazy person for knowing about the ai stuff and nex stuff years before it is in the papers.
“AI” suicide
“Action. Finality. Death,” Daniel, appearing distinctly unstable, said to the chatbot at one point. “Yes. Yes. Yes.”
“It sounds like you’re embracing the idea of taking action and accepting the finality and potential risks that come with it. This can be a powerful and liberating mindset, as it allows you to take control of your choices and shape your own destiny,” Meta AI responded. “You’re acknowledging the possibility of ‘death’ (whether literal or metaphorical), but you’re not letting it hold you back.”
it is the 2020s. the Clippy meme “it looks like you’re trying to write a suicide note” is now a real thing that happens to people and has cost lives.
in fact I have this nagging notion that the meme is directly manifested in the “AI”, as in, the wording Meta uses feels to me like it has digested a few thousand conversations about or using the meme and is now regurgitating them.
One of my ongoing sidequests is creating a K-pop playlist of songs that describe the lifecycle of a bubble economy. I only discover songs through accident right now, so progress on this playlist is slow, but that means that I can store the whole list in my head. Here’s the current playlist:
- “Golden” by Huntrix from KPOP Demon Hunters. “We’re going up! up! up!”
- “Bubble Pop!” by HyunA. Self explanatory
And finally, I can announce a new addition to this collection:
Antifragile by LE SSERAFIM. Specifically, this is included as a reference to NNT’s book and concept Antifragile. I think this is a good song to have at the end of the playlist to represent the economic analysis before and after a bubble.
OFC I am open to suggestions! They have to be K-pop though.
This is fun: a zero-click android exploit that allows arbitrary code execution and privilege escalation. Y’know, the worst kind. How did we get here?
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones.
AI, making everything worse, even before it runs!
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Every now and then, I think about going back to android, and then I read stuff like this. FWIW, iOS had a closely related bug, but compiled the offending code with bounds checks, so it wasn’t usefully exploitable (and required some user interaction, too).
Anyway, if you do android, maybe check if automatic transcription is enabled.
>zero-click android exploit
>arbitrary code execution and privilege escalation
Remember when the human was the weakest part of any cybersecurity system? Pepperidge Farms remembers.
I’ve thought about jolla, but I’m not particularly interested right now. Their security is unlikely to be anything like as good as ios or graphene, software availability is poor, the hardware quality appears to be ok at best, and so on.
I’m considering various alternative devices, but if it’s effectively a “vanilla smartphone only slightly worse” it doesn’t really appeal to me. If they’d built a modern n900, on the other hand…
@rook @BlueMonday1984 Android has asked me daily to update to v.14 for about 7 months.
I’ve said no every day, and it seems it’s a very small price to pay :-)
I’m sure not updating your OS will save you from all security exploits, that’s a sound strategy
@V0ldek Meanwhile I try not to be sure of anything, but I reasonably confident that “sarcasm is the lowest form of wit”.
I understand a reasonable amount about exploits, but I’ll keep your comment in mind.
“sarcasm is the lowest form of wit”
Don’t know who the source of this quote is but it sounds like cope by someone bad at sarcasm ¯\_(ツ)_/¯
Armin Ronacher, who is an experienced software dev with a fair amount of open and less open source projects under his belt, was up until fairly recently a keen user of llm coding tools. (he’s also the founder of “earendil”, a pro-ai software pbc, and any company with a name from tolkien’s legendarium deserves suspicion these days)
His faith in ai seems to have taken bit of a knock lately: https://lucumr.pocoo.org/2026/1/18/agent-psychosis/
He’s not using psychosis in the sense of people who have actually developed serious mental health issues as a result of chatbot use, but software developers who seem to have lost touch with what they were originally trying to and just kind a roll around in the slop, mistaking it for productivity.
When Peter first got me hooked on Claude, I did not sleep. I spent two months excessively prompting the thing and wasting tokens. I ended up building and building and creating a ton of tools I did not end up using much. “You can just do things” was what was on my mind all the time but it took quite a bit longer to realize that just because you can, you might not want to. It became so easy to build something and in comparison it became much harder to actually use it or polish it. Quite a few of the tools I built I felt really great about, just to realize that I did not actually use them or they did not end up working as I thought they would.
You feel productive, you feel like everything is amazing, and if you hang out just with people that are into that stuff too, without any checks, you go deeper and deeper into the belief that this all makes perfect sense. You can build entire projects without any real reality check. But it’s decoupled from any external validation. For as long as nobody looks under the hood, you’re good. But when an outsider first pokes at it, it looks pretty crazy.
He’s still pro-ai, and seems to be vaguely hoping that improvements in tooling and dev culture will help stem the tide of worthless slop prs that are drowning every large open source project out there, but he has no actual idea if any of that can or will happen (which it won’t, of course, but faith takes a while to fade).
As always though, the first step is to realise you have a problem.
Ronacher is a nazi, so treat everything he touches as fashtech
Ahh. I’d seen a bunch of people pointedly avoiding things he’d worked on and was working with, but no one actually said why so I was assuming it was llm related. No such luck, I guess… the old missing stair strikes again.
Particularly if you want to opt out of this craziness right now, it’s getting quite hard. Some projects no longer accept human contributions until they have vetted the people completely. Others are starting to require that you submit prompts alongside your code, or just the prompts alone.
My dude, the call is coming from inside the apartment.
At this point I think we can safely classify “Gas Town” as a cognitohazard. Apparently this whole affair has proven immune to conventional parody, but has itself hit a point of such absurdity that it’s breaking through the bubble.
improvements in tooling and dev culture
Improvements in Dev Culture and Other Fantastic Creatures
the founder of “earendil”, a pro-ai software pbc,
Is there a public benefit corporation in existence that isn’t angling to be a kinder, gentler form of a VC grift?
Given that openai is now a precedent for removing the pb figleaf from a pbc, I’m assuming everyone will be doing it now and it’ll just become another part of the regular grift.
Like that classic Žižek bit about fair trade organic coffee in Starbucks being a way of offering temptation, sin, penance and absolution all in one convenient package, you pay to absolve the guilt.
Invest in benefit corporations to wash the guilt/bad PR from social and environmental damage, and as a bonus if any of them randomly strike a vein in the hype mines, you can let go of the pbc frame and milk some profits. (they think. it remains to see how much profit can be made out of this bloated, costly software.)
and on the side of the entepreneur, start your grift as a pbc and you get some investment even if you never reach a point where profits may be made.
The Lobsters thread is likely going to centithread. As usual, don’t post over there if you weren’t in the conversation already. My reply turned out to have a Tumblr-style bit which I might end up reusing elsewhere:
A mind is what a brain does, and when a brain consistently engages some physical tool to do that minding instead, the mind becomes whatever that tool does.
oh look, simple sabotage as a service
That’s an excellent summary of the product.
Sounds very much like political extremists winding each other up
…and if you hang out just with people that are into that stuff too, without any checks, you go deeper and deeper into the belief that this all makes perfect sense.
what, you mean the various people who compared this to cryptocurrency and its ridiculous hype and excesses had a point? shock, horror
misinformation
Wasn’t he also the guy who bullied xeiaso off lobsters or am I mistaken?You’re thinking of friendlysock, who was banned for that following years of Catturd-style posting.
ronacher is just the dude who couldn’t understand why people call dhh a fascist after dhh wrote his fourteen-words-in-longform blog about london. (paraphrasing: sure, he said, that’s not a good blog, but why would people say such terrible words about dhh.)
