A few days ago I blogged about how great logcheck was. And towards the end I mentioned that writing rules was one of the more annoying parts. I have for a while been considering how that can be done easier, and while I don’t have my dream solution yet, I have spent a few evenings vibe-coding something that I believe will be helpful. Logcheck regex helper You can try it out at nyman.
Vibe coding is a slot machine. I agree.
You pull the lever and out comes code. Most of the time it’s close but not right, so you pull again.
Meanwhile you watch the funny little loading messages they added to give a bit of extra dopamine kick.
But it’s the most useful slot machine I’ve ever seen.
Why I’m not worried about my job part.
Evidence 17: Google forcibly rolling Gemini everywhere before anyone has had a chance to actually consider the security implications.
#blaugust
This is related to my previous post on LLM’s. Feel free to skip it if had too much LLM. There have been several studies on how LLM’s seem to make us dumber. And there is probably truth in that. It’s quite logical if we look at the biology. The brain requires more energy when it’s working, and probably even more when forming new memories. So if there is an easier way, it will prefer that way, as for most of humanity’s existence wasted energy was not good for survival.
I’m a happy user of micro.blog since forever, but I must say when I saw the Ghost 6.0 release I was tempted to try, so shiny.
Then I saw the system requirements and feature list and remembered that it’s not what I need or want.
(Also a micro blog post is still a blog post)
Word of warning: This is mostly a rant or reflection, I’m not sure there is anything useful here so feel free to skip this one :-) The problem If you tried solving complex problems with any of the state of the art models, you have probably noticed how the LLM has a tendency work fine up until a point, and then they break down completely. And after that, they don’t seem to be able to recover.
logcheck, is a really old collection of bash scripts that are surprisingly great for monitoring a *nix server. It’s great because it’s really lightweight and easy to set up compared to most modern logging and alerting stacks. It can do this because it works in reverse to how most logging tools work. Instead of trying to find the important stuff and alert on that, it just filters out everything “standard” and alert on everything else.
Many years ago, Mikko Hyppönen posted a thread on twitter[xcancel.com] on machine readable codes like QR codes. It was interesting and I went and made this one. I dare you to scan it. If you haven’t figured out what it is, try singing it. You can find the music for it here. Either way. A while later while reading the chapter on machine-readable codes in If it’s secure it’s vulnerable by the same Mikko, I went down the machine-readable code rabbit hole again.
(Let’s skip the discussion about if LLM’s are a net positive or negative. Let’s just look at what is happening.) LLM’s are increasingly being used to write code, lots of code. And according to a recent veracode paper they have a tendency to write insecure code. The tl.dr. of that paper is that (just like humans), unless told and trained to write secure code they won’t. No surprise there really, as a lot of example code out there is insecure.
Why did I join Blaugfest to encourage myself to write more? I’m not sure. Sometimes I think it’s become of some subconscious hope it in the hopes that my post would go viral, but why? I assume it’s some built in social drive to be “popular” because that was once important for survival. But I’ve seen many examples of being popular on the internet is not a good thing. I would like to specifically thank Marcus Hutchins aka.
Hi there! Yeah, you! My one trusty reader (honestly I don’t have any stats but I don’t think I have that many readers). Sorry if I surprised you by popping up in your feed again, I bet you assumed this was another dead blog. But no, it is apparently Blaugust. What? Yeah I know, it sounds a bit like the sound the dog makes when it ate too much too fast.
What is the main job of information security? Is it to break things? Or to protect things? I believe that most people would answer something along the lines of defending. So if we agree that the end goal is to defend, why does it seem like infosec is mostly about the offensive side, and is this a problem? This impression that offensive security gets more attention seems to be a common view based on my limited polling.
If you prefer to go straight into the details, while skipping the backstory, feel free to jump directly to the setup. Also note that DD-WRT will charge you 20 euro for the privilege of running their software on “professional” hardware. If their router DB says “yes” under “activation required” you will get a 24 hour trial then to see that it works, then you need to pay. If you don’t want to pay, but want to use dd-wrt, you need to pick another router.
Do you need a simple reverse TCP tunnel to a local service (like SSH), but you don’t want to install anything or use a one of the public ones. Warning: There is no authentication, use this only for temporary things or IP allowlisting to limit who can connect. Get the sish binary from github With that out of the way, on the server run ./sish --authentication=false --ssh-address=:9999 -i:9989 --bind-random-ports=false then run on the client
Do you like the new Brave/Chrome tab finder ctrl+shift+a but it’s conflicting with slacks shortcut for Open the All unreads view? If you use StopTheMadness (https://micro.blog/lapcatsoftware@appdot.net) then you can stop a webpage from hijacking any CMD shortcut (or any shortcut), but what if you want to allow the webpage to keep most shortcuts, but disable one? Add the following code to the custom-script part of StopTheMadness for the slack domain
Have you ever heard of dopamine fasting? Apparently, it’s a “thing” now. It even has its own Wikipedia page, so you know it’s legit. But for me, dopamine fasting is an annual tradition that I’ve been doing for about 10 years leading up to Easter. It’s not like I’m particularly religious, but the 40-day period seems like a good time to cut back or quit something that I thought brought me happiness but wasn’t entirely sure.
First, this is the completionist solution. The goal of this is to read (or at least see) every toot from everyone you follow. This is based on a draft I made many years ago on how I use twitter (with Tweetbot, RIP) which I never published, but now with Ivory it felt relevant again. There will be no magic algorithm deciding what you see from a large pool of toots.
Ok, after a few harder ones, we’re back to something which looks like right up the alley of GPT. A simulated computer. Although it isn’t what large language models (LLM) are made to do, previous examples has shown that GPT does quite well at it. So let’s give it a try and hope for the best. As usual, we start with the full input. It produces something that works on the first try.
Ok. I was honestly considering just skipping this. Day 9 looks quite ridiculous. But let’s give it a try. At least one thing, GPT is sometimes good at, is taking a long description and summarising. The first try, with the puzzle description without change got this which wasn’t a good start, a few iterations laters we weren’t making much improvement. So, time for a reset. Also, we have another challenge today.
So, today we’re taking a 2D matrix and figuring out if there are any lower numbers in any direction. This seems like a reasonable problem that GPT should be able to solve, as matrices are very common in computer science problems. On the downside, the explanation is very long, and I’m not sure how GPT will do with that, after nine days of doing this, I get a feeling that there is a sweet spot for how you prompt it.