dylnuge (u/dylnuge) - Readit News

dylnuge commented on AWS deleted my 10-year account and all data without warning seuros.com/blog/aws-delet... · Posted by u/seuros

foundry27 · 5 months ago

It’s easy to be fooled, myself included it seems :)

For context, here’s a handful of the ChatGPT cues I see.

- “wasn’t just my backup—it was my clean room for open‑source development” - “wasn’t standard AWS incompetence; this was something else entirely” - “you’re not being targeted; you’re being algorithmically categorized” - “isn’t a system failure; the architecture and promises are sound” - “This isn’t just about my account. It’s about what happens when […]” - “This wasn’t my production infrastructure […] it was my launch pad for updating other infrastructure” - “The cloud isn’t your friend. It’s a business”

I counted about THIRTY em-dashes, which any frequent generative AI user would understand to be a major tell. It’s got an average word count in each sentence of around ~11 (try to write with only 11 words in each sentence, and you’ll see why this is silly), and much of the article consists of brief, punchy sentences separated by periods or question marks, which is the classic ChatGPT prose style. For crying out loud, it even has a table with quippy one-word cell contents at the end of the article like what ChatGPT generates 9/10 times when asked for a comparison of two things.

It’s just disappointing. The author is undermining his own credibility for what would otherwise be a very real problem, and again, his real writing style when you read his actual written work is great.

dylnuge · 5 months ago

>I counted about THIRTY em-dashes, which any frequent generative AI user would understand to be a major tell.

Dude, plenty of people write with em-dashes and semicolons; I personally use them constantly (and I don't use LLMs at all). Em-dashes are trivial to type on MacOS (Alt+Shift+Dash) and even on Windows—I used to have the alt code muscle memorized (Alt+0151) but now I just use the Mac version with an AutoHotkey script. I get being wary of LLM spam now that it's pretty much everywhere, but this is not the "tell" you think it is.

To be clear, you're free to dislike this writing style, but I'm 100% confident that it has been common since long before LLMs were in widespread usage.

> his real writing style when you read his actual written work is great.

You're doubling down on this not being "his real writing style" despite acknowledging you were wrong about this being written by ChatGPT?

dylnuge commented on The future is not self-hosted drewlyton.com/story/the-f... · Posted by u/drew_lytle

jqpabc123 · 5 months ago

What we need now from this vibrant community of smart, dedicated, part-time sys-admins is to think... beyond individualism

What we need first is incentive for smart, dedicated, part-time sys-admins to devote time and effort to community hosting.

Without this, it will work --- in the same way that open source works --- without any guarantees or commitments whatsoever.

In other words, you're on your own for the most part. So it really is just a variation on self hosting. By the way, we've already been there, seen that and done that --- it was called "co-location".

When you need something more with service and reliability, well --- you're right back to paying corporate overlords.

But thanks for the round trip thought experiment.

dylnuge · 5 months ago

I'm part of several small/mid-sized communities where people voluntarily do sysadmin work so that the group can have some nice shared services, and that's to say nothing of the number of people I know running personal homelabs/self-hosting setups at decent cost just for fun. You could of course say that fun, maintaining something for friends you care about, or having a dream of less corporately locked-in software are all incentives, but they're not monetary ones.

Really, it's easy to get sysadmin types interested in this; the problem is that most people aren't sysadmins and don't know any. If you really wanted a business model out of this, it'd probably be a managed service that lets non-tech-savvy users spin up their own versions of this without learning the details.

> Without this, it will work --- in the same way that open source works --- without any guarantees or commitments whatsoever.

There are plenty of successful economic models around open source, and plenty of open source software is used in high-reliability contexts. What comparison are you trying to make?

dylnuge commented on Google spoofed via DKIM replay attack: A technical breakdown easydmarc.com/blog/google... · Posted by u/frasermarlow

monospacegames · 5 months ago

I agree, the article is intentionally deceptive. It's written to make people think the part of the mail shown in the image is the whole email when in reality it's definitely followed by some text that would raise suspicion in any person.

dylnuge · 5 months ago

And from what they do show, it doesn't look like the sites.google.com link was actually clickable, which will reduce the success rate of the attack substantially. I'm not sure if it's not clickable because the OAuth App Title field that the phishing contents is put in won't produce clickable URLs, because the email itself has been flagged by Gmail as suspicious and disabled links, or possibly both.

From what we do see we can also clearly see the "forwarded message" details are present at the top of the email. Then the author writes that the email has "no typos" while ignoring that it has very suspicious formatting. It's still likely people will fall for it, but the article author clearly is being deceptive about how sophisticated this attack actually appears.

dylnuge commented on There is no memory safety without thread safety ralfj.de/blog/2025/07/24/... · Posted by u/tavianator

zozbot234 · 5 months ago

The most common definition of memory safe is literally "cannot segfault" (unless invoking some explicitly unsafe operation - which is not the case here unless you think the "go" keyword should be unsafe).

dylnuge · 5 months ago

I've never heard anyone define memory safety that way. You can segfault by overflowing stack space and hitting the guard page or dereferencing a null pointer. Those are possible in languages that don't even expose their underlying pointers like Java. You can make Python segfault if you set the recursion limit too high. Meanwhile a memory access bug or exploit that does not result in a segfault would still be a memory safety issue.

Memory safe languages make it harder to segfault but that's a consequence, not the primary goal. Segfaults are just another memory protection. If memory bugs only ever resulted in segfaults the instant constraints are violated, the hardware protections would be "good enough" and we wouldn't care the same way about language design.

dylnuge commented on Web fingerprinting is worse than I thought (2023) bitestring.com/posts/2023... · Posted by u/xrayarx

Sanzig · 5 months ago

TIL, thanks! The usual convention of calling them "cookie dialogues" sure obfuscates that.

dylnuge · 5 months ago

Which is a very intentional (and successful) marketing ploy by companies to get users to not care about them. It sounds like a boring technical thing instead of "we need your permission to let massive advertising networks track you around the internet" (consent isn't needed for site functionality; you can use cookies and never mention it if you don't use them for tracking).

Unfortunately this is a challenge with regulation; companies find a way to break the spirit of it as much as possible while following the letter. It's better that companies need consent to track us than not, but consent managers are dark patterns designed to deeply annoy us at the prospect of saying no.

dylnuge commented on AWS merges malicious PR into Amazon Q lastweekinaws.com/blog/am... · Posted by u/QuinnyPig

shdjhdfh · 5 months ago

Another thing to note, the AI angle on this is nonsensical. The commit could have just as easily done many other negative things to the system without AI as a layer of indirection.

dylnuge · 5 months ago

Neither the 404 Media article nor this one claim otherwise. I think the key "AI angle" here is this (from the 404 Media article):

> Hackers are increasingly targeting AI tools as a way to break into peoples’ systems.

There are a lot of AI tools which run with full permission to execute shell commands or similar. If the same kind of compromise happened to aws-cli, it could be equally catastrophic, but it's not clear that the attack vector the hacker used would have been viable on a repo with more scrutiny.

dylnuge commented on DNS over Wikipedia github.com/aaronjanse/dns... · Posted by u/pyinstallwoes

shp0ngle · 2 years ago

> If you had actually read the thread you'd know that it's Wikipedia policy not to include links to sites containg content illegal in the US because that can actually get visitors in trouble.

Not really though.

They have WP:ELNO which includes this, but that excludes WP:ELOFFICIAL. Official links are exception to that list.

> "These links are normally exempt from the links normally to be avoided, but they are not exempt from the restrictions on linking"

The only things that are restricted for official pages is what is in WP:ELNEVER

> 1. Policy: material that violates the copyrights of others per contributors' rights and obligations should not be linked, whether in an external-links section or in a citation.[a] External links to websites that display copyrighted works are acceptable as long as the website is manifestly run, maintained or owned by the copyright owner; the owner has licensed the content in a way that allows the website to use it; or the website uses the work in a way compliant with fair use. Knowingly directing others to material that violates copyright might be considered contributory copyright infringement.[c] If there is reason to believe that a website has a copy of a work in violation of its copyright, do not link to it. Linking to a page that illegally distributes someone else's work casts a bad light on Wikipedia and its editors. This is particularly relevant when linking to sites such as Scribd, WikiLeaks, or YouTube, where due care should be taken to avoid linking to material that violates copyright. > 2. Technical: sites that match the Wikipedia-specific or multi-site blacklist without being whitelisted. Edits containing such links are automatically blocked from being saved.

According to wikipedia's own official policies, links to 8chan and kiwifarms should be allowed as official links, as Stormfront and The Daily Stormer is, as they don't break copyright and are not on spam blacklists.

---

again my problem is not censorship (I am for that), it's just that wikipedia acts like it isn't happening and cannot make an official ruleset that they follow.

dylnuge · 2 years ago

There's not a strong differentiation between "official" policies and guidelines and "unofficial" specific consensus on Wikipedia. Individual arguments are generally built out of policy and policy is just longer-standing consensus and can be changed. It's not like there's a different group of editors setting policy from those who argue on talk pages.

dylnuge commented on Mental health in software engineering vadimkravcenko.com/shorts... · Posted by u/cmpit

chollida1 · 2 years ago

I'm not terribly convinced that software engineering is harder on someone mental health than being a doctor, lawyer, sales, engineer, professional athlete, teacher, or any other white collar profession is.

All of these have their specific stressors, all of these professions have loads of articles about how people are leaving these professions due to how hard they are.

All of these jobs tend to lead to them consuming your free time if you don't set boundaries, all have deadlines that lead to stress.

>You cannot take a sick day by telling your team, “I have mental issues and need a day off.”

This hurt me to read on behalf of the OP.

I'm now 20 years into my career and never once have I come across this attitude. People take sick days all the time for mental health. I feel terribly for this person that they felt like they couldn't but this is far and away the exception rather than the rule.

Has any company come out against mental health in the past 20 years?

dylnuge · 2 years ago

> I'm not terribly convinced that software engineering is harder

I don't think it really matters what jobs are "harder". Nothing in the article is making the claim this is unique (or for that matter universal). The author's experience was in engineering management, and that's what they're writing about.

It's relevant to our industry insofar as it's reflective of an experience in the industry. I'm personally a bit cautious around claims of what is harder or easier because they tend to be pointless comparisons mostly used to dismiss valid criticism with whataboutism.

> I'm now 20 years into my career and never once have I come across this attitude. People take sick days all the time for mental health. I feel terribly for this person that they felt like they couldn't but this is far and away the exception rather than the rule.

I have definitely worked at organizations with a tech-bro startup culture where working non-stop (and drinking heavily) were idolized and anyone talking about mental health would have likely gotten a "man up"-esque speech (regardless of their gender, though shockingly these companies are mostly men). I have also worked at places where mental health was nominally respected but, like anything else, substantially more leeway was given to people perceived as high performers. I'm glad you haven't had to encounter anything like that, but I wouldn't even call it uncommon, nonetheless exceptional.

dylnuge commented on Looking into an apparently scammy looking zsh plugin manager called “zi” recurse.social/@dylnuge/1... · Posted by u/effdee

tronicdude · 2 years ago

FWIW, I've used zshell for years now and had a great experience. When vetting it against the other zinit fork, it seemed better documented and more active (new features still being added) while the other fork was simply archival. The dev has been extremely responsive whenever I've had issues or questions.

This is all that is in my zshrc:

  # Install Zi if not already installed
  if [[ ! -f $HOME/.zi/bin/zi.zsh ]]; then
    print -P "%F{33} %F{160}Installing (%F{33}z-shell/zi%F{160})…%f"
    command mkdir -p "$HOME/.zi" && command chmod go-rwX "$HOME/.zi"
    command git clone -q --depth=1 --branch "main" https://github.com/z-shell/zi "$HOME/.zi/bin" && \
      print -P "%F{33} %F{34}Installation successful.%f%b" || \
      print -P "%F{160} The clone has failed.%f%b"
  fi

This seems like a bit of an overreaction to someone contributing open source software. Every component of zshell is open (including the website) under the github organization. If they fucked up the checksum version of the download (didn't exist when I started using zshell), submit a PR maybe? As far as the accusation that they're trying to look like official Zsh: the description for the website and repo is literally "A Swiss Army Knife for Zsh - Unix Shell." You cannot miss it.

I don't have a dog in this but this is clearly an overreaction. ss-o has put a lot of time into this and made the best zsh plugin manager imo. Calling it "scammy looking" and "boo hoo he works in marketing" is a cheap blow.

dylnuge · 2 years ago

I'll say it's entirely possible this is an overreaction. I was writing up a fun weekend investigation of a weird looking project as I dug into it. There's a reason it's a series of posts on Mastadon and not anything more formal than that.

To clarify one thing, I'm not concerned that they "work in marketing". I am concerned that that the marketing page is fake: it's a bunch of AI generated faces and fake LinkedIn profiles. This does not lead me to the conclusion that they work in marketing at all.

As for your version of the script, it still strikes me as a _little_ weird (why put a self-install inside the .zshrc that is only expected to run once per system you have it on), but clearly far less concerning than the version they have in the current docs.

All code execution involves some degree of trust. There's enough here to make me personally not trust the developer, but if the information here doesn't give someone else the same qualms, that's entirely fine.

dylnuge commented on Looking into an apparently scammy looking zsh plugin manager called “zi” recurse.social/@dylnuge/1... · Posted by u/effdee

arp242 · 2 years ago

I have rarely (if ever) seen anyone write "z shell" or "zshell". Maybe in spoken language some people say "z shell", but Google can't search that. Everyone just writes it as "zsh". It's not surprising that another site which uses exactly that word ranks higher – zsh.org barely mentions the word "zshell".

And no one is searching for zshell either: https://trends.google.com/trends/explore?q=zshell,zsh,ksh,cs...

In short, the example is invalid.

That said, my ranking on Google for "zshell" is Oh My Zsh, the Wikipedia article (which is titled "Z shell"), zsh.sourceforge.org, and zshell.dev, in that order. DDG is similar, except the spam site https://zshwiki.org is ranked just before zshell.org ("The Zsh framework can be used to develop LGBT inclusion initiatives [..] One of the first steps in promoting LGBT inclusion is increasing awareness of the issue among porno gay employees").

dylnuge · 2 years ago

Yeah, the example was artificial to illustrate that it does come up in search results. I think I noted this later in the thread, but I originally stumbled onto this while specifically searching for some stuff on zprof. I don't recall the exact query I used, since I got pretty deeply sidetracked once I landed here.