Women everywhere: It's so unfair that boy clothes have so many more pockets than girl clothes!
Fashion designers: We hear you. We will reduce the size and number of pockets on boy clothes.
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
mastodon
4.6.0-alpha.5+glitch
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the #CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the #CHERIoT Platform.
I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler.
Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated.
Warning: May contain greater than the recommended daily allowance of sarcasm.
No license, implied or explicit, is granted to use any of my posts for training AI models.
0
Followers
0
Following
Joined February 03, 2024
Posts
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
20h ago
34
0
34
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
1d ago
‘Beware the SATAs of March’ doesn’t have quite the same ring.
View on infosec.exchange
12
0
3
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
2d ago
Louder for people at the back:
If ‘AI’ gives you a 20% productivity increase, in an economic system that rewards growth at the expense of everything else, the rational thing for any company to do is use that productivity increase to expand into new markets. This may involve some redundancies because you need different skills for the new opportunities but they will be matched by increased hiring in the other areas. If you and your competitors both see a 20% increase in productivity and you use it to make people redundant and they use it to ship more products in more areas, then they will grow at your expense. Their products will be better than yours and you will lose market share.
If you are claiming that you have redundancies because ‘AI’ is increasing productivity, then one of the following is true:
- Your leadership team does not understand market economics (in which case, investors should worry that the board has not replaced obviously incompetent leadership).
- You are an unchallengeable monopoly and have already filled all adjacent markets and have literally no possibility of growth (in which case, investors should take note and set their price predictions based on today’s revenue, with no expectation of future growth, which would wipe out over 80% of Meta’s market cap).
- You are lying about productivity gains (in which case, investors should worry about what else you’re lying about and should start prodding the SEC to investigate).
319
0
286
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
3d ago
I have a load of kitchen utensils made of silicone. They’re great: heatproof so you can leave them in the pan, poor thermal conductors so doing so doesn’t burn your hands, and soft so they don’t damage non-stick things.
But I remain in awe of whichever materials scientist looked at stone and said ‘this is great, but it would be better if we made it squidgy’ and then did it. Who looks at stone and decides it should be squidgy?
38
0
11
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
3d ago
Oh no, our competitors are doing stupid things! We must also do stupid things or be left out!
— CEOs everywhere.
289
0
150
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
3d ago
Welcome to the Sovereignty Queue, another benefit brought to you by Brexit!
EDIT: Lots of people seem confused by this:
Prior to Brexit, because the EU was not in the Schengen area, you needed to show a passport to enter the EU, but it was an EU passport so that was simply a scan. In busy airports, you could use the ePassport gates. Now, you must have the passport stamped with the entry date, because you cannot spend more than a certain amount of time (three months?) in the EU, in total, in one year without a visa.
You must also have the corresponding exit stamp. This was not previously necessary for people taking Schengen to UK flights: you would have your passport checked at the UK border (a handful of places did this at the non-UK end) for UK entry. For non-EU passports, I believe the UK also handled the leaving-Schengen bit for these legs.
The additional steps where they have to check how long you've been in the EU, stamp the passport, and (now) check biometrics adds time in both directions. It means you now need to see a human where previously an electronic entry thing was necessary. No EU country is incentivised to put more people on these desks, because why would you reward a country for doing stupid things? It just encourages them to do more stupid things. And so British people all get annoying delays travelling. Oh, and to actually have a functioning economy, we have to comply with all EU regulations (because they're most of our export market), but now we don't get a say in drafting those laws (which actually is a benefit of Brexit, because the most monumentally stupid EU laws were pushed by the UK on behalf of the USA). All this in the name of sovereignty and controlling our borders.
In Alastair Reynolds' Demarchy, anyone who voted for Brexit would have their future votes' weights scaled back to 0.5.
27
0
22
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Mar 04, 2026
I accidentally read LinkedIn again and lots of people are talking about the flow of writing code with an LLM and then using a feedback loop with formal verification to reject incorrect implementations.
On the surface, this seems sensible: LLMs can produce kind-of correct (or, at least, correct-looking) code rapidly, verification tools can tell you if it’s correct and you can just keep exploring the design space until you find something correct.
But the bit no one is talking about is: who writes the specification, which must be sufficiently detailed that it can reject incorrect things (including thins in the wrong complexity class, so you don’t accept when the LLM writes a factorial complexity algorithm where a linear one would work)? And why is writing a formal specification believed to be easier than writing code? And what tools can take an arbitrary program and prove that it does or does not implement a spec? If these things were all easy, formal verification would already be ubiquitous.
168
0
101
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Mar 02, 2026
It is completely unfair to refer to Microsoft as Microslop, because that implies a small quantity of slop.
183
0
112
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Mar 02, 2026
So, I have actually read the text of California law CA AB1043 and, honestly, I don't hate it. It requires operating systems to let you enter a date when you create a user account and requires a way for software to get a coarse-grained approximation of this that says either 'over 18' or one of three age ranges of under-18s. Importantly, it doesn't require:
- Remote attestation.
- Tamper-proof storage of the age.
- Any validation in the age.
In short, it's a tool for parents: it allows you to set the age of a child's account so that apps (including web browsers, which can then expose via JavaScript or whatever) can ask questions about what features they should expose.
In a UNIX-like system, this is easy to do, with a tiny amount of new userspace things:
- Define four groups for the four age ranges (ideally, standardise their names!).
- Add a
/etc/user_birthdaysfile (or whatever name it is) that stores pairs of username (or uid) and birthdays. - Add a daily cron job that checks the above file and updates group membership.
- Modify user-add scripts / GUIs to create an entry in the above file.
- Add a tool to create an entry in the above file for existing user accounts.
This doesn't require any kernel changes. Any process can query the set of groups that the user is in already.
If a parent wants to give their child root, they can update the file and bypass the check. And that's fine, that's a parent's choice. And that's what I want.
I like this approach far more than things that require users to provide scans of passports and other toxically personal information to be able to use services. If we had this feature, then the Online Safety Act could simply require that web browsers provide a JavaScript API to query the age bracket and didn't work unless it returned 'over 18'.
184
0
121
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Mar 02, 2026
It's a good thing that there were absolutely no negative consequences of the last time the USA and UK decided to do regime change in Iran. I'm sure this time will go just as well.
17
0
16
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Mar 02, 2026
There’s some interesting history here. The idea that you don’t kill leaders was pretty entrenched in Europe for the last few hundred years. Mostly, it was a gentleman’s agreement among monarchs to keep themselves safe. You might capture a king or queen, but you’d ransom them back to their nation rather than killing them. The French Revolution killed their king and this, more than anything else they did, made them pariahs on the international stage. No one cared that they killed large numbers of their own people (everyone did that, ask the Irish), but none of the other monarchs wanted the idea that you can just kill them to catch on.
After Napoleon called himself Emperor, he got the same protection. He wasn’t killed at the end of the war, he was exiled (and then again, further away, when the first time didn’t work). The leaders of the time thought killing him would set a precedent that they were uncomfortable with. There are even reports that he came within gun range during Waterloo but Wellington ordered the allies not to shoot him.
I’ve never been particularly happy with this convention because it exists to split the world cleanly into people who are responsible for wars and people who might die in wars.
I do find it particularly interesting that it’s the President who wants to be a King who is willing to upend this convention. Even Putin has shied away from having foreign leaders assassinated (though he has been very willing to have other people assassinated on foreign soil) [EDIT: This is incorrect, see Ilias’ correction below. He has just not succeeded]. He must have a lot of confidence in the Secret Service.
29
0
15
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Mar 01, 2026
In the ‘90s, I used to run antivirus software on Windows and it found a bunch of things, including one virus that was on a magazine cover disk (ooops!). When I was at Microsoft, for the entire five years, every single thing that Windows Defender flagged was a false positive. Worse, it also turned out that they had the same design flaw everyone mocked Norton for 20 years earlier: they ran parsers, written in CL in the kernel. This let a malicious file get kernel-privilege execution simply by being scanned by Windows Defender, so a drive-by download or an email attachment that you don’t open (but which is written to disk) could trigger a compromise.
25 years ago, there was a tradeoff between an increased attack surface but also real detections but, as far as I could see, modern antivirus has no upsides. My work machine at Microsoft might have been entirely riddled with malware, but if so Defender didn’t find any of it. And may even have been the cause of some of the infection.
Has anyone actually had any kind of attack prevented by one of these things in the last five to ten years?
5
0
12
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 27, 2026
The most interesting thing about the by-election result is, to me, where the swing came from:
A couple of days ago, the Greens were polling at 32%, Labour at 29%. In the final result, the Greens got 41%, Labour 26%.
That’s not a load of Labour voters voting tactically. That’s a load of undecided voters deciding to vote for a candidate, rather than feeling disenfranchised.
This is what I have been saying for almost 30 years is the outcome of major parties believing Duverger's law is a real thing. And, yes, I am still bitter that I got a poor mark for my Politics A-Level essay that predicted exactly this phenomenon (which isn’t hard because it had happened multiple times before in the 20th century, yet the curriculum still teaches Duverger's law as if it isn’t a pile of nonsense).
View on infosec.exchange
12
0
4
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 26, 2026
I case anyone is worried about AI taking junior support rôles because it can actually do the job, rather than because management doesn’t care about retention:
When I encountered a cascade of #Azure bugs last weekend (all of which could have been avoided by half an hour of thinking when implementing their control plane), it recommended #Copilot to help me. I tried it, mostly on the basis that it would cost #Microsoft money and they’d annoyed me by not doing basic QA on their products. My experience:
- It was not able to diagnose the problem.
- It was slow to respond.
- It sent me to pages that didn’t exist.
- It told me to use UI elements that didn’t exist when it sent me to pages that did.
A complete waste of my time and their money. If they’d spent half as much money on QA for Azure tooling that they spent on Azure Copilot, they’d have had a far bigger impact on customer experience (and that impact would have been positive).
52
0
41
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 25, 2026
There's a recurring theme in technology that the creators of something popular don't understand why it is popular. Often it's in spite of the thing that they think is important and often because of some completely unrelated ecosystem effects. Then they build a second thing that does whatever they thought was important in the first one, only more so. And they're confused about why it's not popular.
View on infosec.exchange
92
1
47
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 22, 2026
I have a new technique for reliably vibecoding apps:
First, you write your requirements in an unambiguous specification language. This is the prompt, but to disambiguate it from less precise prompts, we will call it the source of truth encoding, or source code for short. You then feed it to an agent that will create an of outputs by applying some heuristic-driven transforms that are likely (but not guaranteed) to improve performance. This agent compiles a load of information about how to transform the code into a single pipeline, so we’ll call it a ‘compiler’. This then feeds to the next agent that finds missing parts of the program and tries to fill them in with existing implementations. This is more efficient than simply generating new code and more reliable since the existing implementations are better tested. This agent has a knowledge base of existing code organised in grouping that I’ll refer to as ‘libraries’. It creates links in that web of knowledge between the outputs of the first agent and these existing ‘libraries’ and so we’ll call it a ‘linker’.
I think it might catch on. VCs: I think we can build this thing for only a couple of hundred million dollars! And the compute requirements are far lower than for existing agentic workflows, so we can sell it as a service and become profitable far sooner than other AI startups. Sign up now for our A round! We have a working proof of concept that can output the Linux kernel, LibreOffice, and many other large codebases from existing prompts!
View on infosec.exchange
15
0
10
Thread context
2 posts in path
Parent
@Da_Gut@dice.camp
Open
on dice.camp
Open ancestor post
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 21, 2026
@Da_Gut@dice.camp @zzt@mas.to
An LLM is two things: the model and the weights. The model is basically a description of how different layers fit together. It’s usually not that complicated (you can create quite good ones in a few hundred lines of code with modern frameworks). But, by itself, the model is useless because each layer is something like ‘take an input and permute it using this operation with an NxM matrix as the other operand’. That other operand is not part of the model, it’s in the weights. The weights are large. They are the result of training. You process a lot of data to generate them.
In a classical neural network, the model defines the topology, but each neurone has an activation threshold. When you train it, you feed a bunch of data through it and this sets the threshold values. Eventually, you stop and now you have a trained model. Modern deep learning models work in a similar way, but with a huge pile of optimisations. The weights are the valuable thing because it takes vast amounts of compute and data to produce them. They’re also completely opaque. They’re just a massive blob of data, so trying to figure out the behaviour of a trained model by looking at the weights is almost impossible, as is working out what went into their training sets.
Very few ‘open’ LLMs have weights that were trained on known and reproducible data sets. Things like Meta’s LLaMa are ‘open’ in that you can recreate the model yourself (as llama.cpp did) and download their weights, but you have no visibility into what the weights were trained on, can’t reproduce the training (unless you have a data centre and a massive pile of lawyers who will be able to defend you against copyright infringement lawsuits). Oh, and the license says that you agree never to sue Meta for any IP infringement, so if @pluralistic@mamot.fr is using one of the ‘open’ LLaMa weights, he has just given Meta a perpetual license to use all of his work for any purpose. I’m sure he considers that a great deal for a grammar checker with a 50% false positive rate.
This, by the way, is why I really like Mozilla’s translation models (which are much simpler than a general purpose LLM, though they use much of the same underlying technology). They are trained on curated open datasets designed for training machine-translation systems and they are specifically designed so that you can redo the training on a single (powerful, but affordable [at least, before the bubblers decided to buy everything]) machine. That made them things that people could experiment with, exploring different model structures to see how it affected speed and accuracy.
So, yes, a local model will not send data across the network when you use it (hopefully. Unfortunately, most are distributed as Python code and a load of the ones on Hugging Face also came with bundled malware. I hope they’ve managed to fix that now), but they’re not open in any meaningful way, they are still subject to the whims of massive corporations, and they are building a dependency on the exact companies that Doctrow criticises and handing them a load of control over your workflow.
View full thread on infosec.exchange
41
0
26
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 20, 2026
OpenAI announced this week that they are less than a decade away from a Sam Altman that can convincingly pass as human 60% of the time.
168
0
102
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 17, 2026
Realistic Terminator plotline:
[ Terminator smashes its way into a resistance bunker ]
John Connor: Quick question, before you kill us all. What would happen if you ran ‘DROP TABLES’ on all of Skynet’s databases and then, as root, rm -rf / on all of the servers?
Terminator: Hi puny human, that’s a great question! *Bzzzt*
[ Terminator stops moving. Cut to scenes of SkyNet factories, all immobile. The world is saved by slop code. ]
56
0
41
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 16, 2026
Why is it every article about LLMs includes ‘LLMs do have legitimate use cases, for example [list of use cases for which LLMs are actively dangerous]’.
View on infosec.exchange
127
0
53
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 12, 2026
In the last week, I’ve seen an uptick in ‘AI is good for boilerplate’ posts. It is 2026. Metaprogramming is over 50 years old. Why are we writing boilerplate at all, much less creating expensive tools that let us write more of it faster?
View on infosec.exchange
43
0
19
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 11, 2026
My use of OpenStreetMap was not disrupted today, because they made their data available in a form that’s easy to integrate with offline map viewers and I have local copies of all of the maps I use frequently. Thanks OpenStreetMap team for all of the work that went into that!
72
0
45
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Feb 11, 2026
Web design in the early 2000s: Every 100ms of latency on page load costs visitors.
Web design in the late 2020s: Let's add a 10-second delay while Cloudflare checks that you are capable of ticking a checkbox in front of every page load.
View on infosec.exchange
1323
1
847
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 30, 2026
One of the fun things people should remember about dictators:
When they come to power, the first against the wall tend to be their supporters, not their opponents. It's often useful to keep a few opponents around (stripped of power) to pretend legitimacy and to have some convenient scapegoats later. But close supporters are a threat.
Hitler and Stalin both put a lot of effort into playing their close supporters off against each other to make sure none became too powerful. If any looked popular, they were the ones purged.
So, anyone thinking they can ride the coat tails of an autocrat: there are no good outcomes for you. You are either someone they can (and will) ignore, or you are someone who appears to be a threat and will be eliminated.
27
0
16
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 30, 2026
Remember: It's okay for your F/OSS project to be finished. You don't have shareholders who need you to grow every year. You don't have customers who need to be persuaded to buy a subscription or a new version every year by marketing-driven features. If it solves the problem that you created it to solve, you have won. You now have some software that solves the problem that you had. You are allowed to stop now.
View on infosec.exchange
366
12
242
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 30, 2026
The other bit of interesting business news this week was that NVIDIA has displaced Apple as TSMC's biggest customer. This is interesting because it means that Apple now has a financial incentive to burst the #AIBubble.
If I were Tim Cook, and wanted to take a break from enabling fascists to run the company that I'm paid to run, I'd point at some of the papers Apple has written about limitations of AI and release a statement saying something like 'Apple has some of the smartest engineers in the business and is a leader in the AI space. We have rigorously examined the state of the art in transformer and diffusion models and concluded that these are dead-end approaches in building tools that address the kind of real-world use cases that matter to our customers. As such, we are going to limit our exposure to the AI Bubble and significantly reduce our spending on deep learning models. We will continue to build systems that improve the experience for our users with machine learning where appropriate, but will no longer be investing in the kind of large models that require huge datacentres to train'.
And then I'd watch the market panic and NVIDIA's orders collapse.
47
2
25
Thread context
2 posts in path
Parent
@eco-g@stroud.social
Open
@eco-g@stroud.social
A real shame if this photo went viral again today. #uspol #ukpol
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 18, 2026
@eco-g The people who like him probably see that as positive. The screenshots of his appearances on RT are probably less popular.
View full thread on infosec.exchange
3
0
0
Thread context
4 posts in path
Root
@cstross@wandering.shop
Open
@cstross@wandering.shop
LLMs are spam generators. That is all. They're designed to generate plausibly human-like text well enough to pass a generic Turing Test. That's why people believe they're "intelligent". But really, al
Ancestor 2
@NefariousCelt@mastodon.scot
Open
@NefariousCelt@mastodon.scot
@cstross@wandering.shop I disagree with you there. I still believe the perfect use case for AI in content creation is to generate a virtual fan boy to tell an author that they are canonically wrong. S
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
@NefariousCelt@mastodon.scot But I don't NEED that! I've developed that skill for myself, the hard way!
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 17, 2026
@cstross@wandering.shop @NefariousCelt@mastodon.scot
A product where the target demographic is Kevin J Anderson.
View full thread on infosec.exchange
0
0
0
Thread context
2 posts in path
Parent
a post on sakurajima.social
Open
on sakurajima.social
Open ancestor post
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 13, 2026
@KitsuneVixi@sakurajima.social
I cannot be bothered to repeat why I block people who repeat that nonsense, so I’m just going to mute you and you can go and search previous messages.
View full thread on infosec.exchange
0
0
0
Thread context
2 posts in path
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
RE: https://mastodon.social/@workchronicles/115887342621053928 All you need to know to understand how actually-existing crapitalism operates. (You don't deal with a mafia organization by fining them o
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 13, 2026
@cstross@wandering.shop
You can fine them per offence as long as the size of the fine multiplied by the probability of enforcement is significantly higher than the profit that's possible to achieve from the activity.
Companies tend to be good at optimising for profit. If breaking the law will bring in $X/year and comes with fines that average $Y/year (including inconsistent enforcement), then they will break the law if X>Y. If Y is 2X, they probably won't break that law at all, and definitely won't do it very often.
This is why I was initially optimistic about the GDPR. Fines expressed as a percentage of global turnover can easily exceed global profits and can be scaled to ensure that the violation is deeply unprofitable.
Unfortunately, the probability of enforcement has been so low that it isn't working.
View full thread on infosec.exchange
0
0
0
Thread context
3 posts in path
Root
a post on toot.pikopublish.ing
Open
on toot.pikopublish.ing
Open ancestor post
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
@u0421793@toot.pikopublish.ing @david_chisnall@infosec.exchange @rudi@hachyderm.io @scrivenerapp@mastodon.world Don't get me started on idiots mixing hard spaces in with tabs in the same document to m
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 12, 2026
@cstross@wandering.shop @u0421793@toot.pikopublish.ing @rudi@hachyderm.io @scrivenerapp@mastodon.world
I see you have debugged someone else's Python code before!
View full thread on infosec.exchange
0
0
0
Thread context
4 posts in path
Root
@cstross@wandering.shop
Open
@cstross@wandering.shop
@david_chisnall@infosec.exchange @rudi@hachyderm.io Yes, and this is why word processors are not suitable tools for novelists (they're designed around office work, not book-builders).
Ancestor 2
@david_chisnall@infosec.exchange
Open
@david_chisnall@infosec.exchange
@cstross@wandering.shop @rudi@hachyderm.io Indeed. This is why I didn't use a word processor for any of my books.
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
@david_chisnall@infosec.exchange @rudi@hachyderm.io I feed into the production pipeline of Big Five publishers who *insist* on standardizing on docx files (and then Adobe InDesign->PDF) for production
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 12, 2026
@cstross@wandering.shop @rudi@hachyderm.io @scrivenerapp@mastodon.world
Pearson had a choice of either going through their flow or providing camera-ready PDFs. I chose the latter and worked with them a bit on the layout to make sure that I matched their house style. I guess fiction publishers don't do that, since they have a lot less custom typography and so a one-size-fits-all style works better (though, given some of the awful typesetting I've seen in a few books recently, I'm becoming less convinced).
For one book they realised that they'd actually allocated funds for layout and hadn't noticed that the contract said camera-ready PDF, so at the end of their accounting cycle they realised they needed to spend the money and ended up also paying me to do the layout (which was a nice bonus on the agreed advance / royalty).
The biggest benefit for me of doing the camera-ready option was that it gave me complete editorial control: copyeditors and proof readers gave me back marked-up PDFs (the first one printed everything and used traditional proof-reading marks, which I had to learn, later ones annotated the PDFs). Nothing went into the final version unless I put it there.
My most recent book was self published (or, rather, my company was the publisher rather than a publishing house) and I ended up writing some tooling to give me a nice flow from semantic markup to ePub, web, print PDF, and online PDF. LaTeX is not the place you want to start if ePub is one of the places you want to end up. There are flows that do it, and they're all awful in overlapping ways.
(This isn't how I earn my living anymore, but was for a while)
View full thread on infosec.exchange
0
0
0
Thread context
4 posts in path
Root
@cstross@wandering.shop
Open
@cstross@wandering.shop
@david_chisnall@infosec.exchange @rudi@hachyderm.io I work in trad publishing. There is no live editing flow—it runs on the waterfall model (and *can't* run on live editing, because it's all outsource
Ancestor 2
@david_chisnall@infosec.exchange
Open
@david_chisnall@infosec.exchange
@cstross@wandering.shop @rudi@hachyderm.io Publishing is not representative of normal office work. In publishing, the output of a word processor is your core value. In most office jobs, documents are
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
@david_chisnall@infosec.exchange @rudi@hachyderm.io Yes, and this is why word processors are not suitable tools for novelists (they're designed around office work, not book-builders).
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 12, 2026
@cstross@wandering.shop @rudi@hachyderm.io
Indeed. This is why I didn't use a word processor for any of my books.
View full thread on infosec.exchange
0
0
0
Thread context
3 posts in path
Root
@david_chisnall@infosec.exchange
Open
on infosec.exchange
Open ancestor post
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
@david_chisnall@infosec.exchange @rudi@hachyderm.io I work in trad publishing. There is no live editing flow—it runs on the waterfall model (and *can't* run on live editing, because it's all outsource
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 12, 2026
@cstross@wandering.shop @rudi@hachyderm.io
Publishing is not representative of normal office work. In publishing, the output of a word processor is your core value. In most office jobs, documents are peripheral things that support the rest of the work.
View full thread on infosec.exchange
0
0
0
Thread context
2 posts in path
Parent
@KarlHeinzHasliP@climatejustice.social
Open
on climatejustice.social
Open ancestor post
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Jan 06, 2026
@KarlHeinzHasliP@climatejustice.social @cygnathreadbare@retro.pizza @cstross@wandering.shop
That's only a problem if you're using it that way, the problem is that it's good at the other way.
The reason CSAM is banned is that we, as a society, think that sexually abusing children is bad and we know enough about markets to understand that demand for this material will cause people to produce it.
The reason for banning the fake kind is more complex. The bans on fictional images (ones that weren't created with child abuse) are because it's easy to get caught with CSAM and say 'oh, these aren't real photos, they were made by this great artist / tool / whatever'. And then the prosecutors need to trace the provenance and prove that, no, really, children were abused to create this.
The fact that you can do manga -> photorealistic transitions is not a problem, it's just another way that you can generate illegal material. If you do, and you are caught, there are already legal penalties. And the simple solution to this is: don't.
The problem is that people can take things that were produced by abusing real children and run the model in the other direction to get manga. And then they can claim that it was drawn by a human artist and no children were actually harmed. And now we're back in the same situation that we were with photorealistic child-abuse 'art'. And that may lead to the Spanish decision being reversed. And you can then run a model in the manga -> photorealistic direction on demand, leaving no trace of the fact that you were looking at something that's close to the original image.
'We built a machine for laundering CSAM' is very on-brand for 2026 techbros.
View full thread on infosec.exchange
0
0
1
Thread context
3 posts in path
Root
@cstross@wandering.shop
Open
@cstross@wandering.shop
Boost for artists in AI copyright battle as only 3% back UK active opt-out plan Liz Kendall faces pressure from campaigners as she tells parliament there is no clear consensus on issue Kendall is lyin
Parent
@cstross@wandering.shop
Open
@cstross@wandering.shop
Footnote: I participated in that consultation and it was a glaringly obvious push-poll intended to generate public consent for Kendall's scheme to hand the entire British creative sector over to Sam A
Current reply
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Dec 16, 2025
@cstross@wandering.shop
I didn’t submit the consultation because, as you say, every question was of the form ‘should we give all, or only most of the cuntry’s creative output to grifters?’ I did write to my MP about it, but unfortunately he is an idiot.
View full thread on infosec.exchange
0
0
0
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Nov 29, 2025
RE: https://mastodon.world/@jeffowski/115630556942027240
I boosted this because, a few years ago, I was at MS when our lab decided to organise a collection for the Salvation Army in the lobby of the building. Every gay or trans employee had to walk into the building past an advert, endorsed by the organisation’s senior leadership team, for an organisation that had a documented (recent) history of leaving people like them to starve on the street.
At the time, I was chair of the Diversity and Inclusion committee. I flagged this with the leadership team and not one of them was aware of this reputation. I was, because I am not completely oblivious to the world around me (no more than 80%).
I tried (and failed) to get them to institute a policy that the organisation should do some basic due diligence before endorsing a charity. The bar I recommended was to open the charity’s page on Wikipedia and read the ‘controversies’ section. I was deeply disappointed that a leadership team that talked a lot about diversity and inclusion decided to keep endorsing the Salvation Army and refused to institute such a policy to avoid this kind of thing in the future.
View on infosec.exchange
97
0
88
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange
I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the # CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the # CHERIoT Platform. I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler. Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated. Warning: May contain greater than the recommended daily allowance of sarcasm. No license, implied or explicit, is granted to use any of my posts for training AI models.
infosec.exchange
@david_chisnall@infosec.exchange
·
Nov 27, 2025
The next dominoes in the AI bubble that I expect to fall (if you’d excuse the mixed metaphor):
Insurance companies explicitly exclude coverage of any system using AI and any outputs of AI systems.Lawyers in big companies issue advice that using AI systems is too high risk.Big companies demand IT suppliers provide an enterprise-management system switch to disable all AI functionality in products, or provide an AI-free version.
The first is starting. A consortium of insurance companies has asked their regulator to approve this blanket exclusion. Their argument is that the risks of these systems are too unpredictable to be able to insure. They can’t reason about systemic or correlated risk if you add a bullshit generator anywhere in an operational flow.
The second has happened in a few places, but is not widespread. Some places are hedging. When I was at MS, the AI policy was basically: ‘look, we give you all of these shiny toys! Please use them! By the way, you accept all legal liability for their output! Have fun!’. One ruling that this kind of passing-the-blame-to-employees-for-correctly-using-company-provided-tools policy is unenforceable and the lawyers will get very nervous.
The third is a consequence of the first two. If your lawyers tell you something is high risk and you can’t buy insurance, you want to make sure it isn’t used.
View on infosec.exchange
324
0
299