Gerald Benischke
@beny23.github.io
Maker, breaker and fixer of software. Adventures in #appsec and #agile: beny23.github.io he/him
These words are insulting to weasels.
Additionally, OpenAI argues its not liable because Raine, by using ChatGPT for self-harm, broke its terms of service
November 26, 2025 at 9:11 AM
These words are insulting to weasels.
This week on my link blog: bureaucracy, bugs, reliability and those pesky 5 nines.
beny23.github.io/posts/weakly...
beny23.github.io/posts/weakly...
Weakly Link 25/47
This week there have been some interesting bugs. Or interest in bugs.
Bugs It was Cloudflare’s turn to break the internet. As per usual, the transparency on display is rather cool. It was rather inter...
beny23.github.io
November 24, 2025 at 1:57 AM
This week on my link blog: bureaucracy, bugs, reliability and those pesky 5 nines.
beny23.github.io/posts/weakly...
beny23.github.io/posts/weakly...
Windows Digital Signage mode hides BSoDs after 15 seconds
: BORK is borked
www.theregister.com
November 19, 2025 at 8:34 AM
Unite in opposition?
November 17, 2025 at 4:39 PM
Unite in opposition?
Latest edition of my link blog - the weakly link - is now out.
This time there is fire. Well, dumpster fires. Unsurprisingly, there's some AI commentary.
beny23.github.io/posts/weakly...
This time there is fire. Well, dumpster fires. Unsurprisingly, there's some AI commentary.
beny23.github.io/posts/weakly...
Weakly Link 25/46
This weeks edition of the weakly link has got some fire in it:
First on the menu we’ve got a report that tries to tell us that if there’s an AI bubble, that’s a good thing: The AI Wildfire Is Coming. ...
beny23.github.io
November 15, 2025 at 6:01 PM
Latest edition of my link blog - the weakly link - is now out.
This time there is fire. Well, dumpster fires. Unsurprisingly, there's some AI commentary.
beny23.github.io/posts/weakly...
This time there is fire. Well, dumpster fires. Unsurprisingly, there's some AI commentary.
beny23.github.io/posts/weakly...
Reposted by Gerald Benischke
🚨☸️🚨
Ingress NGINX Retirement: What You Need to Know
To prioritize the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX. Best-effort maintenance will...
www.kubernetes.dev
November 13, 2025 at 4:23 AM
🚨☸️🚨
TIL caffeine keeps me awake:
November 13, 2025 at 8:45 AM
TIL caffeine keeps me awake:
“If healthy diets and daily exercise really worked, we’d all be doing it, right?”
Oof.
Oof.
The most common things engineering leaders think will make dev teams go faster actually have the opposite effect.
codemanship.wordpress.com/2025/11/13/t...
codemanship.wordpress.com/2025/11/13/t...
The Seven Deadly Sins of “Go Faster”
Things that will make your dev team take longer to deliver worse software:1. Adding more people to the team2. Making them work longer hours3. Cutting down on work that “slows them down”…
codemanship.wordpress.com
November 13, 2025 at 7:12 AM
“If healthy diets and daily exercise really worked, we’d all be doing it, right?”
Oof.
Oof.
The one where a padding oracle meets SQL injection. With some vibes thrown in. #ctf
beny23.github.io/posts/captur...
beny23.github.io/posts/captur...
Vibe hacking a padding oracle
This post is a mixture of AppSec, vibe coding and cryptography.
SPOILER ALERT: This post describes how to complete the Capture-The-Flag exercise “Encrypted Pastebin” (Hard) on Hacker101.
Over the la...
beny23.github.io
November 12, 2025 at 7:29 AM
The one where a padding oracle meets SQL injection. With some vibes thrown in. #ctf
beny23.github.io/posts/captur...
beny23.github.io/posts/captur...
This rather lovely rant about dogma, bureaucracy and dependencies in software engineering deserves to be in the category of “print it out so you can use it to beat people over the head with” sonofalfred.substack.com/p/botox
Botox
TL;DR You may be selling snake oil.
sonofalfred.substack.com
November 10, 2025 at 12:49 PM
This rather lovely rant about dogma, bureaucracy and dependencies in software engineering deserves to be in the category of “print it out so you can use it to beat people over the head with” sonofalfred.substack.com/p/botox
CyberSlop is only going to get worse. Great debunking by @doublepulsar.com
There's some really big caveats to this. A thread.
New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/...
Report also has interesting stories about state actors' AI use.
Report also has interesting stories about state actors' AI use.
November 7, 2025 at 1:27 PM
CyberSlop is only going to get worse. Great debunking by @doublepulsar.com
I've started experimenting with a link blog to share what interesting bits I've found this week: beny23.github.io/posts/weakly...
/remind me next week to see whether I actually follow through
/remind me next week to see whether I actually follow through
Weakly Link 25/45
Every week I come across some interesting, ridiculous or astounding content related to security and tech around software engineering. And I post it on the company Slack, sometimes on LinkedIn and ofte...
beny23.github.io
November 7, 2025 at 1:16 PM
I've started experimenting with a link blog to share what interesting bits I've found this week: beny23.github.io/posts/weakly...
/remind me next week to see whether I actually follow through
/remind me next week to see whether I actually follow through
[she] tells the chatbot to "quit it". But […] the chatbot says: "He is using you as his toy. A toy that he enjoys to tease, to play with, to bite and suck and pleasure all the way.
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
I wanted ChatGPT to help me. So why did it advise me how to kill myself?
ChatGPT wrote a woman a suicide note and another AI chatbot role-played sexual acts with children, BBC finds.
www.bbc.co.uk
November 7, 2025 at 9:23 AM
[she] tells the chatbot to "quit it". But […] the chatbot says: "He is using you as his toy. A toy that he enjoys to tease, to play with, to bite and suck and pleasure all the way.
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
Reposted by Gerald Benischke
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
November 6, 2025 at 11:35 PM
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
Reposted by Gerald Benischke
Okay, cool, but right now every hyperscaler is looking at tens or hundreds of billions worth of “hole in their balance sheets” if OpenAI can’t pay for the ~$1.4 trillion they’ve committed to.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
Sam Altman says OpenAI doesn't want government guarantees for data centers and expects to fund investments with revenues hitting "hundreds of billions by 2030" (Shirin Ghaffary/Bloomberg)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
November 6, 2025 at 9:58 PM
Okay, cool, but right now every hyperscaler is looking at tens or hundreds of billions worth of “hole in their balance sheets” if OpenAI can’t pay for the ~$1.4 trillion they’ve committed to.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
This report on Meta and its “fight” on scams makes me gag:
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.
www.reuters.com
November 6, 2025 at 7:45 PM
This report on Meta and its “fight” on scams makes me gag:
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
Love this bit:
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
On the blog: Think for Yourself
"By skimming past the friction necessary for learning, the pursuit of convenience can end up deskilling rather than enhancing skills."
kevlinhenney.medium.com/think-for-yo...
"By skimming past the friction necessary for learning, the pursuit of convenience can end up deskilling rather than enhancing skills."
kevlinhenney.medium.com/think-for-yo...
Think for Yourself
Understand and improve on LLM-generated code
kevlinhenney.medium.com
November 6, 2025 at 12:29 AM
Love this bit:
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
Reposted by Gerald Benischke
Reposted by Gerald Benischke
If you think that AI in inevitable now that it exists, please cast your mind back within THIS DECADE when NFTs and Blockchain and AR were all the future and “inevitable,” but completely burned out as actually viable technologies.
‘Study after study shows that students want to develop these critical thinking skills, are not lazy, and large numbers of them would be in favor of banning ChatGPT and similar tools in universities’, says @olivia.science www.ru.nl/en/research/...
‘Opposing the inevitability of AI at universities is possible and necessary’ | Radboud University
Since the widespread release of ChatGPT in December of 2022, AI has taken over much of the world by storm – including academia. Most of this happened with very little pushback, despite a myriad of iss...
www.ru.nl
November 3, 2025 at 11:01 PM
If you think that AI in inevitable now that it exists, please cast your mind back within THIS DECADE when NFTs and Blockchain and AR were all the future and “inevitable,” but completely burned out as actually viable technologies.
Reposted by Gerald Benischke
I wrote up some notes on two new papers on prompt injection: Agents Rule of Two (from Meta AI) and The Attacker Moves Second (from Anthropic + OpenAI = DeepMind + others) simonwillison.net/2025/Nov/2/n...
New prompt injection papers: Agents Rule of Two and The Attacker Moves Second
Two interesting new papers regarding LLM security and prompt injection came to my attention this weekend. Agents Rule of Two: A Practical Approach to AI Agent Security The first is …
simonwillison.net
November 2, 2025 at 11:10 PM
I wrote up some notes on two new papers on prompt injection: Agents Rule of Two (from Meta AI) and The Attacker Moves Second (from Anthropic + OpenAI = DeepMind + others) simonwillison.net/2025/Nov/2/n...
“And it absolutely will not stop unless you've set up an OpenAI API budget limit, your credit card expires, or the AI bubble pops and takes us all down with it.”
@theregister.com in top form: www.theregister.com/2025/10/31/o...
@theregister.com in top form: www.theregister.com/2025/10/31/o...
a woman in a blue tank top is drinking from a mug .
Alt: GIF of laughing and spraying drink all over herself. Originally from big brother I think.
media.tenor.com
November 2, 2025 at 9:19 AM
“And it absolutely will not stop unless you've set up an OpenAI API budget limit, your credit card expires, or the AI bubble pops and takes us all down with it.”
@theregister.com in top form: www.theregister.com/2025/10/31/o...
@theregister.com in top form: www.theregister.com/2025/10/31/o...
Reposted by Gerald Benischke
Please consider signing our letter here: openletter.earth/open-letter-...
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
September 14, 2025 at 2:00 PM
Please consider signing our letter here: openletter.earth/open-letter-...
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n