Matt "msw" Wilson
@msw.bsky.social
“For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled.”
I mean, honesty is a human trait. The humans who built that particular AI system biased the set of mysterious numbers (through reinforcement, filtering, etc.) so it assembles tokens in a way that conveys information about the properties and limitations of the system they built.
That's all.
That's all.
November 6, 2025 at 12:04 AM
I mean, honesty is a human trait. The humans who built that particular AI system biased the set of mysterious numbers (through reinforcement, filtering, etc.) so it assembles tokens in a way that conveys information about the properties and limitations of the system they built.
That's all.
That's all.
Metrics are increasingly employed as trust deteriorates. Recommended reading ⬇️
#monktoberfest
a.co/d/im8AStV
#monktoberfest
a.co/d/im8AStV
The Tyranny of Metrics: Muller, Jerry Z.: 9780691191911: Amazon.com: Books
Buy The Tyranny of Metrics on Amazon.com ✓ FREE SHIPPING on qualified orders
a.co
October 2, 2025 at 3:45 PM
Metrics are increasingly employed as trust deteriorates. Recommended reading ⬇️
#monktoberfest
a.co/d/im8AStV
#monktoberfest
a.co/d/im8AStV
“Organizational culture is the pattern of basic assumptions that a given group has invented, discovered, or developed in learning to cope with its problems […], and that has worked well enough to be considered valid, and, therefore, to be taught to new members.”
The stories we tell are how we teach.
The stories we tell are how we teach.
October 2, 2025 at 3:40 PM
“Organizational culture is the pattern of basic assumptions that a given group has invented, discovered, or developed in learning to cope with its problems […], and that has worked well enough to be considered valid, and, therefore, to be taught to new members.”
The stories we tell are how we teach.
The stories we tell are how we teach.
"apparently web traffic is down because Google is giving you an answer already in the results, and you no longer have the need to visit a website"
I mean, this has been a complaint for a while, even before AI entered the timeline? Who needs to go to a music lyrics website when it's in the Info Box?
I mean, this has been a complaint for a while, even before AI entered the timeline? Who needs to go to a music lyrics website when it's in the Info Box?
September 14, 2025 at 9:04 PM
"apparently web traffic is down because Google is giving you an answer already in the results, and you no longer have the need to visit a website"
I mean, this has been a complaint for a while, even before AI entered the timeline? Who needs to go to a music lyrics website when it's in the Info Box?
I mean, this has been a complaint for a while, even before AI entered the timeline? Who needs to go to a music lyrics website when it's in the Info Box?
"Piracy lost, but it was always going to lose. Streaming won."
But did the reader / listener / viewer win?
And did the content creators win?
🤔
But did the reader / listener / viewer win?
And did the content creators win?
🤔
September 14, 2025 at 8:45 PM
"Piracy lost, but it was always going to lose. Streaming won."
But did the reader / listener / viewer win?
And did the content creators win?
🤔
But did the reader / listener / viewer win?
And did the content creators win?
🤔
I am happily paying Nabu Casa for Home Assistant Cloud.
August 29, 2025 at 3:41 AM
I am happily paying Nabu Casa for Home Assistant Cloud.
And in the words of @booch.com “Every line of code represents a moral decision"
August 29, 2025 at 1:45 AM
And in the words of @booch.com “Every line of code represents a moral decision"
Reposted by Matt "msw" Wilson
It’s really hard for OSS projects too. Imagine a leaked GH access token from a project maintainer who is not responding, and who is not an employee because OSS isn’t a company. How do you the project get that token revoked? You can’t. You have to de-list the maintainer from your GH org.
July 27, 2025 at 5:11 PM
It’s really hard for OSS projects too. Imagine a leaked GH access token from a project maintainer who is not responding, and who is not an employee because OSS isn’t a company. How do you the project get that token revoked? You can’t. You have to de-list the maintainer from your GH org.
Tricky thing is when people have built their own automation (predating Actions), using CI/CD tools and services, making for something other than a “pure GitHub” implementation. 😬
July 26, 2025 at 8:10 PM
Tricky thing is when people have built their own automation (predating Actions), using CI/CD tools and services, making for something other than a “pure GitHub” implementation. 😬
That said: prevention > detection, as always
July 26, 2025 at 5:48 PM
That said: prevention > detection, as always
Also, speaking for myself, hurray for watchful, diligent security folks detecting things before vandals could fix their syntax error.
July 26, 2025 at 5:47 PM
Also, speaking for myself, hurray for watchful, diligent security folks detecting things before vandals could fix their syntax error.
Later in 2023 GitHub changed the default permissions for access tokens.
Unfortunately this leaves older projects, organizations, and enterprises with an unsafe default.
github.blog/changelog/20...
Unfortunately this leaves older projects, organizations, and enterprises with an unsafe default.
github.blog/changelog/20...
GitHub Actions - Updating the default GITHUB_TOKEN permissions to read-only - GitHub Changelog
Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository. As a default, this is too permissive, so to improve security…
github.blog
July 26, 2025 at 5:31 PM
Later in 2023 GitHub changed the default permissions for access tokens.
Unfortunately this leaves older projects, organizations, and enterprises with an unsafe default.
github.blog/changelog/20...
Unfortunately this leaves older projects, organizations, and enterprises with an unsafe default.
github.blog/changelog/20...
“All this to prove one thing: that vulnerable workflows can’t keep a secret.”
This was true in 2023 as it is now. You have to make sure you scope down GitHub access tokens.
This was true in 2023 as it is now. You have to make sure you scope down GitHub access tokens.
July 26, 2025 at 5:29 PM
“All this to prove one thing: that vulnerable workflows can’t keep a secret.”
This was true in 2023 as it is now. You have to make sure you scope down GitHub access tokens.
This was true in 2023 as it is now. You have to make sure you scope down GitHub access tokens.
Here is a blog post that describes a similar problem as reported in CodeBuild in the context of GitHub Actions workers back in early 2023.
karimrahal.com/2023/01/05/g...
karimrahal.com/2023/01/05/g...
Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory
GitHub Actions is a CI/CD solution built into GitHub. It allows users to for example, deploy their repository’s code on every push, or to automatically respo...
karimrahal.com
July 26, 2025 at 5:27 PM
Here is a blog post that describes a similar problem as reported in CodeBuild in the context of GitHub Actions workers back in early 2023.
karimrahal.com/2023/01/05/g...
karimrahal.com/2023/01/05/g...
You can see what's on the menu of legal services when you set up a project here... LF Projects LLC is generally for software projects, Joint Development Foundation Projects, LLC is generally for standards development...
docs.linuxfoundation.org/lfx/project-...
docs.linuxfoundation.org/lfx/project-...
Project Definition | Linux Foundation Documentation
docs.linuxfoundation.org
July 22, 2025 at 7:58 PM
You can see what's on the menu of legal services when you set up a project here... LF Projects LLC is generally for software projects, Joint Development Foundation Projects, LLC is generally for standards development...
docs.linuxfoundation.org/lfx/project-...
docs.linuxfoundation.org/lfx/project-...
It's a corporate holding structure of the Linux Foundation, used as the owner of intellectual property, etc.
A committed community of maintainers doesn't have a LLC registered in Delaware that can hold trademarks... This is infrastructure Linux Foundation provides.
lfprojects.org
A committed community of maintainers doesn't have a LLC registered in Delaware that can hold trademarks... This is infrastructure Linux Foundation provides.
lfprojects.org
Home - LF Projects, LLC
LF Projects, LLC Policies LF Projects, LLC is a Delaware series limited liability company (“LF Projects”). Projects of LF Projects (“Projects”) are established as separate ‘series’ of LF Projects. In....
lfprojects.org
July 22, 2025 at 7:49 PM
It's a corporate holding structure of the Linux Foundation, used as the owner of intellectual property, etc.
A committed community of maintainers doesn't have a LLC registered in Delaware that can hold trademarks... This is infrastructure Linux Foundation provides.
lfprojects.org
A committed community of maintainers doesn't have a LLC registered in Delaware that can hold trademarks... This is infrastructure Linux Foundation provides.
lfprojects.org
Valkey is maintained by the Valkey maintainers, not by a neutral foundation. Linux Foundation provides the tent, but without committed maintainers the tent is empty.
The thing that keeps the power of any one company in check isn't the Linux foundation, it's a committed community of mutual interest.
The thing that keeps the power of any one company in check isn't the Linux foundation, it's a committed community of mutual interest.
July 22, 2025 at 7:44 PM
Valkey is maintained by the Valkey maintainers, not by a neutral foundation. Linux Foundation provides the tent, but without committed maintainers the tent is empty.
The thing that keeps the power of any one company in check isn't the Linux foundation, it's a committed community of mutual interest.
The thing that keeps the power of any one company in check isn't the Linux foundation, it's a committed community of mutual interest.