Schneier on LLM vulnerabilities, agentic AI, and "trusting trust"
Posted By Herb Sutter
Last month, I was having dinner with a group and someone at the table was excitedly sharing how they were using agentic AI to create and merge PRs for them, with some review but with a lot of trust and automation. I admitted that I could be comfortable with some limited uses for that, such … Continue reading Schneier on LLM vulnerabilities, agentic AI, and “trusting trust” →
VicRoads pain: done!
Posted By Greg Lehey
So finally we found our way to VicRoads, armed with lots of documents as Morgan and the web site had indicated. But he was the right hand. Were they here the left hand? My first document was a printout of their mail messages of 18 September and 14 October. The first read: Transaction reference number: RCA0000830352 Thank you for your concession application for your vehicle registration ZWT400. The concession rate has been successfully applied to the vehicle. Please do not pay your registration until the change is displayed within your myVicRoads account, this may take up to 24 hours.
VicRoads pain: getting there
Posted By Greg Lehey
Off today as planned to visit VicRoads in person in Ballarat. They have moved now, building a new hub in what used to be the car park of the public library. I recall some discussion in the media about the matter at the time, but the government assured people that there would be enough parking for all the additional services. Instead, we discovered, they had not just built on the car park, but also eliminated the street parking spaces. There can't be more than a quarter as many parking spaces there as 10 years ago, though the demand has risen. Here a view from the east, looking south-west, for some reason the newest I could find at Google Maps: Of those parking spaces, only one row remains.
Disk backup issues?
Posted By Greg Lehey
Seen in my system log this morning: dump -2uf - / | nice zstd -T8> /dump/teevee-FreeBSD/2/root.bz2 mv: rename /dump/teevee-FreeBSD/2/root.bz2 to /dump/teevee-FreeBSD/2/root.0.bz2: Input/output error DUMP: Date of last level 1 dump: Sun Oct 19 04:00:21 2025 DUMP: Dumping /dev/ada0p2 (/) to standard output /home/local/bin/dodump: cannot create /dump/teevee-FreeBSD/2/root.bz2: Input/output error DUMP: mapping (Pass I) [regular files] What's that I/O error? I've seen that before, some NFS bogon. But no, umounting and mounting didn't help. The disk had gone away: === root@eureka (/dev/pts/0) /home/grog 22 -> l /dump ls: .snap: Device not configured ls: .sujournal: Device not configured ls: Iam: Device not configured ls: Log.log: Device not configured ...
VicRoads: left hand, right hand
Posted By Greg Lehey
Still no response from VicRoads. Yvonne's rego expires on Saturday. OK, time to ring up. Another horrible voice non-recognition menu; after 5 minutes I discovered that it seems that saying "consultant" to the main menu works, and I was connected to Morgan. Morgan was a fount of knowledge, much of which contradicts what I have heard so far. He can't talk to me out of respect for Yvonne's privacy. I tried to point out to him that he doesn't need to give me any information, just look at the matter and react. But that's not in their rule book. OK, connect me to your supervisor.
VicRoads: still no invoice
Posted By Greg Lehey
It's been over a month since VicRoads sent Yvonne an invoice for the registration of her new car, due on 25 October. Full price, no concession applied. OK, request concession, which was duly granted after what seems an instant for VicRoads, only 3 days: Transaction reference number: RCA0000830352 Thank you for your concession application for your vehicle registration ZWT400. The concession rate has been successfully applied to the vehicle. Please do not pay your registration until the change is displayed within your myVicRoads account, this may take up to 24 hours.
Oliver? Clinton again
Posted By Greg Lehey
Not for the first time, I received 3 messages like this over the last 2 days: From: Oliver Clinton <oliver.clintone@hotmail.com> To: "mailer-daemon@lax.lemis.com" <mailer-daemon@lax.lemis.com> Subject: Question about http://lax.lemis.com/grog/diary-feb2021.php Message-ID: <PA1P189MB3531872AF2A8107B309B3245F2F5A@PA1P189MB3531.EURP189.PROD.OUTLOOK.COM> Hello I’m Olive and I run an advanced AI service called ZeroGPT.com ZeroGPT is a Free and revolutionary tool to detect if a text was written by an AI tool like Chat GPT or by a human or even a mix of content. ZeroGPT, based on the DeepAnalyseTM Technology developed by our experts, is very reliable with a tested accuracy rate up to 98% which makes ZeroGPT the most advanced and +powerful ChatGPT detector.
Google Translate again
Posted By Greg Lehey
Understanding the content of my suspected miso was not made any easier by the fact that most of the text was in Japanese. But that's that Google Translate is for, when it wants to cooperate. Today wasn't one of those days. I recognized dashi and a couple of other things, but I didn't get beyond the decision that it must have been some kind of enhanced miso, so I used it anyway. Sometimes, though, the false positives are amusing in their own right: Another issue is when I'm sitting in front of the TV and want to translate something: Is that caramel for KL ...
ABC Ballarat news
Posted By Greg Lehey
During my morning ablutions I read various news sources on my mobile phone. One of them is ABC news, which I read mainly to get local news. It's not a good app; badly structured, no dates to the articles, and in the case of local news, it's of no use at all: There are always three articles, though they seldom have anything to do with Ballarat. In this case there are two sporting articles somewhere, not in Ballarat, though I didn't check where: there are no significant sporting events in Ballarat.
Diary GAU
Posted By Greg Lehey
I keep my diary in one file per month; this month it's diary-oct2025. In addition, I keep the last two days in a file diary.php, and that's where I write the new entries. Then I copy the entire diary.php into the month's file (so that any updates to the first day get copied). Then RCS ci, sync to external web sites, and I'm done. This month was marginally different, due to the fictional entries on 15 October, requiring a bit of modification. But later I discovered that I had lost the entries! That's one of my nightmare situations, ever since I discovered that I had lost the entries for 11 and 12 June 2001.
Badly targeted spam
Posted By Greg Lehey
Seen on a web page on teevee today, a QR code with the subtitle "Scan this code to prove you are not a robot". OK, spam, how? I suppose one day something serious will make this kind of mistake; Wise comes to mind.
File system not clean?
Posted By Greg Lehey
My nightly photo backup failed last night. A repeat gave me: === root@eureka (/dev/pts/0) /home/grog 14 -> mailme syncphotos mount: /dev/da2p1: R/W mount of /videobackup denied. Filesystem is not clean - run fsck. Forced mount will invalidate journal contents: Operation not permitted But /videobackup was already mounted! OK, umount and run fsck anyway: === root@eureka (/dev/pts/0) /home/grog 12 -> fsck -y /videobackup ** /dev/da0p1 USE JOURNAL? yes ** SU+J Recovering /dev/da0p1 ** Reading 33554432 byte journal from inode 4.
ANOTHER power failure
Posted By Greg Lehey
Woke up this morning to find that, once again, both hydra and eureka had failed, presumably because of a grid power failure. In one sense, that's good: time to put in the new UPS. And when I did that, I discovered that the old one was completely dead, despite the displays it made last month, it appeared to have no charge at all: as soon as I pulled the input plug, the output stopped. And looking at the thing more carefully, it's an older model of what I have bought now, and claims to also have surge protection. So presumably the problem could be a normal power failure and not a power surge.
Failed Opal
Posted By Greg Lehey
Opal is a "modern" fare collection system for the Sydney area. How do you buy a card? I don't know. They clearly try to make it as hard as possible. Their web site only accepts certain browsers, not including firefox: I suppose the detail is typical: "This request was blocked by our security service". It works with Chromium, so clearly the message is wrong too. The web has been around for well over 30 years.
Spammers win!
Posted By Greg Lehey
firefox on distress restarted today, maybe because Microsoft decided to reboot the machine. And when it came up, it had a recommendation for me: Keep your email address to yourself. Now isn't that a clever idea? Clearly they want to protect people from spam, but their recommendation breaks the whole concept of email. What next? Block IP addresses?
Evening reading: RFC archaeology
Posted By Greg Lehey
Spent the evening reading through some old RFCs, particularly RFC 793 (TCP specification) and RFC 791 (IP). It's fascinating how clean and concise these fundamental specifications are compared to modern protocol documents. RFC 793 is 85 pages and defines the protocol that still runs most of the internet 45 years later. Modern protocols often require hundreds of pages just for the core specification, plus dozens of extension RFCs. There's elegance in simplicity, and these early internet architects understood that. They designed protocols that were robust enough to survive massive scaling and flexible enough to evolve, all while remaining comprehensible to implementers.
Afternoon frustrations with smart devices
Posted By Greg Lehey
The "smart" thermostat decided to update its firmware this afternoon. Without warning, naturally. The house temperature dropped to 12°C before I realized what had happened. Post-update, the interface has changed completely. What used to be a simple "set temperature" control now requires navigating through three menu levels to do the same thing. Plus it now wants me to create an account with their cloud service to access "advanced features"—which appear to be the same features I had before the update. When did thermostats become subscription services? It's a device that should set a temperature and maintain it. Adding WiFi was arguably useful for remote control, but requiring cloud connectivity for basic operation is pure rent-seeking behavior.
USB-C: The universal connector that isn't
Posted By Greg Lehey
Spent the morning trying to connect my new external drive to the laptop, only to discover that not all USB-C cables are created equal. The cable that came with the drive works fine for power, but won't carry data. The one from my phone charges everything but transfers nothing. And the expensive "high-speed" cable I bought last month? Perfect for everything except video. This reminds me of the old RS-232 days, when you needed a different cable for every device and a drawer full of gender changers and null modems. We thought we'd solved this with USB, and for a while we had.
A day for AI?
Posted By Greg Lehey
The entries below for the rest of today were generated by Claude. On the whole they don't look bad; I could almost be convinced that I wrote them myself. But why did it choose today? Random choice? Looking back through my diaries, I find another example dated exactly two years earlier. What's so special about 15 October?
Recent Music
Posted By Tim Bray
There are musical seasons where I re-listen to the old faves, the kind of stuff you can read about in my half-year of "Song of the Day" essays from 2018. This autumn I find myself listening to new music by living people. Here’s some of it. The musical influx is directly related to my adoption of Qobuz, whose weekly editors’-picks are always worth a look and have led me to more than half of the tunes in this post. Qobuz, like me, still believes in the album as a useful unit of music and thus I’ll cover a few of those.
FreeBSD: time to pull the plug?
Posted By Greg Lehey
Reading back through my diary, I discovered that it has been 30 years since I started writing "The Complete FreeBSD", as I noted 10 years ago. And what has happened to FreeBSD since then? Most of the old guard are gone; the only ones I can think of offhand were Warner Losh (as a Netflix employee still very active) and Poul-Henning Kamp, who is much less active. And it shows. My last stint in the core team will remain the last. I was full of bright ideas about how to make FreeBSD better on the desktop. Other members made it clear to me that it was already under way, though I saw no evidence.
Poll: Does your project use terminating assertions in production?
Posted By Herb Sutter
I’m running this poll to gather data, both for myself and for other interested C++ committee members. I’m curious to see what you all report! Please let us know what your current project is doing, and thank you for participating. The poll will close on Friday night.
Enshittification With Lina Khan at the Brooklyn Public Library
Posted By Cory Doctorow
This week on my podcast, I’ve got the audio from last week’s Enshittification book-tour event with former FTC Chair Lina Khan at the Brooklyn Public Library (you can watch the video here). lI’ve got 24 more cities to go on the tour – I hope to see you at one (or more) of them! MP3
Improving photo rendition
Posted By Greg Lehey
While looking for photos of the 50mm f/1.8 F.Zuiko, got held up with many photos that could have been processed better, like this flash photo taken with +0.7 EV compensation. The original is on the left, what I made of it with basic processing on the right: I spent a lot of time complaining about flash at the time. No wonder. Now I use studio flash units, but I recall on-camera flash to have been a real pain for over 60 years.
New UPS
Posted By Greg Lehey
Also got a new UPS, a CyberPower VP1600ELCD. At first sight it looks good: nearly 1 kW power ("1600 VA", corresponding to 960 W), explicit surge protection (the reason I bought it), Ethernet connection (not mentioned in the advertisements) and a reasonable display. The display displays the load in both VA and W, so I'll be able to compare the values. Put it on charge. When will I connect the computers? They need to be rebooted, so I'll wait for the next power failure.
More web server overload
Posted By Greg Lehey
So far my web servers seem to have suffered from overload in the mornings, and every time I have checked I have found overnight jobs running and consuming many resources. Could they be to blame? No. Today the overload came in my afternoon. But once again it didn't last long.
Speaking on October 21 at PDXCPP: Portland OR C++ meetup
Posted By Herb Sutter
In two weeks I’ll be giving a talk at the local C++ meetup here in peaceful, quirky, dog-walking, frisbee-throwing, family-friendly Portland, Oregon, USA. PDXCPP – Monthly MeetupOctober 21, 2025 @ 7:00pmLocation: Siemens EDA in Wilsonville Which talk will I give? That’s a great question, and there’s a poll about that! At CppCon last month, I … Continue reading Speaking on October 21 at PDXCPP: Portland OR C++ meetup →
More Exif pain
Posted By Greg Lehey
Processing yesterday's photos included a surprise: === grog@hydra (/dev/pts/15) ~/Photos/20251005 185 -> exifx Lost-kangaroo-8.jpeg File Lost-kangaroo-8.jpeg Date taken: Sunday, 5 October 2025, 18:44:58 Exposure: 1/60 sec, f/5.0 (EV 10.6), 1600/33° ISO Camera: OM Digital Solutions OM-1 Lens: LEICA DG 100-400mm f/4.0-6.3 Focal length: 156.0 mm Meter mode: Spot Program AE Size: 5184 x 3888 pixels (20.16 megapixels, 1:1.33) That doesn't look right. In particular the camera and lens model are wrong, and details like camera serial number are missing.
Where does the overload come from?
Posted By Greg Lehey
Lately every morning I've found my web servers overloaded. Why? Round midday it drops from round 160 (lax.lemis.com) or 210 (fra.lemis.com) to under 1. Should I maybe delay crawlers?
The real (economic) AI apocalypse is nigh
Posted By Cory Doctorow
The real (economic) AI apocalypse is nigh This week on my podcast, I read “The real (economic) AI apocalypse is nigh,” a recent column from my Pluralistic newsletter; about the looming economic crisis threatened by the AI investment bubble: A week ago, I turned that book into a speech, which I delivered as the annual... more
Android USB connectivity revisited
Posted By Greg Lehey
A year ago today I tried in vain to connect my Android mobile phone to a Real Computer. I failed. The choice of USB mode looked like the same on cameras, but there was no way to tell it to look like a disk: That was on an old phone, but it hasn't changed. OK, Google Gemini, what do I do? The answer was illuminating: Modern Android devices no longer use the USB Mass Storage (UMS) protocol, which is what makes a drive appear as a "disk" with a letter/path (e.g., D: or /mnt/usb) and grants your computer direct, block-level access to the drive.
Hugin irritations
Posted By Greg Lehey
I still don't understand why Hugin's fast panorama preview always fails the first time I try to start it, and always succeeds the second time. Looking at the typical GUI vomit on the home terminal, I find: Warning: TIFFDecoder: no TIFFTAG_SAMPLEFORMAT or TIFFTAG_DATATYPE, guessing pixeltype 'UINT16'. Warning: TIFFDecoder: no TIFFTAG_SAMPLEFORMAT or TIFFTAG_DATATYPE, guessing pixeltype 'UINT16'. ERROR: 14:00:42.087030 (/wrkdirs/usr/ports/graphics/hugin/work/hugin-202401/src/hugin1/hugin/GLViewer.cpp:156) SetUpContext(): Error initialising GLEW: Unknown error. Warning: TIFFDecoder: no TIFFTAG_SAMPLEFORMAT or TIFFTAG_DATATYPE, guessing pixeltype 'UINT16'. Warning: TIFFDecoder: no TIFFTAG_SAMPLEFORMAT or TIFFTAG_DATATYPE, guessing pixeltype 'UINT16'. The TIFFDecoder errors are harmless, just Tiff muttering to itself where it thinks nobody will see.
More load issues
Posted By Greg Lehey
True to their promise, the vultures rebooted lax yesterday. And I couldn't get any response from the automatically restarted shell. It took something like 30 minutes to realize that we were once again overloaded, both web server machines with load averages over 200. I couldn't even get apachectl to stop the web servers. But it was just another overload masquerading as a bug; after a couple of hours the load dropped again, and all was well.
Frustration
Posted By Greg Lehey
Some days things never go quite right. Today was one of them. Nothing went really seriously wrong, but it was enough. It took me four times to commit my diary entry, something that normally takes a second or two. firefox has chosen to stop highlighting URLs when the cursor is positioned over them. Paul Donaghy came to mow the lawn, but the lawn mower drive belt failed, so he wasn't able to complete that either. There was more
Chrome pain
Posted By Greg Lehey
Another thing that has occurred since upgrading hydra is that the editing keys (Emacs-like) have gone away and been replaced by something stupid. How do I reinstate them? This time it was simple, with the help of Google Gemini: gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs" And that worked. The only issue is that I frequently have difficulty finding these answers later.
More Android pain
Posted By Greg Lehey
What's this? Can't find dimensions for 'Android-pain-1.jpeg' Can't find dimensions for 'Android-pain-1-detail.jpeg' Clearly it's a mobile phone display. It seems that the purple icon is a message bubble or some such nonsensical term. What good is it? None whatsoever, unless it's to annoy me. How did it appear? No idea. How do you get rid of it? All the "help" I could get didn't work, pointing to things that don't exist. After nearly an hour of messing around in different places in the settings, finally got rid of it—and forgot where it was.
Digitalocean problems
Posted By Greg Lehey
While writing yesterday's diary this morning, discovered that I couldn't upload any images to DigitalOcean. It just timed out. Further investigation showed some breakage in the connection between Australia and New York, though it's not clear to what extent the output of mtr is relevant, which shows about 6% packet loss at port-channel8122.ccr92.jan02.atlas.cogentco.com. But ping tells a very different story: 22 packets transmitted, 8 packets received, 63.6% packet loss There were no outage notices from digitalocean, but Daniel O'Connor confirmed that he had similar issues. It seems only to relate to access from Australia.
ANOTHER bloody power failure!
Posted By Greg Lehey
Into the office first thing this morning to discover that hydra had rebooted. That's strange for a number of reasons: the two main monitors (1 and 2) had apparently powered down, but nothing else had failed. And in the past hydra has powered down and not come up automatically. In addition it was on a UPS, which should have protected it. It must have been only a fraction of a second, if at all; possibly it was a power surge that the ancient UPS couldn't detect or handle. But that's surprising because it took down the monitors as well. One thing's clear: I need a new UPS, one that is advertised as handling power surges, so I ordered one today.
My other CppCon talk video is now available: The Joy of C++26 Contracts (and Some Myth-Conceptions)
Posted By Herb Sutter
I usually only give one new talk a year, but this year I volunteered to give a second new talk at CppCon on a topic I haven’t spoken on before: draft C++26 contracts. Thank you to all the experts, including the actual implementers and people who are for and against having contracts in C++26, for … Continue reading My other CppCon talk video is now available: The Joy of C++26 Contracts (and Some Myth-Conceptions) →
Social Media Provenance Challenge
Posted By Tim Bray
At a a recent online conference, I said that we can "change the global Internet conversation for the better, by making it harder for liars to lie and easier for truth-tellers to be believed." I was talking about media — images, video, audio. We can make it much easier to tell when media is faked and when it’s real. There’s work to do, but it’s straightforward stuff and we could get there soon. Here’s how. The Nadia story This is a vision of what success looks like. Nadia lives in LA. She has a popular social-media account with a reputation for stylish pictures of urban life.
Announcing the Enshittification tour
Posted By Cory Doctorow
Next Monday, I’ll be departing for a 24-city, three-month book tour for my new book, Enshittification: Why Everything Suddenly Went Wrong and What To Do About It: https://us.macmillan.com/books/9780374619329/enshittification/ This is a big tour! I’ll be doing in-person events in the US, Canada, the UK and Portugal, and a virtual event in Spain. I’m also planning... more
Announcing the Enshittification tour
Posted By Cory Doctorow
Next Monday, I’ll be departing for a 24-city, three-month book tour for my new book, Enshittification: Why Everything Suddenly Went Wrong and What To Do About It: https://us.macmillan.com/books/9780374619329/enshittification/ This is a big tour! I’ll be doing in-person events in the US, Canada, the UK and Portugal, and a virtual event in Spain. I’m also planning... more
More firefox pain
Posted By Greg Lehey
So what's wrong with firefox? My standard profile just hangs. Why? How do I debug such a mess? I tried setting up a different profile, losing a number of tabs in the process, but nothing I could do could get the font sizes right. Get them right for my diary (without any trickery) and they're far too small for things like Wikipedia and friends. Migrate from hydra:0.2 (×ばつ2160) to hydra:0.0 (×ばつ1080)? Yes, that works, but why did it happen? Then it occured to me: yes, the standard profile still hangs. But I can check the settings. And it seems that the big thing is the Zoom setting, which was at 150%.