I think there's probably something to token use as some kind of metric. If you aren't using these tools much, you're definitely not going to remain a top contributor. The world is evolving quickly here.
But it's just one signal out of many, and more isn't somehow inherently better beyond a certain point.
> Yeah, they aren't perfect or always necessarily the best in a given area, but to compare them to IBM is probably missing the forest for the trees.
I think comparing them to IBM is reasonable, just maybe not... today's IBM.
IBM was an absolute hardware and software behemoth leading up to the PC / early Internet era, after which they pivoted from making groundbreaking real things to providing "enterprise support."
They also outlasted almost all of their contemporaries with that pivot, for better or worse.
> These people are going to have a really hard time coming to grips with reality in the next few years. AI is here to stay, and it's expanding very rapidly. If you can't fight them, join them.
I'm perfectly capable of hating this shit even while my employment situation demands that I use it.
If you're working somewhere that's pushing this stuff, there's never been a better time to dust off your copy of the "Simple Sabotage Field Manual."
That alone will probably do little, due to contagion effects. Simply finding an index which excludes it might not be enough if it still shares other similar underlying stocks with indexes that do include it.
> I guarantee you they'll elect him again. $91 per resident is a small price to pay for a guy who's willing to arrest their political enemies.
in some sense you might be right because instead of this 91$ being taken per resident directly from their wallets, what would happen is the de-gradation of the services because of lack of funds, so your roads,clean drinking water and everything needed for a govt would have 91$ less per resident.
and then when those same quality of roads decline and other negative things happen, the same community might find scapegoats of its the problem of X,Y or Z and the sheriff is their vocal voices against the X,Y or Z.
So you might be right, also y'know what's the worst part is? It's the assymetry, these sheriffs might continue to get re-elected because of the above reasons I gave and they would continue doing un-just things.
And then it is upon the onus of the person (in this case the tennessee man) who was jailed unjustfully and who would have to file a lawsuit and win. Things perhaps could've turned out differently or taken more longer and imagine the man who might've been jailed for more time.
Either way, I think because of all of these reasons, its a systemetic problem but the result of it is that the society has become too polarized and so weirdly incentivized that you can get thrown into jail for memes. I imagine these things might continue to happen but atleast a legal precedent might've been set now (not sure about how American law works).
> Either way, I think because of all of these reasons, its a systemetic problem but the result of it is that the society has become too polarized and so weirdly incentivized that you can get thrown into jail for memes. I imagine these things might continue to happen but atleast a legal precedent might've been set now (not sure about how American law works).
It would've been pretty clear to anybody that there was no real case here, but the way these rural areas work is that they never expect any attention or pushback. They're used to their little corrupt fiefdoms slipping under the radar. These people in rural TN also live in a bubble of others with the same politics, and they surely overestimated the power of their ideology to win the day.
So it's not really that any precedent was needed, because speech like this is not a crime - full stop.
The scary thing however is that for every case you see like this that goes viral, gets national attention, and has a victim who is aware of his rights and wins... how many small town sheriffs are out there getting away with it?
It's easy to just lock up people for similar trumped up charges and expect that nobody with resources will ever notice or care.
> So it's not really that any precedent was needed, because speech like this is not a crime - full stop.
I was still trying to look at it from a positive way but alas, the situation might be too bleak but yes, nothing meaningful might have came out of this judgement because well, we all know that memes or speech like this isn't crime but oh well, alas.
> The scary thing however is that for every case you see like this that goes viral, gets national attention, and has a victim who is aware of his rights and wins... how many small town sheriffs are out there getting away with it?
Yes that was exactly my point too. I was trying to point the same thing that there might be so many more people whom we don't even know! who might be going through something similar, whose voices are hidden within the swathes of internet and things.
A sad reality but one which is true. I don't know how one fights against it and certainly this question is way above my pay-grade indeed but something should morally be done to prevent an abuse of people and their rights and freedom by the system which is getting corrupted.
> It's since november 2025, the so called "inflection point", that I'm still wondering for who coding agents become "really good".
I think this may depend on the sorts of work you do. For those of us who mostly live in web using established frameworks, that's about when I came to conclude they could do everything and do it well.
I can have opencode discover third party APIs and generate fully working solutions that are well integrated into an existing long-lived codebase. I still review the MRs by hand but I only ever discover spec errors or style issues, not defects in the code itself. This was a big change from ~summer 2025.
This is a really well defined space though with strong conventions. If you're doing something more interesting YMMV.
It's reasonable to consider the counterfactual but it seems like the closest parallel here is Pakistan, which pulled off the gambit successfully.
The years leading up to and immediately following successful acquisition were tenuous and it seemed like they were destined to become a global pariah if not a failed state. And yet now, they are a regional power.
So if anything maybe Iran just missed its window. Now with the US seemingly ready to enter a forever war with no defined objectives other than nuclear deterrence it's presumably too late, but maybe a more competent regime could have pulled it off in time.
> They claim it’s a different kind of tool and then describe using it the same way you’d use any other model. This really felt way worse than the average Cloudflare blog and really just rehashed the Mythos announcement which had already called out the key parts being chaining and crafting examples.
Hah, I was trying to parse this too.
Charitably perhaps they're being vague on exactly what's different because they're still under NDA.
I'm not a Windows expert but based on my understanding of how MS does this, something doesn't add up here.
If you use bitlocker in the default, insecure way, where the TPM is configured to hand the decryption keys over to the enrolled Windows environment automatically, you can just get an LPE to access the running Windows environment after it boots. That's what I think the published exploit does. It really isn't even related to bitlocker itself, right?
AIUI, TPM+PIN should actually mean the TPM itself cannot release the keys because the PIN hash is actually part of the key material.
> TPM+PIN should actually mean the TPM itself cannot release the keys
It does release the (wrapped) key actually (the above cyberlabs link explains it), it's just that the KP data this time has additional layers of encryption that are based on the PIN, which is decrypted in software after the fact. This means you can crack it offline. With the default minimum of 6 digits you can probably bruteforce it within a day.
If you're paranoid I might suggest switching to a full password-based pre-boot auth option instead of the PIN.
This article is probably not correct. The actual behavior is documented [1]:
> BitLocker hashes the user-specified personal identification number (PIN) by using SHA-256, and the first 160 bits of the hash are used as authorization data sent to the TPM to seal the volume master key.
So what's actually happening is that the PIN is used to derive an authValue passed to the TPM, which compares it to the expected value, and can trigger lockout on too many mismatches.
I can't find specifics to how Windows configures the TPM wrt. lockout, but the mechanism described in the article appeared fishy to me, and contradicts official docs. It also would not make sense that TPM+PIN was known to be safe against bus sniffing attacks if it would still reveal all data required to brute-force the PIN.
This one does say "it appears that the user’s PIN is sent to the TPM which releases the intermediate key only if the provided secret is correct, thus effectively preventing offline bruteforce attacks."
Given this, I can't see how it would be possible for anything like YellowKey to work on a cold booted TPM+PIN system without someone already knowing the PIN.
Perhaps when the exploit author said "it works with PIN" they meant "it works if you enter the correct PIN"... or they are just lying. I'm not sure.
Thanks, that fills some gaps I had in understanding.
So this person's claim to have a TPM+PIN attack might imply they are able to use the same LPE to get a (PIN-encrypted) key from the TPM then they can simply brute force?
The usual attack is in a usability feature to prevent lock out. Looking at the instructions for setup I see Bitlocker recovery code if you forget your pin.. (How does that alternative work, what are other alternative unlocks if firmware hash changes, etc, etc..)
But it's just one signal out of many, and more isn't somehow inherently better beyond a certain point.
reply