Andrew Lilley Brinker
@alilleybrinker.com
A MAZE OF TWISTY LITTLE THREADS, ALL ALIKE
Writing on alilleybrinker.com and elsewhere.
Principal Engineer doing CVE and OSS security at MITRE. Opinions are my own.
Writing on alilleybrinker.com and elsewhere.
Principal Engineer doing CVE and OSS security at MITRE. Opinions are my own.
Pinned
Andrew Lilley Brinker
@alilleybrinker.com
· Nov 10
Memory Safety for Skeptics - ACM Queue
queue.acm.org
"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!
queue.acm.org/detail.cfm?i...
#rustlang
queue.acm.org/detail.cfm?i...
#rustlang
New from me: "Passkey PRFs and the Passkey Loss Blast Radius"
Passkeys are great, but tying encryption to a passkey increases the blast radius when they're lost!
Passkeys are great, but tying encryption to a passkey increases the blast radius when they're lost!
Passkey PRFs and the Passkey Loss Blast Radius — Andrew Lilley Brinker
I work on software security at MITRE, including serving as amember of the OmniBOR Working Group, where I lead development of the Rustimplementation, and as the project manager for Hipcheck, a tool for...
www.alilleybrinker.com
January 14, 2026 at 6:00 PM
New from me: "Passkey PRFs and the Passkey Loss Blast Radius"
Passkeys are great, but tying encryption to a passkey increases the blast radius when they're lost!
Passkeys are great, but tying encryption to a passkey increases the blast radius when they're lost!
Hopefully this starts the process of other crates migrating their public time APIs to jiff instead of chrono
ah!
PSA: chrono is soft-retired
PSA: chrono is soft-retired
January 14, 2026 at 5:35 PM
Hopefully this starts the process of other crates migrating their public time APIs to jiff instead of chrono
There are decent reasons to argue against LLMs, but arguing they don't work isn't credible.
The "AI literally never works" position is IMO akin to a flat earth position at this point
January 13, 2026 at 7:20 PM
There are decent reasons to argue against LLMs, but arguing they don't work isn't credible.
Average Pomeranian weight is between 3 and 7 pounds. What threat is a Pom to *any* cop?
8th Cir.: because officer was trying to shoot a 9-pound Pomeranian mix when he missed and shot the dog's owner instead, he did not intend to restrain owner, he intended to restrain the dog, which means there was no seizure so no 4A violation.
QI for officer.
ecf.ca8.uscourts.gov/opndir/26/01...
QI for officer.
ecf.ca8.uscourts.gov/opndir/26/01...
![The undisputed facts in this case all point to the absence of a seizure. See UnitedHealth Grp. Inc. v. Wilmington Tr. Co., 548 F.3d 1124, 1127–28 (8th Cir. 2008) (reviewing de novo the “purely legal questions” left by the “undisputed” facts). Perhaps the most important one is that, as Hight concedes, “Deputy Williams fired his county[-]issued service weapon at [the] Pomeranian.” His words matched his actions, given that each of his statements was about getting the dogs under control, including ordering them to “get back!” And finally, the bodycam video shows that he fired downward toward the dog as it approached, which supports the conclusion that it was his target, not Hight. Hitting her was an unfortunate accident. See Brower v. County of Inyo, 489 U.S. 593, 596 (1989) (explaining that the Fourth Amendment does not address “the accidental effects of . . . government conduct”).](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:24vva42nxim6zbcmnozegoef/bafkreihl3vieqx3pwzqtiivrlqqxkngbahqnx4n3i2mbcmp5ouwvdonkom@jpeg)
January 13, 2026 at 7:12 PM
Average Pomeranian weight is between 3 and 7 pounds. What threat is a Pom to *any* cop?
Anyone here know any relevant RFCs, Pre-RFCs, internals.rlo threads, or anything else?
Here's a rust question for folks out there in the community. Why not have an annotation for macros that signifies that they should be evaluated after constants/generics are placed rather than before? This would let macros fill a big gap that const generics are currently missing.
January 12, 2026 at 3:14 PM
Anyone here know any relevant RFCs, Pre-RFCs, internals.rlo threads, or anything else?
To me this is a “don’t be a jerk to your coworkers” rule, but I guess some are reading it as a ban on criticizing LLMs, which I don’t think is a defensible reading.
Added an "LLM shaming" section to RFD 576
rfd.shared.oxide.computer/rfd/0576#_ll...
rfd.shared.oxide.computer/rfd/0576#_ll...
January 11, 2026 at 11:02 PM
To me this is a “don’t be a jerk to your coworkers” rule, but I guess some are reading it as a ban on criticizing LLMs, which I don’t think is a defensible reading.
Bad weekend for snarling cat logo NFL teams
January 11, 2026 at 9:14 PM
Bad weekend for snarling cat logo NFL teams
Reposted by Andrew Lilley Brinker
The Posters Dilemma: shitpost or discourse?
January 10, 2026 at 6:29 PM
The Posters Dilemma: shitpost or discourse?
Reposted by Andrew Lilley Brinker
the wise man bowed his head and spoke: "theres actually zero difference between mechahitler and claude code. you imbecile. you fucking moron"
January 10, 2026 at 6:22 PM
the wise man bowed his head and spoke: "theres actually zero difference between mechahitler and claude code. you imbecile. you fucking moron"
This reasoning is of course exactly backward. Harassers require people to harass, and if the targets of their abuse left en masse they’d likely fall further to infighting as they look for new targets among the remaining users.
January 10, 2026 at 5:56 PM
This reasoning is of course exactly backward. Harassers require people to harass, and if the targets of their abuse left en masse they’d likely fall further to infighting as they look for new targets among the remaining users.
Reposted by Andrew Lilley Brinker
I sat in a fucking court room and heard Apple imply that a naked cartoon banana was somehow inappropriate but somehow Grok non consensually undressing women and children is ok?? www.theverge.com/policy/85990...
Tim Cook and Sundar Pichai are cowards
Once you’ve traded your principles for proximity to power, do you even run your own company?
www.theverge.com
January 9, 2026 at 9:30 PM
I sat in a fucking court room and heard Apple imply that a naked cartoon banana was somehow inappropriate but somehow Grok non consensually undressing women and children is ok?? www.theverge.com/policy/85990...
Reposted by Andrew Lilley Brinker
the stated goal the revealed behavior
January 9, 2026 at 7:49 PM
the stated goal the revealed behavior
I love how messy and weird real-world compilers can be.
January 9, 2026 at 7:53 PM
I love how messy and weird real-world compilers can be.
"[T]hat one time" is important re: the slopware list.
Projects qualify for inclusion on the list for *any* identified use of an LLM on an OSS project by *any* contributor, or *any* use of an AGENTS or similar file for LLMs. That's an absurd degree of purity testing!
Projects qualify for inclusion on the list for *any* identified use of an LLM on an OSS project by *any* contributor, or *any* use of an AGENTS or similar file for LLMs. That's an absurd degree of purity testing!
i am currently paying @there.is.no.aarch64.mov $0/month for the rights to use yaxpeax in my hobby operating system. if i stopped doing that and linked with libopcodes, i would still be paying ixi $0/month. this creates real economic pressure encouraging ixi to stop using Claude that one time.
January 9, 2026 at 7:14 PM
"[T]hat one time" is important re: the slopware list.
Projects qualify for inclusion on the list for *any* identified use of an LLM on an OSS project by *any* contributor, or *any* use of an AGENTS or similar file for LLMs. That's an absurd degree of purity testing!
Projects qualify for inclusion on the list for *any* identified use of an LLM on an OSS project by *any* contributor, or *any* use of an AGENTS or similar file for LLMs. That's an absurd degree of purity testing!
Not for nothing, it can also be hard to process commands being screamed at you. 🧵 1/5
They tell you conflicting things so they can say you’re not listening to them and kill you either way.
Officer 1: “Get out of the car!”
<simultaneously>
Officer 2: “Get out of here!”
The confusion is not surprising. The shooting officer had his phone out too.
This deserves a clear and fair investigation
<simultaneously>
Officer 2: “Get out of here!”
The confusion is not surprising. The shooting officer had his phone out too.
This deserves a clear and fair investigation
January 9, 2026 at 7:00 PM
Not for nothing, it can also be hard to process commands being screamed at you. 🧵 1/5
Eliza's thread is good, and balances personal anxiety with clear-headed realism about the future.
i wish i could go back in time and uninvent the transformer architecture, and the prevalence of LLMs has had me actively wondering when it will be time to manage my keys, but even i agree that zkat’s callout list stuff is in bad taste and just makes them look like an ass
oh it is undeniably a little bit “and yet you still use a computer” yeah. i firmly do not have the finesse of language to avoid that here and i am frustrated that my own antagonism to genai usage is, i feel, undermined by a tin shield my purported ally is holding
January 9, 2026 at 6:25 PM
Eliza's thread is good, and balances personal anxiety with clear-headed realism about the future.
I know it's in vogue to hate on GitHub's AI features, but the Copilot-suggested commit messages in the web commit UI are pretty good!
January 9, 2026 at 5:47 PM
I know it's in vogue to hate on GitHub's AI features, but the Copilot-suggested commit messages in the web commit UI are pretty good!
Reposted by Andrew Lilley Brinker
wtf how did i not know you can access an RSS feed from any bsky profile just by adding /rss to their url
check this out https://bsky.app/profile/did:plc:hsqwcidfez66lwm3gxhfv5in/rss
check this out https://bsky.app/profile/did:plc:hsqwcidfez66lwm3gxhfv5in/rss
bsky.app
January 9, 2026 at 2:02 AM
wtf how did i not know you can access an RSS feed from any bsky profile just by adding /rss to their url
check this out https://bsky.app/profile/did:plc:hsqwcidfez66lwm3gxhfv5in/rss
check this out https://bsky.app/profile/did:plc:hsqwcidfez66lwm3gxhfv5in/rss
Reposted by Andrew Lilley Brinker
"I couldn't sit at home any more. I had to face the enemy eye to eye."
This veteran is speaking up for his community after ICE shot and killed Renee Nicole Good in Minneapolis yesterday.
January 8, 2026 at 11:10 PM
"I couldn't sit at home any more. I had to face the enemy eye to eye."
Reposted by Andrew Lilley Brinker
Previously, several of these companies, like Apple, IBM, and Disney, have paused advertising on X in response to antisemitic content. But antisemitism on X never slowed, sexual abuse imagery increased, and all of these companies quietly resumed advertising anyways.
spitfirenews.com/p/grok-deepf...
spitfirenews.com/p/grok-deepf...
Why isn't there a bigger Grok boycott?
Advertisers, politicians, and investors are still all-in on X, despite a sexual abuse crisis.
spitfirenews.com
January 8, 2026 at 9:09 PM
Previously, several of these companies, like Apple, IBM, and Disney, have paused advertising on X in response to antisemitic content. But antisemitism on X never slowed, sexual abuse imagery increased, and all of these companies quietly resumed advertising anyways.
spitfirenews.com/p/grok-deepf...
spitfirenews.com/p/grok-deepf...
Reposted by Andrew Lilley Brinker
And that's when it clicked for me. Why Black people are so consistent even though we are also deeply disappointed by Democrats. Because we know what the other option is. We know how bad it can get. We're able to do an actual comparison of the options. While many other people are just guessing.
March 4, 2025 at 8:54 PM
And that's when it clicked for me. Why Black people are so consistent even though we are also deeply disappointed by Democrats. Because we know what the other option is. We know how bad it can get. We're able to do an actual comparison of the options. While many other people are just guessing.
Reposted by Andrew Lilley Brinker
We're actively looking to grow our team at @ersc.io again! If you are interested or know someone who might be, I'd love to chat.
We are looking for distributed storage folk as well as frontend/UX.
We are looking for distributed storage folk as well as frontend/UX.
January 8, 2026 at 10:25 PM
We're actively looking to grow our team at @ersc.io again! If you are interested or know someone who might be, I'd love to chat.
We are looking for distributed storage folk as well as frontend/UX.
We are looking for distributed storage folk as well as frontend/UX.
Most things worth doing take too much time to be possible to time "correctly" anyway.
The right place at the right time
bcantrill.dtrace.org/2026/01/08/t...
bcantrill.dtrace.org/2026/01/08/t...
The right place at the right time | The Observation Deck
bcantrill.dtrace.org
January 8, 2026 at 9:34 PM
Most things worth doing take too much time to be possible to time "correctly" anyway.
Gonna get mileage out of this screenshot.
I wrote this about memory safety, but it applies here too.
January 8, 2026 at 9:22 PM
Gonna get mileage out of this screenshot.
Reposted by Andrew Lilley Brinker
#jj-vcs 0.37.0 came out yesterday! im intrigued by the new divergent change syntax, seems very neat
github.com/jj-vcs/jj/re...
github.com/jj-vcs/jj/re...
Release v0.37.0 · jj-vcs/jj
About
jj is a Git-compatible version control system that is both simple and powerful. See
the installation instructions to get started.
Release highlights
A new syntax for referring to hidden and...
github.com
January 8, 2026 at 7:42 PM
#jj-vcs 0.37.0 came out yesterday! im intrigued by the new divergent change syntax, seems very neat
github.com/jj-vcs/jj/re...
github.com/jj-vcs/jj/re...