Ideas Worth Exploring: 2025-03-20

Ideas: Megan Morrone - AI is "tearing apart" companies, survey finds

https://www.axios.com/2025/03/18/enterprise-ai-tension-workers-execs

Megan Morrone shares her ideas that AI's rapid implementation is causing tension between executives and employees, with some leaders pushing for the technology despite resistance from their workforce.

Executives are not satisfied with current AI solutions and believe that it is tearing apart the company, while workers express fear of being replaced by generative AI tools. A recent study by enterprise AI startup Writer highlights these power struggles, stating that 59% of executives are actively seeking a new job at companies more innovative with generative AI, compared to 35% of employees.

Furthermore, only half of employees believe their company's AI rollout in the past year has been successful, and many struggle with tools that do not work effectively. Habib, CEO of Writer, suggests that leaders must demonstrate how AI benefits the company while addressing employee concerns about being replaced.

Ideas: Evan Boyle - Code is the new no-code

https://lumberjack.so/p/code-is-the-new-no-code

Evan Boyle discusses the limitations of no-code tools in automating processes and proposes coding as a better alternative.

It explains how AI-powered tools have made it easier for non-coders to write code by providing explanations, generating custom code, and assisting with programming concepts.

The concept of "prompt-driven development" is introduced, where users describe what they want to achieve, receive suggested code, make small tweaks, and gradually learn programming skills. The article argues that modern code with AI assistance has become more accessible than ever, making it easier for people to build software without needing extensive coding.

Ideas: Memory safety for web fonts

https://developer.chrome.com/blog/memory-safety-fonts

The authors reflect on ideas related to the replacement of FreeType with Skrifa in Chrome for font processing to enhance security and agility. It highlights issues with FreeType, including unsafe language usage, manual memory management, unchecked array access, integer overflows, and lack of tests, which have led to various security vulnerabilities.

Skrifa is a Rust library that provides a safe replacement for the parts of FreeType used by Skia, the graphics library in Chrome. The transition involved enabling Fontations for use in less commonly used font formats initially and then gradually rolling it out for all web fonts usage on different platforms.

Skrifa's safety features include avoiding memory access violations, using immutable data structures, and outsourcing unsafe code to the audited library bytemuck. Skrifa also underwent rigorous testing, including unit tests and pixel comparisons with FreeType, ensuring high-quality output and minimizing potential regressions.

Ideas: karpathy - Digital hygiene

https://karpathy.bearblog.dev/digital-hygiene/

karpathy discusses digital hygiene practices for maintaining privacy and security online. karpathy emphasizes the importance of not being a "noob" by creating unique passwords for every website or service, using password managers like 1Password. The article also recommends using hardware security keys with websites that support U2F authentication to add an extra layer of protection against data breaches.

The use of biometrics such as FaceID is encouraged for added security, and users are advised to refuse prompts for security questions due to their vulnerability to being easily researched online. Disk encryption on computers, avoiding "smart" internet-connected devices, and using privacy-focused alternatives like Brave browser and Signal messaging app are also recommended.

For email communication, the article suggests never clicking on links in emails and disabling image loading by default to prevent tracking. Additionally, using VPNs for added protection when dealing with less trusted services is advised.

Other tips include using DNS-based blockers to block ads and trackers, monitoring network activity with tools like Little Snitch, maintaining work-life separation to avoid company-operated spyware, and aligning incentives by paying for software used.

GitHub Repo: StringReaper

https://github.com/boku7/StringReaper

CobaltStrike BOF designed to carve strings out of remote process memory. This tool allows operators to carve ASCII and UTF-16 strings from targeted processes, making it effective for retrieving JWT tokens, credentials, and other sensitive data directly from memory.

Over the past 3 years the developer had great success in using this tool on engagements. Saves time when oping from a C2 where you don't want to have to wait on a full process dump or deal with download size issues.