Jörn Franke
@jornfranke@social.anoxinon.de
mastodon
4.5.7
Interested in #science #data #nosql #cloud #geospatial #radio #games #simulation and #analytics supported by #environmental #sustainable #opensource #software #europe
0
Followers
0
Following
Joined January 31, 2026
Website:
Codeberg:
social.darc.de:
Keyoxide:
$argon2i$v=19$m=4096,t=3,p=1$QVBFb3pmVW14U2tWK1V6YzlWZE80Zw$kTWjd24yB+vSgiJcXHQLfk/eRH00AQqW59es9mYzQig
Posts
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
3d ago
@endrift @wezm ah you are right. On the other hand then the question is: why webserial and not webusb?
View full thread on social.anoxinon.de
0
1
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
4d ago
@wezm Is this not a bit redundant given WebUSB https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API ?
I mean not every serial port is USB, but probably most of them relevant for browser use cases are.
View full thread on social.anoxinon.de
0
1
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
4d ago
@bsi Others are able to reproduce Mythos capabilities with cheap open source models: https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier
Mythos just uses trivial techniques (paraphrasing outputs of static code analyzers, fuzzers. formal logic etc.). The problem is that companies do not invest in secure software (as you can see from the BSI announcements - Microsoft, Citrix etc. do on purpose not invest in security). Investing in Mythos is waste of money - instead invest in proper security
View full thread on social.anoxinon.de
0
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
6d ago
@bsi Siehe https://cyberplace.social/@GossiTheDog/116390978622304265
Antrophic Mythos ist ein Marketinggag
View full thread on social.anoxinon.de
0
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 10, 2026
@bsi siehe auch https://www.redhat.com/en/blog/navigating-mythos-haunted-world-platform-security
"Functionality vs. Security: Some vulnerabilities identified by AI are actually functionality bugs with no meaningful exploit path."
View full thread on social.anoxinon.de
0
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 10, 2026
0
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 10, 2026
@bsi Meines Erachtens falscher Fokus (unbegründete Panik). Statdtdessen sollte man sich auf Microsegmentation, Internet Egress Filtering, besseres Patch Management, bessere Ausbildung, bessere Software ohne Sicherheitslücken, minimale Zugriffsrechte usw. fokussieren. Dann kann man viele Sachen abfangen, obwohl Lücken in der Software vorhanden sind.
Dazu müssen auch die großen Softwarefirmen für ihre Sicherheitslücken, über die das BSI regelmäßig berichtet, zur Verantwortung gezogen werden.
View full thread on social.anoxinon.de
2
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 10, 2026
@bsi Die Kernellücke in BSD ist Panikmache. Niemand macht NFS über Internet verfügbar. Niemand sollte NFS ohne Authentifizierung und ohne Firewallregeln im privaten Netzwerk haben. Klar das solche Lücken einfach über Defense-in-Depth abgedeckt werden können => deswegen auch 20 Jahre keinen Fix (war sicher vorher bekannt). Dazu null Investionsbereitschaft von Softwarefriremn in Security (nur in Security wo ihr Geschäftsmodel bedroht wird)
View full thread on social.anoxinon.de
1
2
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 10, 2026
@bsi Da kommen allerdings dann keine neuen Lücken bei raus. Nur bekannte die nicht gefixed wurden, weil Geld gespart werden soll oder weil schon komplett abgedeckt durch Defense-in-Depth. Das Problem sind hier die Investitionen - bekannt sind die alle schon.
Der technische Anthropic Bericht übertreibt die Kritikalität, spart mit Details (ohje alles so schlimm können wir nicht teilen) und einige Fixes für kritischen Sicherheitslücken wurden durch ahem "update der Dokumentation" gefixt (botan)
View full thread on social.anoxinon.de
1
2
1
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 10, 2026
@bsi Naja, die meisten Sicherheistlücken, welche Claude Mythos gefunden haben, waren schon lange vorher bekannt. Es wird halt nichts in Softwaresicherheit investiert (kann man auch an den BSI toots über Citrix, Microsoftlücken usw. nachlesen).
Jeder (nicht nur Antrophic) kann so ein Modell erzeugen): 1) Static code analyzer, fuzzer über open source laufen lassen 2) Audit reports 3) Alles in einem LLM finetunen. Fertig. Das wird jeder großer Player mit einem Wimpernzug hinbekommen.
View full thread on social.anoxinon.de
1
2
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 06, 2026
@filippo Do not get me wrong. I believe we need to be crpyto-agile as at the moment it is even a mess to update the algorithm of one application to a latest version. Here I also agree with Bruce Schneier (https://www.schneier.com/blog/archives/2026/04/google-wants-to-transition-to-post-quantum-cryptography-by-2029.html) However, one should not do this in panic mode and get that one first right before moving to so impacting changes in an organisation.
View full thread on social.anoxinon.de
0
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 06, 2026
@filippo I refer with implementation not in a specific library or tool, but a whole security system, e.g. integration into applications, into security operations. They will require significant changes in all aspects of the system and their operation.
View full thread on social.anoxinon.de
0
1
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 06, 2026
@filippo Cryptographic experts might be confident in the security of lattice, but I would be not confident in their secure implementation. It took decades to get the implementation right for classical algorithms and they are still often wrongly implemented. This is a big security problem.
View full thread on social.anoxinon.de
0
1
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 06, 2026
@filippo I found no good argument for this. There is just a bogus comment that nobody asked the Manhatten project to create a small nuclear explosion. It has nothing to do with the topic and they of course did various tests and experiments to validate what they are doing.
It is a typical distraction from the fact that they even cannot solve small problems on QC.
View full thread on social.anoxinon.de
0
0
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 06, 2026
@filippo Quote from a paper that you cite: ", our most
time-efficient architectures can potentially enable run-
times of 10 days for ECC–256 with ≈ 26,000 qubits, and
97 days for RSA–2048 with ≈ 102,000 qubits"
This is for one key! If all "substantial engineering challenges" are solved.
It was not the scope of your post, but a broader assessment at Confidentiality, Integrity, Availability risks with some concrete estimations would help (which is maybe more a job for a IT Security Risk Manager).
View full thread on social.anoxinon.de
0
2
0
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
Jörn Franke
@jornfranke@social.anoxinon.de
Interested in # science # data # nosql # cloud # geospatial # radio # games # simulation and # analytics supported by # environmental # sustainable # opensource # software # europe
social.anoxinon.de
@jornfranke@social.anoxinon.de
·
Apr 06, 2026
@filippo Both algorithms have not been extensively tested and analysed. It could be a significant higher risk that they are broken on classical computers than there is a quantum computer that can do what it stated by the papers. Instead of having quantum computer validating this risk in practice they only work on artificial irrelevant problems (not actually trying to break keys). It would be good to see some real case (even small) where they try do it - this would help to understand the risk.
View full thread on social.anoxinon.de
1
1
0