trademark
@trademark@fosstodon.org
mastodon
4.5.9
0
Followers
0
Following
Joined November 24, 2022
Posts
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@rootwyrm @spzb @Lemonid @GossiTheDog The clarification did not help I'm afraid. Now it sounds like you're claiming that a government supporting genocide can't possibly do anything to increase it's own cyber-security? I'd have thought that a government doing that would instead be extra diligent in warning their people to be careful because of the risk of revenge attacks?
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@rootwyrm @spzb @Lemonid @GossiTheDog Just to be clear, it sounds like you're saying the UK government is not legitimate? If that's not what you intended to say, could you rephrase?
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@spzb @Lemonid @GossiTheDog What you are doing is definitely arguing. You are claiming without evidence a sizeable amount of "hand holding" by Anthropic. My position is that if Anthropic is not lying about what the model can do all by itself then the model is a big deal. The UK government's report appears to corroborate what Anthropic is claiming.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@spzb @Lemonid @GossiTheDog trend line is irrelevant argument. The UK government is saying this has capabilities that has not existed before. Anthropic is saying that they are giving the defenders a head start on using this. Assuming that the "new capabilities" bit is true, is not this exactly what we want? Give the defenders a bit of time? What exactly are you arguing?
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@spzb @Lemonid @GossiTheDog Uhm, they sound quite apocalyptic to me for instance they write "On expert-level tasks — which no model could complete before April 2025 — Mythos Preview succeeds 73% of the time."
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@spzb @Lemonid @GossiTheDog no, the UK government has access to the model and ran their own evaluation https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities
View full thread on fosstodon.org
0
4
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@hkrn this is the sort of thing that undermines trust in the EU. Which is what the tech firms want. For the EU to accept this is pure self-harm.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314 @GossiTheDog @dalias @azonenberg we seem to have lost track of the original discussion on whether the model works or not.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange Microsoft was extremely bad because they had a monopoly which they exploited to hurt the competition. The situation now is that we have three US competitors that are leapfrogging each other in taking the top spot. I'll be very worried if one of them gains a permanent advantage. But there is no sign of that so far. Rather the opposite actually, one of the Chinese (z.ai) is almost at the same level.
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange
"Ensloppifying does not increase the set of trustworthy software to be found"
This is precisely what happened with this model though. It has found bugs written decades ago by humans, leading to these bugs being fixed. Leading to at least these programs being better.
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange I'm interested in what effects this model will have on the security landscape. Whether it is ethical or not, it exists and can't be wished away. Similarly while I also would like all software in general and ffmpeg in particular to be written in a decent language, this is not the case as the world exists today..
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange Do you have a source for the millions in unreported results? For instance the phrasing in for ffmpeg is clear that it is ten thousand for all runs: "Mythos Preview identified several other important vulnerabilities in FFmpeg after several hundred runs over the repository, at a cost of roughly ten thousand dollars."
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange "That's an indictment of a project's quality, not a validation of the LLM's quality." So you're saying that FreeBSD is bad. Fine. Anyway an additional motivation for what Anthropic did is to help open source projects by alerting them to security vulnerabilities so they can fix them. Are you objecting to that as well?
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange The point of what Anthropic did was to demonstrate how good the new model is. Whether the NFS code should be in the kernel or not is an interesting discussion. However the fact is that exploiting kernel-level code usually is harder than attacking userspace programs. So when the AI succeeded in doing just that it is an indication of how technically skilled it is compared to earlier versions.
View full thread on fosstodon.org
0
2
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@dalias @lispi314 @GossiTheDog @azonenberg That's not debunking. Actual debunking would be to provide evidence that what Anthropic achieved was not actually technically difficult. Instead of doing that you chose to insult FreeBSD. Instead of providing technical arguments you displayed your ignorance of the last 20 years of progress in NFS. Fascinating how somebody can be so wrong and still sound so arrogant.
View full thread on fosstodon.org
0
2
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@dalias @lispi314 @GossiTheDog @azonenberg Please tell this to the FreeBSD people, I am sure they will appreciate your insights.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314 @GossiTheDog @dalias @azonenberg Please direct your suggestions to the FreeBSD people directly, they are easily contactable.
View full thread on fosstodon.org
0
2
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@lispi314@udongein.xyz @GossiTheDog@cyberplace.social @dalias@hachyderm.io @azonenberg@ioc.exchange That's not what they're saying though. From the wiki "krb5p
Kerberos authentication, integrity, and privacy. This is the most secure flavor of NFS. Not only does it provide authentication and integrity, but the entire RPC payload is encrypted. Thus a passive eavesdropper can see nothing but RPC headers. krb5p is a good choice for insecure networks, including wireless networks. "
View full thread on fosstodon.org
0
2
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@dalias @azonenberg @GossiTheDog You are being incredibly rude and even more ignorant. FreeBSD support latest NFSv4 including Kerberos encryption and authentication. if you don't believe me ask on the relevant mailing list. Though if you do I recommend you tone down your rudeness.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@dalias@hachyderm.io @azonenberg@ioc.exchange @GossiTheDog@cyberplace.social You're saying nobody should run the NFS-server they are making. How is that not insulting? Why don't you go to their mailing lists and tell them to stop? For extra effect repeat the phrase you used: "I knew when I was like 15 that you don't run NFS unless you want to get popped."
View full thread on fosstodon.org
0
3
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@dalias@hachyderm.io @azonenberg@ioc.exchange @GossiTheDog@cyberplace.social Let me try explaining more clearly: Anthropic does this to demonstrate the technical capabilities of their new model. Your denigration of the utility of the FreeBSD NFS-server does not detract from that in the slightest, so Anthropic and their customers are not going to care in the slightest. You're being rather insulting to FreeBSD though, is that intentional?
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@dalias@hachyderm.io @azonenberg@ioc.exchange @GossiTheDog@cyberplace.social To summarize your position: "If Anthropic witholds something to give defenders time to fix it, it means they're lying and have nothing. When they do release a real bug it means that it was for some stupid thing you shouldn't be running anyway." Got it.
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@azonenberg@ioc.exchange @dalias@hachyderm.io @GossiTheDog@cyberplace.social I think it will be a big deal if they don't keep their promises. It's the sort of thing journalists will use for attack pieces. We do already know that some of the bugs are real, for instance Anthropic is keeping the exploit for CVE-2026-4747 secret, but somebody else used public version of Claude to create their own working exploit: https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
View full thread on fosstodon.org
0
1
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@falken @GossiTheDog both of them actually look very good after this. Anthropic because the bug is very hard to spot, I can imagine reading that code a thousand times without seeing it. OpenBSD looks good because the AI did not find a single stupid/careless mistake.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@falken @GossiTheDog You're being incredibly rude to OpenBSD if you claim that "just give 20k to a professional" will make a meaningful difference to what they're already doing. https://www.openbsd.org/security.html
View full thread on fosstodon.org
0
2
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@GossiTheDog@cyberplace.social They aren't claiming it's over, that's a strawman. But interestingly they are providing commit hashes of things they've found. Some of these are seriously scary. I've saved a copy of the webpage and will be waiting to see if the promised commits turn up. If they do check out my opinion of Anthropic will rise. If not...
View full thread on fosstodon.org
0
3
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@colinstu many times, except I could never afford to actually do it :( For instance TSP-type problems go from O(n!) to 2^n if you also use 2^n of memory.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@cstross@wandering.shop @chiffchaff@tech.lgbt @davidgerard@circumstances.run Sorry, I'm not entirely sure what you are saying, something like "ai is not useful and never will be, therefore all money spending is done by desperate wastrels"? If so I disagree, it is already extremely useful. If you're saying something like "this is the biggest over-investment in a bubble ever" then I agree.
View full thread on fosstodon.org
0
0
0
0
Open post
In reply to
trademark
@trademark@fosstodon.org
fosstodon.org
@cstross@wandering.shop @davidgerard@circumstances.run @chiffchaff@tech.lgbt I suggest John Henry's law. I myself, like John Henry, am faster than the machine. Specifically faster at producing production-quality code in languages I know well. However when I need some auxiliary code, test harness, UI for exploring a data-set, experiment, Then it works much better to ask the AI to code it up. This lets me focus on my main task without being distracted.
View full thread on fosstodon.org
0
0
0
0