skybrian's recent activity

  1. Comment on Project Glasswing: what Mythos showed us in ~comp

    skybrian
    Link Parent
    Well, floating-point math has a lot of gotchas but it would would usually lead to wrong results, rather than a security bug from doing the calculation.

    Well, floating-point math has a lot of gotchas but it would would usually lead to wrong results, rather than a security bug from doing the calculation.

  2. Comment on Weekly US politics news and updates thread - week of May 18 in ~society

  3. Comment on Donald Trump’s deal to drop suit against US Internal Revenue Service creates $1.8b ‘anti-weaponization fund’ in ~society

    skybrian
    Link
    From the article:

    From the article:

    President Donald Trump has agreed to drop his family’s lawsuit against the IRS as part of a highly unusual agreement that establishes a nearly $1.8 billion fund to compensate those who, like him, have claimed they have been targets of a “weaponized” justice system.

    The deal, laid out in a two-page summary and a Justice Department news release, creates what officials described as an “Anti-Weaponization Fund” with broad authority to distribute payments to individuals — all with limited oversight and outside of the normal processes for negotiating legal claims against the government.

    It is the latest, and by far the most sweeping, tool the president has aimed at financially rewarding supporters and political allies he asserts have been wronged by Democratic administrations. Under the settlement’s terms, the president and his family would be excluded from receiving any money, officials said.

    Legal experts and ethics watchdogs quickly panned the fund as a product of self-dealing that was negotiated between the president and agencies he oversees at the taxpayers’ expense.

    “This is one of the single most corrupt acts in American history,” said Donald K. Sherman, president of the nonprofit Citizens for Responsibility and Ethics in Washington. He noted that although Trump sued the IRS as a private citizen, the officials representing the Internal Revenue Service and the Treasury Department in settlement negotiations ultimately report to him.

    12 votes

  5. Comment on Project Glasswing: what Mythos showed us in ~comp

    skybrian
    Link
    From the article: [...]

    From the article:

    It's a different kind of tool doing a different kind of work, and that makes a clean apples-to-apples comparison to earlier models difficult. So rather than trying to benchmark Mythos Preview against general-purpose frontier models, it's more useful to describe what it can actually do, and two features that stood out across the work we did with Mythos Preview:

    • Exploit chain construction - A real attack rarely uses one bug. It chains several small attack primitives together into a working exploit. For instance, it might turn a use-after-free bug into an arbitrary read and write primitive, hijack the control flow, and use return-oriented programming (ROP) chains to take full control over a system. Mythos Preview can take several of these primitives and reason about how to combine them into a working proof. The reasoning it shows along the way looks like the work of a senior researcher rather than the output of an automated scanner.

    • Proof generation - Finding a bug and proving it's exploitable are two different things, and Mythos Preview can do both. It writes code that would trigger the suspected bug, compiles that code in a scratch environment, and runs it. If the program does what the model expected, that's the proof. If it doesn't, the model reads the failure, adjusts its hypothesis, and tries again. The loop matters as much as the bugs it finds, because a suspected flaw without a working proof is speculation, and Mythos Preview closes that gap on its own.

    Some of what we describe above is not entirely unique to Mythos Preview. When we ran other frontier models through the same harness, they found a fair number of the same underlying bugs, and in some cases they got further than we expected on the reasoning side too. Where they fell short was at the point of stitching the pieces together. A model would identify an interesting bug, write a thoughtful description of why it mattered, and then stop, leaving the actual chain unfinished and the question of exploitability open. What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit.

    [...]

    Mythos Preview represents a clear improvement here, particularly in its ability to chain primitives - combining multiple vulnerabilities into a working proof of concept rather than reporting them in isolation. A finding that arrives with a PoC is a finding you can act on, and it means far less time spent asking "is this even real?"

    Our harnesses are deliberately tuned to over-report, so we see more (and miss less), which comes with a lot more noise. But at triage time, Mythos Preview's output has noticeably higher quality: fewer hedged findings, clearer reproduction steps, and less work to reach a fix-or-dismiss decision.

    6 votes

  7. Comment on The secret police playbook in ~society

  8. Comment on The secret police playbook in ~society

    skybrian
    Link
    From the article: [...] [...] [...] [...] [...] [...] [...]

    From the article:

    We have spent the last decade studying how authoritarian security organizations are built, staffed, and sustained. We asked, who does the dirty work of these regimes – and why?

    Our new book Making a Career in Dictatorship traces the career trajectories of more than 4,000 officers in Argentina’s dictatorship-era security apparatus and pairs that evidence with case studies from Nazi Germany, Stalin’s Soviet Union, and The Gambia. What we found contradicts what most people assume about how violent secret police organizations emerge.

    [...]

    Most people assume that repressive organizations are filled with true believers — ideological extremists who genuinely want to harm others, or at minimum sadists and sociopaths for whom the work is personally gratifying. The logic of this view is that the way to build a secret police force is to find the worst people and give them badges.

    Our research tells a different story.

    When we combed through the personnel archives of Argentina’s Intelligence Battalion 601 — the secret police unit that orchestrated the disappearance, torture, and killing of thousands during the country’s so-called Dirty War — we were not looking for monsters. We were looking for patterns. And the pattern we found was strikingly mundane: the officers who joined Battalion 601 had, in the main, performed worse than their peers at the military academy. They had graduated toward the bottom of their cohorts. They had stalled in the lower and middle ranks. They were men whose regular career paths had quietly closed.

    These were not the most extreme officers in Argentina’s army. They were the most stuck.

    [...]

    But in Argentina in the 1970s, the military dictatorship offered another option: a parallel unit that needed staffing, valued loyalty over competence, and offered career-pressured officers a second chance. The dirty work of state terror — kidnapping, torture, disappearing people — was psychologically repugnant enough that high-performing officers with smooth career trajectories had every reason to avoid it. But for the men at the bottom of the cohort, it was a ladder.

    [...]

    This is what we call the detouring logic: career-pressured officers “detour” through repressive units not because they are fanatics, but because the detour is the only viable path upward. The regime does not need to recruit extremists. It only needs to create the right organizational conditions — and then let ordinary career anxiety do the rest.

    [...]

    An existing institution — in this case, federal law enforcement or the military — provides the talent pool. It already contains, by the logic of any competitive promotion system, a substantial number of career-pressured officials: people who have plateaued, who feel passed over, who sense their professional options narrowing.

    The second pyramid is the new or repurposed unit — the one that will be staffed with willing enforcers. ICE has existed for more than two decades, but it is now being massively expanded. Its budget tripled under the “One Big Beautiful Bill,” to a level larger than all other federal law enforcement agencies combined. The agency is hiring over 10,000 new agents. It is, structurally, a rapidly growing second ladder — and it needs to be filled.

    [...]

    Career-pressured officers are not making ideological commitments. They are making career bets. For the detour to be worth taking, they need to know they will be protected when they push legal and ethical limits. This signal must be credible, and it must be public — because it needs to be heard by everyone calculating whether the bet is worth making.

    [...]

    The conventional wisdom holds that professional, merit-based institutions are firewalls against authoritarianism. If promotions depend on competence rather than loyalty, the thinking goes, the bureaucracy will be committed to rules and law rather than to any particular leader. The whole case for civil service reform — from the Pendleton Act onward — rests on this premise. The logic of the highly professionalized American military system that underpins civil-military relations likewise follows this logic.

    Our research tells a different story. The Argentine army maintained a rigorously meritocratic promotion system through democracies, dictatorships, and everything in between. It was explicitly designed as an apolitical professional body. And yet this same institution produced both mass repression and repeated coups.

    [...]

    There is one more thing you need to know about the career-pressured officer we have been describing. This playbook has a second edge—one leaders rarely anticipate.

    In our book, career pressure produces two rival solutions to the same career problem. One is the described detouring: officers demonstrate loyalty through repression because a coercive assignment offers the only ladder left. The other is forcing: when careers collapse and exits close, some officers decide the best way to salvage their future is to remove the leadership that made them expendable—by conspiring against the regime rather than serving it.

    That is why Trump is playing with fire when he weaponizes career pressure. The same pressure that can fill a growing coercive apparatus with willing enforcers can also manufacture a coup risk. And if the regime fast-tracks yesterday’s losers, it also threatens yesterday’s winners. When promotion and prestige are suddenly rerouted, even high performers can become angry stakeholders—raising incentives for moves that destabilize the leadership that rewrote the ladder.

    6 votes

  10. Comment on Square peg in a round hole: airpower against mobile targets and missiles in ~society

    skybrian
    Link
    From the article: [...] [...] [...] [...]

    From the article:

    Unsurprisingly, the broad public reaction is to read this as a massive failure: too few sorties, the wrong munitions, faulty intelligence, and the entire campaign costing $29 Billion (so far). The more uncomfortable conclusion is that air forces have been here before, and that the problem of finding and killing mobile launchers and missiles from the air may be less a tactical shortcoming than a structural feature. Two campaigns separated by 50 years—the Anglo-American CROSSBOW campaign against German V-weapons in 1943–1945 and the “Great Scud Chase” of Desert Storm in 1991—suggest that what is happening over Iran today is not a deviation from the norm but simply a repeat of it. As Colonel Mark Kipphut argued in his 1996 study comparing the two campaigns, the failure to internalize CROSSBOW’s lessons was itself one of the reasons those same failures were repeated in 1991; the present campaign against Iran suggests we might still not have learned them.

    [...]

    The first lesson of CROSSBOW is that fixed infrastructure is easy to destroy and that adversaries do not stay fixed for long. British intelligence had received “reliable and relatively full information” on German long-range weapons as early as November 1939 two months into the war. It wasn’t till four years later, in 1943, that Allied photo-reconnaissance first identified the German “ski-sites” in northwestern France, named for the curious shape of one of the buildings on each launcher complex. Within weeks, the U.S. Strategic Bombing Survey would later report, ninety-six sites had been cataloged, and a sustained bombing offensive against them had begun. Of these ninety-six sites, no more than two were ever used operationally. On its face, this was a complete victory. Allied airpower had, by direct attack, denied the Luftwaffe permanent launching infrastructure before the V-1 campaign could begin.

    The Germans drew the obvious conclusion. The Survey noted that during the period of the Allied counterattack, the Germans developed methods for launching V-1s and V-2s from small, inconspicuous sites that required minimal engineering work and freed firing operations from the elaborate sites originally planned. These were the “modified sites,” first photographed on April 26, 1944, which were well camouflaged, dependent largely on prefabricated buildings, of which more than sixty had been identified before the first V-1 was launched in England in mid-June. The “modified sites,” the Survey concluded plainly, were “heavily bombed without marked effect on the scale of effort.”

    Kipphut, working from the same primary documents, formalizes the consequence as a two-phase division of the campaign. CROSSBOW I, running from April 1943 to early June 1944, was a qualified success: it delayed the start of V-weapon attacks by an estimated three to six months and so allowed OVERLORD to proceed before the full weight of Hitler’s missile arsenal could be brought to bear. Eisenhower himself wrote that had the Germans perfected the weapons six months earlier, the invasion of Europe would have been “exceedingly difficult, perhaps impossible,” and that a sustained V-weapons attack on the Portsmouth-Southampton embarkation area could have caused OVERLORD to be written off entirely. CROSSBOW II, however, the campaign to suppress launches once they had begun, was in Kipphut’s assessment a “dismal failure”; despite thousands of sorties against more than 250 targets in the critical summer of 1944, the Germans averaged just over 80 launches per day, and German sources contend they never failed to launch on account of either Allied air attack or weapons shortages.

    [...]

    Half a century later, in a campaign in which Coalition air forces enjoyed advantages of intelligence, precision, and surveillance technology that the Eighth Air Force could scarcely have imagined, the same problem reappeared in nearly identical form in what became known as “The Great Scud Chase.” The Iraqi air force had been swept from the sky within days. Yet from January 18, 1991, when Iraq launched its first ballistic missiles against Israel, until the close of the war, the suppression of Saddam Hussein’s mobile Scud launchers became, in the words of the Gulf War Air Power Survey, “undoubtedly the most frustrating and least satisfactory aspect of the air campaign.” The Survey’s statistical volume, taking stock after the fact, recorded a total of eighty-eight Iraqi Scud launches over the course of Desert Storm and concluded, in its summary line, that the launchers proved “particularly difficult to detect and were never fully suppressed.”

    [...]

    The corroboration came in Kosovo eight years later. Press, writing while the dust was still settling, observed that the same problems that frustrated Coalition airpower in 1991 had hamstrung NATO efforts against Serbian ground forces in 1999. After eleven weeks and thousands of sorties, NATO had publicly claimed roughly a third of Serbian armor destroyed; postwar inspection by NATO’s own analysts found fewer than twenty Serbian tanks, a similar number of artillery pieces, and fewer than ten armored personnel carriers actually knocked out. Serb forces had used concealment and decoys that, from 10,000 feet, looked very much like the real thing. The technology had advanced considerably between 1991 and 1999; the gap between claimed and confirmed kills had not closed at all.

    [...]

    What the present Iranian campaign appears to have demonstrated is not a new problem but the durability of a very old one. There is, on the available evidence, no reason to believe that another two months of bombing would produce a fundamentally different result. The CIA’s assessment that Iran can sustain the blockade for three to four months, combined with its findings on the surviving missile arsenal, points to the same conclusion that the U.S. Strategic Bombing Survey reached in January 1947, that Williamson Murray reached in 1993, that Mark Kipphut reached in 1996, and that Daryl Press reached in 2001: airpower can do many things to a missile force, but reliably destroying its mobile launchers from the air is not among them. The instruments have gotten better, but the targets have gotten better faster.

    7 votes

  13. Comment on What programming/technical projects have you been working on? in ~comp

    skybrian
    Link Parent
    Cool. I wish there were a microcontroller board with a USB-C connector at both ends so you could connect other devices easily. It could pass through the power and you could do things like...

    Cool. I wish there were a microcontroller board with a USB-C connector at both ends so you could connect other devices easily. It could pass through the power and you could do things like modifying USB audio by flashing the firmware.

    1 vote

  14. Comment on ‘Monster Wolf’ robots deployed in Japan amid spike in bear attacks in ~enviro

    skybrian
    Link
    From the article: [...] [...] [...]

    From the article:

    Japanese officials contending with an increasingly aggressive bear population are leaning heavily on a creative solution to stop attacks before they begin. No, it's not a seasonal Spirit Halloween prop; it's a Monster Wolf.

    You could be forgiven for mistaking the two. Like the robocharacters that populate showroom floors each fall, "Monster Wolf" is a pretty intimidating-looking animatronic with a metal frame draped in shaggy fur, glowing red eyes, a rotating head and something akin to a roar that plays through a set of accompanying speakers.

    Described by Hokkaido-based manufacturer Ohta Seiki as an "eco-friendly wildlife repellent device," Monster Wolf is a solar-powered robot scarecrow that looks more like a werewolf. Using a combination of motion sensors, flashing LED lights and more than 50 "threatening sounds," the robot has become a boon to Japanese farmers, landowners and anti-bear crusaders looking to scare off wildlife since it hit the market seven years ago.

    [...]

    Ohta Seiki has received 50 orders and counting in 2026, it told the news agency, an abnormally high number for this time of year. Monster Wolf robots generally cost around 514,000 yen, or approximately $4,000 to $4,840 USD per unit, the BBC reported.

    [...]

    Lethal bear attacks became a headline-making issue in Japan in 2025, when 13 people were killed nationwide across 100 attacks. This was more than twice the previously reported high, according to AFP. In total, approximately 50,000 bear sightings were reported, more than double the highest number recorded over the previous two years, per the outlet.

    [...]

    Scientists speculated that the uptick in attacks has been driven by a growing bear population, coupled with the year's bad acorn harvest, USA TODAY previously reported. These conditions created an area "overcrowded with hungry bears," driving the large animals to populated areas in search of food.

    3 votes

  16. Comment on A fast and accurate tuberculosis test that doesn't need phlegm in ~health

    skybrian
    Link
    From the article: [...]

    From the article:

    The most common test to determine if someone has tuberculosis hasn't really changed since the late 1800s. The process relies on phlegm.

    "It's a nasty substance," says Adithya Cattamanchi, a pulmonologist at UC Irvine. "No one likes it, right? You don't like to cough it up. Health workers don't like to work with it. It's difficult to work with in the lab because it's so viscous." In addition, not everyone can produce phlegm easily, including children, the elderly and those weakened by disease.

    The phlegm is then examined under a microscope for the telltale tuberculosis bacteria. But the test is imperfect and imprecise. Sometimes patients are told they have TB when they don't. And about half the time, the test misses actual TB cases.

    "So for a long time, we have been trying to make the diagnosis of tuberculosis easier, cheaper, and quicker," says Alfred Andama, a microbiologist at Makerere University College of Health Sciences in Uganda.

    That desire was fulfilled last year when the Chinese company Pluslife announced a new tuberculosis test called the MiniDock MTB. It works by taking a sample of someone's phlegm or — if the patient is unable to produce phlegm — a mere tongue swab, heating and spinning it down, and then machine scanning it for DNA from the TB bacteria. It's faster than conventional tests and is portable, allowing health workers to use it in a wider variety of settings.

    [...]

    The new test followed from a burst of innovation during the pandemic, a period when swab-based testing for COVID-19 improved dramatically due to an infusion of effort and cash from researchers and industry.

    10 votes

  18. Comment on All the Eurovision songs are out. Let's talk about them! in ~music

    skybrian
    Link
    The Morander Brothers did an accordion cover of the song for Finland.

    The Morander Brothers did an accordion cover of the song for Finland.

    2 votes

  19. Comment on Offbeat Fridays – The thread where offbeat headlines become front page news in ~news

    skybrian
    Link
    OpenAI Brings Its Ass to Court (Wired)

    OpenAI Brings Its Ass to Court (Wired)

    A lawyer for Sam Altman’s AI behemoth, Bradley Wilson, approached US district judge Yvonne Gonzalez Rogers and handed her a small gold statue with a white stone base. It depicted the rear end of a donkey—with two legs, a butt, and a tail—and was inscribed with the message, “Joshua Achiam, never stop being a jackass for safety.”

    OpenAI employees at the time, Dario Amodei and David Luan, presented the gift to chief futurist Achiam, who started at the company as an intern in 2017 and now leads its work studying how society is changing in response to AI. Achiam testified on Wednesday that he interrupted Elon Musk’s parting speech from OpenAI in 2018 to warn that the billionaire’s desire to develop AGI at Tesla could come at the expense of safety. Wilson added that the trophy commemorates some “strong language” that Musk used toward Achiam in response—allegedly, calling him a jackass.

    “He snapped and called me a jackass,” Achiam said, describing the remark as tense and unfriendly.

    OpenAI initially requested to present the physical object during Achiam’s testimony, arguing that it adds to their case. While Musk’s team said the statue was irrelevant, Judge Gonzalez Rogers said she would consider allowing it when it’s referenced to corroborate the story. However, she seemed less than thrilled about accepting it as official evidence, which would put it in the court’s possession. “I don’t want it,” she said.

    3 votes

  20. Comment on Offbeat Fridays – The thread where offbeat headlines become front page news in ~news

    skybrian
    Link
    Diet Coke parties are all the rage in India as aluminum can shortage bubbles up

    Diet Coke parties are all the rage in India as aluminum can shortage bubbles up

    Suppliers told the Reuters news agency that some orders were not being fulfilled due to a can shortage caused by the situation in the Gulf, which accounts for around 9% of global aluminum production. Diet Coke is not sold in plastic bottles in India, unlike most other countries, leaving fans of the drink at risk of losing out.

    For Gupta, a 25-year-old marketing and design consultant based in New Delhi, it was an opportunity for fun, so she decided to throw a party celebrating the drink.

    “It was a joke,” said Gupta, describing herself as an “avid drinker” of Diet Coke. “I thought only me and two of my friends would show up.”

    The party was a hit with Gen Zers, who she says are craving more alcohol-free experiences. Tickets were sold out, and attendees showed up wearing Coke-themed outfits, danced to house and pop music, and made their own Diet Coke “concoctions” inspired by Dua Lipa’s recipes. The pop star has posted videos on TikTok in which she adds pickle juice and pickled jalapeños to the drink.

    8 votes