skybrian's recent activity

  1. Comment on Is there a "Razor" for the idea that "If a Billionaire is against it, I'm for it?" in ~finance

    skybrian
    Link
    I think it’s reasonable to be suspicious when someone on the opposite side advocates for something. But why be a blind partisan? Why give it catchy name? Repeating simple slogans is the sort of...

    I think it’s reasonable to be suspicious when someone on the opposite side advocates for something. But why be a blind partisan? Why give it catchy name? Repeating simple slogans is the sort of thing that makes social media worse.

    2 votes

  2. Comment on Project Glasswing: An initial update in ~tech

    skybrian
    Link
    First public macOS kernel memory corruption exploit on Apple M5 ... ...

    First public macOS kernel memory corruption exploit on Apple M5

    The latest flagship example is MIE (Memory Integrity Enforcement), Apple’s hardware-assisted memory safety system built around ARM’s MTE (Memory Tagging Extension). It was introduced as the marquee security feature for the Apple M5 and A19, specifically designed to stop memory corruption exploits, the vulnerability class behind many of the most sophisticated compromises on iOS and macOS.

    ...

    The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled.

    ...

    We didn’t build the chain alone. Mythos Preview helped identify the bugs and assisted throughout exploit development.

    Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class. Mythos discovered the bugs quickly because they belong to known bug classes. But MIE is a new best-in-class mitigation, so autonomously bypassing it can be tricky. This is where human expertise comes in.

    6 votes

  3. Comment on Nasdaq rewrites its index inclusion rules ahead of SpaceX IPO in ~finance

    skybrian
    Link Parent
    For the Nasdaq, the company that makes the list is the Nasdaq stock exchange and they benefit if SpaceX lists its stock on their exchange, so they’re doing it to get the business. For the S&P 500,...

    For the Nasdaq, the company that makes the list is the Nasdaq stock exchange and they benefit if SpaceX lists its stock on their exchange, so they’re doing it to get the business.

    For the S&P 500, it’s not just about SpaceX. OpenAI and Anthropic are going to be very large and unprofitable when they go public too. The size of these IPO’s is unprecedented. The stated justification for the S&P 500 is that they want to include all the largest public companies:

    https://www.spglobal.com/spdji/en/documents/indexnews/announcements/20260430-1483123/1483123_spdji-us-indices-megacaps-consult-20260430.pdf

    Index investing isn’t about what companies are “legitimate.” It’s about having investments in all of them in case they go up.

    4 votes

  4. Comment on Nasdaq rewrites its index inclusion rules ahead of SpaceX IPO in ~finance

    skybrian
    Link Parent
    Tesla was added to the S&P 500 in 2020. This is about SpaceX.

    Tesla was added to the S&P 500 in 2020. This is about SpaceX.

    5 votes

  5. Comment on Waymo pauses Atlanta service as its robotaxis keep driving into floods in ~transport

  6. Comment on Nasdaq rewrites its index inclusion rules ahead of SpaceX IPO in ~finance

    skybrian
    Link Parent
    Other indexes have different rules. Looks like the S&P 500 might have a rule change, though not as extreme: Elon Musk's SpaceX Could Be Fast-Tracked Into S&P 500 After IPO Under Proposed Rule Changes

    Other indexes have different rules. Looks like the S&P 500 might have a rule change, though not as extreme:

    Elon Musk's SpaceX Could Be Fast-Tracked Into S&P 500 After IPO Under Proposed Rule Changes

    The rule changes include letting IPOs enter the index six months after their debut on an eligible index instead of a 12-month period, according to current rules.

    The index also proposed eliminating a minimum Investable Weight Factor (IWF) of 0.10 for megacap companies. The IWF is a methodology used to calculate the number of shares of a company available to trade on the market.

    Notably, the proposed rule changes also eliminate profitability requirements for megacap companies. Current rules require a company to be profitable on a GAAP basis for 12 months to be considered for the index, but that rule could be eliminated.

    13 votes

  7. Comment on Project Glasswing: An initial update in ~tech

    skybrian
    Link
    From the article: [...] [...] [...]

    From the article:

    So far, Mythos Preview has found what it estimates are 6,202 high- or critical-severity vulnerabilities in [open source] projects (out of 23,019 in total, including those it estimates as medium- or low-severity).

    [...]

    As we noted above, the bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them. Finding them in the first place has become vastly more straightforward with Mythos Preview. We’ve created a dashboard of the open-source vulnerabilities we’ve scanned, below, which shows the different steps in our disclosure process and will track our progress over time. This shows vulnerabilities of all severity levels, rather than only the subset initially assessed as high- or critical-severity by Mythos Preview. Note the steep drop-off at each phase, reflecting the amount of human effort required to verify and fix each of the vulnerabilities.

    Our process for triaging vulnerabilities is intensive. First, we or one of the external security firms we work with reproduce the issue that Mythos has found and re-assess its severity. Once we’ve confirmed that a vulnerability is real, we check for whether there are already fixes in place, and write a detailed report to the software’s maintainers. We take considerable care here: on top of the regular challenges of maintaining open-source software, maintainers have been facing a deluge of low-quality, AI-generated bug reports. Indeed, several maintainers have told us they’re currently severely capacity constrained, and some have even asked us to slow down our rate of our disclosures because they need more time to design patches. (On average, a high- or critical-severity bug found by Mythos Preview takes two weeks to patch.)

    [...]

    75 of the 530 high- or critical-severity bugs we’ve reported have now been patched, and 65 of those have been given public advisories. The number of patches is still relatively low for three reasons. First, we’re still early in the 90-day window that’s set out in our Coordinated Vulnerability Disclosure policy: we expect many more patches to land soon. Second, we are likely to be undercounting patches because some vulnerabilities are patched without a public advisory: in those cases, we’re reliant on scanning for the patches ourselves using Claude. Third, the low volume of patches reflects a genuine problem: even at our relatively slow pace of disclosures, Mythos Preview is adding to an already-overloaded security ecosystem.

    [...]

    Many generally-available models can already find large numbers of software vulnerabilities, even if they can’t find the most sophisticated vulnerabilities or exploit them as effectively as Claude Mythos Preview. Project Glasswing has already spurred many other organizations to take action on their own codebases with these generally-available models; we’re working to make this much easier to do.

    5 votes

  9. Comment on Why Japanese companies do so many different things in ~finance

    skybrian
    Link
    From the article: [...] [...] [...] [...] [...] [...] [...]

    From the article:

    But Toto’s remarkable year doesn’t have much to do with toilets or bidets. Toto might have been founded in the 1910s to “provide a healthy and civilized way of life” through affordable toilets, and in the decades since might have become the global leader in the bathroom game. But Toto also does a lot of other things. Toto manufactures not just bidets and toilets but also bathroom tiles, prefabricated bathroom modules, faucets, modular kitchens, photocatalytic coatings for buildings, and assistive equipment for the elderly. And, most importantly, Toto has a very lucrative sideline in the fabrication of memory chips.

    Since 1988, in a once-obscure corner of the company called the “advanced ceramics division,” Toto has been producing a very particular component called the electrostatic chuck, or the “e-chuck.” The e-chuck is a sort of high-precision ceramic plate, about the size of a steering wheel, that uses electrostatic force to hold a silicon wafer perfectly flat and thermally stable while memory chips are etched into it with bombardments of plasma. Making these components is extraordinarily difficult, since the ceramic body needs to have near-zero particle generation and be polished to submicron flatness: and this means that there are only a few companies in the world that are capable of manufacturing e-chucks reliably. Almost all of them—Shinko Electric, NGK, Toto, Kyocera, Sumitomo Osaka Cement, Niterra—are based in Japan.

    For most of its history, the advanced ceramics division was a rounding error on Toto’s balance sheet: the money maker, as it had been since the 1910s, was the toilet and bidet business. But we’re in a new era. Demand for AI is exploding, meaning that demand for the high-bandwidth memory that AI data centers require is exploding, meaning that demand for memory chips is exploding, meaning that demand for e-chucks is exploding. And so Toto’s advanced ceramics division is suddenly the company’s largest business, generating the majority of its operating profit. Toto’s leadership, suddenly awash in AI-driven revenue, announced that they would double down by investing hundreds of millions in expanded electrostatic chuck production: the toilet company had become, quite unexpectedly, a supplier to the semiconductor supply chain.

    The Toto story is a fun and interesting illustration of corporate diversification and how strange bets can pay off. But that type of diversification—a toilet company that also produces photocatalytic coating and high-precision components for semiconductors—isn’t really unique to Toto. Practically every company in Japan seems to do a thousand very different things.

    [...]

    Here is the answer I want to suggest: Japanese companies excel in lots of very different domains because it’s inherent in how they’re structured. The form of the corporation that we know and love in the United States—specialized, market-oriented, governed by shareholders—is just one form that the corporation can take; but it’s not the only way to coordinate capital and labor in a successful and profitable way. The protean corporations of Japan are best understood as a different species of thing altogether: better at some things, worse at others, but still highly adapted to their particular environment. And the things that they’re very good at turn out to be extraordinarily helpful for all sorts of things in which American companies tend to struggle.

    [...]

    Here’s an illustration. Let’s say you run a factory. You decide that you want your lines to produce fewer defective goods: maybe you want to improve your yield from 95 percent to 98 percent. So you decide to invest in better training for your workers: maybe training now lasts six weeks instead of two weeks. This works, and now your yield is higher; but that change makes other things more attractive too. For example: now that your yield is higher, it makes sense for you to reduce your inventory, since fewer defects mean you no longer need a large buffer of spare parts to replace the bad ones. So now you’ve cut your inventory: but now it makes sense for you to shorten your production runs and switch more frequently between products, since without a mountain of inventory to work through you can afford to change what the line is making. And if you’re switching frequently between products, then it makes sense for you to invest in flexible, reprogrammable machinery instead of dedicated, single-purpose equipment. So one relatively small tweak shifts the entire calculus of what you do.

    [...]

    So if we want to know why Japanese companies have one apparently unusual practice—why they’re so diversified into countless unrelated industries—we can’t really answer the question in isolation. We need to ask which bundle of practices they employ.

    [...]

    And this means that Japanese companies strive to avoid financial pressure from outsiders. Relationships with suppliers are longstanding and entrenched: many Japanese companies have been working with the same suppliers for 50 years or longer. Outside investors seeking to interfere in this happy picture will find few avenues for influence. A standard Japanese firm’s board of directors is composed almost exclusively of the firm’s own senior managers; a large fraction of the firm’s equity is held not by outside investors but cross-held by other Japanese firms; and most of the firm’s financing comes from a single “main bank” that provides loans and monitors performance.

    And as a result, Japanese companies don’t really try too hard to return profits to shareholders. Earnings are mostly reinvested, and investor dividends are kept low. For a long time, Japanese firms would spend as much entertaining the managers of other firms as they would on dividends to shareholders.

    [...]

    And the complete Japanese bundle, I should say, ends up producing something with entirely different objectives and interests than the American bundle. The H-firm exists to make money, or rather to return money to shareholders; but the J-firm, run by its employees and largely indifferent to the interests of shareholders, exists simply to continue existing. That’s why Japanese companies are so protean and willing to change what they do. Nintendo was founded in 1889 as a maker of handmade playing cards; in the 1960s, it was pushed out of the playing cards game by a wave of competition; and it spent several years experimenting with new markets—taxi services and instant rice, though contrary to the rumors not love hotels—before finding its way to video games. Fujifilm, which faced a near-total collapse of photographic film in the 2000s, simply used its expertise in chemical coatings and fine optics to pivot into cosmetics, pharmaceuticals, LCD films, and semiconductor process materials.

    And that basic impulse toward survival is why Japanese companies are so insistent on diversification. If you’ve made a commitment to keep people employed for life, then you need to create jobs for them if their current jobs stop making sense: indeed, you might need to keep them employed even if you can’t find anything for them to do. If you’re not very worried about profitability, and have lots of well-trained generalist employees, then it makes perfect sense to reinvest your company’s earnings by expanding into new industries: doing so not only allows your company to survive longer—your company’s portfolio of bets is now more diversified and thus lower-risk—but also ensures that you’re able to keep your surplus workers busy in one way or another.

    [...]

    And this system, as it turned out, was really good at particular things. Aoki’s key insight was that the J-mode had a comparative advantage in environments of moderate volatility: situations where conditions changed frequently enough that rigid central plans would be outdated before they were executed, but not so radically that only top-down strategic intervention could cope. In an environment of stable, predictable demand, the H-firm did fine; in an environment of extreme disruption, where the whole product line had to be rethought, centralized authority was indispensable, and the H-firm also did fine. But in between—where the challenge was to make constant small adjustments in a changing but recognizable paradigm—the J-firm excelled.

    [...]

    But catch-up growth, by definition, has to end: at some point you’ve caught up, and the challenge at the frontier is not only to refine what’s already known but to invent what is not known. And paradigm invention is precisely the sharp discontinuity for which the J-mode has no particular gift. Consensus-driven, horizontally coordinated organizations are very good at refining what already exists: but they are very bad at deciding what should exist.

    That basic weakness is why Japanese firms are so dominant in some domains and entirely absent in others. Japan excels in automotive manufacturing, machine tools, industrial robotics, optics, and precision materials: domains characterized by incremental refinement. But they have very little to add in software, internet platforms, artificial intelligence, or electric vehicles. The architecture of the Japanese firm is built to perfect a domain through progressive advancement; it’s quite poorly suited to sharp discontinuity.

    22 votes

  11. Comment on Samsung chip workers to get $340,000 average bonus in AI boom in ~tech

    skybrian
    Link Parent
    You still benefit when the company has a good quarter and the stock goes up. It’s been almost a decade since I left Google, and I still benefit. Obviously, this has nothing to do with the work...

    You still benefit when the company has a good quarter and the stock goes up. It’s been almost a decade since I left Google, and I still benefit.

    Obviously, this has nothing to do with the work that I actually did, but I don’t see how that matters.

  12. Comment on Samsung chip workers to get $340,000 average bonus in AI boom in ~tech

    skybrian
    (edited )
    Link Parent
    It's true that at a large company, the work that most people do day-to-day is unlikely to affect the stock price. But it does mean that when the company does well, you do well, so you can cheer...

    It's true that at a large company, the work that most people do day-to-day is unlikely to affect the stock price. But it does mean that when the company does well, you do well, so you can cheer when the company has a profitable quarter instead of feeling alienated because the company is making money and you're not.

    Of course there are a lot of other ways that management can alienate workers, and layoffs will definitely do that. But profitable, growing companies can do other nice things for their employees too and send a consistent message.

    It was before my time, but HP was once legendary for treating their employees well, and Google was that way too in the early years.

    Another thing about Silicon Valley is that you know that even successful companies don't necessarily last. A physical sign of that was that Google's main campus was built on SGI's former headquarters. Facebook's old campus was formerly a Sun campus.

    So, it was pretty obvious that those were the good times and that I should enjoy them while they lasted.

    Nowadays the vibe towards tech companies is so negative that there are commenters on Hacker News trying to tell me I was exploited. Like, just no. There's a lot of injustice in the world and there are much better targets for your sympathy than rich retired tech workers.

    1 vote

  13. Comment on Samsung chip workers to get $340,000 average bonus in AI boom in ~tech

    skybrian
    Link Parent
    Something like this is common practice at Silicon Valley firms. Employees become shareholders via stock options and RSU’s and directly benefit when the stock goes up.

    Something like this is common practice at Silicon Valley firms. Employees become shareholders via stock options and RSU’s and directly benefit when the stock goes up.

    1 vote

  14. Comment on Waymo pauses Atlanta service as its robotaxis keep driving into floods in ~transport

    skybrian
    Link Parent
    Maybe LIDAR has weird reflections off water? Whatever it is, I imagine they will take a few weeks or months to fix this and it will stay fixed. It doesn’t seem like it would be as difficult as...

    Maybe LIDAR has weird reflections off water? Whatever it is, I imagine they will take a few weeks or months to fix this and it will stay fixed. It doesn’t seem like it would be as difficult as kangaroos.

    1 vote

  15. Comment on Samsung chip workers to get $340,000 average bonus in AI boom in ~tech

    skybrian
    Link
    From the article: [...]

    From the article:

    Samsung Electronics will distribute about 40 trillion won ($26.6 billion) in bonuses to chip division employees this year after striking a tentative agreement with its labor union, according to Bloomberg. Using the proposed terms and analyst projections for 2026 operating profit, Bloomberg calculated the average payout at 513 million won, the equivalent of about $340,000. The total average compensation across Samsung was 158 million won in 2025, per a company filing.

    The agreement, subject to a union ratification vote running May 22 through May 27, calls for Samsung to direct 10.5% of operating profit into stock bonuses along with a separate 1.5% cash component, according to Bloomberg. The program runs for 10 years, contingent on the company meeting profit thresholds. One-third of the stock award can be liquidated right away, with the rest parceled out in installments across the next two years, Bloomberg reported. The first payout is expected in early 2027.

    [...]

    The deal ended a standoff that drew intervention from South Korea's president, prime minister, and labor minister. A strike that shut down chip production could have cost the economy as much as 1 trillion won daily, with losses potentially multiplying to 100 trillion won if in-progress semiconductor wafers were rendered unusable. Samsung's shipments account for nearly a quarter of all South Korean exports.

    Workers had pushed for bonuses tied directly to operating results and the removal of a cap that had limited payouts to half of annual salary. The union's original demand was for a bonus pool equivalent to 15% of operating profit. The settled rate of 10.5% was enough, in JPMorgan $JPM +0.34%'s estimation, to push Samsung's total performance-linked compensation to about 12% of operating profit for the year, Reuters reported.

    8 votes

  17. Comment on Waymo pauses Atlanta service as its robotaxis keep driving into floods in ~transport

    skybrian
    Link
    From the article: [...]

    From the article:

    One of Waymo’s robotaxis was spotted driving through a flooded street in Atlanta, Georgia on Wednesday before it ultimately got stuck for about an hour, according to local news reports. The vehicle was recovered and removed from the scene, Waymo told TechCrunch. Waymo says it paused service in the city, just like it has in San Antonio, Texas, while it figures out a solution.

    [...]

    But even those precautions apparently were not enough to stop the Waymo robotaxi from entering the flooded intersection in Atlanta. Waymo told TechCrunch on Thursday that the storm in Atlanta produced so much rainfall that flooding was happening before the National Weather Service had issued a flash flood warning, watch, or advisory. The company said its fleet those alerts are part of a larger set of signals it relies on to prepare the vehicles for poor weather.

    3 votes

  19. Comment on Colorado approves balcony solar, requires utilities to accept meter collars in ~enviro

    skybrian
    Link
    From the article: [...]

    From the article:

    Colorado is the latest state to approve plug-in solar (also known as balcony solar) after Gov. Jared Polis signed HB26-1007 into law.

    [...]

    • Legalizes plug-in solar with safety guardrails. The new law legalizes plug-in solar generation devices — typically one to four solar panels plus an inverter, designed for simple self-installation by homeowners or renters in a yard or on a balcony. It requires that devices meet rigorous product safety standards, closing a gap that previously allowed unsafe products to be sold in Colorado. It prohibits utilities and HOAs from unreasonably blocking the installation or use of these devices.

    • Cuts costly interconnection barriers with meter collars. The law requires the Public Utilities Commission to update interconnection rules by December 31, 2026, to explicitly allow customer ownership and use of meter collar adapters — simple devices installed between an electric meter socket and a utility billing meter that provide immediate interconnection of customer-owned energy devices. Meter collars reduce or eliminate the need for expensive electrical panel upgrades, saving families between $2,000 and $5,000 per installation and avoiding panel upgrades that can cost up to $10,000. Colorado’s investor-owned utilities — including Xcel and Black Hills — are already using meter collar technology. This law makes access universal and statewide.

    • Expands access across all utility types. The law extends these protections to municipally owned utilities and electric cooperatives, ensuring that families across Colorado — not just those served by investor-owned utilities — can benefit.

    8 votes