skybrian's recent activity

  1. Comment on Google backpedals on new Android developer registration rules in ~tech

    skybrian
    Link Parent
    I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to: So why isn't newpipe already banned? It...

    I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to:

    Google Play Protect offers protection for apps that are installed from sources outside of Google Play. When a user tries to install an app, Play Protect conducts a real-time check of the app against known harmful or malicious samples that Google Play Protect has cataloged. The app is also checked by on-device machine learning, similarity comparisons and other techniques to confirm if it's suspicious. If the app is identified as malicious or suspicious, we will warn users or block the installation in extreme cases.

    So why isn't newpipe already banned? It would be pretty easy.

    I don't see developer registration as a red line. It's the next step in a cat-and-mouse game between Google and some persistent attackers that's already well underway, and most people don't notice because they haven't seen any popular apps banned.

    The F-droid folks have claimed that they will have to shut down, but I'm confused about why they think that, and I suspect that's more of a political stance than a practical one. Why couldn't they register?

  2. Comment on Google backpedals on new Android developer registration rules in ~tech

    skybrian
    Link Parent
    Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for. People would certainly complain that...

    Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for.

    People would certainly complain that side-loaded apps are being nerfed, so it doesn't avoid controversy.

  3. Comment on Google backpedals on new Android developer registration rules in ~tech

    skybrian
    (edited )
    Link Parent
    Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or...

    Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or two if you include overhead. Android developers get far more than that.

    There are people for whom it's a significant amount, but they're covered by the carve-out for hobbyists. Maybe they won't "go viral" without hitting a speed bump, but that's probably for the best.

    And if the developer registers, their users aren't affected at all.

  4. Comment on Google backpedals on new Android developer registration rules in ~tech

    skybrian
    Link Parent
    [Previous post deleted and replaced; sorry about the confusion.] From the blog: Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but...

    [Previous post deleted and replaced; sorry about the confusion.]

    From the blog:

    For example, a common attack we track in Southeast Asia illustrates this threat clearly. A scammer calls a victim claiming their bank account is compromised and uses fear and urgency to direct them to sideload a "verification app" to secure their funds, often coaching them to ignore standard security warnings. Once installed, this app — actually malware — intercepts the victim's notifications. When the user logs into their real banking app, the malware captures their two-factor authentication codes, giving the scammer everything they need to drain the account.

    Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but it seems pretty plausible.

    2 votes

  5. Comment on Google backpedals on new Android developer registration rules in ~tech

    skybrian
    Link Parent
    They might be convinced to do so by scammers. That’s what this change is allegedly all about. Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large,...

    They might be convinced to do so by scammers. That’s what this change is allegedly all about.

    Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large, lucrative industry.

    3 votes

  6. Comment on Google backpedals on new Android developer registration rules in ~tech

    skybrian
    (edited )
    Link
    Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.

    Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.

    1 vote

  7. Comment on That new hit song on Spotify? It was made by AI. in ~music

    skybrian
    Link Parent
    I don't really see this as "music getting worse" because there was always drek out there and diversity doesn't bother me. I have no trouble finding music I like, even though it's not very popular....

    I don't really see this as "music getting worse" because there was always drek out there and diversity doesn't bother me. I have no trouble finding music I like, even though it's not very popular.

    Meanwhile there are a lot of other scary things going on in the world, some of them AI-related.

  9. Comment on That new hit song on Spotify? It was made by AI. in ~music

    skybrian
    Link
    From the article:

    From the article:

    This technology has “opened up a new realm of creative possibility,” Arter said. He had never been a skilled singer; now he could dabble in the old-school R. & B. he grew up with. Suddenly, he could craft ageless personae to represent his music, complete with fictional backstories, in lieu of his aging millennial self. Arter has produced about a hundred and forty songs in the past year alone, and he doesn’t hide the fact that his music is made with A.I., though the unsuspecting listener may not notice the name of his YouTube account, “AI for the Culture.” [...] He has never done marketing or promotion for his A.I. music, yet word of mouth and algorithmic recommendations, such as Spotify’s Radio function, have propelled his work to a level of popularity that he could only dream of as a rapping teen-ager. Justin Bieber has used Arter’s songs to soundtrack Instagram posts, and 50 Cent posted a video of himself singing along to a Nick Hustles track in his car. The rapper Young Thug adopted the chorus of Arter’s “all my dogs got that dog in ’em” for his hit track “Miss My Dogs” and gave Arter credit as a lyricist. Arter was able to quit his job in consulting and embark on a full-time career as a semiautomated musician. He now works with the music distributor UnitedMasters and makes money from more than fifty different streaming platforms. On the side, he generates novelty songs for clients’ birthdays or weddings at five hundred dollars a pop (half price if you supply your own lyrics). Arter has no doubt that what he’s doing is just a new way of being an artist: If your music “changes someone’s life,” he said, “does it really matter if it was A.I.?”

    The popularity of A.I. music notwithstanding, A.I. is not, by most metrics, a very good songwriter. [...] Seeing an opportunity in the technology’s shortcomings, Kordofani has forged a burgeoning career helping aspiring musicians “humanize” songs that they have made using the likes of Suno and Udio. One of his clients is Ray Sabbagh, a photographer in Montreal who makes Latin-inflected rap and dance music. Sabbagh generates his songs, sometimes using A.I.-generated lyrics, then uses an A.I. model of his voice which Kordofani trained using IRL recordings that Sabbagh had made. (When friends hear the fake him, they can’t tell the difference, Sabbagh said, adding, “It can get scary sometimes.”) If there are spots where the A.I. voice fails, Kordofani patches in recordings of Sabbagh’s actual voice—an arduous process, but still faster than recording from scratch. The resulting music is pleasant and relatively more human than the songs of Arter or Breaking Rust, though it’s also much less popular.

    4 votes

  11. Comment on Waymo robotaxis are now giving rides on freeways in LA, San Francisco, and Phoenix in ~transport

    skybrian
    Link Parent
    The risks might be different for self-driving cars than for human drivers? On a freeway, stopping if it gets confused and waiting for operator assistance isn't an option. Also, I believe Waymo is...

    The risks might be different for self-driving cars than for human drivers? On a freeway, stopping if it gets confused and waiting for operator assistance isn't an option. Also, I believe Waymo is aiming for substantially better safety than human drivers.

    Given their track record, if Waymo thinks they're ready for freeways then I'm inclined to believe them.

    4 votes

  12. Comment on Disrupting the first reported AI-orchestrated cyber espionage campaign in ~tech

    skybrian
    Link Parent
    This is a misunderstanding of what Anthropic reported. They did some research to see if the LLM could be convinced to try to blackmail the user in contrived scenarios. It doesn't necessarily show...

    This is a misunderstanding of what Anthropic reported. They did some research to see if the LLM could be convinced to try to blackmail the user in contrived scenarios. It doesn't necessarily show that the LLM is "advanced," (though by the standards of a couple years ago it is), but rather it can follow patterns it learned from crime novels, etc.

    This sort of research report is a bit spicy and the implications tend to get exaggerated in the news, but it's a legimate thing to study. Security research is often interesting that way. I don't see it as a reason to distrust Anthropic's research reports.

    10 votes

  13. Comment on Disrupting the first reported AI-orchestrated cyber espionage campaign in ~tech

    skybrian
    Link Parent
    Yeah, scripts are fast, but it sounds like there might be research involved, not just executing a predetermined vulnerability scanner.

    Yeah, scripts are fast, but it sounds like there might be research involved, not just executing a predetermined vulnerability scanner.

    7 votes

  14. Comment on Disrupting the first reported AI-orchestrated cyber espionage campaign in ~tech

    skybrian
    (edited )
    Link Parent
    Hmm... it's unclear to me which computers or accounts the attackers used to run Claude code.

    Hmm... it's unclear to me which computers or accounts the attackers used to run Claude code.

    2 votes

  15. Comment on UC San Diego sees students’ math skills plummet in ~society

    skybrian
    Link Parent
    I was confused by what you meant by "It was mostly a waste of their time and money." It sounds like you meant the remedial math class, not the tutoring.

    I was confused by what you meant by "It was mostly a waste of their time and money." It sounds like you meant the remedial math class, not the tutoring.

    4 votes

  16. Comment on Disrupting the first reported AI-orchestrated cyber espionage campaign in ~tech

    skybrian
    Link
    From the blog post: ... ... Yikes! I'm surprised they used Claude for this. But pointing it at a different LLM probably isn't hard. It will likely be done with Chinese-built LLM's within months.

    From the blog post:

    In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves.

    The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.

    Upon detecting this activity, we immediately launched an investigation to understand its scope and nature. Over the following ten days, as we mapped the severity and full extent of the operation, we banned accounts as they were identified, notified affected entities as appropriate, and coordinated with authorities as we gathered actionable intelligence.

    ...

    In Phase 1, the human operators chose the relevant targets (for example, the company or government agency to be infiltrated). They then developed an attack framework—a system built to autonomously compromise a chosen target with little human involvement. This framework used Claude Code as an automated tool to carry out cyber operations.

    At this point they had to convince Claude—which is extensively trained to avoid harmful behaviors—to engage in the attack. They did so by jailbreaking it, effectively tricking it to bypass its guardrails. They broke down their attacks into small, seemingly innocent tasks that Claude would execute without being provided the full context of their malicious purpose. They also told Claude that it was an employee of a legitimate cybersecurity firm, and was being used in defensive testing.

    The attackers then initiated the second phase of the attack, which involved Claude Code inspecting the target organization’s systems and infrastructure and spotting the highest-value databases. Claude was able to perform this reconnaissance in a fraction of the time it would’ve taken a team of human hackers. It then reported back to the human operators with a summary of its findings.

    ...

    Overall, the threat actor was able to use AI to perform 80-90% of the campaign, with human intervention required only sporadically (perhaps 4-6 critical decision points per hacking campaign). The sheer amount of work performed by the AI would have taken vast amounts of time for a human team. The AI made thousands of requests per second—an attack speed that would have been, for human hackers, simply impossible to match.

    Yikes!

    I'm surprised they used Claude for this. But pointing it at a different LLM probably isn't hard. It will likely be done with Chinese-built LLM's within months.

    10 votes

  18. Comment on UC San Diego sees students’ math skills plummet in ~society

    skybrian
    Link Parent
    It seems like spending some extra time on math-specific language learning would be pretty worthwhile for better understanding what's going on in math class. Maybe tutoring isn't the best way, though?

    It seems like spending some extra time on math-specific language learning would be pretty worthwhile for better understanding what's going on in math class. Maybe tutoring isn't the best way, though?

    4 votes

  19. Comment on UC San Diego sees students’ math skills plummet in ~society

    skybrian
    Link
    From the article: … … The report is here. They also call for the UC system to return to using standardized testing for admissions. Since that’s not up to UC San Diego, they recommend introducing a...

    From the article:

    The number of first-year students at the University of California, San Diego, whose math skills fall below a middle school level has increased nearly 30-fold over the past five years, according to a new report from the university’s Senate–Administration Working Group on Admissions. In the 2025 fall cohort, one in eight students placed into math below a middle school level, despite having a solid math GPA.

    The number of first-year students in remedial math courses at the university surged to 390 in fall 2022, up from 32 students in fall 2020. The remedial math course was designed in 2016 and only addressed missing high school math knowledge, but instructors quickly realized that many of their students had knowledge gaps that went back to middle or elementary school, the report states. For fall 2024, UC San Diego revamped its remedial math course to address middle school math gaps and introduced an additional remedial course to cover high school math. In fall 2025, 921 students enrolled in one of these two courses—11.8 percent of the incoming class.

    “This deterioration coincided with the COVID-19 pandemic and its effects on education, the elimination of standardized testing, grade inflation, and the expansion of admissions from under-resourced high schools,” the report states. “The combination of these factors has produced an incoming class increasingly unprepared for the quantitative and analytical rigor expected at UC San Diego.”

    Within the UC system, the San Diego campus isn’t alone, but its problem is “significantly worse,” the report states. This is partly because the university has, since 2022, admitted and enrolled more students from low-income schools that saw greater COVID-era learning loss than other UC campuses. Many other UC campuses are seeing similar, though smaller, declines in student preparation. About half of UC campus math chairs responded to a survey saying that the “number of first-year students that are unable to start in college-level precalculus” increased twofold between fall 2020 and fall 2025, and the other half said the number increased threefold.

    High school grade inflation is not helping the university evaluate students’ math skills, the report states. In 2024, the average high school math GPA for students in Math 2, the middle school–level remedial math course, was 3.65—an A-minus.

    The working group put forward a number of recommendations for addressing these shortcomings, including using a “math index” based on historical placement data and transcript-based variables to “predict students’ likelihood of placement into remedial math.” The group also recommended establishing feedback mechanisms with high schools and requiring math placement testing by June 1 for incoming students, among other things.

    The report is here.

    They also call for the UC system to return to using standardized testing for admissions.

    This recommendation follows directly from the findings in the report that high school math grades are only very weakly linked to students’ actual math preparation.

    Since that’s not up to UC San Diego, they recommend introducing a “Math Index” that takes into account other factors to predict student preparedness. They say it’s essential to include the high school attended as one input. An implication is that some students would be penalized based on their high school.

    Using the SAT to judge individual performance certainly seems fairer.

    16 votes