Mastodon Feed
Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
0xabad1dea@infosec.exchange ("abadidea") wrote:
if you have no idea what this is about: a very official-looking "IPv8" draft appeared that was an absolute fever dream of and-a-pony wishlist features for a censorious regime, down to using json web tokens at the hardware level for some reason
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
0xabad1dea@infosec.exchange ("abadidea") wrote:
it seems someone decided to prove you really can just publish any nonsense protocol draft with the IETF https://www.ietf.org/archive/id/draft-meow-mrrp-00.html
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
cesarsagaert@hachyderm.io ("César") wrote:
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
MolarFox@pixel.tiggi.es ("MolarFox 📷") wrote:
On today's #fursuitfriday, we're transporting a very fluffy and very important payload in the back of my ute!
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
campuscodi ("Catalin Cimpanu") wrote:
-Grok is still nudifying
-Nudify apps are still everywhere
-Android gets new one-time location and contact pickers
-Chrome does nothing to stop browser fingerprinting
-Windows adds RDP warning popups
-Raspberry Pi disables passwordless sudo
-More cyber EOs are coming
-FCC exempts Netgear from foreign router ban
-US Tech Force is hiring cyber staff
-DPRK laptop farmers sentenced
-16yo arrested for school hack
-53 DDoS-for-hire domains seized
-Hazy Hawk hijacks university subdomains
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
GossiTheDog@cyberplace.social ("Kevin Beaumont") wrote:
RE: https://infosec.exchange/@metacurity/116420216155655162
Mythos is quickly becoming its own mythological beast.
They’ve automated the vulnerability hype train - an expression I used where researchers would find real vulnerabilities, which had no real impact in the real world. People would get very excited for no reason. Now they’ve automated that process with execs.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
david_chisnall@infosec.exchange ("David Chisnall (*Now with 50% more sarcasm!*)") wrote:
A few notes about the massive hype surrounding Claude Mythos:
The old hype strategy of 'we made a thing and it's too dangerous to release' has been done since GPT-2. Anyone who still falls for it should not be trusted to have sensible opinions on any subject.
Even their public (cherry picked to look impressive) numbers for the cost per vulnerability are high. The problem with static analysis of any kind is that the false positive rates are high. Dynamic analysis can be sound but not complete, static analysis can be complete but not sound. That's the tradeoff. Coverity is free for open source projects and finds large numbers of things that might be bugs, including a lot that really are. Very few projects have the resources to triage all of these. If the money spent on Mythos had been invested in triaging the reports from existing tools, it would have done a lot more good for the ecosystem.
I recently received a 'comprehensive code audit' on one of my projects from an Anthropic user. Of the top ten bugs it reported, only one was important to fix (and should have been caught in code review, but was 15-year-old code from back when I was the only contributor and so there was no code review). Of the rest, a small number were technically bugs but were almost impossible to trigger (even deliberately). Half were false positives and two were not bugs and came with proposed 'fixes' that would have introduced performance regressions on performance-critical paths. But all of them looked plausible. And, unless you understood the environment in which the code runs and the things for which it's optimised very well, I can well imaging you'd just deploy those 'fixes' and wonder why performance was worse. Possibly Mythos is orders of magnitude better, but I doubt it.
This mirrors what we've seen with the public Mythos disclosures. One, for example, was complaining about a missing bounds check, yet every caller of the function did the bounds check and so introducing it just cost performance and didn't fix a bug. And, once again, remember that this is from the cherry-picked list that Anthropic chose to make their tool look good.
I don't doubt that LLMs can find some bugs other tools don't find, but that isn't new in the industry. Coverity, when it launched, found a lot of bugs nothing else found. When fuzzing became cheap and easy, it found a load of bugs. Valgrind and address sanitiser both caused spikes in bug discovery when they were released and deployed for the first time.
The one thing where Mythos is better than existing static analysers is that it can (if you burn enough money) generate test cases that trigger the bug. This is possible and cheaper with guided fuzzing but no one does it because burning 10% of the money that Mythos would cost is too expensive for most projects.
The source code for Claude Code was leaked a couple of weeks ago. It is staggeringly bad. I have never seen such low-quality code in production before. It contained things I'd have failed a first-year undergrad for writing. And, apparently, most of this is written with Claude Code itself.
But the most relevant part is that it contained three critical command-injection vulnerabilities.
These are the kind of things that static analysis should be catching. And, apparently at least one of the following is true:
- Mythos didn't catch them.
- Mythos doesn't work well enough for Anthropic to bother using it on their own code.
- Mythos did catch them but the false-positive rate is so high that no one was able to find the important bugs in the flood of useless ones.
TL;DR: If you're willing to spend half as much money Mythos costs to operate, you can probably do a lot better with existing tools.
Mastodon Feedpzmyers@freethought.online ("pzmyers 🕷") wrote:
Louisiana has a special way of dealing with homelessness.
https://freethoughtblogs.com/pharyngula/2026/04/17/are-there-no-prisons-are-there-no-workhouses/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
patcharcana@furry.engineer ("Patch Arcana") wrote:
"I failed upward, to the level of my incompetence. The same as the rest of us."
St. Naomi Nagata, Patron of Breaking Stuff, continues to deliver the bangers.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
bascule@mas.to ("Tony “Abolish ICE” Arcieri🌹🦀") wrote:
New metric shows renewables are 53% cheaper than nuclear power
A new metric for assessing total system costs puts a least-cost mix of offshore wind and solar at about €46 ($54.20)/MWh in a future climate-neutral energy system for Denmark. Researchers tell pv magazine that figure is less than half the equivalent cost of nuclear under the same conditions.
Mastodon Feedpzmyers@freethought.online ("pzmyers 🕷") wrote:
Hideous slimy rape monkeys in action.
https://freethoughtblogs.com/pharyngula/2026/04/17/humans-are-awful-creatures/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
itnomad@ruhr.social ("Alexander Janßen") wrote:
HAHAHA LOL That didn't age well!
> EU age verification app can be hacked in 2 minutes, claims security expert
https://cybernews.com/security/eu-age-verification-app-hack/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
rawenwolf@meow.social ("RawiWoof") wrote:
Well, so much for safety and privacy
@itnomad https://ruhr.social/@itnomad/116419862667935057
@EUCommission, @HennaVirkkunen
This is absolutely unacceptable and puts almost 500 mil. people in danger.
On the bright side, it wouldn't be found so quickly if the code wasn't publicly available so you've got plenty of time to fix this huge error. And I mean fix, not cover up.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hkrn@mstdn.social ("Hacker News") wrote:
US tech firms lobbied EU to keep datacentre emissions secret
L: https://www.theguardian.com/technology/2026/apr/17/microsoft-us-tech-firms-lobbied-eu-secrecy-rules-datacentre-emissions
C: https://news.ycombinator.com/item?id=47802962
posted on 2026.04.17 at 02:17:41 (c=1, p=9)
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
FlohEinstein@chaos.social wrote:
I think it is really important to analyze the implication of the new IETF Draft Meow MRRP in the wild. I strongly assume it will lead to widespread loss of carriers when applied in areas where IP over Avian Carrier is in use. More research is needed. And funding!
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
bluish.gecko@pixelfed.furryfandom.me ("Blouie the Blue Heeler") wrote:
You don’t need a #Sandevistan when you've got #zoomies 😁
#furry #fursuit #FursuitEveryday
📸 @furcphoto.bsky.social
🧭 @nordicfuzzcon.org 2026, #Malmö
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
Cassius@meow.social ("Cassius Crafts") wrote:
He looks cool but I promise you there's nothing but air between those ears 🫡
Happy #FursuitFriday everybody! This wonderful photo was taken atScotiacon by @/PurpleFoxCosmo
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
relhr0vs@furry.engineer ("REX HR0VS") wrote:
Happy #FursuitFriday everyone!
This photo of Theta ( https://www.furtrack.com/index/character:theta ) was taken at a recent meet at a dinosaur museum. It was a great day out and I got a stack of photos of all the furs playing with the dinosaurs. 🦖
It seems very brave of Theta to turn her back on that giant t-rex, but I'm sure that little fence will keep the dinosaurs contained.
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
NaveMcCanine@meow.social ("Nave :ms_furry_pride:") wrote:
🫘 B 🫘 E 🫘 A 🫘 N 🫘
🐈: furrynakita (FA)
🐕: Me!
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
creideiki@akkoma.pikaböl.se ("Creideiki") wrote:
For #FursuitFriday photography, make sure to turn the fursuiter all the way around to get the good angles, and to shift the focus plane to alternate between paws and maws.
🐺: Badwolf Brock http://badwolfbrock.com/
🧭: ConFuzzled 2025
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
trailofbits@infosec.exchange ("Trail of Bits") wrote:
Google used a ZK proof to disclose a quantum breakthrough that cuts the cost of breaking cryptocurrency by 20x without handing attackers the circuit.
The Rust code behind the proof had memory safety bugs. We used this new attack surface to forge a proof that beats Google’s on every metric.
Google patched it within days. Their quantum claims are unaffected. https://blog.trailofbits.com/2026/04/17/we-beat-googles-zero-knowledge-proof-of-quantum-cryptanalysis/
Mastodon FeedBoosted by soatok@furry.engineer ("Soatok Dreamseeker"):
bullsworth@meow.social ("Bullsdonk") wrote:
@soatok I actually ranted a bit about how the bsky CW system is overcomplicated in a way that makes it less functional in a federated system, probably thanks to being designed by traditional social media engineers.
Mastodon Feeddysfun@treehouse.systems ("gaytabase") wrote:
we refer to them as 'the Jurassics'
Mastodon Feedjscalzi@threads.net ("John Scalzi") wrote:
Eh, lots of men suck and even lots of men who don't actively suck are still clueless, and we live in a patriarchal society that discounts harm to women (look at who is the fucking president right now), so, fair. I try not to suck. It's a work in progress.
RE: https://www.threads.com/@prettyonfridays/post/DXM1YvfFMXn
Mastodon Feedfromjason ("fromjason.xyz ❤️ 💻 ✍️ 🥐 🇵🇷") wrote:
The new Lily Allen album is really good.
Mastodon Feeddysfun@treehouse.systems ("gaytabase") wrote:
Voltage, Amperage, Ohmage, Faradage
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
jef ("Jef Poskanzer") wrote:
The backlash has begun. Anti-AI as marketing point. #ButlerianJihad
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
algernon@come-from.mad-scientist.club ("Luddicus Mus") wrote:
A hard ban on LLM/"AI" use in a FLOSS project is the moderate stance. I am not a moderate person.
Giving space to these machines is throwing the millions of people whose work they stole, the millions of people who suffer under their crawlers' assault under the bus.
We do not throw each other under the bus in a civil society. I hope you understand this to be the bare minimum.
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
jsit@social.coop ("Jay 🆘") wrote:
Capitalism never uses productivity to pay for leisure. It only uses it to pay for more productivity.
We have leisure because of unions, not because of productivity.
(i.e., AI will not result in a 4-day workweek.)
Mastodon FeedBoosted by baldur@toot.cafe ("Baldur Bjarnason"):
Mediagazer@mstdn.social wrote:
Q&A: Ronan Farrow on his Sam Altman profile in The New Yorker, investigating salacious rumors amid a flood of funding for opposition dossiers, and more (Nilay Patel/The Verge)
https://www.theverge.com/podcast/911753/sam-altman-openai-ronan-farrow-new-yorker-feature-trust-liar-ai-industry
http://mediagazer.com/260417/p1#a260417p1