So Anthropic demos Mythos and OpenAI has to say put out a press release.

Altman's house of cards is collapsing...

Two can keep a secret if one of them is dead..

I don't think it is a team. That would be even more people with 130 some odd billion reasons to show their cards.

I don't even think one of there letters could sit on something like this effectively. Hell even the airman rescue mission leaked, and there was little or no financial incentive to leak that.

I am not the one here that doesn't know what I am talking about.

Availability is a leg of the CIA triangle bro.. If the authorized user CANT get access and its not fixable. That is a security failure, and likely as serious as a total confidentiality failure.

You getting root does not make you the evil made, you getting root means you SE'd the owner into running something, found a nice heap spray in the browser followed by a local privesc etc. Realistically these are all going to be drive-bys of some kind, where the victim stumbles onto your watering hole, runs whatever code you the attacker react when the listener calls home. Go in plunder and leave if you identify the box as being someones home PC. You're not going worry about persistence or dwell time..

I wonder. Certainly in suburbia yes. Cities though.

People have to be able to park, vehicles have to be able to get by in the opposite lane if you cone off an area being patched. I am not sure you can necessarily fix every hole in a give couple blocks at the same time without creating a significant traffic problem.

Bullshit.

About the only thing secure boot really protects from is the evil-maid. All other cases affecting most users by the time something is in a position to modify the kernel or boot loader it was already in a position to do all the damage that would matter to that person.

You had root on my box, you have already had the opportunity to crypto ransom me, just vandalize my system in general, find and extract any sensitive data in my home directories and on any mounted volumes.

Even advanced persistent threats for the most part are not going to be trying to spliot the pre-boot environment, if I want dwell time on a corporate network I want to compromise assets that are usually always online.

In fact I would suggest for most users of home PCs anyway (to include laptops that rarely if ever travel) are less secure for using secure boot and even FDE. Most of them are one bad update or certificate expiration away from rendering their data completely inaccessible and unrecoverable. We know most of these users have no backups, and the tiny percentage who do have never tested them. -That is the opposite of security folks.

FDE does make sense for corporate environments and secureboot probably does as well but it has not f***king business at home and should NEVER be acceptable as being part of any requirement. It serves only one real use there denying people freedom to do what they like with their own hardware. It does nothing but enable DRM, and it does so at the cost of massive potential harm to the end user.

Only if it is in the public interest to destroy bitcoin.

Imagine if one person were suddenly revealed to unilaterally posses sole authority/ownership over 1/10th of dollars in circulation with no checks, or limits on how or what they could do with them, when or how fast!

Do you think that would do much for dollar confidence? I think likely lead to a pretty immediate discounting of the dollar probably around 10% in real value. The impact on Bitcoin would be a great deal more pronounced because Bitcoin is so much less liquid.

They (Iran) obviously chose it because it is at least in the short term comparatively difficult to sanction but also not to difficult to convert. It would not do them much good to collect tolls in some other currency and subsequently have US diplomatic pressure cut them off from the banking networks that generally handle that currency.

I am not saying that Bitcoin isn't highly traceable and that the US and other governments wont try and won't ultimately succeed making it so punitive to accept payments (in bitcoin) from Iran that Iran has to trade their bitcoin at a significant discount to those wiling to launder it and / or accept having tainted funds they can't spend a lot of place as well. That will happen, but will take some time to become really effective.

It does leave you wonder if the people who whisper in Trump's and Bibb's ears and their friends who might whisper in the ears IRGC types might indeed have provoked this whole thing in order to create a situation Bitcoin or some other crypto-currency could be forcibly inserted into the "international system".

It is interesting to think about because I do still believe in light of hyper-sonic missile and drone tech, and expanding Chinese influence there were / are good strategic reasons to remove Iran as an international player right now, for the US. Attacking Iran was a smart move... Letting them survive as even a regional power isn't. The ability to fight them is determined by the domestic clock on war powers. Trump is an idiot for wasting two weeks on this cease fire, he should economically disabled them, finishing it. Whoever he listened to on accepting those terms is not advising him well. We should have at least destroyed their remaining oil infrastructure, before any pause.

That wouldn't make up for Ukraine and Gaza war support, but yeah, you're probably right. We'd all probably be getting arrested for hate-speech laws if she'd have got in, too, but alas I'm still here talking shit.

Hahahaha! Suuuure. You sound completely rational I'm sure everyone who reads you post will immediately become a Democrat.

Mostly the media, but it sure as fuck hasn't been Libertarians, Green Party, Bull Moose, or any other 3rd party that's tried.

Another "Say one word that could even be interpreted as not support Ukraine and I'll accuse you of Putin worship." guy. Yeah, great logic, moron. Everyone at antiwar.com is a "Putin worshiper". Very rational and well thought out...

Going by CVE counts, it sure as FUCK seems to be working for some folks. They "just picked one" when they picked OpenVMS and those user hit a massive security jackpot with 19 CVEs in 49 years. Fucking security doorknobs love your phrase "defense in depth" but it's really simple: do everything you can. Sure, that's a great idea, too, but if you are denying that some folks who choose more secure operating systems didn't reap large security benefits by being less attractive targets, you're simply ignoring reality.

Unpopularity and obscurity are pretty fucking closely related. VMS has been around since the 1970's. It has ~0.4 CVEs per year (19 CVEs ÷ ~49 years). In Linux there are 14k CVEs and that comes out to around 400 CVEs a year on average. Windows is a bit harder to calculate but it's between 500 and 1000 CVE's a year. So, by this metric, OpenVMS is between 500x-1000x more secure.

Obviously, you can do more with Linux or Windows at this point, but that's not really germane to the discussion. We are talking about security. If "obscurity" doesn't matter, then why the MASSSSSSSSIVE fucking disparity? That was rhetorical. Don't bother answering. You'll only look less informed and more pedantic than you already do.

If they start shooting at ships that haven't paid the tolls, I'd imagine the US and Israel will simply re-start blowing up their power plants, oil refineries, manufacturing facilities, and bridges. The only way Trump would go along with that is if they start paying him or his family personally out of the toll fees, lol.

My guess is that they'll let oil prices go down, do the midterm elections, then go back to bombing Iran. The only question in my mind is if Kamala would have started dropping the bombs sooner or later. I don't know if a promise not to start wars (like Trump) makes them more or less likely to actually do it. Kamala was all "Yea! War!" so maybe she'd have not done it? All these faces to the Uniparty... but it's still not confusing. You get two choices as an American. One is to start/continue wars behind an orange retard. The other is to start/continue wars behind some brown bitch-retard. Kinda finding it hard to see any real difference beyond the flavor of retard you prefer making the retarded pronouncements and declarations. Do you want those announcements from some dumb bitch you would not let operate a can-opener by herself or some angry ancient orangutan-looking asshole who you'd bet against putting his pants on by himself?

Great choices, partisans. Lovely situation you've both-sides'd us into.

It's pretty risky to use any software from a monoculture. You risk going down at the same time as everyone else during a big exploit. You risk getting hit with zero-day code and sitting there compromised without even knowing it. At least, it appears your risk is significantly higher if you are on a closed source commercial operating system.

Security weenies claim security via obscurity doesn't work, but it absolutely does if you like to use data and respect what it tells you. Check the number of security CVEs for operating systems like OpenVMS, MPE/IX, and see how they compare with Linux or Windows. By volume, the most popular OSes get the most attacks and successful exploits.

Thus, it doesn't really make sense to be on the "most popular" platforms. You'll just get Broadcom'd like VMware users. Stay in an out-of-the-way niche and you're going to get a lot less negative attention.

Let's see them. Stop fucking talking and show your cards, Anthropic. So far you have three exploits racked up that could have easily been written/found by humans working for a multi-billion-dollar company. You already lied bigtime about writing a functional C compiler. I downloaded it and found it had a broken assembler, broken linker, and couldn't optimize a 500-line bubble sort. It was a dirty lie. So, no, these guys do not have any street cred. These guys have so-far found three bugs and written one exploit. If they are worth billions then Solar Designer and Aleph One should be worth trillions and so would *I*. We've done way more than that in the past.

Fuck you, Anthropic. I say you're lying. Prove your "thousands of bugs" claim or shut the actual fuck up. I'll be watching. If we had such "powerful" and "scary" tools to flood the BSD's with actual security threats complete with operational proof-of-concept code, then there would be 100's of new CVE's and Bugtraq posts with exploits. You have ONE FreeBSD exploit to your name, Anthropic, and that's not nearly enough for your claims.

Also fuck all these guys going hammer and tongs at FOSS while practicing "responsible disclosure" with Apple and Microsoft. Anthropic claims to have Windows, MacOS, and Linux bugs with the same level of severity but THOSE BUGS were too "sensitive". Guys suck a giant dick. If LLMs really do become able to find hundreds or thousands of bugs from source code, keep in mind the Windows and MacOS source ain't that hard to get, either. All it'll take is one Russian douchebag to steal some LLM credits and create the same flood of garbage against Microsoft or Apple (which they will keep secret and use for ransomware) and who do you think has more bugs waiting to be exploited, OpenBSD or Windows?

Well shoot, even the politicians jobs are not safe then!