Forgot your password?
typodupeerror

Comment Re:An AMAZING number of flaws (Score 1) 72

It's bad, but Microsoft has a awfully large number of lines of code to run through Mythos or whatever (whether they need that many is a whole other discussion). A more useful metric on overall code quality would be how many bugs are being found per 10k lines of code compared to their peers (including FLOSS); e.g. if Microsoft ran 10m SLOC through Mythos to get those 570 bugs, and a smaller project ran 1m SLOC and got 57 bugs, then you could reasonably argue that their code quality is about on a par with the smaller project. It's still Apples to Oranges though, because some coding solutions are going to be much more challenging to code, and therefore more likely to contain bugs.

On the upside, we're probably going to get several months of this while everyone with access to Mythos et al runs their existing code through it and integrates into their release processes for new code, and the end result will be things being much harder for all the bad actors in the world. Even if you don't use the improved code yourself, that's hopefully going to have a significant impact on the number and size of all the botnets out there, and that's a net benefit to everyone apart from the bad actors.

Comment Re:good self awareness (Score 5, Interesting) 61

Good question. Their POWER series of CPUs were not insignificant in capability, their chip designers were clearly technically sophisticated, and GPUs are just specialised vector processors with a few extra bells and whistles - stuff IBM is extremely familiar with.

It would not have been difficult to release a GPU or other LLM-specific processor to go along with the POWER11. They'd been working on the POWER11 for 4 years, they knew in 2020 that LLMs had a strong potential to be significant for Big Data processing - an area you use big iron for, they're not rank amateurs, they have plenty of reserve, they could have assembled an emergency team to build a vector processor that was custom-designed for just LLM work, and released an LLM processor card that could run circles around nVidia.

They didn't. Because, as has happened before, their management is simply too stupid and too slow.

Comment Thought for the day (Score 1) 37

What if...

Someone (say someone who was familiar with doxygen and GCC) developed number of comment types, where some stipulated preconditions that must be true for the function to run correctly, postconditions that must be true once the function has run, kernel facilities that the function definitely needs, and kernel facilities that the function definitely doesn't need. These would all be optional for any given function.

A static checker could then validate if the code meets the behaviour expected by the programmer. This is precisely what is done in SPARK, a fork of Ada for high-reliability code. Combined with existing static checker capabilities, this would greatly increase the number of bugs that could be caught with all kinds of tools, AI included.

It could ALSO build a full fine-grained mapping for any fine-grained mandatory access controls system. You'd also want includes that you could import for precompiled libraries. This would allow someone to verify if the code was making unanticipated/undesirable calls but would also make SELinux possible to develop for at the application level.

It would not be trivial. If it was trivial, it would have been done simply because it already IS done in other languages and that makes it "obvious" to anyone who has been programming for a while. However, it should not be massively complicated, simply because you can use AI as the static checker. Once it has a definite set of bounda that must be satisfied, it should be much more capable of knowing what paths would violate those bounds. Which means that the checker stage essentially is trivial today, leaving only the markup stage.

Comment The challenge (Score 1) 109

Is to set coursework and exams that are specifically crafted to exploit where AI is weak or prone to hallucinate.

You do not ban cheating, because those who cheat will inevitably find ways to circumvent the ban.

Rather, you exploit the properties of the mechanisms of cheating to ensure that those who actually understand the ideas are marked relatively highly (regardless of whether they reach the textbook conclusion) and whose who do not understand the ideas cannot do well even if they give what is in the textbook.

The interest should not be in precise answers, but in precise use of tools of reasoning and analysis, because this is what actually matters when it comes to understanding. Yes, it means you can't standardise so easily, and you have to devise things in ways that don't penalise intuitive thinkers over methodical thinkers, but you cannot teach a subject properly if you are only concerned about the surface.

Comment Re:American Open Weight Models (Score 1) 109

Wait, what? They're *making* money now? Last I heard they were still playing shell games with pretend money in a financial merry-go-round of pinky swear deals to make it seem like they are somehow not haemorrhaging quite so many hundreds of billions of dollars as they actually are to try and keep the VC funding flowing in.

The AI endgame, sure. That's totally going to be the kind of bait and switch that Google pulled when they transitioned from a search provider into an ad provider; get everyone hooked on your services, then monetise all the data you've captured and start cranking up the token fees until your customers (only they are actually more your "product" now) squeal, then turn it up some more while offering a rent-seeking subscription model that looks like a good deal until you realise (too late) what they've buried in the small print.

Drug pushers are probably looking at the tech industry in awe at this point.

Comment Bleagh, (Score 1) 87

You can get Veracrypt to work with the Mac, via FUSE, but I don't know how safe/robust that is. It's probably more secure than anything Apple has. It's certainly more secure than anything Microspot has.

But, yeah, it's getting extremely irritating that useful stuff is being taken out of commercial OS' and junk put in.

Comment Re:wow, clever. (Score 1) 49

Previous planetary probes have done figure-8s around the Earth & Moon to build up velocity before heading off for their target planets, so you could possibly do something similar with this to shorten the transit time; a few laps to provide initial acceleration to escape velocity, then coast to Mars using the panels to keep any systems ticking over and batteries topped off. Mars orbital insertion might need a little thought as to how to manage deceleration, or a secondary means of braking propulsion, if you can't do that using Mars' gravity alone though.

Comment Re:The secret word is "trust". (Score 1) 2

The DoD is known for viruses transporting payloads across airgaps onto Internet-connected machines. One thing it isn't is "so secure".

But, to the extent that it IS secure, it uses pretty much what I outlined. They use Class 3 certs for all users and all machines, and have done since about 2001. The US Navy got to trial run thei system to shake down the defects in the design, before they rolled it out to everyone. Beyond that, they use segregated networks (in principle, physical separation rather than logical separation, but who knows?) and encrypted communications.

What I've done above is take what the US DoD uses today, threw in what the US DoD recommended but never actually implemented in the 70s to fill in some of the gaps, and also included what the US DoD implemented and actually used in the way of Trusted OS deisgns in the 70s and 80s. The NSA and IRS likely use some variants on the same techniques.

So, what I've got above is pretty much why the DoD is as secure as it is.

What I've done is augmented it to handle the fact that you need to verify the hardware and not just the endpoint, and that you need to verify the physical host independently of the logical host. But that's pretty much it.

Comment Re:ok (Score 1) 20

There are at least a few teams out there doing just that. In this case, finding software bugs, get one LLM to look for potential bugs, and use a second independent LLM to try and validate the potential exploits it finds / develop a PoC. Depending on what you are doing and how critical/sensitive the code is, you could also add more independent LLMs in each group to provide additional layers assurance before any output is passed over for human review.

There's also supposed to be a training loop with LLMs, so you should be flagging any false positives and feeding those back into your model so that the quality of findings improves. The current versions of Mythos/Fable might not be perfect, and probably never will be, but with a few more iterations Anthropic should be able to decrease the FP rate considerably, and ultimately that's going to be a big win for everyone with an interest in bug & exploit free code.
User Journal

Journal Journal: Thoughts on confidential computing 2

https://www.theregister.com/security/2026/07/04/confidential-computings-core-trust-mechanism-is-broken-the-fix-may-not-exist/5266056

The claim in The Register is that confidential computing might not be a fixable problem. I am not going to claim I have "the solution", or that the solution I have come up with meets either the requirement of being necessary or sufficient, but I would argue that it adequately challenges the assumption that the problem cannot be solved at all.

User Journal

Journal Journal: Thoughts regarding confidential computing

https://www.theregister.com/security/2026/07/04/confidential-computings-core-trust-mechanism-is-broken-the-fix-may-not-exist/5266056

The claim in The Register is that confidential computing might not be a fixable problem. I am not going to claim I have "the solution", or that the solution I have come up with meets either the requirement of being necessary or sufficient, but I would argue that it adequately challenges the assumption that the problem cannot be solved at all.

Comment Re:Interesting and disappointing (Score 1) 19

That is true, but the archaeology shows that this won't work for all island-hopping or all river navigation.

For example, we have clear evidence of hominins not just living on islands across the Mediterranean when no ice was present (it was free-standing water) but commuting to and from shore. We also have evidence of technologies travelling upstream along river-based communities at speeds that cannot be accounted for by simply walking.

So we need a model in which they could actively navigate against the water flow AND across significant distances of open water.

Slashdot Top Deals

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"

Working...