Linux may go away in the US. And the damage done will be extreme. But, you know, from history there is a pattern that may apply here: Empires in decline trying to redefine reality with laws that make no sense but do accelerate that decline. This may be what we are seeing here: An increasing distance between reality and the laws that get made.

But Linux will be fine. Its massive benefits will just stop being available in some regions of the planet.

A closed-source distro can be made compliant. A preinstallation can be made compliant. Linux cannot be made compliant and you can simply remove this check by a reinstallation or a respective script that runs from an external boot medium. Trivial. Easy enough that a smart 10 year old can do it.

The only way compliance could be forces in FOSS is to outlaw using and running most of that FOSS. Even these utterly dumb lawmakers will find that extremely destructive and far too expensive for them.

Thanks for the confirmation. How pathetic.

There is a solution to the AI slop problem: Hire competent, experienced engineers and let them make the tech decisions. That is just not a solution Microsoft can implement, because they do not have the understanding what it takes to make solid products. They would have the money and if they offer enough, they would even get some of the really good engineers that have turned away from Microsoft in disgust a long time ago.

What likely does not have a solution is the sheer mountain of technological debt they have in most of their products. They are now at a point where most changes break something in some unexpected place. The only fix at that point is to throw it away and do a reimplementation with fundamental architectural fixes. This requires a 5 year or so stagnation period. And it is very expensive. And it needs to be done by the right people, which MS very likely does not have or they would not be in this mess. It also requires understanding that you are in a deep, existential crisis. But it can be done. I just do not think MS can do it. And hence what they are going to do is slowly heading for a collapse where issues they cannot fix anymore (because too much breaks when they try) have piled high enough for their main products to become unusable.

It is called a mountain of technological debt. The whole thing is a fragile mess and cannot be fixed anymore, but any changes come with huge risks. Essentially, fixing one thing breaks three others in surprising and unexpected places. Which is pretty much the pattern we are seeing.

As to that "commitment to software quality, reliability and stability", that is just them acknowledging there is a serious issue because they understand they cannot hide it. So they decided to at least get some fake appearance of honesty out of it. Of course, the commitment is not real. Same as "Security is our highest priority" stated by MS twice now after massive screw-ups. The screw-ups simply continued after that.

Hence MS will just continue to slowly make things worse, because the mess they made cannot be fixed and their business model requires constant changes in functionality, which the most effective enemy of "quality, reliability and stability". In a sense, MS products are low key "constant delivery scams", where the next version or the one after is promised to finally be the one that is great and will make it all worthwhile. They would actually need to throw it (Windows, Office, Azure, etc.) away and start over and they would need to get actually competent and experienced engineers to make the decisions. People which they probably do not even employ anymore and whose value MS management never understood.

Well, guess what, if you massively prioritize revenue over engineering quality, you can, in a over-hyped and immature field, make stellar profits for a while. What you cannot do is deliver a good product. And at some time (and MS is there already), you cannot even deliver a mediocre product anymore.

I think you're describing the models from a year ago. Most of the improvements in capability since then (and the improvements have been really large) are directly due to changes that have the AI model talk to itself to better reason out its response before providing it, and one of the results of that is that most of the time they absolutely can explain why they did what they did. There are exceptions, but they are the exception, not the rule.

It's interesting to compare this with humans. Humans generally can give you an explanation for why they did what they did, but research has demonstrated pretty conclusively that a large majority of the time those explanations are made up after the fact, they're actually post-hoc justifications for decisions that were made in some subconscious process. Researchers have demonstrated that people are just as good at coming up with explanations for decisions they didn't make as for decisions they did! The bottom line is that people can't really provide useful insights on why they did what they did, they're just really good at inventing post-hoc rationales.

If you're asserting that Greg Kroah-Hartman can't code worth a damn, you might want to find out who he is and think again.

And the law of large numbers. Statistically, there will but patch clusters, the same way there are clusters of every other random-ish event. The fact that one happens to occur right after Microsoft promises a commitment to predictable patch schedules means not just nothing the but opposite. Any commitment to doing better means that they recognize they haven't been doing well enough, and obviously it's not possible to do significantly better immediately; changing processes takes time, and observing the effects of those changes takes even longer.

So, no, this cluster of patches doesn't tell us anything in particular beyond what we already knew: That emergency patches are relatively common.

Yes, but... I think you're confusing some things. We're talking about AES, which is a symmetric encryption algorithm, not asymmetric.

Of course, no cryptographic construction has been "proven" secure, in the sense that mathematicians use the word "prove", not symmetric or asymmetric. Asymmetric schemes have an additional challenge, though, which is they have to have some sort of "trapdoor function" that mathematically relates a public key and a private key, and the public key has to be published to the attacker. Classical asymmetric cryptography is built by finding a hard math problem and building a scheme around it -- which means that a solution to the math problem breaks the algorithm.

Symmetric systems have it a bit easier, because the attacker doesn't get to see any part of the key or anything related to the key other than plaintext and corresponding ciphertext (though the standard bar is to assume the attacker has an oracle that allows them to get plaintext of arbitrary ciphertexts, i.e. the Adaptive Chosen Ciphertext attack, IND-CCA2). And the structure of symmetric ciphers isn't usually built around a specific math problem. Instead, they tend to just mangle the input in extremely complex ways. It's hard to model these mathematically, which makes attacking them with math hard.

In both cases, we are unable to prove that they're secure. When I started working on cryptography, the only basis for trust in algorithms was that they'd stood up to scrutiny for a long period of time. That was it. Over the last 20 years or so, we've gotten more rigorous, and "security proofs" are basically required for anyone to take your algorithm seriously today... but they aren't quite like "proofs" in the usual sense. They're more precisely called "reductions". They're mathematically-rigorous proofs that the security of the algorithm (or protocol) is reducible to a small set of assumptions -- but we have to assume those, because we can't prove them.

For most asymmetric schemes, the primary underlying assumption is that the mathematical problem at the heart of the scheme is "hard". Interestingly, there is one family of asymmetric signature schemes for which this is not true. SLH-DSA, one of the post-quantum algorithms recently standardized by NIST, provably reduces to one assumption: That the hash algorithm used is secure, meaning that it has both second pre-image resistance plus a more advanced form of second pre-image resistance. Collision resistance isn't even required! This is striking because we actually have quite a lot of confidence in our secure hash algorithms. Secure hash algorithms are among the easiest to create because all you need is a one-way function with some additional properties. And we've been studying hash functions very hard, for quite a long time, and understand them pretty well.

This means that one of our "new" post-quantum asymmetric algorithms is probably the very strongest we have, not only less likely to be broken than our other asymmetric algorithms, but less likely to be broken than our symmetric algorithms. If it were broken, it would be because someone broke SHA-256 (which, BTW, would break enormous swaths of modern cryptography; it's extremely hard to find a cryptographic security protocol that doesn't use SHA-256 somewhere), and unless that same research result somehow broke all secure hash functions, we could trivially repair SLH-DSA simply by swapping out the broken hash function for a secure one.

This is an entirely different model from the way we looked at cryptography early in my career. SLH-DSA doesn't have decades of use and attack research behind it. Oh, the basic concept of hash-based signatures dates back to the late 70s, but the crucial innovations that make SPHINCS and its descendants workable are barely a decade old! BUT we have a rigorous and carefully peer-reviewed security proof that demonstrates with absolute mathematical rigor that SLH-DSA is secure iff the hash function used in it is secure.

So... a relative newcomer is more trustworthy than the algorithms we've used for decades, precisely because we no longer rely on "hasn't been broken so far" as our only evidence of security.

As for AES, the subject of the discussion above, there is no security proof for AES. There's nothing to reduce it to. There are proofs that it is secure against specific attack techniques (linear cryptanalysis and differential cryptanalysis) that were able to defeat other block ciphers, but those proofs only prove security against those specific attacks, not other attacks that are not yet known. So for AES we really do rely on the fact that it has withstood 20+ years of focused cryptanalysis, and that no one has managed to find an attack that significantly weakens it. That could change at any time, with or without quantum computers.

SLH-DSA, however, is one that very well may be secure forever, against both classical and quantum attacks. The security proof doesn't even care about classical vs quantum, it just proves that any successful attack, no matter how it's performed, provides a way to break the underlying hash function. Therefore, if the hash function is secure, SLH-DSA is secure. It's an incredibly powerful proof, like many proofs by contradiction.

Don't play dumb. It is unbecoming.

You cannot know whether there will be a breakthrough. At this time, all that is known says there will not be one.

As to breakthroughs having happened in other areas, that is not an indicator that one will happen here. That is just a form of survivorship bias.

You are hilariously without insight.

With them currently needing bout 15x as much revenue as they have to keep the lights on? Very improbable indeed.

The question is what bugs they miss. Because that determines whether you still need to do a full review and that review does not actually get mich faster when there are fewer bugs.

It seems meaningless stunts is all that the reminder of what once was "IBM Research" can produce these days.