Yeah, and the person who released the information first was operating in an "if I noticed this, doing only as much as I'm doing, surely attackers would also notice" mode. Possibly some patches these days are sufficiently obvious as to their correctness and also effect that they should first become public as a set of stable releases. This was a kind of special case, as CopyFail was the combination of some code doing something strange with one user not being prepared for it, and fixed the user. If there are other users that also aren't prepared, fixing them isn't going to be subtle.

How shadows and reflections move when you're 10 milies from a mostly flat surface a thousand miles across is legitimately hard to analyze for a visual system that evolved on the ground, especially if you throw in small periodic surface orientation variations. Given how complicated it is to explain rare rainbow-related phenomena like sun dogs, it would be surprising if we'd identified and explained everything that can appear when flying above the ocean.

While you're at it, you also need to block installing esp4, esp6, and rxrpc, for, y'know, reasons.

According to the article, they (by way of their cloud provider) had DR backups, which they were able to get restored. But getting offline backups restored takes longer than the SLAs they give their customers and loses some data that hasn't been copied offline yet, which is why they also have backups that are complete and immediately available, using the API key that the attacker -- sorry, AI -- found in a file it wasn't supposed to have access to.

Hey, these AI's learned to CYA - they're smarter than I thought!

I think the rationale is that the income/wealth of the top 1% has been increasing while everyone else has lost share:

"In the past 60 years, America witnessed a massive transfer of wealth from the middle class to the wealthiest families, increasing wealth inequality. In 1963, the wealthiest families had 36 times the wealth of families in the middle of the wealth distribution. By 2022, they had 71 times the wealth of families in the middle." (Urban Institute)

"According to the Federal Reserve, the net worth of America’s top 1% reached a record share of nearly 32% of total U.S. wealth in the third quarter of 2025. . In contrast, the bottom 50% of Americans together held only about 2.5% of total net wealth." (Economics Insider)

So economic growth over the past half-century has disproportionately helped the wealthiest Americans, not least because of intense lobbying by said wealthy individuals.

Then there's this:

NVIDIA CEO Jensen Huang, whose estimated net worth of $155-162 billion would subject him to a roughly $8 billion tax bill, said he is "perfectly fine" with the proposal.

"We chose to live in Silicon Valley, and whatever taxes they would like to apply, so be it," Huang recently told Bloomberg Television. "I've got to tell you, I have not even thought about it once."

Source: Kiplinger.com

Got of those, too (the early USB 1 ones, with the exposed ATAPI connector. I ended up buying Iomega's Firewire expansion that attaches on the back of the slim USB and latches on that ATAPI connector, as Firewire 400 had much better bandwidth than USB 1, provided enough power and thus required only a single cable, and I had a cheap Firewire 400 adapter laying around from some video project (funily: the Firewire 400 card was a free bundle bundled with some crappy movie software that was selling poorly and was on heavy sale at the shop I bought it from. Threw the useless CD, kept the Firewire card).

Mine still works too. The most difficult was trying to find the barrel power plug (since back in the days I was mostly using the Firewire attachment and because Firewire provides enough power, I wasn't using the barrel jack much. Nowadays most of my machine are USB only.

Yup. The slim USB were also a good solution to carry data around.
Bring the slim USB and the cables at the university, download shit with the fast bandwidth, then bring the drive back home, plug into the Firewire attachment and load it onto the computer.
Later the university aquired computers (from Dell) that came with ZIP IDE drive built in, so I only carried the Zip250 disks and kept the drive permanently plugged into the Firewire attachement. And almost lost the power barrel adapter as mentioned above.

Verizon's 2 Gbps Fios home service doesn't support IPv6, due apparently to them picking hardware for this particular service that doesn't handle it. Their other service does handle it, including slower home Fios, but not that in particular.

Yes, that ass-backward approach came in my mind.
Your bank notes are too easy to copy now that color photocopiers and color laser printers are a thing?
- Rest of the world: make better banknotes (see swiss money, euros, etc.)
- USA: make bank note detection software mandatory on each piece of tech (HP and other US manufacturers have a boner at the thoughts of the sudden illegalness of cheaper competitors from countries without that function) and also mandate yellow dot tracking (now in addition the police-state is having a boner, too) (*).
- Rest of the world: why the hell is my color cartridge constantly empty on yellow and why is this preventing my to print even black and white?

Same here:
USA: has a problem of violence, bonkers level of gun proliferation, on tops of tons of ways to make life shitty for everyone (lack of proper health care, social welfare, etc.)
also the USA: lets add "gun detectors" to 3D printers so nobody prints a gun without a serial number. Surely that's the best solution to address all of the above, right?

Trouble is that this time, most 3D manufacturers ARE NOT in the USA.
Most of them are in China, and the US is only a fraction of their exports, and the required function requires magnitude more compute power to implement than the tiny micro-controller that is usually found in those printers and implementing would require massively driving up the cost of the printer.
Chance are high that the manufacturer will just say f-u, and merely just stop selling complete pre-assembled kit to the USA, only stuff that can circumvent the restrictions (e.g., kits with only motor and drivers that require adding a sold-separately microcontroller).

---

(*): fun fact: on some printers (E.g. with very low memory) those "functionnalities" were implemented in the drivers instead.
My ancient HP color lasterjet works this way. There are no yellow dot when I print from CUPS.

It's entirely possible that the "gun detection" is going to be the same: crappy buggy detection +additional privacy invading tracking implemented into the management software shipped next to the 3D printer as the MCU cannot handle that. Circumventable by downloading Octoprint from some european server and running that on a Pi to manage the printers.

It uses VRTX, reportedly. Linux wasn't suitable as a real-time OS when the Hubble was designed, or really even when the Hubble got the 486 installed in 2009.

The LitleLLM packages were comprimosed on Tuesday. The packages compromised today were telnyx 4.87.1 and 4.87.2. It's the same root cause: credentials exposed to a compromised version of Trivy earlier were used to make an unauthorized release of a compromised version of a different package.

Not even the application, just a 120 byte-long binary patch.

And that chunk doesn't have any weirdness that requires a seasoned and actually human reverse-engineer.
(Think segmented memory model on anything pre "_64" of the x86 family - the kind of madness that can kill Ghidra).

Also, if it's not from the 8bit era or the very early 16bit era, chances are high that this bit of machine code didn't start as hand-written assembler but some higher-level compiled language (C most likely). It might be better to run Ghidra on it and have some future ChatBot trained on making sense of that decompiled code.

In short there so many thousands of blockers that have been carefully avoided by going to that 40 year old 120-byte long patch of 6502 binary.

There is a lot of leverage done by the "similarly".

Apple's computers run on 6502.
This was an insanely popular architecture. It's been used in metric shit tons of other hardware from roughly that era. There are insane amounts of resource about this architecture. It was usually programmed in assembly. There has been a lot of patching of binaries back then. These CPUs have also been used in courses and training for a very long time, most of which are easy to come by. So there's an insane amount of material about 6502 instructions , their binary encoding, and general debugging of software on that platform that could be gobbled by the training of the model. The architecture is also extremely simple and straightforward with very little weirdness. It could be possible for something that boils down to a "next word predictor" to not fumble too much.

Anything developed in the modern online era, where you would be interested in finding vulnerabilities is going to be multiple order of magnitude more complex (think more multiple megabytes of firmware not a 120 bytes patch), rely on very weird architecture (a kiosk running on some x86 derivative? one of the later embed architecture that uses multiple weird addressing mode?) and very poorly documented.

Also combine this with the fact that we're very far into the "dimishing returns" part of the AI development, where each minute improvement requires even vastly more resources (insanely large datacenter, power requirement of entire cities) and more training material than available (so "habsburg AI" ?), it's not going to get better easily.

The fact that a chat bot can find a fix a couple of grammar mistake in a short paragraph of English doesn't mean it could generate an entire epic poem in a some dead language like Etruscan (not Indo-European, not that many examples have survived, even less Etruscan-Latin or -Greek bilingual texts have survived to assist understanding).
The fact that a chat bot successfully reverse engineered and debugged a 120-byte snipped of one of the most well studied architecture doesn't mean it will easilly debug multi-mega bytes firmware of some obscure proprietary microcontroller.

or just even more solar and wind, so that even on "bad days" you can produce more, and who cares if you have excedent on "good days".

That could well be the result of a FUD campaign by the trillion-dollar meat industry, which may feel threatened by plausible vegan/vegetarian alternatives to their products, which tend to be the result of practices that are cruel and destructive to the environment.

Also, hot dogs, bacon, jerky and deli meats are now considered carcinogenic. Why aren't those considered to be "the epitome of processed food"?