It sounds to me like the input to the algorithm is truly random, but not unbiased, and the algorithm perfectly unbiases output from the particular source they are using. The rest of the article goes into the type of flaw they're addressing, and talks about very slightly unfair dice, which you could correct, but you'd need to know exactly how unfair they are, and you're always going to be very slightly wrong and end up correcting not quite perfectly. The obvious quantum RNG is to generate polarized light and measure it perpendicular to the polarization, but you'd still need to get it perfectly perpendicular. It sounds like they've built something that doesn't rely on precise alignment to give a known distribution, which they can then use to unbias the output perfectly.

It's pretty close to being an MP3 marked as a BMP, actually. It's the result of taking a reversable transformation of the audio signal that separates out the different perceptible components and then discarding the ones that matter least, and keeping the important ones in a convenient form for accessing them. It's the first step you'd take if you wanted a computer to identify speakers or what they were saying. The only part that's image-related is making the diagram, but getting back to the data is just taking the pixel values.

I suspect that they started using spectrograms in reports at a time when getting back the data from the image would have lost too much quality to printing and scanning to hear anything as quiet as voices, but PDFs with lossless images retain all of that.

I suspect part of it is that the mitigation for DirtyFrag covers it, so everyone who blocked all the modules in question when that had only an incomplete patch probably hasn't unblocked them yet. I think this is the 4th patch for these modules, and only got a new name rather than just "there's still a way to get this code to do the wrong thing" because a different outside team found this one.

Yeah, and the person who released the information first was operating in an "if I noticed this, doing only as much as I'm doing, surely attackers would also notice" mode. Possibly some patches these days are sufficiently obvious as to their correctness and also effect that they should first become public as a set of stable releases. This was a kind of special case, as CopyFail was the combination of some code doing something strange with one user not being prepared for it, and fixed the user. If there are other users that also aren't prepared, fixing them isn't going to be subtle.

How shadows and reflections move when you're 10 milies from a mostly flat surface a thousand miles across is legitimately hard to analyze for a visual system that evolved on the ground, especially if you throw in small periodic surface orientation variations. Given how complicated it is to explain rare rainbow-related phenomena like sun dogs, it would be surprising if we'd identified and explained everything that can appear when flying above the ocean.

While you're at it, you also need to block installing esp4, esp6, and rxrpc, for, y'know, reasons.

According to the article, they (by way of their cloud provider) had DR backups, which they were able to get restored. But getting offline backups restored takes longer than the SLAs they give their customers and loses some data that hasn't been copied offline yet, which is why they also have backups that are complete and immediately available, using the API key that the attacker -- sorry, AI -- found in a file it wasn't supposed to have access to.

Hey, these AI's learned to CYA - they're smarter than I thought!

I think the rationale is that the income/wealth of the top 1% has been increasing while everyone else has lost share:

"In the past 60 years, America witnessed a massive transfer of wealth from the middle class to the wealthiest families, increasing wealth inequality. In 1963, the wealthiest families had 36 times the wealth of families in the middle of the wealth distribution. By 2022, they had 71 times the wealth of families in the middle." (Urban Institute)

"According to the Federal Reserve, the net worth of America’s top 1% reached a record share of nearly 32% of total U.S. wealth in the third quarter of 2025. . In contrast, the bottom 50% of Americans together held only about 2.5% of total net wealth." (Economics Insider)

So economic growth over the past half-century has disproportionately helped the wealthiest Americans, not least because of intense lobbying by said wealthy individuals.

Then there's this:

NVIDIA CEO Jensen Huang, whose estimated net worth of $155-162 billion would subject him to a roughly $8 billion tax bill, said he is "perfectly fine" with the proposal.

"We chose to live in Silicon Valley, and whatever taxes they would like to apply, so be it," Huang recently told Bloomberg Television. "I've got to tell you, I have not even thought about it once."

Source: Kiplinger.com

Got of those, too (the early USB 1 ones, with the exposed ATAPI connector. I ended up buying Iomega's Firewire expansion that attaches on the back of the slim USB and latches on that ATAPI connector, as Firewire 400 had much better bandwidth than USB 1, provided enough power and thus required only a single cable, and I had a cheap Firewire 400 adapter laying around from some video project (funily: the Firewire 400 card was a free bundle bundled with some crappy movie software that was selling poorly and was on heavy sale at the shop I bought it from. Threw the useless CD, kept the Firewire card).

Mine still works too. The most difficult was trying to find the barrel power plug (since back in the days I was mostly using the Firewire attachment and because Firewire provides enough power, I wasn't using the barrel jack much. Nowadays most of my machine are USB only.

Yup. The slim USB were also a good solution to carry data around.
Bring the slim USB and the cables at the university, download shit with the fast bandwidth, then bring the drive back home, plug into the Firewire attachment and load it onto the computer.
Later the university aquired computers (from Dell) that came with ZIP IDE drive built in, so I only carried the Zip250 disks and kept the drive permanently plugged into the Firewire attachement. And almost lost the power barrel adapter as mentioned above.

Verizon's 2 Gbps Fios home service doesn't support IPv6, due apparently to them picking hardware for this particular service that doesn't handle it. Their other service does handle it, including slower home Fios, but not that in particular.

Yes, that ass-backward approach came in my mind.
Your bank notes are too easy to copy now that color photocopiers and color laser printers are a thing?
- Rest of the world: make better banknotes (see swiss money, euros, etc.)
- USA: make bank note detection software mandatory on each piece of tech (HP and other US manufacturers have a boner at the thoughts of the sudden illegalness of cheaper competitors from countries without that function) and also mandate yellow dot tracking (now in addition the police-state is having a boner, too) (*).
- Rest of the world: why the hell is my color cartridge constantly empty on yellow and why is this preventing my to print even black and white?

Same here:
USA: has a problem of violence, bonkers level of gun proliferation, on tops of tons of ways to make life shitty for everyone (lack of proper health care, social welfare, etc.)
also the USA: lets add "gun detectors" to 3D printers so nobody prints a gun without a serial number. Surely that's the best solution to address all of the above, right?

Trouble is that this time, most 3D manufacturers ARE NOT in the USA.
Most of them are in China, and the US is only a fraction of their exports, and the required function requires magnitude more compute power to implement than the tiny micro-controller that is usually found in those printers and implementing would require massively driving up the cost of the printer.
Chance are high that the manufacturer will just say f-u, and merely just stop selling complete pre-assembled kit to the USA, only stuff that can circumvent the restrictions (e.g., kits with only motor and drivers that require adding a sold-separately microcontroller).

---

(*): fun fact: on some printers (E.g. with very low memory) those "functionnalities" were implemented in the drivers instead.
My ancient HP color lasterjet works this way. There are no yellow dot when I print from CUPS.

It's entirely possible that the "gun detection" is going to be the same: crappy buggy detection +additional privacy invading tracking implemented into the management software shipped next to the 3D printer as the MCU cannot handle that. Circumventable by downloading Octoprint from some european server and running that on a Pi to manage the printers.

It uses VRTX, reportedly. Linux wasn't suitable as a real-time OS when the Hubble was designed, or really even when the Hubble got the 486 installed in 2009.

The LitleLLM packages were comprimosed on Tuesday. The packages compromised today were telnyx 4.87.1 and 4.87.2. It's the same root cause: credentials exposed to a compromised version of Trivy earlier were used to make an unauthorized release of a compromised version of a different package.

Not even the application, just a 120 byte-long binary patch.

And that chunk doesn't have any weirdness that requires a seasoned and actually human reverse-engineer.
(Think segmented memory model on anything pre "_64" of the x86 family - the kind of madness that can kill Ghidra).

Also, if it's not from the 8bit era or the very early 16bit era, chances are high that this bit of machine code didn't start as hand-written assembler but some higher-level compiled language (C most likely). It might be better to run Ghidra on it and have some future ChatBot trained on making sense of that decompiled code.

In short there so many thousands of blockers that have been carefully avoided by going to that 40 year old 120-byte long patch of 6502 binary.