Read.
![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
smbc_comics_feed at 11:20am on 22/04/2026
Hovertext:
Have I mentioned SMBC's ad-free patreon page?
bruce_schneier_feed at 11:02am on 22/04/2026ICE has admitted that it uses spyware from the Israeli company Graphite.
bruce_schneier_feed at 11:04am on 21/04/2026Grupo Seguritech is a Mexican surveillance company that is expanding into the US.
savagelove_feed at 11:00am on 21/04/2026Are there rules to revealing a cheating ex on social media? Three weeks ago, I confronted my boyfriend about his repeated requests that we “find a time to talk.” These requests were never followed by any actual talk. We’d been together for three years by then. After his third futile attempt (“We still need to … Read More »
The post The Reveal appeared first on Dan Savage.
savagelove_feed at 11:00am on 21/04/2026Sometimes the questions we get here at Savage Lovecast Industries™ are nothing but pragmatic. A man with a moldy home asks how he can properly dry his Fleshlight. Seems important. A woman fell off a trapeze 15 years ago and has suffered sexual dysfunction ever since. Dan brings on pelvic floor therapist Dr. Rachel Gelman … Read More »
The post Not *THIS* Unicorn’s Ass… appeared first on Dan Savage.
xkcd_feed at 04:00am on 20/04/2026
coding_horror_feed at 05:21pm on 20/04/2026
It's been one of those months, and by that, I mean one of the 663 months since I was born. This won't be a long post, because I only have two things to say. First, I'm really glad we re-ordered the GMI (Guaranteed Minimum Income) rural study counties so Mercer County, WV, my Dad's county, went first in October 2025. I knew dad was close to the end, and sure enough, that was the last time I ever saw him.
You can kinda sorta meet my dad on this page, if you want to.
Jeff Atwood
I knew this was coming, and so did he. There is no loss, because nothing ever ends.
All those experiences I had with my father, particularly that last October trip, will stay with me forever. Nothing was lost. Everything was gained. We won capitalism, then went back to help improve it for everyone. And believe me, I'm far from being done with my third startup.
Second, I want to take a moment to thank everyone – and I do mean everyone – who ever contributed to Stack Overflow in any way. And lucky you, it's not Starship this time!
Did you know that LLMs basically could not code at all without access to the extremely high quality creative commons programming Q&A dataset that all of us built together at Stack Overflow? Don't take it from me, ask the LLMs. They'll tell you themselves. Go ahead. G'wan. Ask. Really grill 'em on this one. I strongly recommend you use pro mode when asking, though, because those are the only decent LLM modes in my experience. It is incredible what you can do with global brain statistics and a strongly curated dataset created by we, the people!
One last thing. If the LLMs end up hollowing out the very communities that produce all their training data, they're going to really, really regret that. I'll give these LLM / GAI companies the same advice I gave Joel Spolsky when I left Stack Overflow to start Discourse – do not, for any reason, under any circumstances, kill the goose that lays the golden eggs, aka the human community around your product that does all the real work. It's pretty simple. Just treat the community with the respect they deserve... that we all deserve.
Thank you for being a friend, because there's no way I could have done any of this without you. 💛
smbc_comics_feed at 11:20am on 20/04/2026
Hovertext:
I read a guy the other day saying all cognitive tasks will be automated, so it's important to stay flexible, and all I can figure is he was imagining humans would make a good building material.
bruce_schneier_feed at 11:07am on 20/04/2026The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back.
I don’t know. The article is convincing, but it’s written to be convincing.
I can’t remember if I ever met Adam. I was a member of the Cypherpunks mailing list for a while, but I was never really an active participant. I spent more time on the Usenet newsgroup sci.crypt. I knew a bunch of the Cypherpunks, though, from various conferences around the world at the time. I really have no opinion about who Satoshi Nakamoto really is.
smbc_comics_feed at 11:20am on 19/04/2026
Hovertext:
The funny part is every action in your life turns SOME torture dial!
smbc_comics_feed at 11:20am on 18/04/2026
Hovertext:
I'm pretty sure this is how Stoicism works, just more douchey.
bruce_schneier_feed at 09:05pm on 17/04/2026Pretty fantastic video from Japan of a giant squid eating another squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
smbc_comics_feed at 11:20am on 17/04/2026
Hovertext:
The key is to put the self-on-fire at the beginning of the video and promise to show that it technically cures cancer, but only if you watch to the end without skipping.
savagelove_feed at 11:00am on 17/04/2026Meet Michael who with the help of “Gary” goes through the looking glass into the twilight world of the bisexual male. It all starts out with your typical, wholesome 100-guy jack-off session. And then things take a bit of a turn… Whoever invented Zoom, most likely didn’t predict *this* sort of thing would happen. If … Read More »
The post After Action Report #25 appeared first on Dan Savage.
bruce_schneier_feed at 11:02am on 17/04/2026Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations—Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical infrastructure—under an initiative called Project Glasswing.
The announcement was accompanied by a barrage of hair-raising anecdotes: thousands of vulnerabilities uncovered across every major operating system and browser, including a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg. Mythos was able to weaponize a set of vulnerabilities it found in the Firefox browser into 181 usable attacks; Anthropic’s previous flagship model could only achieve two.
This is, in many respects, exactly the kind of responsible disclosure that security researchers have long urged. And yet the public has been given remarkably little with which to evaluate Anthropic’s decision. We have been shown a highlight reel of spectacular successes. However, we can’t tell if we have a blockbuster until they let us see the whole movie.
For example, we don’t know how many times Mythos mistakenly flagged code as vulnerable. Anthropic said security contractors agreed with the AI’s severity rating 198 times, with an 89 per cent severity agreement. That’s impressive, but incomplete. Independent researchers examining similar models have found that AI that detects nearly every real bug also hallucinates plausible-sounding vulnerabilities in patched, correct code.
This matters. A model that autonomously finds and exploits hundreds of vulnerabilities with inhuman precision is a game changer, but a model that generates thousands of false alarms and non-working attacks still needs skilled and knowledgeable humans. Without knowing the rate of false alarms in Mythos’s unfiltered output, we cannot tell whether the examples showcased are representative.
There is a second, subtler problem. Large language models, including Mythos, perform best on inputs that resemble what they were trained on: widely used open-source projects, major browsers, the Linux kernel and popular web frameworks. Concentrating early access among the largest vendors of precisely this software is sensible; it lets them patch first, before adversaries catch up.
But the inverse is also true. Software outside the training distribution—industrial control systems, medical device firmware, bespoke financial infrastructure, regional banking software, older embedded systems—is exactly where out-of-the-box Mythos is likely least able to find or exploit bugs.
However, a sufficiently motivated attacker with domain expertise in one of these fields could nevertheless wield Mythos’s advanced reasoning capabilities as a force multiplier, probing systems that Anthropic’s own engineers lack the specialized knowledge to audit. The danger is not that Mythos fails in those domains; it is that Mythos may succeed for whoever brings the expertise.
Broader, structured access for academic researchers and domain specialists—cardiologists’ partners in medical device security, control-systems engineers, researchers in less prominent languages and ecosystems—would meaningfully reduce this asymmetry. Fifty companies, however well chosen, cannot substitute for the distributed expertise of the entire research community.
None of this is an indictment of Anthropic. By all appearances the company is trying to act responsibly, and its decision to hold the model back is evidence of seriousness.
But Anthropic is a private company and, in some ways, still a start-up. Yet it is making unilateral decisions about which pieces of our critical global infrastructure get defended first, and which must wait their turn.
It has finite staff, finite budget and finite expertise. It will miss things, and when the thing missed is in the software running a hospital or a power grid, the cost will be borne by people who never had a say.
The security problem is far greater than one company and one model. There’s no reason to believe that Mythos Preview is unique. (Not to be outdone, OpenAI announced that its new GPT-5.4-Cyber is so dangerous that the model also will not be released to the general public.) And it’s unclear how much of an advance these new models represent. The security company Aisle was able to replicate many of Anthropic’s published anecdotes using smaller, cheaper, public AI models.
Any decisions we make about whether and how to release these powerful models are more than one company’s responsibility. Ultimately, this will probably lead to regulation. That will be hard to get right and requires a long process of consultation and feedback.
In the short term, we need something simpler: greater transparency and information sharing with the broader community. This doesn’t necessarily mean making powerful models like Claude Mythos widely available. Rather, it means sharing as much data and information as possible, so that we can collectively make informed decisions.
We need globally co-ordinated frameworks for independent auditing, mandatory disclosure of aggregate performance metrics and funded access for academic and civil-society researchers.
This has implications for national security, personal safety and corporate competitiveness. Any technology that can find thousands of exploitable flaws in the systems we all depend on should not be governed solely by the internal judgment of its creators, however well intentioned.
Until that changes, each Mythos-class release will put the world at the edge of another precipice, without any visibility into whether there is a landing out of view just below, or whether this time the drop will be fatal. That is not a choice a for-profit corporation should be allowed to make in a democratic society. Nor should such a company be able to restrict the ability of society to make choices about its own security.
This essay was written with David Lie, and originally appeared in The Globe and Mail.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
boxofdelights in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
wiscon at 11:23pm on 16/04/2026smbc_comics_feed at 11:20am on 16/04/2026
Hovertext:
Later it turns out the duck was getting with a porcupine and had a litter of Echidnas.
savagelove_feed at 01:40pm on 16/04/2026I’m curious to see where Savage Lovers come down on this one… I am a 25-year-old male going through a disruptive transition period after a secret of mine got out. Here goes: I developed a panty fetish in middle school thanks to the ease with which I could search for pictures of panties and thongs … Read More »
The post The Thursday Letter: Panty Thief Outed By Aggrieved Ex appeared first on Dan Savage.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
|
1
|
2
|
3
|
||||
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
|
11
|
12
|
13 |
14
|
15
|
16
|
17
|
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
|
25
|
26
|
27
|
28
|
29
|
30
|
