I’ve had a bunch of people ask my thoughts on Anthropic’s Mythos.
-
@lispi314 @GossiTheDog @dalias @azonenberg That's not what they're saying though. From the wiki "krb5p
Kerberos authentication, integrity, and privacy. This is the most secure flavor of NFS. Not only does it provide authentication and integrity, but the entire RPC payload is encrypted. Thus a passive eavesdropper can see nothing but RPC headers. krb5p is a good choice for insecure networks, including wireless networks. "@trademark @lispi314 @GossiTheDog @azonenberg Running a NFS server in kernelspace is no less backwards than running a httpd in kernelspace (something Linux folks actually tried at one point; it was eventually removed).
Yes there will always be apologists for it. I am not worried about being considered rude when I state that this is just completely untenable from both a security standpoint and a good software engineering standpoint.
-
@lispi314 @GossiTheDog @dalias @azonenberg Please direct your suggestions to the FreeBSD people directly, they are easily contactable.
-
@trademark @lispi314 @GossiTheDog @azonenberg Running a NFS server in kernelspace is no less backwards than running a httpd in kernelspace (something Linux folks actually tried at one point; it was eventually removed).
Yes there will always be apologists for it. I am not worried about being considered rude when I state that this is just completely untenable from both a security standpoint and a good software engineering standpoint.
@dalias @lispi314 @GossiTheDog @azonenberg Please tell this to the FreeBSD people, I am sure they will appreciate your insights.
-
@lispi314 @GossiTheDog @dalias @azonenberg Please direct your suggestions to the FreeBSD people directly, they are easily contactable.
@trademark @lispi314 @GossiTheDog @azonenberg We're not making technical recommendations for the FreeBSD team here. Anyone who actually has reason to use NFS knows the risks/tradeoffs and if they're choosing to use something that's going to get them popped that's on them, not on the FreeBSD team.
We're debunking hype that's intentionally exploiting the ignorance of people like yourself about what component was actually vulnerable and whether it's actually something important and noteworthy like Anthropic's propaganda department would have folks believe.
-
@trademark @lispi314 @GossiTheDog @azonenberg We're not making technical recommendations for the FreeBSD team here. Anyone who actually has reason to use NFS knows the risks/tradeoffs and if they're choosing to use something that's going to get them popped that's on them, not on the FreeBSD team.
We're debunking hype that's intentionally exploiting the ignorance of people like yourself about what component was actually vulnerable and whether it's actually something important and noteworthy like Anthropic's propaganda department would have folks believe.
@dalias @lispi314 @GossiTheDog @azonenberg That's not debunking. Actual debunking would be to provide evidence that what Anthropic achieved was not actually technically difficult. Instead of doing that you chose to insult FreeBSD. Instead of providing technical arguments you displayed your ignorance of the last 20 years of progress in NFS. Fascinating how somebody can be so wrong and still sound so arrogant.
-
@dalias @lispi314 @GossiTheDog @azonenberg That's not debunking. Actual debunking would be to provide evidence that what Anthropic achieved was not actually technically difficult. Instead of doing that you chose to insult FreeBSD. Instead of providing technical arguments you displayed your ignorance of the last 20 years of progress in NFS. Fascinating how somebody can be so wrong and still sound so arrogant.
@dalias @lispi314 @GossiTheDog @azonenberg Oh, and also, earlier you said: 'I'm not going to address any claims about whether the "technical capabilities of their new model" are a thing.' But this is exactly what you need to do if you want to debunk what Anthropic is saying.
-
@dalias @lispi314 @GossiTheDog @azonenberg That's not debunking. Actual debunking would be to provide evidence that what Anthropic achieved was not actually technically difficult. Instead of doing that you chose to insult FreeBSD. Instead of providing technical arguments you displayed your ignorance of the last 20 years of progress in NFS. Fascinating how somebody can be so wrong and still sound so arrogant.
@trademark @lispi314 @GossiTheDog @azonenberg I am debunking the fraudulent importance from misrepresenting what software the vuln was in.
Whether their technical claims are bullshit is another completely legitimate area for debunking but not the one I'm engaged with in this thread.
-
@trademark @lispi314 @GossiTheDog @azonenberg Running a NFS server in kernelspace is no less backwards than running a httpd in kernelspace (something Linux folks actually tried at one point; it was eventually removed).
Yes there will always be apologists for it. I am not worried about being considered rude when I state that this is just completely untenable from both a security standpoint and a good software engineering standpoint.
@dalias
Unikernel is a way of achieving the same goal in a way that is reasonable from security point of view. -
@trademark @lispi314 @GossiTheDog @azonenberg I am debunking the fraudulent importance from misrepresenting what software the vuln was in.
Whether their technical claims are bullshit is another completely legitimate area for debunking but not the one I'm engaged with in this thread.
@dalias @lispi314 @GossiTheDog @azonenberg No, it is not fraud when you call something in the FreeBSD base system for FreeBSD code. If the code had been third-party code in ports you'd have had point. But that is not the case, so you are wrong again.
-
@lispi314 @GossiTheDog @dalias @azonenberg The point of what Anthropic did was to demonstrate how good the new model is. Whether the NFS code should be in the kernel or not is an interesting discussion. However the fact is that exploiting kernel-level code usually is harder than attacking userspace programs. So when the AI succeeded in doing just that it is an indication of how technically skilled it is compared to earlier versions.
-
@lispi314 @GossiTheDog @dalias @azonenberg The point of what Anthropic did was to demonstrate how good the new model is. Whether the NFS code should be in the kernel or not is an interesting discussion. However the fact is that exploiting kernel-level code usually is harder than attacking userspace programs. So when the AI succeeded in doing just that it is an indication of how technically skilled it is compared to earlier versions.
@trademark @lispi314 @GossiTheDog @azonenberg OK, blocking the AI booster shill concern troll who thinks he's stealth now. Can't believe I wasted this much time on this asshat already.
-
@lispi314 @GossiTheDog @dalias @azonenberg "That's an indictment of a project's quality, not a validation of the LLM's quality." So you're saying that FreeBSD is bad. Fine. Anyway an additional motivation for what Anthropic did is to help open source projects by alerting them to security vulnerabilities so they can fix them. Are you objecting to that as well?
-
i keep thinking of the pet rock
and beanie babies
create buzz, create demand, get out early, everyone else is left with useless stuff cluttering their homes
@samiamsam @GossiTheDog @malwaretech except bigger picture, not just cyber sec, corpo grifting IS the end of the world. I long for the return of the wholesome grift of pet rock. At least it doesn't horde hardware, boil aquifers and recommission ancient busted radioactive dumps to just sit on the shelf. Pet rock has never took your jerb, ruined data and collective knowledge (I guess unless locally scoped to being hurled at ones head), or speed run climate deaths.
Team Pet Rock! No quarter or grace for corpo/oligarch grifting with AI anything.
-
@lispi314 @GossiTheDog @dalias @azonenberg Do you have a source for the millions in unreported results? For instance the phrasing in for ffmpeg is clear that it is ten thousand for all runs: "Mythos Preview identified several other important vulnerabilities in FFmpeg after several hundred runs over the repository, at a cost of roughly ten thousand dollars."
-
@lispi314 @GossiTheDog @dalias @azonenberg I'm interested in what effects this model will have on the security landscape. Whether it is ethical or not, it exists and can't be wished away. Similarly while I also would like all software in general and ffmpeg in particular to be written in a decent language, this is not the case as the world exists today..
-
@lispi314 @GossiTheDog @dalias @azonenberg
"Ensloppifying does not increase the set of trustworthy software to be found"
This is precisely what happened with this model though. It has found bugs written decades ago by humans, leading to these bugs being fixed. Leading to at least these programs being better.
-
@lispi314 @GossiTheDog @dalias @azonenberg Microsoft was extremely bad because they had a monopoly which they exploited to hurt the competition. The situation now is that we have three US competitors that are leapfrogging each other in taking the top spot. I'll be very worried if one of them gains a permanent advantage. But there is no sign of that so far. Rather the opposite actually, one of the Chinese (z.ai) is almost at the same level.
-
I’ve had a bunch of people ask my thoughts on Anthropic’s Mythos. I’ve read the research paper they released and the numbers, and basically I agree with @malwaretech’s take. It’s marketing. The cybersecurity industry is historically very good at marketing cyber pearl harbour and the need to buy magic boxes.
@GossiTheDog @malwaretech it is very funny seeing the reactions to @malwaretech 's post.
how is launching rockets into space with very limited weight and space going to be cheaper in the long run? what happens when hardware fails?
also, what incentives do AI companies as a whole have to drive down token costs and actually pass down that reduced cost to customers? unfortunately, a quick search reveals that nobody's really graphing the cost of different models over time so I can't solidly say this, but: haven't we seen the opposite?
-
R relay@relay.infosec.exchange shared this topic
