>What if finding every vulnerability in a piece of software were just as fast and easy as finding a few of them, thanks to automation?

This presumes there is such a thing as "every" vulnerability. It is possible that ever more sophisticated, complicated, and abstract attacks become possible/discoverable as one applies more intelligence to the problem.

IF it is indeed possible to make a piece of software completely secure, then yes, more intelligent systems make the situation better, because it will always be possible to audit a system before it is ever released and make it completely safe.

That is a very big if and, as far as I am aware, remains to be seen if it's the case

-edit- They mention this possibility themselves further down, so the authors know this is a completely speculative point/article. They don't even try to make an argument about why one possibility might be more likely than the other. This article is useless.

We know about physical-layer attacks that break some of the abstractions that software relies on, allowing an attacker to use physical access or physical proximity to violate security guarantees that are enforced by software alone. (I worked on some of these a while ago!)

For a purely remote attacker (although maybe we have to get clear on what distance counts as "physical proximity" because we need to clarify what phenomena spy satellites, for example, can observe), it seems pretty straightforward to me that there is such a thing as actually secure software.

You can make a very strong model of what the software computes and then prove that it never does some undesired thing. It's not common to do this at all, and even formal verification work may not use very strong models or models that capture some important part of the behavior, but it is possible to mathematically reason about what software does and doesn't or can and can't do.

To summarize some of the problems that I partly just mentioned (in no particular order)

(1) We may not have the will, the skill, or the economic demand to make software secure in a very strong sense.

(2) Attackers may subvert our infrastructure or organizations so that we don't actually apply the processes or controls, or run the software, that we expect.

(3) Physical proximity (for active or passive attacks) might sometimes include distances that are actually attainable for attackers. Maybe there are passive or active attacks involving lasers that can be mounted from multiple kilometers away, as an example. In that case most software users might not be able to be sufficiently isolated from the attackers to be protected against those attacks.

(4) Software or hardware other than the specific software whose security we're talking about might be compromised in its supply chain in a way that people don't have a plan, or resources, to detect or mitigate.

(5) Some systems might be compositionally insecure (their pieces might be secure in some relevant model, but the pieces might interact in a way that isn't secure overall, for example related to timing and concurrency problems).

(6) Our proofs of security for cryptosystems rely on unproven hardness assumptions for various primitives, some of which might turn out to be wrong.

(7) Some security properties, especially related to communications security, might be inherently unattainable even with correct software. For example, there's an argument that Roger Dingledine (Tor lead developer) once told me about that implies that no anonymity system is perfectly secure in the long run against a very powerful active adversary, unless the system is willing to make extreme trade-offs like shutting down completely in response to any attack. So it might be that we can't actually build any useful communications system that can absolutely guarantee perfect traffic analysis resistance, essentially because of inherent architectural trade-offs.

But I don't want to lose sight of the idea that you can actually meaningfully reason about what software does and so there is such a thing as the software being correct or incorrect, relative to some specification or goal for its behavior, and correct software actually does exist (which computes correct outputs for every input).

Very cool site, but I'd love some info pages describing the various categories (harvest period, pollination group, etc.).

I wonder if there is a way to report issues. We have several apple trees of different varieties, and as I was playing around with the harvest period calculator, I entered the peak harvest of one of our later ripening varieties, and asked it to calculate the harvest time for our earliest ripening variety. It told me that peak harvest would be in December. It's actually (as the description for the variety notes) in June/July. So either there is an issue in the harvest period for that variety, or else the calculator is messing up somehow.

It is statements like this that convince me we haven't learned anything and are doomed to ever wider pendulum swings.

I think the time for the normal decorum and extended hand have passed.

I wonder if your political opponents see things similarly. Types like these, a theory of mind is especially useful.

Of course they do. Most of their platform is built on [appearing] to repudiate coastal elitism and left wing dogma in higher education + globalism with a healthy dose of fuck you because you're you.

And I graciously waited and allowed them to do things that will take decades if not more to repair before deciding they were irredeemable. I had hoped a middle ground and bipartisan ship would be reached, but it's clear to me it won't be. We do not inhabit the same universe at this point, the disdain is mutual.

You’re acting like I’ve always thought about them like this or like I haven't spent years observing and thinking about this to come to my conclusion. You'd do well to listen to your own words about theory of mind. I was raised conservative I voted for Romney. I'm a fan of many of the political platforms they run on now (minus originalism, removing bodily rights, religion), but in practice they do not walk their own talk. The wars, the spending, abandoning neo-liberalism except in word the blatant corruption and disdain for the positions they hold and how they appear on the world stage.

No, I’ve watched their actions for 15 years and moved ever closer to the position that I have nothing in common with them even being ideologically close to a version of their party from 20-30 years ago and they do so blatantly want to destroy the middle class, health, and wealth for anyone outside a small oligarchic class.

I'm pissed because they wear a lot of my ideology as cheap dress to fuck someone.

You are describing a set of dynamics that lead nowhere other than violence and total and complete breakdown of the polity. If you are correct, then nothing matters, everything is fucked. You won't get what you want, but neither will anyone else.

My preferences, while possibly futile, are least an attempt to not just accomplish short term goals but to fix the broken dynamics of the system. That is, in my opinion, far more important than literally any particular policy goal. Policy progress is pointless in a broken system, so fix the system first.

It's possible that my view of focusing on fixing the system, restoring institutions, erecting new guide-rails in places we have observed that the old ones don't work, etc. won't work. But at least it has a chance of producing a good outcome. A good outcome literally can't come from the kind of political behavior you describe. You want your side to seize as much power as it possibly can when it wins, enact as much "good" as it possibly can in however long it can maintain it's grip before the political tides inevitably swing and you lose power again. You don't seem to realize that this is what we have been doing for at least several cycles now. And what we have seen is that the next administration just tears up the progress, does the same thing except in the opposite direction and even harder, and does what they view as "the good thing" and which your side views as nothing but unmitigated evil (the same way they viewed you and yours when you were in power), and so the both sides have accomplished nothing but pushing the pendulum a little bit further, giving it a little more momentum, and shredding up the social fabric a little bit more.

I'm not so naive as to believe that it is possible for just one side to say "no we won't do that, we will unilaterally disarm". But I am of the belief that, if one wants to pretend that one is "on the side of good", that the only rational action is to, when granted power, to spend as much political capital as is possible to slow down the pendulum, tear back power from the bloated executive and the federal branch more broadly. Stop trying to enact your political project and instead make your political project nothing other than the restoration of the norms and principles of the constitution.

This is not something that has been tried and failed. it's the opposite of the past 50 years of federal political dynamics. What has been tried is your plan of "fuck the other side, they are evil, just do what our base wants and ignore consensus and norms".

It doesn't work, it won't work, and it can't work. It's destroying the country.

From my perspective, you are no better than the side you hate. You may want different policy goals, but both you and your polar opposites are collaborating on a shared project: the destruction of the country.

I want my party back and I want to cut out all the garbage that has infested it. Sometimes that requires taking an actual stand and staying firm to it. Middle road nonsense like what you're suggesting is impotent when one side has so clearly decided to be against it.

Edit: And coming back to this later I need to be clear the left also needs to be swept out. I think our institutions in general need to be reworked. Not replaced entirely, but it's clear they don't survive contact with people who would abuse them for their own ends nearly as well as we had hoped.

I'm of the opinion that if one owns an autonomous vehicle, regardless of software modification or not (which should be allowed), then one is fully responsible for it's actions. If one doesn't trust the software provided by the manufacturer, don't buy/use it. Once one chooses to buy it and operate it, then it's that person.

Possible exceptions would be in the case that, after purchase, the manufacturer pushes a software update that meaningfully changes the behavior in such a way that it causes issues. In that case, both A) the manufacturer should be responsible and B) the owner should have the option to get some kind of compensation.

In all of your situations except for cases where no good legal option exists, ticketing is just the easier way to apply your suggested idea. It gives a direct incentive to the company to lower the rate as far as is possible. It doesn't allow some minimal amount without a fee, but that doesn't seem like that big of a deal.

The biggest reason for the difference between Autonomous vehicles and peanut butter is that with autonomous vehicles, we already have a compliance system in place....cops. It's not designed for autonomous vehicles, and you are correct that it's not the way you would design it for the ground up for autonomous vehicles, but it's far better to accept the imperfections than to build some new, separate compliance and monitoring system on top of the existing one. The benefits aren't large enough to justify it.

In the far future when the vast majority of vehicles are autonomous? Sure, probably worth scrapping to a new system (by then, my guess is that issues are rare enough to just not have a system at all and just use the legal system in the rare cases of large issues).

Until then, ticketing in the case of traffic violations seems fine and good enough to me.

At some point though those tickets need to actually hurt and no be just a cost of doing business.

After enough violations humans get their license taken away. What happens after autonomous vehicle get enough violations?

> What happens after autonomous vehicle get enough violations?

They put R&D resources toward not getting as many tickets and eventually fix their software to not get tickets? Self driving cars might profit $100/day. Getting tickets completely eats that and ticketing mega corps will be very popular politically so you better believe it will happen

> They put R&D resources toward not getting as many tickets and eventually fix their software to not get tickets?

Why would you assume they would do that?

What if the autonomous vehicle only blows a red and kills someone every once and a while and the lawyers to tie the family up in court are cheaper than the software dev and ai training to fix it?

Are you willing to wait until the number of dead people exceeds the cost of the fix?

Its an extreme example I know but to just assume they would fix it also assumes they are caught and ticketed 100% of the time.

There are tons of examples of corporate America weighting the pros and cons of things like this.

> Why would you assume they would do that?

Because they exist to make money?

> kills someone every once and a while

Every time an AV is liable for a death the company will face a high 8 digit legal settlement. Wont even go to trial. Again, the AV companies will avoid this because their goal is to make money and paying 8 digit legal settlements does not make them money. You are right that if this only happens once a year and they have a million cars it wont be a high priority, but if thats the case AVs are much safer than the current driving environment. If AVs caused death at anything close to current rates the companies would lose tons of money.

> assumes they are caught and ticketed 100% of the time.

No it doesnt. It assumes they are caught often enough for it to be worth it for them to fix. When politicians start telling traffic enforcement to focus on AVs Im betting that will happen. AVs will be known as incredibly conservative drivers because the companies really dont want tickets and there will be memes about how waymo drives like grandma.

Yes that is in the law.

Fleet reductions, new limitations on operating areas/conditions, fines, permit suspension or revocation

i'd argue Waymo is "1 Driver", and after they get a cumulative 4 points in 1 year, then Waymo would no longer be allowed to drive in the state of California

Is Intel still making GPUs? I have heard so many conflicting things about will they/won't they stay in the market.

They appear to be backing out (for a little while) of consumer cards, but datacentre/workstation/laptop GPUs are still their focus.

Intel always had that habit of starting an internal conflict whenever whatever potential alternative revenue sources start to threaten their internal dependence on x86

They'll always have iGPUs so whether or not they stay in the dGPU market depends mostly on whether or not people buy them. So they might not, whole market seems to be moving to SoCs/APUs/whatever you want to call them.

Not only will they always have iGPUs, but also cannot give up on advancing their datacenter AI GPUs (the next being Jaguar Shores). They need both of those far more than consumer or prosumer dGPUs, but that means they are committed to Big GPU work and Small GPU work.

Since they will have both of those big and small "bookends" of GPU architectures, it is a question of whether they see benefits in maintaining an accessible foothold in the midmarket ecosystem. I could make an argument for both sides of that, but obviously the decision is not up to me.

They're working with nvidia to use their GPU tiles in mobile products.

I thought I had read that too and went to look for clarification and found that they’re just moving to a single architecture for their cards. Seemed reasonable.

The B70 would have been the B770 bit it was canceled. Celestial has been canceled too.

What do you mean, are they still making GPUs? This is a discrete GPU that has just recently been released, and it's one of the most popular GPUs in its class at the moment, due to 32 GiB of RAM for under $1000, which makes it great for LLM inference.

> What do you mean, are they still making GPUs?

There was recent talk of them pulling back from the consumer segment, though obviously the leaks have also predicted Battlemage not being a thing so go figure: https://youtu.be/NYd2meJumyE?t=638 (timestamped)

That said, them not releasing a B770 in the consumer segment also sucks, since there are games and use cases that the B580 comes in a bit short for.

Honestly, I dont even care if its slower than just getting a 5090, just being able to run models my 3080 cannot handle would be a welcome change.

I don't know what to believe when it comes to Intel news because they have so many haters.

I wonder how large the footprint will be. I live in the greater Portland area, but not in the city proper. There are definitely situations where Waymo would be great, but my guess is that they won't start off serving my specific area.

>Care has been taken to ensure minimal impact to BookStack end users. The original GitHub repository is still staying around, and will essentially act as a mirror of the codebase on Codeberg, so any existing instances fetching updates from GitHub can continue to do so.

Since they are keeping the github as essentially a mirror, doesn't this obviate those concerns?

-edit- although also:

>although eventually we will only create releases on Codeberg so it’s advised to watch/subscribe to them there instead:

I guess someone _else_ could choose to fork and keep up-to-date.

BookStack maintainer here. Just to clarify on that, the GitHub repo will continue to be updated and mirror the Codeberg repo (including release tags/code) for the foreseeable future, it's just that I might stop specifically publishing GitHub release entries (details on the release tag) at some point to avoid the duplication of work.

>As is so often the case for controversies before the Supreme Court, this case isn't so much about glyphosate as it is about the interface between federal and state law.

It was mentioned on a podcast recently that in many cases, the SC is not making a decision on what should/shouldn't happen/be the policy/is correct or whatever. They are deciding which layer of government gets to decide a given question. The Executive Branch? Legislation? Constitution? Who is the controlling entity?

Now, in a practical sense, by the time it gets to the SC, making a decision on who gets to decide, is, functionally, picking what the outcome is, since the various layers of government have already made their positions clear.

But the upshot is, if one is upset with what happens with a given policy after a SC decision, in many cases (although not all), the proper target of one's ire should not be the SC; since what they are usually saying is something like "this is something that is controlled by statute. If the statute is dumb/bad/poorly written, that is not our fault nor within our control, take it up with Congress to rewrite the statue", and instead one should be upset with whoever the controlling entity is for doing a bad job (in recent years: most commonly congress, not so much for doing a bad job so much as not doing any job)

I think that there will come a point when open source models are "good enough" for many tasks (they probably already are for some tasks; or at least, some small number of people seem happy with them), but, as you suggest, it will likely always (for the forseeable future at least) be the case that closed SOTA models are significantly ahead of open models, and any task which can still benefit from a smarter model (which will probably always remain some large subset of tasks) will be better done on a closed model.

The trick is going to be recognizing tasks which have some ceiling on what they need and which will therefore eventually be doable by open models, and those which can always be done better if you add a bit more intelligence.