Mastodawn

so it cost anthropic $20k to find this openbsd crash bug which amounts to putting a negative integer in a tcp field where a negative integer was not expected by the c code which does some cavalier int cast bullshit, ie. a vuln which is totally fuzzable, and quite certainly would have been found by the fuzzers of the 2010s had anyone cared to burn that much compute on fuzzing openbsd.

The difference today is not that anybody suddenly cares about investing that much in openbsd (is the build server still a donated machine running in Theo's basement?), but that openbsd's reputation for security makes it really good marketing if you can find a bug, any bug, it doesn't matter; and that marketing value is what makes it worth spending $20k on fuzzing.

Show thread

charlotte 1d ago

@hailey ill maintain that as great as claude is, mythos is currently being marketed with the same old "it's too dangerous" strategy that worked well for sama and still works for dario

best wait till we get anything but the model card

Show thread

LisPi

@halva @hailey Why does that nonsensical marketing even work?

It's clearly false every time, it's about as relevant as those chain mails claiming you'll die in some random way if you don't do XYZ instructions (including but not limited to resharing the mail). It never happens.