OK everyone on here and following me probably already knows this but I want to get it off my chest anyway:

*please* stop attributing reciprocal-square-root-by-IEEE-bit-twiddling to John Carmack/Quake 3.

John has a lot of "firsts" under his belt but this is not one of them.

This trick is _old_. The magic constant changes, but the trick itself is _old_.

1993 versions of Sun's fdlibm already included this reproduction of W. Kahan and K. C. Ng's paper on the subject: https://github.com/freemint/fdlibm/blob/master/e_sqrt.c#L215

From the WTAF dept:

Malware developers are now adding text about nuclear and biological weapons to their spyware to evade AI-based security scanners.

tl;dr: The inclusion of content that LLMs are trained to refuse -- such as information about nukes and bioweapons -- can effectively prevent the LLM from continuing to analyze the threat.

"This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware."

https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious

IDK why, but this reminds me of the Calvin & Hobbes cartoon where Calvin asks his mom for stuff she will never give him in a million years, and then he just asks for a cookie.

The research communities that I work in (OS, networking, systems in general) are seeing huge increases in the number of papers submitted, which is putting strain on the reviewing process. This sucks, for everyone.

A general strategy that many venues are taking, in order to protect reviewers from overload, is to find more creative ways to reject more papers with less review (extended abstracts submitted alongside the paper, rejection based on intro alone, etc.).

This is exactly backwards, and it is going to harm our community.

[For people not in the field: acceptance rates for papers in our top venues ranges from ~15% - ~20%.]

What we need is creative ways to accept more papers. A lot more.

We are a major source of our own problems. What happens to the 80% of papers that are rejected from our top venues? Most of them get submitted again. And reviewed again. And rejected again. And submitted again.

We are creating so much work for ourselves.

Our low accept rates are already a major source of disillusionment and burnout among our students. We're going to make it worse, and we're going to pay for it.

Decisions about the publishing process get made by relatively senior, established people who can afford rejection, who have grown up in it, who are the survivors of the process. Yes because we're good at it, but also because we got lucky (anyone who thinks the peer review process doesn't involve luck needs to take a harder look).

But it's the students who put in months or years of *actually good work*, then get told "your paper is not worth reading past the introduction."

This is going to discourage students from doing their best work, it fails to give them much meaningful feedback on how to improve it, and it's going to drive people out of research. It encourages students to be less ambitious, and to put less work into each submission, since the overwhelming probability is that it's going to get rejected anyway. Maybe, now, without even being really read.

We need to increase our accept rates.

I know, it sounds hard, it's not the way we have done things, and it therefore makes us uneasy.

But I've been doing this for almost 30 years, and I no longer believe that what we are doing with our high rejection rates is maintaining high standards. I think we're nitpicking ourselves to death, increasing our own workloads, and burning out people who have the potential to be some of our most promising young researchers. The effect is not equal, either: we preferentially drive away students who don't arrive with a healthy (or unhealthy) confidence (or over-confidence) pre-installed. It's incredibly hard to properly nurture people in this environment.

Our goal *should* be to foster a community that produces the highest quality output, passed through a rigorous process that ensures that the resulting papers are sound.

I don't think we're doing that.

So c'mon, let's get creative.

TPC chairs and steering committees, I want to challenge you: look around at the venues that are trying something *other* than finding innovative new ways to reject papers. Look for alternate ways to get more reviewing capacity. Figure out ways to spread reviewing work over time to make it more palatable. Try to reward reviewers who do their job well. Make up new ways to help authors evolve work with some flaws into something that's presentable instead of going through the entire process again. Experiment with ways to add more context other than the binary of accept/reject so papers that may have some caveats can still be accepted. Some venues are trying this kind of stuff. Look at what's working, and be bold, try new stuff.

TPC members: I know, you have a lot of work to do. This is our job, though. Peer review is not some bullshit busywork that is to be avoided or half-assed. We need to be looking for ways to cut down the *other* bullshit busywork that we're asked to do, so that we can do our jobs. The more senior you are, the more ability you probably have to push back on that other bullshit - not just to avoid doing it yourself, but to make sure *nobody* has to do it. Please. Protect your juniors from bullshit so that they can do the work that matters. And all reviewers: we need to adopt an attitude of lifting up ideas that are worth considering, not looking for reasons to slap as many things down as possible.

Yeah, I'm talking about a lot of work. Yeah, none of us have time to do it.

We've got to do it anyway. We're putting too much work into a system that's not going to get fixed by little incremental filters. It's demoralizing. Work for a better publishing system rather than entrenching the worst things about the one we've got.

It'll feel more rewarding.

If you work in #VulnerabilityManagement or #ExposureManagement, you absolutely should read this blog from @todb at @runZeroInc. He breaks down some of the finer points from the #VerizonDBIR report and provides some great insight about what's truly important.

#infosec #cybersecurity

https://www.runzero.com/blog/beyond-bugs/

New: Cops keep getting arrested for using Flock to stalk people. Seemingly every week there's a new case, the details usually similar. Cops use unfettered access to Flock to surveil an ex. They most often search their plates hundreds of times over course of months

https://www.404media.co/cops-keep-getting-arrested-for-using-flock-to-stalk-people/