Macbooks have had Thunderbolt 3 (the protocol) over USB-C (the physical form factor) since about 2015. The Thunderbolt 3 protocol became incorporated into the USB 4 standard in 2019 (and is implemented on the physical USB-C port).

Earlier versions of Thunderbolt were proprietary standards jointly controlled by Apple and Intel, but implemented over Mini-DisplayPort connectors. They were phased out in new devices starting in around 2015.

Yeah, it’s counterintuitive because it’s a lot more work for a human to draw a picture (much less a photorealistic picture) than to write a few words, but human language grammar actually has a lot of strict rules that makes that stream of letters work as “valid” output, much less “decent” output that kinda matches the prompt/description. Transpose a pair of letters or even substitute a single letter (or token) and you’ve got an output that just doesn’t work, in a way that generated images don’t have to worry about.

Yeah, the smarter way to use LLM-based agents is carefully defined tasks. Mozilla describes their vulnerability assessment processes in this blog post.

Mozilla describes the process they’ve used: building a harness that instructs a model to find a specific category of vulnerability on a specific interface, and then write up its findings. It’s a narrow enough context that the model gets specific instructions, and a simple definition of success, and it sets up many such tasks that can be fed into the existing process for verifying and triaging bugs. Note that the output for this LLM pipeline basically feeds into the same interface for accepting bug reports from the public, or from their human contributors within the project.

There’s a couple of takeaways here, too:

• This pipeline is model agnostic. Mozilla set it up before Mythos was released, and its description of other models (Opus 4.7, Codex) confirms that Mythos is better but not a true game changer. The ability to swap out other models provides some assurance that the work done to develop the pipeline will be useful when cheaper or better models come along, or when a model becomes unavailable (like when a provider decides a particular model is too expensive to run, or a provider goes under).
• The increase in automated output (and presumably automation-assisted contributions from the public) has given the humans more work to do. Automation in this context actually increases the demand for human labor.
• Other projects will need to develop their own custom pipelines, specific to their project, to get good results from LLM based agents.

There are ways to use these tools, but none of it really seems like a truly revolutionary/disruptive change to how large projects are managed.

I think AI will be profitable for the next generation of AI business models that emerge from the abandonment of the current business model of developing the frontier. But the prerequisite is that the companies give up on developing the frontier and decide that the models they have are good enough, then get hardware optimized for inference on those models, stagnating into long term commodity infrastructure, like providing phone service or electricity for profit.

So yeah, I think many of these technologies are here to stay, but the growth will stagnate this year as data center construction swallows up companies that overextended.

Yeah that was the real problem with hot swappable discs. The kids who actually physically performed that operation were often too impatient and careless to put the disc somewhere safe from scratching, because they wanted to immediately get back to playing.

Back in 2002? I don’t think they separated generation and delivery for most utilities, at least in the US. In 1996, federal regulators made it mandatory for utilities with delivery infrastructure to accept generators’ electricity on fair/nondiscriminatory terms, and gave them some time to implement policies. Then, the actual generators started negotiating deals, but the early days were a bit chaotic, with issues in California with rolling blackouts, then the Enron bankruptcy, and then generators actually entering long term contracts with some price stability in the early 2000’s.

For a typical residential customer who didn’t go out of their way to look for side deals with generators, they wouldn’t have needed to see their bills be segmented out into generation and delivery, since most of the utilities still already had long term contracts (or owned their own generation facilities) still in effect from before the regulatory reform.

Personally, I didn’t see those numbers separated out on my bill until around 2009. And I remember my electric bill in 2000-2005 being roughly 10 cents per kwh, flat rate.

And the other way, too. The whole reason why Android chose Java was because it was, at the time, one of the better languages and runtimes for creating hardware-agnostic software. Now that a software ecosystem is in place, why should Google be able to control what hardware the already-written software runs on?

His legal templates are all in Latin, his production code is all in COBOL, etc.

Desktop Linux is seeing higher and higher market share, not just because Linux is growing but also because the desktop mode of computing is shrinking, especially for personal use. There are lots of people who used to own laptops/desktops but don’t anymore.

This one is the same author addressing this specific Mozilla release.

Maybe like 10 years ago, someone did a regression analysis to see which stations were most expensive to advertise in, when corrected for actual ridership starting or ending their train rides swiping in and out at those stations. For the most part, most stations’ advertising prices pretty closely matched the number of riders, with the clear outlier of the Pentagon station.

I can’t find that article anymore because Google search turned into dog shit, but this more recent article basically covers the contours.

It’s not. It’s a parody account that took advantage of Twitter’s unbelievably stupid decision to hand out checkmarks to anyone who paid for an account.

The website could know whether the username actually exists on the system. But revealing that information is a security weakness because someone could at least learn who has an account at that site (especially if usernames are email addresses, as they often are).

According to your POV here, companies can claim whatever and it’s my job now to figure out if they are lying or to what extent.

No, the actual claims here, that describe specific bugs in specific software, can be evaluated. Even without whipping out a test environment to try to reproduce the results with your own proof of concept, you can read the text and evaluate whether the claims make sense on their face.

a broken clock is never right, reality momentarily aligns with it, which is a completely different thing

And that’s why the substance of a statement matters. I don’t believe in the supernatural, so if someone says “I’m a psychic and the missing girl on the news is in a shed near the water,” that doesn’t register with me at all. But if that person says “I’m a psychic and the missing girl is in a shed at 1234 Main Street” that raises eyebrows because it is easily falsifiable. And if the person says “I’m a psychic and the missing girl is in a shed, so I looked and found her and reported it to the cops, and here’s a cryptographic hash of my description of how I found her, which I’ll publish once the cops confirm she’s safe” that’s gonna be a much more serious statement. Even if I don’t believe that the person actually is a psychic, I can pay attention to how the whole thing played out because the person claims serious non-psychic validation of the results, and the results themselves are important entirely externally from the claim of whether psychics have powers.

This is a story about several cybersecurity vulnerabilities, some of which sound medium or high severity in very commonly used software. That’s important in itself, outside of AI mattering at all. And if they claim to have the receipts in a falsifiable way, that’s the kind of thing that shows a high degree of confidence in the genuineness of what was found.

I don’t give a shit about AI and I’m generally a skeptic of the future of any of these AI companies. But if someone uses AI tools to discover something new in the subjects that I do care about, like cybersecurity, then I’ll pay attention to the results and what they publish in that field.

This is really a corporate problem of their own making and their responsibility to fix. They have lied so much, I do not owe then a single iota of trust.

The statements can stand for themselves, evaluated on the merits of the claims, regardless of authorship. That’s how these things should work. Someone who has a great history of finding vulnerabilities still has to stand by each exploit/proof of concept they write, on its own merits. On the flip side, the corollary to the adage that a broken clock is still right twice a day is that you can’t just say “oh the broken clock said this so I can ignore it.”

Do you really think any of them would post something like “yeah, we found a vulnerability but it’s basically a typo that could not be seriously exploited”?

The blog post literally describes exactly that, for ffmpeg. And several of the other described vulnerabilities sound like they’re in that category of “here’s a bug but we didn’t find an exploit.”

Simply refusing to engage with these big claims just because of the source is an irresponsible way to approach cybersecurity.

even if the whole scenario is real, it may not have the intervention of Ai they are claiming

…who cares? If it’s a real bug and a real PR addressing the bug, why does authorship or methodology matter?

It’s just the ad hominem fallacy (or the close relative, appeal to authority). Let the actual substance stand and fall on its merits. Read the described vulnerabilities and exploits and decide whether you think those need to be patched and how critical/severe the bugs/vulnerabilities are.

And maybe your priorities are different from mine, but the core of the claim (we found some vulnerabilities) trigger a responsibility to address them (confirm and patch). I don’t care about marketing or corporate interests or whatever in those circumstances, I’m just focused on fixing problems that have been found.

Yes I understand, but I’m also putting the direct claims right there, not filtered through Anthropic’s PR or an article from the IT industry press interpreting those PR statements.

These are real CVEs that have actually been submitted to the code maintainers for both FOSS and closed source software that is foundational to the computing world. Some of them are published in this post. And many more are simply described with a hash of the full writeup indicating that they have it written out and are waiting for the patches to be applied. I’m especially interested in the Virtual Machine Monitor and the exploits for jumping out of browser sandboxes for “all major browsers.”

Some of the published CVEs in the blog post seem pretty serious, especially the FreeBSD remote root access for devices running NFS. The OpenBSD one is a critical DOS vector, and the FFMPEG one is just a bug that doesn’t seem to actually expose the software to any practical exploits but should still be patched.

But they’ve staked it out with their public disclosure of the hashes and a description of a few of the problems. These are big bold claims that are provided in a format that will be easily falsifiable in due time. And treating it as just marketing fluff ignores the shades of gray that actually apply to corporate claims.

The security blog writeup is here:

https://red.anthropic.com/2026/mythos-preview/

They’ve described several patched CVEs and disclosed the hashes of writeups that are currently undergoing the responsible disclosure process.

It lists quite a few, so I’ll be checking back when the vulnerabilities/exploits are patched and disclosed.

We should think about ruggedness and reliability as two different metrics. Some models are quite good at dealing with physical impacts, vibrations, moisture, dust, etc. That doesn’t always translate to reliability for ordinary use, or failures caused by other things related to design or manufacturing, or even software/firmware issues.

What if license and copyright was washed by using an LLM to translate Claude into another language?

The law doesn’t allow you to launder copyright like that. That’s just a derivative work, which can be restricted by the copyright holder in the original. As an example, in fictional writing, distinct characters are copyrighted, and using an LLM to generate new works using those copyrighted characters would still be a derivative work that the original copyright owner would have the right to deny distribution.

So if you have a copyrighted codebase and you try to implement that codebase using some kind of transformation of that code, that’d still be a derivative work and infringe the original copyright.

Now if you have some kind of clean room implementation where you can show that it was written without copying the original code itself, only working to implement its functionality through documentation/reverse engineering how the code worked, you’d be able to escape out of calling it a derivative work and could distribute it without the original copyright holder’s permission (Compaq did this with the IBM BIOS to make unauthorized/unlicensed PC clones, and Google did this with the Java API to make Android without a license from Sun/Oracle and won at the Supreme Court).

Claude can’t be copyrighted because it’s a product of an LLM.

No, because Claude’s code is still created by humans with the assistance of non-human tools. There’s a spectrum from spelling correction and tab completion in IDEs all the way to full vibe coding with a prompt describing the raw functionality (where the prompt is so uncreative that it isn’t itself copyrightable). Anthropic has never claimed that there was no human in the loop, or that the prompts it uses are so uncreative and purely functional so that the outputs aren’t copyrightable.

Sorry, the correct format is “everyone you know” so I fixed this for you:

Steam: everyone you know is playing a hentai game