HackerTrans
TopNewTrendsCommentsPastAskShowJobs

krisbolton

184 karmajoined 14 jaar geleden

comments

krisbolton
·15 dagen geleden·discuss
Fair challenge, you're right that there's nothing sophisticated about this type of activity, but if you look at Lazarus activity this is their ttp. I mentioned TraderTraitor, go look them up (that sounds terse, it's not meant to be). They stole a couple of hundred million dollars in the past 6 months. They're not particularly sophisticated in terms of ttp, but because they're a nation-state actor they it's an entirely different threat model than script kiddie.

Attribution is hard, but if we're talking about defending, there's little cost to assuming Lazarus-style threat actor.
krisbolton
·16 dagen geleden·discuss
100%. I can't find it now, but someone last month posted a similar story on HN. The threat actor had stolen someone's GitHub account and altered their otherwise legitimate looking repo. They'll expend a lot of effort in order to masquerade and trick you. TraderTraitor is another good DPRK example.

Anyone reading - if you're ever a victim, worth reporting to your national CERT and your org. The CERT can provide advice, it's useful for their threat intel, and your org can check their systems. You might not be the end target.
krisbolton
·23 dagen geleden·discuss
Not to get into an internet argument, but the entire premise of what you say is false -- and I'm not just saying that to argue.

1. The intent was and is categorically not for the review of CCTV or any evidence to be specifically carried out by humans.

2. Law can't - and isn't suppose to - account for specific future technology, that's future prediction which is impossible.

What you mean is you disagree. What you mean is you believe a human should be involved in video evidence review. I'm not sure why, because it's clearly an area of waste. Maybe you have reservations about accuracy. Then what you mean is you want the technology to be at a certain level of accuracy before it is used in practice.

I suspect you do believe the accuracy isn't good enough, but you've forgotten the layered controls in English law. People are tried by other people. An AI tool that speeds up triage isn't the judge or jury.
krisbolton
·23 dagen geleden·discuss
This wasn't ignored and your source corroborates the fact. It was front page news, there were two IPPC investigations, and an inquest. This is also an example from 2005. An odd choice to reference in a thread about Police use of AI.
krisbolton
·23 dagen geleden·discuss
Sounds like automation to me rather than 1984. 800 hours of video searched in 3 hours, hardly the destruction of democracy.
krisbolton
·2 maanden geleden·discuss
It'll be a legal thing. You're reporting on behalf of yourself / a legal entity, so another system or entity can't say for you. I get it, but it really is a waste of time.
krisbolton
·2 maanden geleden·discuss
I think Apple became much better at security in recent years. One example which I think is indicative of their approach to security - they bothered to add a hardware microphone disconnect when a macbook is closed. Source: https://support.apple.com/en-gb/guide/security/secbbd20b00b/...
krisbolton
·2 maanden geleden·discuss
This is different though right? He found one (? we don't know who you're referring to - post sources for a higher quality discussion) vulnerability, he already knew it was there, etc. Anthropic didn't claim no other model can find vulnerabilities, nor that it's impossible with smaller models. They're claiming Mythos is a step-change in ability for end-to-end vulnerability discover and exploit creation. And that other frontier models are close behind.
krisbolton
·2 maanden geleden·discuss
There is independent research out there on frontier model security capability. AI Security Institute (UK) put out their paper comparing Mythos to other frontier models in early April. They've been tracking frontier model security capability since early 2023, so it's a decent dataset. https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos...
krisbolton
·2 maanden geleden·discuss
I read it as the author is / was going through the vulnerability disclosure process with Microsoft and they're annoyed for unclear reasons and decided to publicly disclose, rather than being an insider.
krisbolton
·2 maanden geleden·discuss
I don't think they "forgot" about processors. It was out of scope. Creating the pipeline to end up with a fully "sovereign" system end-to-end is a decades long process and hundreds of billions of euros. As others have pointed out, in this context "sovereign" meant data processing. This is also a fairly paranoid take. Not to say hardware isn't targeted, but there are other methods. So spending hundreds of billions and several decades to build the fabs to gain assurance... it's a waste of time.
krisbolton
·2 maanden geleden·discuss
Did that risk materialise? I suppose it would be only the same as credit cards. With a valid warrant authorities can gain access to information. But that's within a legal system designed by an elected parliament. I'm more concerned about ensuring the legal powers are checked and balanced, and stay that way.
krisbolton
·3 maanden geleden·discuss
They're referring to Pete Hegseth's decision to designate Anthropic a supply chain risk back in early May.

https://www.politico.com/news/2026/03/05/pentagon-tells-anth...
krisbolton
·4 maanden geleden·discuss
Not to start an internet argument -- I don't think it is appropriate in this context. A/B testing the features of a web app is not unexpected or unethical. So invoking the memory of cambridge analytica (etc) is disproportionate. It's far more legitimate to just discuss how much A/B testing should negatively affect a user. I don't have an answer and it's an interesting and relevant question.
krisbolton
·4 maanden geleden·discuss
The framing of A/B testing as a "silent experimentation on users" and invoking Meta is a little much. I don't believe A/B testing is an inherent evil, you need to get the test design right, and that would be better framing for the post imo. That being said, vastly reducing an LLMs effectiveness as part of an A/B test isn't acceptable which appears to be the case here.
krisbolton
·5 maanden geleden·discuss
The article even says "[...] some Nest devices record event histories and store them on-device. The third-gen wired Nest Doorbell can save up to 10 seconds of clips, while the first and second-gen wired doorbells can save up to three hours of event history, all without a subscription.".
krisbolton
·5 maanden geleden·discuss
Nothing to do with sardines, but Economics Explained (YT) has a recent interesting video on the Moroccan economy. It's executed some well-designed policy and become a large automotive and aerospace manufacturer. Video: https://www.youtube.com/watch?v=4YHuaa8Jr2A
krisbolton
·5 maanden geleden·discuss
There's an interesting podcast covering space situational awareness from RUSI (Royal United Services Institute, UK). Link: https://podcasts.apple.com/gb/podcast/eyes-in-orbit-space-si...
krisbolton
·5 maanden geleden·discuss
This article is a short history of anti-satellite weapons, discussing who has demonstrated their capability: https://www.raf.mod.uk/what-we-do/centre-for-air-and-space-p...

I'm sure I read a more recent account of a satellite moving another satellite around in order to degrade its orbit, but I can only find this 2022 instance: https://www.twz.com/44054/a-chinese-satellite-just-grappled-...
krisbolton
·6 maanden geleden·discuss
No. This a motion within one house of Parliament and hasn't become law, nor is there any guarantee it will be. It's something to be aware of.