●● IRC: #techbytes @ Techrights IRC Network: Thursday, June 11, 2026 ●● ● Jun 11 [04:35] *x-amarsh04 has quit (Quit: Konversation terminated!) [04:40] *x-amarsh04 (~amarsh04@xk49uzi5amp4u.irc) has joined #techbytes ● Jun 11 [08:50] *psydroid2 (~psydroid@36imbvshpgubk.irc) has joined #techbytes ● Jun 11 [09:35] *psydroid2 has quit (Ping timeout: 2m30s) ● Jun 11 [10:01] *psydroid2 (~psydroid@36imbvshpgubk.irc) has joined #techbytes [10:04] *psydroid2 has quit (Ping timeout: 2m30s) [10:17] *croissant` (~croissant@uudy98nj9ntz2.irc) has joined #techbytes [10:18] *croissant has quit (Ping timeout: 2m30s) [10:40] *psydroid2 (~psydroid@36imbvshpgubk.irc) has joined #techbytes [10:45] *psydroid2 has quit (Ping timeout: 2m30s) ● Jun 11 [11:31] *psydroid2 (~psydroid@36imbvshpgubk.irc) has joined #techbytes [11:58] *psydroid2 has quit (Ping timeout: 2m30s) ● Jun 11 [14:02] *psydroid2 (~psydroid@36imbvshpgubk.irc) has joined #techbytes [14:38] *croissant (~croissant@uudy98nj9ntz2.irc) has joined #techbytes [14:39] *croissant` has quit (Ping timeout: 2m30s) ● Jun 11 [17:21] schestowitz[TR2] https://lists.gnu.org/archive/html/libreplanet-discuss/2026-06/msg00019.html [17:21] -TechBytesBot/#techbytes-lists.gnu.org | Re: Timeline to put the beginning of GNU in perspective [17:21] schestowitz[TR2] " [17:21] schestowitz[TR2] Hi, Akira, [17:21] schestowitz[TR2] Related to that announcement would be the high profile publication of the GNU Manifesto in Dr. Dobb's Journal, Vol. 10, Issue 3, pages 30 - 34, in March 1985: [17:21] schestowitz[TR2] https://archive.org/details/dr_dobbs_journal_vol_10/page/186/mode/2up [17:21] schestowitz[TR2] Later in 1986, the even larger, general audience computing magazine BYTE discussed the GNU Manifesto in 1986 but I'm not sure which number: [17:21] schestowitz[TR2] https://vintageapple.org/byte/ [17:21] schestowitz[TR2] GNU.org has a copy but doesn't cite the volume, number, or page of the issue in which it was published: [17:21] schestowitz[TR2] https://www.gnu.org/gnu/byte-interview.en.html [17:21] schestowitz[TR2] " [17:21] -TechBytesBot/#techbytes-archive.org | Dr. Dobb's Journal Vol 10 : People's Computer Company : Free Download, Borrow, and Streaming : Internet Archive [17:21] -TechBytesBot/#techbytes-vintageapple.org | Vintage Apple [17:21] -TechBytesBot/#techbytes- ( status 403 @ https://www.gnu.org/gnu/byte-interview.en.html ) [17:23] schestowitz[TR2] https://lists.gnu.org/archive/html/libreplanet-discuss/2026-06/msg00020.html [17:23] schestowitz[TR2] " [17:23] schestowitz[TR2] I discuss three issues in the Project Glasswing initial update [17:23] schestowitz[TR2] of May 22 in this message. [17:23] schestowitz[TR2] Reference: [17:23] schestowitz[TR2] https://www.anthropic.com/research/glasswing-initial-update [17:23] schestowitz[TR2] 1. Disagreement in severity assessment between Anthropic and maintainer [17:23] schestowitz[TR2] The chart has boxes on the bottom line which say this: [17:23] schestowitz[TR2] 1,586 findings Reported to maintainers [17:23] schestowitz[TR2] 1,451 findings Acknowledged by maintainer [17:23] schestowitz[TR2] The text does not give the number of findings acknowledged by [17:23] schestowitz[TR2] maintainer. While the text discusses only high and critical [17:23] schestowitz[TR2] vulnerabilities the chart lumps all levels together. There must [17:23] schestowitz[TR2] surely be cases in which Mythos and the Anthropic vetting staff [17:23] schestowitz[TR2] classify an issue as high severity while the maintainer considers it [17:23] schestowitz[TR2] low severity. Do such cases count as "acknowledged by maintainer"? [17:23] schestowitz[TR2] We can't tell. [17:23] schestowitz[TR2] Many observers say that it is in Anthropic's interest to claim that [17:23] schestowitz[TR2] the problems Mythos is finding are severe. [17:23] schestowitz[TR2] However in some instances the maintainer might be underestimating the [17:23] schestowitz[TR2] severity. Claude Mythos is good at chaining together vulnerabilities [17:23] schestowitz[TR2] to create an exploit. An issue which appears minor in itself may [17:23] schestowitz[TR2] be combined with others to create a serious security hole. [17:23] schestowitz[TR2] 2. Pareto rule [17:23] schestowitz[TR2] The Anthropic team has discovered "3,900 high-or critical-severity [17:23] schestowitz[TR2] vulnerabilities in open-source code". 1000 projects were scanned. [17:23] schestowitz[TR2] We should not expect the vulnerabilities to be evenly distributed. [17:23] schestowitz[TR2] Applying the 80:20 rule we get 3120 in 200 projects and the remaining [17:23] schestowitz[TR2] 780 in 800 projects. [17:23] schestowitz[TR2] 3. Quality of code written by "AI" [17:23] schestowitz[TR2] The security-related findings by Claude Mythos seem to show that [17:23] schestowitz[TR2] "AI" is getting better at writing code. [17:23] schestowitz[TR2] On the contrary we have reports like this which claim that code [17:23] schestowitz[TR2] produced by "AI" often introduces vulnerabilities: [17:23] schestowitz[TR2] Report finds AI-generated code poses security risks [17:23] schestowitz[TR2] July 30, 2025 [17:23] schestowitz[TR2] https://www.eenewseurope.com/en/report-finds-ai-generated-code-poses-security-risks/ [17:23] schestowitz[TR2] Veracode has unveiled its 2025 GenAI Code Security Report, revealing [17:23] schestowitz[TR2] critical security flaws in AI-generated code. The study analysed 80 [17:23] schestowitz[TR2] curated coding tasks across more than 100 large language models [17:23] schestowitz[TR2] (LLMs), revealing that while AI produces functional code, it [17:23] schestowitz[TR2] introduces security vulnerabilities in 45 per cent of cases. [17:23] schestowitz[TR2] The research shows that despite advances in AI-generated code and [17:23] schestowitz[TR2] the ability of LLMs to generate syntactically correct code, security [17:23] schestowitz[TR2] performance has not kept up, remaining unchanged over time. Another [17:23] schestowitz[TR2] concerning trend is that when presented with a choice between secure [17:23] schestowitz[TR2] and insecure coding methods, GenAI models opted for the insecure [17:23] schestowitz[TR2] option 45 per cent of the time. [17:23] schestowitz[TR2] Finding a large number of vulnerabilities is not the same as a [17:23] schestowitz[TR2] guarantee that all vulnerabilities will be found. "AI" can write code [17:23] schestowitz[TR2] and scan code for problems but that gives us no guarantee that it will [17:23] schestowitz[TR2] be always aware of problems in its output or input. [17:23] schestowitz[TR2] Some people are interested in this. They feed old versions of a [17:23] schestowitz[TR2] program with a well-known issue and test whether the LLM can actually [17:23] schestowitz[TR2] find it. There is no mention of tests of this kind by Anthropic in [17:23] schestowitz[TR2] the initial report. [17:23] schestowitz[TR2] Akira Urushibata [17:23] schestowitz[TR2] " [17:23] -TechBytesBot/#techbytes-Connection timed out after 10002 milliseconds ( status 0 @ https://lists.gnu.org/archive/html/libreplanet-discuss/2026-06/msg00020.html ) [17:23] -TechBytesBot/#techbytes-Project Glasswing: An initial update \ Anthropic [17:24] -TechBytesBot/#techbytes-www.eenewseurope.com | Report finds AI-generated code poses security risks ... [17:53] *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes [17:57] *psydroid2 has quit (Ping timeout: 2m30s) ● Jun 11 [18:55] *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes ● Jun 11 [21:00] schestowitz[TR2] Ill get organised and get those pictures onto gdrive and link it here.. [21:54] *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes ● Jun 11 [22:02] *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes ● Jun 11 [23:23] *psydroid2 (~psydroid@36imbvshpgubk.irc) has joined #techbytes [23:23] *psydroid2 has quit (Quit: KVIrc 5.2.10 Quasar http://www.kvirc.net/)