this post was submitted on 24 May 2026
19 points (91.3% liked)

TechTakes

2598 readers
84 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 3 years ago
MODERATORS
dgerard@awful.systems
19
Stubsack: weekly thread for sneers not worth an entire post, week ending 31st May 2026 (awful.systems)
submitted 3 weeks ago by BlueMonday1984@awful.systems to c/techtakes@awful.systems
272 comments fedilink hide all child comments
 

Want to wade into the sandy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid.

Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned so many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

you are viewing a single comment's thread
view the rest of the comments
[–] fiat_lux@lemmy.zip 15 points 3 weeks ago* (last edited 3 weeks ago) (12 children)

In the latest episode of "behold the power of Mythos" from The Hacker News - Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

I distilled it so you don't have to.

Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects.

That 10,000 count didn't even survive until paragraph 3.

Subsequent analysis of these [6202] vulnerability candidates has identified that 1,726 are valid true positives.

Ah fuck. 1726. But wait, a bad infographic has entered the ring!

23,019 potential vulnerability candidates

Ok now we're talking.

1,900 Reviewed by external security firms

Wait, what? Why those? Why only those?

1726 confirmed positive

You couldn't even cherry pick the valid ones?

467 reported to maintainers

Where did the other 1259 go? Maybe this other part of the flowchart will go better...

1,129 reported direct to maintainers by Anthropic, at their request (May contain false positives)

1129 + 467 = 1596 total reported to maintainers

Most of them just spammed at open source maintainers. Right. Maybe Anthropic's media release has the goods!

1,752 of those high- or critical-rated vulnerabilities have now been carefully assessed by one of six independent security research firms, or in a small number of cases by ourselves

Slightly lower than the 1900, but ok, whatever.

Of these, 90.6% (1,587) have proved to be valid true positives, and 62.4% (1,094) were confirmed as either high- or critical-severity

1587 is lower than the infographic's 1726 confirmed positives.... But 10% of 10000 high sev is still something, right?

On maintainers’ request, we sometimes disclose bugs directly, without further assessment. We’ve now reported 1,129 such unvetted bugs, of which Mythos Preview estimated that 175 were high- or critical-severity.

I'm sure those maintainers enjoyed that 16% high+ sec rate based on Mythos' own estimations. But wasn't that 1129 the bulk of your reports?

We estimate that we’ve disclosed 530 high- or critical-severity bugs to maintainers so far. There are a further 827 confirmed vulnerabilities (estimated as high- or critical-severity in the same manner) that we’re aiming to disclose as quickly as possible.

530 is only a third of the reports you made to maintainers...

65 of those have been given public advisories

The infographic says 88.

I'd ask if they were massaging their financials like they massaged 65 advisories, but we know they are.

23,019 potential vulnerability candidates of all severities, 65 advisories. If you printed the code out and drunkenly threw darts at it you'd probably hit the same level of accuracy.

[–] schnoopy@awful.systems 7 points 3 weeks ago

1 cve, 100 things that might have mattered.

2 orders of magnitude false positives doesn't sound like an efficient use of labour for finding vulnerabilities but that's just me.

load more comments (11 replies)