No, it’s not volunteering, at least not anymore.

Subpoena is legal Latin for “under penalty,” because noncompliance with a subpoena carries a penalty.

Originally, it was an information request from the feds, and Reddit refused. Then they escalated to getting a grand jury subpoena (which means they got a bunch of normal citizens to agree that the information was relevant to a criminal investigation), so now noncompliance carries a penalty.

Reddit notified the users, who hired their own lawyers, who are resisting the subpoena and will litigate it to where they need a judge to decide whether Reddit will have to turn the information over.

That’s the process for these things, and we’re a couple steps in already.

According to your POV here, companies can claim whatever and it’s my job now to figure out if they are lying or to what extent.

No, the actual claims here, that describe specific bugs in specific software, can be evaluated. Even without whipping out a test environment to try to reproduce the results with your own proof of concept, you can read the text and evaluate whether the claims make sense on their face.

a broken clock is never right, reality momentarily aligns with it, which is a completely different thing

And that’s why the substance of a statement matters. I don’t believe in the supernatural, so if someone says “I’m a psychic and the missing girl on the news is in a shed near the water,” that doesn’t register with me at all. But if that person says “I’m a psychic and the missing girl is in a shed at 1234 Main Street” that raises eyebrows because it is easily falsifiable. And if the person says “I’m a psychic and the missing girl is in a shed, so I looked and found her and reported it to the cops, and here’s a cryptographic hash of my description of how I found her, which I’ll publish once the cops confirm she’s safe” that’s gonna be a much more serious statement. Even if I don’t believe that the person actually is a psychic, I can pay attention to how the whole thing played out because the person claims serious non-psychic validation of the results, and the results themselves are important entirely externally from the claim of whether psychics have powers.

This is a story about several cybersecurity vulnerabilities, some of which sound medium or high severity in very commonly used software. That’s important in itself, outside of AI mattering at all. And if they claim to have the receipts in a falsifiable way, that’s the kind of thing that shows a high degree of confidence in the genuineness of what was found.

I don’t give a shit about AI and I’m generally a skeptic of the future of any of these AI companies. But if someone uses AI tools to discover something new in the subjects that I do care about, like cybersecurity, then I’ll pay attention to the results and what they publish in that field.

This is really a corporate problem of their own making and their responsibility to fix. They have lied so much, I do not owe then a single iota of trust.

The statements can stand for themselves, evaluated on the merits of the claims, regardless of authorship. That’s how these things should work. Someone who has a great history of finding vulnerabilities still has to stand by each exploit/proof of concept they write, on its own merits. On the flip side, the corollary to the adage that a broken clock is still right twice a day is that you can’t just say “oh the broken clock said this so I can ignore it.”

Do you really think any of them would post something like “yeah, we found a vulnerability but it’s basically a typo that could not be seriously exploited”?

The blog post literally describes exactly that, for ffmpeg. And several of the other described vulnerabilities sound like they’re in that category of “here’s a bug but we didn’t find an exploit.”

Simply refusing to engage with these big claims just because of the source is an irresponsible way to approach cybersecurity.

even if the whole scenario is real, it may not have the intervention of Ai they are claiming

…who cares? If it’s a real bug and a real PR addressing the bug, why does authorship or methodology matter?

It’s just the ad hominem fallacy (or the close relative, appeal to authority). Let the actual substance stand and fall on its merits. Read the described vulnerabilities and exploits and decide whether you think those need to be patched and how critical/severe the bugs/vulnerabilities are.

And maybe your priorities are different from mine, but the core of the claim (we found some vulnerabilities) trigger a responsibility to address them (confirm and patch). I don’t care about marketing or corporate interests or whatever in those circumstances, I’m just focused on fixing problems that have been found.

Yes I understand, but I’m also putting the direct claims right there, not filtered through Anthropic’s PR or an article from the IT industry press interpreting those PR statements.

These are real CVEs that have actually been submitted to the code maintainers for both FOSS and closed source software that is foundational to the computing world. Some of them are published in this post. And many more are simply described with a hash of the full writeup indicating that they have it written out and are waiting for the patches to be applied. I’m especially interested in the Virtual Machine Monitor and the exploits for jumping out of browser sandboxes for “all major browsers.”

Some of the published CVEs in the blog post seem pretty serious, especially the FreeBSD remote root access for devices running NFS. The OpenBSD one is a critical DOS vector, and the FFMPEG one is just a bug that doesn’t seem to actually expose the software to any practical exploits but should still be patched.

But they’ve staked it out with their public disclosure of the hashes and a description of a few of the problems. These are big bold claims that are provided in a format that will be easily falsifiable in due time. And treating it as just marketing fluff ignores the shades of gray that actually apply to corporate claims.

The security blog writeup is here:

https://red.anthropic.com/2026/mythos-preview/

They’ve described several patched CVEs and disclosed the hashes of writeups that are currently undergoing the responsible disclosure process.

It lists quite a few, so I’ll be checking back when the vulnerabilities/exploits are patched and disclosed.

God I wish democracy meant that we could vote on decisions like this

You can! Only problem is that it’s one vote per dollar instead of one vote per person.

It sucks though, I agree - software should get more efficient over time, just like hardware does.

It generally does, for any given computing task, but the problem is that generally software adds more features over time, not least of which is supporting new hardware that hits the ecosystem.

What if license and copyright was washed by using an LLM to translate Claude into another language?

The law doesn’t allow you to launder copyright like that. That’s just a derivative work, which can be restricted by the copyright holder in the original. As an example, in fictional writing, distinct characters are copyrighted, and using an LLM to generate new works using those copyrighted characters would still be a derivative work that the original copyright owner would have the right to deny distribution.

So if you have a copyrighted codebase and you try to implement that codebase using some kind of transformation of that code, that’d still be a derivative work and infringe the original copyright.

Now if you have some kind of clean room implementation where you can show that it was written without copying the original code itself, only working to implement its functionality through documentation/reverse engineering how the code worked, you’d be able to escape out of calling it a derivative work and could distribute it without the original copyright holder’s permission (Compaq did this with the IBM BIOS to make unauthorized/unlicensed PC clones, and Google did this with the Java API to make Android without a license from Sun/Oracle and won at the Supreme Court).

Claude can’t be copyrighted because it’s a product of an LLM.

No, because Claude’s code is still created by humans with the assistance of non-human tools. There’s a spectrum from spelling correction and tab completion in IDEs all the way to full vibe coding with a prompt describing the raw functionality (where the prompt is so uncreative that it isn’t itself copyrightable). Anthropic has never claimed that there was no human in the loop, or that the prompts it uses are so uncreative and purely functional so that the outputs aren’t copyrightable.

Unless it can be paper thin this does not look better than magnetic tape.

As the article explains, the whole purpose here is to be able to store data on a medium that can endure harsh conditions, including heat, moisture, radiation, and physical abrasion. The company’s website claims the medium can retain data for 5000 years without power, and is water and fire resistant.

I reckon you could scratch it pretty easily.

The underlying ceramic film is already used for protecting tools like drill bits and saw blades from physical damage, which is why it was chosen for this project. They already found one of the most durable materials in the world, and asked whether they could store data using that already-durable material.

With the current level of tech in a car, you’re already likely pushing 300GB in total.

The actual article (and the call it is reporting on, with statements from the CEO) says that 16GB is the average in new cars today. No need to make stuff up.

The targeted court cases are to argue that the previously passed legislation already covers these particular facts.

If the legislature passes a law that says “making false statements to another in order to obtain something of value is fraud,” you can expect litigation about the actual contours of what is or isn’t fraud.

Same with legislation against driving at an unsafe speed, causing a nuisance to your neighbors, discriminating against employees on the basis of sex, etc. Court cases decide the edge cases.

If the legislature passes a law banning gambling outside of licensed institutions, and banning gambling for minors, you can expect litigation about what actually is or isn’t gambling.

This particular source seems sketchy, but the broader context supports the core of this story.

There was a report in January from TD Cowen that Oracle needed to free up cash as banks tightened up lending for data center deals, and that certain projects were on hold and in jeopardy of being canceled. That same report projected that Oracle might lay off 20,000 to 30,000 workers.

Then, just this last Friday, Bloomber reported that Oracle and OpenAI canceled their plans to expand their flagship data center in Texas as part of their $500 billion “Stargate” initiative. Here’s the Reuters article describing it at a high level, because the original report is paywalled.

So everyone is looking back at that January report and seeing the recent data center news as confirmation that Oracle wants to free up cash by laying off staff.

It might be possible to use separate accounts related to separate interests

That’s what people should do. And the natural consequence is that there is code switching, where people subtly use different jargon and references and writing style when talking to different audiences.

Nobody is gonna correlate my shitposts or joke comments to my work email, because the way I write in a professional environment is totally different from the way I write with my friends and family, or in casual contexts organized around different interests. Even between different friends, family, or colleagues, I have a sense of my audience, and my tone/style differs significantly for different people.

So at that point, if I have a Linux/technology account and a separate account for the sports I like and a separate account for the local things happening in my city, who’s going to be able to link them by their very different textual styles?

Reminds me of an AI tool that could identify authorship of articles with surprisingly high accuracy, and then they peeked under the hood and realized it was just looking for the author byline at the top of the article that says “By John Doe,” where it completely failed if the article didn’t explicitly say who the author was.

Because each sensor broadcasts a fixed unique ID, the same car can be recognized repeatedly without reading a license plate. This makes TPMS-based tracking cheaper, harder to detect, and more difficult to avoid than camera-based surveillance, and therefore a stronger privacy threat.

This seems like a real stretch.

Cameras and automated license plate recognition are absurdly cheap at this point. And cameras have much greater range and reliability than whatever wireless signal interception this is, which the researchers have said is effective up to 50 meters.

Meanwhile, from the office where I sit (which happens to be more than 50 meters above street level), I can see a highway and read the license plates of all the cars maybe 100-300m away. Plug in a cheap phone as a simple webcam and I can probably log all the license plates that drive by, maybe even correlate that to makes and models of vehicles for redundancy.

And who’s going to detect that I’ve got a cell phone camera pointed out of my office window, or that I’m running that type of image recognition on the phone?

Am I out of touch? No, it’s the lawyers and judges who are wrong.

Seriously though, these are the same people who made it so that you can own a piece of land, so whatever criticism you want to lob at that foundational role of who gets to say what the law is, it applies equally to all forms of property, a manmade concept to begin with.

A human can start off a process by their own design, but with the details implemented by phenomena not in their direct control, and still copyright the resulting work.

If I take a funnel full of paint and let it drip onto a canvas in a pattern caused by the movement of a pendulum, and incorporate random movement from wind on a windy day, how would you assign a “percentage” of human creation there? What about letting the hot desert sun melt some crayons into another canvas where I placed the crayons but didn’t control the drip pattern? What if I record some barking dogs but auto tune it into a melody? Or photograph the natural beauty of a wave crashing onto shore? These are all things that can be copyrighted, even if they’re inherently dependent on natural phenomena not in the artist’s control, because the process itself is initiated or captured or designed by a human author.

First of all, “Intellectual property[sic]” is a not a thing. There are copyrights, patents, trademarks, and trade secrets, but they are all significantly different from each other. Trying to lump them together under a single term is disingenuous at best, and using the word “property” in that term is biased loaded language.

You don’t get to redefine words like “property” or “intellectual property” how you see fit, completely untethered to the way the legal system uses those terms with specific meaning.

Intellectual property rights include all of those things, in the same way that copyright can include copyright over text or musical compositions or sound recordings or photographs or building architectures. But note that copyright over each of those types of media is subject to its own rights and rules, and you’ll need to apply the correct rules to the correct contexts. But it’s still useful to group similar concepts together, and have a name for the category. That’s why people refer to intellectual property.

A property right is a thing the owner is entitled to, and a natural right.

This is a naive take. Property rights are natural rights? No, property rights are defined by the legal system of whatever sovereign nation you’re in. And they’re limited by whatever rules of that legal system are.

If I own land in the U.S., I’m still required to pay taxes on it, and to enforce my property rights against adverse possession, lest I lose that property to the state or to a squatter. If I don’t record my ownership with the county recorder I might lose the property to someone else who comes along and records them buying it from the guy who sold it to me (and fraudulently sold it twice).

Property rights can be chopped up and distributed in different ways. I might own a house but rent it to a tenant and have a mortgage on it from the bank, each of whom will have certain rights over that land, despite me being the owner.

And property can apply to tangible things (a painting, a car), intangible things (a checking account balance at the bank, a certificateless share of stock in a corporation, a domain name registered with ICANN), and all sorts of concepts in between (the right to use a particular mailbox in a post office, an easement to use a driveway over my neighbor’s land, the right to use my name and image in a commercial, a futures contract that entitles me to take delivery of a whole bunch of wheat on a particular day at a particular time in the future). All of those are property, and recognized as property rights in U.S. law.

What copyright actually is, is a temporary monopoly granted at the whim of Congress. It’s a license, not a right.

Licenses are a right to do something. In fact, copyright owners assign licenses to others to use that intellectual property all the time.

And the copyright itself is not property over an idea. It’s the right to copy something specific that has already been fixed in a particular physical medium. If you come up with an idea for a melody, you don’t own the copyright until you write it down.

You’re just pretty far off base because you don’t understand how broad the word “property” is, and you don’t seem to want to examine just how man-made other forms of property are, and think that copyright is something special and different.

Motorola Mobility was spun off from Motorola in 2012 and sold to Google. Then Google sold it in 2014 to Lenovo, the Chinese company that had also previously bought IBM’s entire personal computer business.

Original Motorola, renamed Motorola Solutions, retained the rights to the Motorola name in everything except cell phones, and continued to manufacture radio and communications equipment and other signal processing equipment (including stuff like cable TV boxes). They remain a major contractor for militaries, law enforcement, and fire/EMS emergency responders.

If we’re talking about Motorola cell phones, we’re talking about the Chinese owned company, not the American owned company.

I have no idea why a thin client would need a 2.5Gbps NIC.

I know bandwidth isn’t latency but for a thin client having a rock solid network connection to the virtual desktop server is pretty important for the user interface. I’m guessing pushing video and animations can require pretty high data rates, too.