My favorite part of the paper is that the “attack” isn’t just exploiting a bug — it’s exploiting how different components interpret the same input. Modifying an executable as it’s loaded into memory is one example, but the deeper pattern is the mismatch.
What’s interesting about the malware in this post is that it goes one step further: instead of exploiting mismatches, it corrupts the computation itself — so every infected system agrees on the same wrong answer!
More broadly: any interpretive mismatch between components creates a failure surface. Sometimes it shows up as a bug, sometimes as an exploit primitive, sometimes as a testing blind spot. You see it everywhere — this paper, IDS vs OS, proxies vs backends, test vs prod, and now LLMs vs “guardrails.”
Fun HN moment for me: as I was about to post this, I noticed a reply from @tptacek himself. His 1998 paper with Newsham (IDS vs OS mismatches) was my first exposure to this idea — and in hindsight it nudged me toward infosec, the Atlanta scene, spam filtering (PG's bayesian stuff) and eventually YC.
The paper starts with this Einstein quote "Not everything that is counted counts and not everything that counts can be counted", which seems quite apt for the malware analyzed here :)
On a Mac, at least, the "correct combination of buttons" is trivial and easy to remember, even for someone like me who rarely uses em-dash. (But, I want to start using it more because I'm sick to death of people treating it as a scarlet letter.)
I second that. Hearing in the VASAviation video (linked by someone else in a nearby thread) the robotic voice announcing what it's doing, while it does a completely autonomous landing in an airport it autonomously decided on, with no possibility of fallback to or help from a human pilot, is one of these moments when we feel like we're living in the future promised by the so many sci-fi stories we've read as children.
I suspect cloning tech is out there and Dang(s) are one of the first successful iterations. I just dont get how there is seemingly no time off, no vacations, sick days etc. Talk about passion.
Other alternative is the image of pale guy with laptop on some beautiful beach or climbing some crazy peak. Same passion, just concentrated in 1 body.
I have just recently discovered Watts, but I think he may have agreed.
“Watts left formal Zen training in New York because the method of the teacher did not suit him. He was not ordained as a Zen monk, but he felt a need to find a vocational outlet for his philosophical inclinations. He entered Seabury-Western Theological Seminary, an Episcopal (Anglican) school in Evanston, Illinois, where he studied Christian scriptures, theology, and church history. He attempted to work out a blend of contemporary Christian worship, mystical Christianity, and Asian philosophy. Watts was awarded a master's degree in theology in response to his thesis, which he published as a popular edition under the title Behold the Spirit: A Study in the Necessity of Mystical Religion.
He later published Myth & Ritual in Christianity (1953), an eisegesis of traditional Roman Catholic doctrine and ritual in Buddhist terms. However, the pattern was set, in that Watts did not hide his dislike for religious outlooks that he decided were dour, guilt-ridden, or militantly proselytizing—no matter if they were found within Judaism, Christianity, Islam, Hinduism, or Buddhism.”
Thank you for the added context about his beliefs, as I am not too familiar with his works and was going off of what I read in the article.
I do not share his disdain though for the "dour, guilt-ridden, or militantly proselytizing" aspects of Christianity. This isn't really as much of an argument as it is a personal outlook: those attributes are what makes Christianity compelling to me, and why some eastern or agnostic forms of spiritualism feel hollow.
The "dour, guilt-ridden, or militantly proselytizing" are what make Christianity compelling for you? The first 2 I could see as personal choice but isn't "militantly" anything sorta anti-christian? (I'm an agnostic, so what do I know...)
Proselytizing, which is to say converting, in Christianity is seen as a positive, and to be “militantly proselytizing” is not meant as a literal “militant” but as “vigorous and active”. Christianity believes very much in exposing (and thus saving) as many souls to God as possible in a (naturally) non-violent way.
And the main way to proselytize in modern churches is via helping the less fortunate in local communities and with mission trips to third-world countries, which is certainly compelling.
I would appreciate you expounding on how those traits generate interest on your part. I think many people might find those rather off-putting - whether in an institution, a group, or a person.
I understand his critique of the stats, but I wonder if Mr. Bruenig disagrees with the author’s points of view.
In particular I wonder what he thinks would be best for his own kids. He seems to be, per wikipedia, married to a high-school friend (sweetheart?) for almost a decade with two kids.
While I do not think his personal actions have any bearing on the accuracy of his statistical critiques of the author, it does seem like his revealed preferences support the author’s points of view. I would be shocked if he believes the health of his marriage has no bearing on the overall wellbeing of his kids.
Regardless, I wish him and his wife a long and happy marriage, because I believe that would be the best outcome for both of them and their kids.
Causality, in all my experience of human relationships in real life, in books, even in movies, is rarely single factor, and often goes in both directions :)
A marriage certificate is not a 100% vaccine against what imho are the shared root causes of divorce and unhealthy home environments - like mutually incompatible or self-centered human beings (absence of love as a noun), lack of commitment (absence of love as a verb).
With or without marriage - partners with a shared world view do well if (a) both partners want happiness for the other as much as they want it for themselves and (b) both openly expect to be a good partners to each other for life, even as both partners inevitably change, grow, fall short, succeed, fail etc.
We don’t have to call (a) “love” and (b) “marriage”, but these remain the most common shared names for these concepts in many societies.*
IMHO though, since we are very much imperfect animals and social animals, society having a shared expectation that couples strive for (a) and (b) matters - and I would be willing to consider all the ways in which this can be done.
* - We also face the separate and important problem that we have harmful definitions of these words in some sub-sections of human society -
Like Matt, I am a supporter of the state providing a solid safety net on basic needs (food, health care, self-improvement, safety) to ALL its and pay for it by taxing the well-off citizens more than the average although unlike him, I would not describe myself as a socialist.
Marriage is many things, but amongst them, it is also a safety net for the children of that marriage. At its best, it brings the resources of two extended families and friend networks together to support the couple and the children. I wonder if Matt would agree with the view that Marriage is the most “atomic” form of socialism (which he seems to support)
> Marriage is many things, but amongst them, it is also a safety net for the children of that marriage. At its best, it brings the resources of two extended families and friend networks together to support the couple and the children
At its best, it is exactly the same in that regard as coparenting without marriage is at its best. Having had both married and unmarried parents in committed (also, in other cases, failed—both married and unmarried) relationships in my extended friends and family network, the degree of support I’ve seen them get doesn’t seem to be very different.
I would agree that it is the commitment that matters.
Where we may agree:
Social norms really do impact human behavior. Marriage is a social norm supporting long term commitment. In communities where it has been replaced with another social norm supporting commitment (eg my well-off friends in Europe), it has become less relevant.
I also posit that adults in committed coparenting relationships constitute a small minority of unmarried adults in America (vs. France for example where a majority of my friends with kids match your description).
Where we probably disagree:
In my observations of close friends in loving relationships with children, previously in loving marriages, are now divorced and in respectful and functional coparenting but not cohabitating relationships.
For a considerable amount of time, they are functionally single parents. In most cases parents and siblings of one ex-spouse are unlikely to want to support the other ex-spouse with in-person child support.
The bright exception to this rule seems to be divorced co-parents who live in close proximity or in one instance in the same duplex and are good friends.
Working hard to ensure you don’t repeat the mistakes of your parents already makes you a good parent - one who cares and strives.
I worry too, especially about the weaknesses I share with one of my parents. Occasionally though, I find that my inward focus on my concern about a mistake I might make causes me to focus less on my kid or his concerns in an important moment. Since I learned this, I try to be present enough to react to life while it’s happening, instead of ricocheting painful memories while life is happening!
The good news is that loving parents who strive to continuously do better serve as a good example for their kids, even when they fail. Life is hard and full of failures. Even when you fail, and even if you fail frequently, showing your kid that you’ll keep striving to do better - now that may be the most valuable lesson of them all.
Sincere question: my relatively non-aggressive-at-sales vet, whose office has beocome a bit more aggressive recently, said this month that my nearly 12 year old dog has had a tooth fracture for over a year - and it needs a $X,000 removal relatively soon, for which he would have to go under anaesthesia and stay the day.
Pup has been eating fine, and continues to eat fine, including relatively hard stuff (no bones or bully sticks but softer dental chews). He does have an accumulation of plaque on said tooth which indicates he favors the other side, and despite the hard pitch, I doubt the vet is lying about a fracture.
The literature online is very equivocal about whether tooth removal is needed and says some fractured teeth are fine and don't cause pain.
Any advice / information sources you trust on how to triage this situation?
I would consult with a few additional vets, perhaps some further out in the countryside and/or older.
You need to balance the quality of life of your dog, the cost, the change of death or other complications, along with alternative options (such as switching food when it gets worse).
Thanks. While steep, I’ll happily pay for the procedure if the risks are minimal and the impact on his quality of life is likely to be meaningfully positive.
Yeah, I'd be less inquisitive about price and more asking the other vets to "level with you on the risks".
And the risks may be acceptable, especially if it comes down to "dog continues to live with ever increasing pain" vs "99% chance of pain free vs 1% chance of peacefully passes away on the operating table".
My vet told me a lot of dogs have high pain thresholds and/or will hide their injuries, so they won't necessarily stop eating from mouth pain. He wasn't trying to upsell me, I was asking why my dog was avoiding food and wondering whether it could be a tooth problem (so unlikely to be the case).
That doesn't help much I know, just make sure you get advice from people you trust have a care about dog's quality of life.
In my experience not wanting to mask unless there is a meaningful sense of risk is a phenomenon equally strong in India (for example) and so I do not believe it has to do with the western propaganda.
If you visited India after the first wave, most people masked, enforced by the police - as they should have. Soon after the 2nd wave (which was bad but resulted in near-endemicity(?)) - after vaccines where widely available and well accepted in India -and to this day, you will see a vast vast majority in India don't mask. A visible minority mask everywhere and are not looked down upon or derided because of it. There is no meaningful propaganda either way right now.
> There is no meaningful propaganda either way right now.
In Europe, in some places, there is and it's sometimes more or less subtle. Local supermarket I go to has a sign "masking is no longer mandatory but it's okay to wear a mask if it makes you feel safer". Which is not how masks are supposed to work (we were told to mask to protect others) and it shouldn't be about feelings.
Meanwhile the cleaning cart station (that sprinkles cart bars with soap/disinfectant) is collecting dust in a corner. I think it would have been nice to keep that from the covid period. But no, we have to erase memories of it.
I think the "mask to protect others" message was a mistake. If you mask to protect yourself you can use a mask with an exhalation value, which is more comfortable. I suspect a lot of opposition to masks is from people who only tried valveless masks. And protecting yourself still indirectly protects others, because you can't infect others unless you are infected.
> Which is not how masks are supposed to work (we were told to mask to protect others)
A well fitting N95 / FFP2, or better, respirator mask protects the wearer to a large extent, even if others don't mask. The "protect the others" message was in 2020, when mostly only surgical masks were available.
I know. But we are talking about mandatory masks here and it only ever was about surgical masks in my country and bordering countries (except Hamburg at some point apparently). The sign is referring to those masks as well, which were the most common ones in circulation. The people who wrote the sign didn't have N95/FFP2 in mind when they wrote it.
What’s interesting about the malware in this post is that it goes one step further: instead of exploiting mismatches, it corrupts the computation itself — so every infected system agrees on the same wrong answer!
More broadly: any interpretive mismatch between components creates a failure surface. Sometimes it shows up as a bug, sometimes as an exploit primitive, sometimes as a testing blind spot. You see it everywhere — this paper, IDS vs OS, proxies vs backends, test vs prod, and now LLMs vs “guardrails.”
Fun HN moment for me: as I was about to post this, I noticed a reply from @tptacek himself. His 1998 paper with Newsham (IDS vs OS mismatches) was my first exposure to this idea — and in hindsight it nudged me toward infosec, the Atlanta scene, spam filtering (PG's bayesian stuff) and eventually YC.
https://users.ece.cmu.edu/~adrian/731-sp04/readings/Ptacek-N...
The paper starts with this Einstein quote "Not everything that is counted counts and not everything that counts can be counted", which seems quite apt for the malware analyzed here :)
reply