Stubsack: weekly thread for sneers not worth an entire post, week ending 5th April 2026 - awful.systems
awful.systems
Want to wade into the snowy sandy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid. Welcome to the Stubsack, your first port of call for learning fresh Awful youā€™ll near-instantly regret. Any awful.systems sub may be subsneered in this subthread, techtakes or no. If your sneer seems higher quality than you thought, feel free to cutā€™nā€™paste it into its own post ā€” thereā€™s no quota for posting and the bar really isnā€™t that high. > The post Xitter web has spawned so many ā€œesotericā€ right wing freaks, but thereā€™s no appropriate sneer-space for them. Iā€™m talking redscare-ish, reality challenged ā€œculture criticsā€ who write about everything but understand nothing. Iā€™m talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyā€™re inescapable at this point, yet I donā€™t see them mocked (as much as they should be) > > Like, there was one dude a while back who insisted that women couldnā€™t be surgeons because they didnā€™t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canā€™t escape them, I would love to sneer at them. (Credit and/or blame to David Gerard for starting this.)

Want to wade into the sandy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid.

Welcome to the Stubsack, your first port of call for learning fresh Awful youā€™ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cutā€™nā€™paste it into its own post ā€” thereā€™s no quota for posting and the bar really isnā€™t that high.

The post Xitter web has spawned so many ā€œesotericā€ right wing freaks, but thereā€™s no appropriate sneer-space for them. Iā€™m talking redscare-ish, reality challenged ā€œculture criticsā€ who write about everything but understand nothing. Iā€™m talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyā€™re inescapable at this point, yet I donā€™t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldnā€™t be surgeons because they didnā€™t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canā€™t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

  • scruiser@awful.systemsEnglish
    3Ā·
    1 month ago

    On a more productive note, this feels likely to be tied in with the usual issues of AI sycophancy re: false positive rate.

    I suspect this is the real limit. Claude Mythos might find real vulnerabilities, but if they are buried among loads of false positives it wonā€™t be that useful to black or white hat hackers and the endless tide of slop PRs and bug reports will keep coming.

    I tried looking through Anthropicā€™s ā€œpreviewā€ for a description of the false positive rateā€¦ they sort of beat around the bush as to how many false positives they had to sort out to find the real vulnerabilities they reported (even obliquely addressing the issue was better than I expected but still well short of the standard for a good industry-standard security report from what I understand).

    Theyā€™ve got one class of bugs they can apparently verify efficiently?

    Memory safety violations are particularly easy to verify. Tools like Address Sanitizer perfectly separate real bugs from hallucinations; as a result, when we tested Opus 4.6 and sent Firefox 112 bugs, every single one was confirmed to be a true positive.

    Itā€™s not clear from their preview if Claude was able to automatically use Address Sanitizer or not? Also not clear to me (Iā€™ve programmed with Python for the past ten years and havenā€™t touched C since my undergraduate days), maybe someone could explain, how likely is it that these bugs are actually exploitable and/or show up for users?

    Moving onā€¦

    This process means that we donā€™t flood maintainers with an unmanageable amount of new workā€”but the length of this process also means that fewer than 1% of the potential vulnerabilities weā€™ve discovered so far have been fully patched by their maintainers.

    So its good they arenā€™t just flooding maintainers with slop (and it means if they do publicly release mythos maintainers will get flooded with slop bug fixes), butā€¦ this makes me expect they have a really high false positive rate (especially if you rule minor code issues that donā€™t actually cause bugs or vulnerabilities as false positives).