#prog #article

Exceptions in Cranelift and Wasmtime

И немного о том, почему добавить поддержку исключений в уже существующий WASM-рантайм оказалось не самой тривиальной задачей

#prog #ml #cpp #article

Ревью вайб-кода с гнильцой, который притворяется оптимизированным С++ кодом

(от Андрея Карпова, который глава PVS-Studio)

#itsec #ml #suckassstory #article

The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic

Вы, вероятно, слышали в недавних новостях о модели Mythos от Anthropic и о том, насколько она хороша в поиске уязвимостей... Со слов самих Anthropic.

Эксперт по компьютерной безопасности Davi Ottenheimer решил проверить, насколько заявления о возможностях Mythos соответствуют правде.

TL;DR: даже собственный документ Anthropic даёт понять, что их инструмент, мягко говоря, не соответствует заявленным возможностям. Ниже мои отдельные цитаты, но я крайне рекомендую прочитать статью целиком.

I’ve been getting more and more curious about the risk from Anthropic’s Claude Mythos Preview. So I pulled the system card, a whoppingly inefficient 244-page document that devotes just seven pages to the claim that the model is too dangerous to release

The flagship demonstration of “unprecedented cyber capability” is in fact a model that weaponized two bugs that a different Anthropic model had already found, in software Mozilla had already patched, in a harness with the actual defenses turned off, where the “triage” step it performed is also performed by its predecessor.

The bugs Anthropic used to justify a $100 million consortium, eleven Fortune-100 partners, a “too dangerous to release” decision, and global headlines that “frightened the British” — an open-weights 3.6B-parameter model finds them too, for eleven cents per million tokens.

(^проверено в AISLE)

The Mythos system card tested the model against small-scale enterprise networks with no active defenses and the model succeeded. The same document tested the model against a properly configured sandbox with modern patches and the model failed.

Автор также утверждает, что Anthropic на волне хайпа отвоёвывает себе тёплое местечко под солнцем в обход существующих ограничений.

By withholding Mythos from general release and granting access only through the Glasswing consortium — Apple, Google, Microsoft, Amazon, Broadcom, Cisco, CrowdStrike, JPMorganChase, Nvidia, Palo Alto Networks, the Linux Foundation — Anthropic inserts itself as a de facto clearance-granting body for an “uplift” of vulnerability knowledge. Without a statutory basis. Without congressional oversight. Without FOIA exposure. Without a neutral arbiter. With a partner list drawn entirely from the largest incumbents in the industry it claims to be protecting.

<...>

That is not a safety posture. It’s regulatory capture dressed as restraint. And it is being constructed with no democratic input, in a legal vacuum, by a private company whose business model depends on selling access to the very capability it has declared too dangerous to release.

#game #article

Making a computer in Opus Magnum

Или, если быть точнее, вычитание восьмибитных чисел.

Спойлер: перевод вычислителей на логических вентилях в аналогичные конструкции в игре работает, но в данном контексте не оптимален

#prog #article

The Fifth Kind of Optimisation

A little while back I wrote about what I considered to be the four main kinds of optimisation:

<...>

However, none of this excuses the fact that I missed off a technique that, even when I wrote that post, I use frequently:

5. Use parallelisation.

Parallelism has long held promise but for a long time we couldn’t rely on hardware or programming languages when it came to parallel programming. I hope I’ve explained explain why I – and, I think, many other programmers – have consequently been afraid of exploiting parallelisation.

Nearly all those problems are now in the past and – finally! – we are starting to see somewhat widespread use of software that exploits the parallelisation potential of our hardware.

#prog #itsec #rust #article

Bugs Rust Won't Catch

In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that ships by default since 25.10. Most of them came out of an external audit commissioned ahead of the 26.04 LTS.

I read through the list and thought there’s a lot to learn from it.

What’s notable is that all of these bugs landed in a production Rust codebase, written by people who knew what they were doing, and none of them were caught by the borrow checker, clippy lints, or cargo audit.

<...>

If you write systems code in Rust, this is the most concentrated look at where Rust’s safety ends that you’ll likely find anywhere right now.

#article

The Self-Cancelling Subscription

Или как активация подписки автоматически прекращалась через пять минут и (спекуляция на тему) почему.

Спойлер: As a one-liner: "creation was synchronous, unlinking was async." A race condition!

От героя поста (cts)

#prog #article #abnormalprogramming #typescript

That's a Lot of Fish: PlaidCTF 2020

Статья про реверс-инжиниринг вот этого:

#prog #article #retroit #abnormalprogramming

Porting Mac OS X to the Nintendo Wii

Since its launch in 2007, the Wii has seen several operating systems ported to it: Linux, NetBSD, and most-recently, Windows NT. Today, Mac OS X joins that list.

In this post, I’ll share how I ported the first version of Mac OS X, 10.0 Cheetah, to the Nintendo Wii. If you’re not an operating systems expert or low-level engineer, you’re in good company; this project was all about learning and navigating countless “unknown unknowns”. Join me as we explore the Wii’s hardware, bootloader development, kernel patching, and writing drivers - and give the PowerPC versions of Mac OS X a new life on the Nintendo Wii.

#prog #rust #cpp #article

How (and why) we rewrote our production C++ frontend infrastructure in Rust

"Фронтенд" в данном случае означает прокси-сервер, если что.

“Should we convert our _ code to Rust?” is a question that comes up a lot. And a lot of the time the right answer is a pretty firm, “No.” So I thought it might be beneficial (and hopefully interesting) to walk through a case where the code involved was incredibly you-cannot-fuck-this-up business-critical and when we asked that question about it, we came back with a yes. Here’s what it was, how we got to that answer, and what we did about it.

The bottom line is that C++ has caused more than a few situations where we wanted to do something or add a feature and it’s just like… that’s a cool idea, but it’s just not worth the uphill battle against the language. And it was to the point where any change carries the risk of unforeseen consequences.