this post was submitted on 20 May 2026
4 points (100.0% liked)

news

999 readers
20 users here now

A lightweight news hub to help decentralize the fediverse load: mirror and discuss headlines here so the giant instance communities aren’t a single choke-point.

Rules:

  1. Recent news articles only (past 30 days)
  2. Title must match the headline or neutrally describe the content
  3. Avoid duplicates & spam (search before posting; batch minor updates).
  4. Be civil; no hate or personal attacks.
  5. No link shorteners
  6. No entire article in the post body

founded 10 months ago
MODERATORS
dude@lemmings.world
4
Fears of unfettered hacking spurred by Anthropic's Mythos AI model overstated (www.reuters.com)
submitted 1 month ago by dude@lemmings.world to c/news@lemmings.world
2 comments fedilink hide all child comments
 

Archive link

you are viewing a single comment's thread
view the rest of the comments
[–] riskable@programming.dev 1 points 1 month ago

The article completely misses the problem that Mythos brought into the light: Business can't patch fast enough.

Example: Let's say you're running Kubuntu on your desktop and Mythos uncovers 1000 vulnerabilities in various open source packages. The maintainers of said packages will have a really busy few days putting together patches/fixes and then it'll be a few more days while Canonical packages up the new versions and updates the repos. Then everyone running Ubuntu (or derivatives) will get a really big package update and then the world will be mostly done with something like a "Mythos patch rush."

Now consider the same situation at a business where everyone's running Windows desktops. There's no central package manager and pushing out updated software is always an involved process. Most businesses have a mandatory one-week or even one-month waiting period before they apply any Windows updates because Microsoft has screwed them up so horribly so many times they can't be trusted.

Even if a business is using a 3rd party software management/deployment tool, they're all mostly manual things. That is, someone has to put that updated package into the system and mark it for immediate deployment/push. If there's 1000 packages that need to be updated, that's going to completely overwhelm most IT departments for quite some time.

...but this is just scratching the surface of the patching problem in the world of business! Most businesses have legacy software that they rely on that needs to be tested against the newer stuff that gets updated. This means they can't deploy any updates until that testing is done.

Sometimes that testing takes months. Sometimes it can take over a year! And then there's the nightmare scenario that's more common than you'd think: Vendors that won't let you update your shit until they have completed their testing.

Example: We have a vendor product at my employer that takes about six months to complete testing of any new version because it requires coordinating with over 100 teams (because the product interacts with their stuff). A new version can only be deployed after all those people sign off on it (saying that they tested their product against the new version and it worked as it should).

Businesses have pretty much learned how to deal with Windows updates by now, with all sorts of protections and back-out plans in place. Yet with all of that it still goes horribly wrong all the fucking time! Now imagine thousands of random software installed across your enterprise all needs the same treatment. Like... NOW.

They don't have enough IT people. Their IT architecture was never meant to handle this scenario!

TL;DR: Just use Linux and enable automatic updates! Make sure all your shit gets updated via the package manager too!