> to be have.

Meatbag spotted, get 'im boys.

I wonder how a MIP solver would fare in this?

They can also just not roll them over. That takes time, but it's a good % of holdings each year.

On x86/x64/variable instruction length architectures this isn't always the case. You can jump in middle of an instruction to get a different instruction. It can be used to obfuscate code.

When you're picking most likely tokens, you get least surprising tokens, ones with least entropy and least information per token.

A lot of software doing useful work halts pretty trivialy, consuming inputs and doing bounded computation on each of them. You're not going to recurse much in click handlers or keep making larger requests to handle the current one.

I was just very naive at 18 about program analysis. I haven't lost my imagination though. I was a self-taught IOI gold division competitor. I thought every problem had an algorithm. It doesn't work like that. Program analysis is collecting special snowflakes that melt in your hand. There is no end to the ways you can write a bug in C. Ghosts of Semmle, Semgrep, Coccinelle past, be humbled. LLMs saturate test coverage in a way no sane human would. I do not think they can catch all bugs because of the state space explosion though, but they will help all programmers get better testing. At the end of the day I believe language choice can obviate security bugs, and C/C++ is not easy or simple to secure.

If you start with safety in mind and don't just try to bolt it on, you're in a much better place. With the kind of code you need in typical applications you could force vast majority of it in a shape that passes termination checks in theorem provers without much overhead, especially if you can just put gnarly things in standard libarary and validate (with proofs hopefully) once.

Though starting with C/C++ is a losing proposition in that regard. And I guess any kind of discipline loses to just throwing half-baked javascript at wall, because deadlines don't care about bugs.

You've never seen the full power of static analysis, dynamic analysis, and test generation. The best examples were always silo'd, academic codebases. If they were combined, and matured, the results would be amazing. I wanted to do that back when I was in INFOSEC.

That doesn't even account for lightweight, formal methods. SPARK Ada, Jahob verification system with its many solvers, Design ny Contract, LLM's spitting this stuff out from human descriptions, type systems like Rust's, etc. Speed run (AI) producing those with unsafe stuff checked by the combo of tools I already described.

Silo’d, academic codebases are not under the kind of attacks that commodity software is

The silo'd codebases I was referring to are verification tools they produce. They're used to prevent attacks. Each tool has one or more capabilities others lack. If combined, they'd catch many problems.

Examples: KLEE test generator; combinatorial or path-bases testing; CPAChecker; race detectors for concurrency; SIF information flow control; symbolic execution; Why3 verifier which commercial tools already build on.

"Each lacks capabilities" is not a strong sell for "together they can catch most problems".

If you look from far enough, it becomes "Current world ⊨ I am typing right now" which becomes tautological again.

I wonder what's the EROI on building a tanker with 2% chance of being hit each time. They hold a lot fuel, but making them can't be light on energy.

Oil going through Hormuz is 20%, not 80% of global supply. It's true that demand is pretty inelastic, but it's not like it can't be cut at all.

Who mentioned 80%?

During the 1973–74 Arab oil embargo, the disruption removed approximately 4.5 million barrels per day (mb/d) from the market, which constituted about 7% of the global oil supply at the time. This disruption significantly impacted global supplies.

20% is a lot more than 7%. This could be worse than 1973-74. As a 10year-old in 1973 I remember spending a lot of time in the backseat of the station wagon as we were waiting line line for gas.

For context, during the first COVID spring (March-June 2020) oil demand fell by 20%. Because nobody was driving or flying anywhere. That's what it took to cut 20%.

Yes, couldn't make either face masks or toilet paper during covid. Most people will find out how fragile everything is with idiot MBAs optimizing just-in-time for better quarterly reports!

Good! Then a much-needed correction in behavior will follow.

If the Covid shutdown didn't trigger this, what makes you think this time it's different?

To look at it another way, we're a lot more globalised than in the 1970s. Resources halfway across the planet that you never even knew you depended on can shut you down when they suddenly go away.

> Ressources can be diverted at a much quicker rate with a lot more agility.

That's completely incorrect.

Covid demonstrated that. We have optimized so strongly for profit (outsource everything, just in time inventory, etc.) that we have no robustness in the face of disruption. There are now single chokepoints everywhere.

Yes, we could retool. But nobody will retool without a check from somebody. Everybody will simply hold their breath waiting for the crisis to pass. Everybody held their breath for Covid; they will absolutely do so with the knowledge that the orange clown will disappear in two years.

We're going to find out how much agility exists in the system (under perturbation). In the meantime countries in Asia are scrambling for supply.

Globalization can run both ways. It can also create much more sensitivity to disruption as bets are placed in a system with a lot more moving parts.

Somebody probably has another virus in stock. /s

Until courts start ruling that copyright applies to LLM scrubbing I think we're all sadly shit out of luck.