Port of Baltimore has limited reopening

Lots and lots of restrictions, but ships 60,000 tons or less and 30' draft will be able to pass through a new restricted channel into and out of the harbor.

Dad Joke CCCXIX

I just burned 2000 calories!

Next time I won't take a nap while the brownies are in the oven.

Efron Zimbalist, Sr. - Carmen Fantasie

Many of our readers are of an age to remember the actor Efron Zimbalist, Jr, who starred in "The F.B.I." among other TV shows (I particularly like 77 Sunset Strip), or his daughter Stephanie (star of "Remington Steele).  Few have ever heard of his father Efron Zimbalist, Sr. - who like Louis XIII was famous only for Louis XIV.  But he was a famous violinist in the early years of the 20th century and a prolific composer.

This recording is far from HiFi, but gives a flavor of his work.  I found it quite enjoyable.

Dad Joke CCCXVIII

Ice hockey is the coolest sport.

The scaffolding is coming down on Notre Dame de Paris

This is pretty cool.  I think this is the first time I've linmked to something from the "Today" show, but it is cool.

Remember the FISA renewal vote?

You know, the one today?  Guess what?

It's actually got new stuff in it - and you are now required to spy for Uncle Sam.

Yes, you. But fear not, Citizen: NSA no doubt will be responsible in how they use this.

Great

Just great:

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang – report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw.

"To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper.

"When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)."

A "Day Zero" vulnerability is a security bug for which there is no patch available.  "Day One" vulnerabilities are those where a patch is available but where it hasn't been applied yet.  It is considered industry best practice to patch high risk and critical security bugs within 30 days.  This may blow that out of the water.

This is pretty bad news.

 

Light posting

We have family visiting, so I've been busy taking grand kids to the beach.

Posting will be light for a couple more days.  Go check out the folks on the sidebar.