Boulder Future Salon

A variant of the infamous Petya/NotPetya ransomeware virus has been discovered that is capable of bypassing UEFI Secure Boot on outdated systems. Petya in 2016 encrypted the hard drives of Windows (NTFS) computers and demanded Bitcoin payment. In 2017, a variant was made that targeted a Ukrainian tax filing program. It infected Ukrainian banks, electricity companies, and all kinds of Ukrainian companies before it escaped to the rest of the world. It pretended to demand payment but actually just wiped the hard disks; there was no way to pay and actually get the data back. It is thought to have been created by the Russian GRU specifically to cyberattack Ukraine. It was named NotPetya to distinguish it from the original Petya. The new variant is being called HybridPetya. It exploits a vulnerability in old versions of UEFI Secure Boot. UEFI stands for "Unified Extensible Firmware Interface" and the "Secure Boot" portion of the specification specifies a procedure for digitally signing the operating system (or more specifically, the OS boot loader), and not allowing the computer to boot up if the digital signature check fails.

Unbeknownst to me, there's been an effort underway to make a version of C++ called "Safe C++". "The goal of this proposal is to advance a superset of C++ with a rigorously safe subset. Begin a new project, or take an existing one, and start writing safe code in C++. Code in the safe context exhibits the same strong safety guarantees as code written in Rust." However, the C++ Safety and Security working group voted to prioritize "Profiles", whatever that is, over Safe C++. So it looks like "Safe C++" is never going to happen.

"An advanced version of Gemini 2.5 Deep Think has achieved gold-medal level performance at the 2025 International Collegiate Programming Contest (ICPC) World Finals." "This milestone builds directly on Gemini 2.5 Deep Think's gold-medal win at the International Mathematical Olympiad (IMO) just two months ago." "The ICPC is globally recognized as the oldest, largest and most prestigious algorithmic programming competition at college level. This is a step up from high school level olympiads such as the IMO. Every year, participants from nearly 3000 universities and over 103 countries compete in solving real-world coding problems." "This year's world finals took place in Baku, Azerbaijan on September 4, and brought together the top teams from earlier phases of the competition. Over a five-hour period, each team tackled a set of complex algorithmic problems. Final rankings hinged on two unforgiving principles: only perfect solutions earned points, and every minute counted. From the 139 competing teams, only the top four teams won gold medals." "An advanced version of Gemini 2.5 Deep Think competed live in a remote online environment following ICPC rules, under the guidance of the competition organizers. It started 10 minutes after the human contestants and correctly solved 10 out of 12 problems, achieving gold-medal level performance under the same five-hour time constraint." "Gemini solved eight problems within just 45 minutes and two more problems within three hours, using a wide variety of advanced data structures and algorithms to generate its solutions. By solving 10 problems in a combined total time of 677 minutes, Gemini 2.5 Deep Think would be ranked in 2nd place overall, if compared with the university teams in the competition." "In an unprecedented moment, our model successfully and efficiently solved Problem C within the first half hour -- which no university teams in the contest solved."

SGS-1 is a generative AI model for CAD. "Today we are announcing SGS-1, a foundation model that can generate fully manufacturable and parametric 3D geometry." "Given an image or a 3D mesh, SGS-1 can generate CAD B-Rep parts in STEP format. Unlike all other existing generative models, SGS-1 outputs are accurate and can be edited easily in traditional CAD software." "SGS-1 can be used for real-world engineering tasks. In the below example, SGS-1 is used to design a bracket for a roller assembly from partial context and a text description." They go on to describe comparisons with the world's largest state-of-the-art "multimodal" models, such as GPT-5. These models "demonstrate a clear lack of spatial understanding, producing outputs that are unusable or too simple to actually be useful." "SGS-1 accurately represents the geometry and can be plugged into an assembly context, while the output from the large reasoning model is missing core spatial features." "With SGS-1, you can create new parametric geometry within your current assembly context. In this example, SGS-1 takes in a partial CAD assembly and a text description/image of a bracket, and produces a 3D design for a bracket that is feasible for the context." "First, render the partial assembly and come up with a text description of the parts you want to add..."

OSINT tracking of military vessels. "The US military is deploying significant airpower in the Caribbean one week after carrying out an airstrike on what it said was a boat operated by a Venezuelan drug cartel." "MQ-9 Reaper drones have been stationed in Puerto Rico, according to open-source imagery. The Pentagon is also planning to send F-35 Lightning II stealth fighters to the island, US officials said. Numerous C-17 Globemaster III cargo aircraft, as well as KC-135 Stratotanker and KC-46 Pegasus aerial refuelers, have also been flying to bases in the region." In case you're wondering, "the MQ-9B is a medium-to high-altitude, long-endurance hunterkiller remotely piloted aircraft, primarily tasked with eliminating time-critical and high-value targets in permissive environments", "the F-35 Lightning II is a multirole, stealthy, penetrating, all-weather fighter/attack family of tactical aircraft developed under the multinational Joint Strike Fighter program", "the KC-135 is an aerial tanker capable of simultaneous cargo and AE missions and has been the mainstay of the USAF tanker fleet for more than 60 years", and "the KC-46A is a heavily modified Boeing 767-200ER multirole passenger/cargo-tanker equipped with flying boom and probe/drogue refueling capability using the Wing Air Refueling Pod system." All of this is readily available from the explanatory pop-ups on the site. "The MQ-9s have been spotted at Rafael Hernández International Airport in Puerto Rico. That airfield is home to Coast Guard Air Station Borinquen, but the Coast Guard does not operate MQ-9s. "At least one Reaper was photographed on Sept. 4, and armed with what appeared to be Hellfire air-to-surface missiles, by the news agency Reuters."

"StemRad Radiation shield receives top marks in US Special Operations Command evaluation." Alright, if I ever need personal radiation protection, I know where to buy it. Although I have a funny feeling that if I ever realize I need personal radiation protection, it'll already be too late.

Volodymyr Zelenskyy, speaking before the UN, says the world needs global rules for use of AI in weapons. He doesn't elaborate on what these rules should be or how they should be enforced, but instead goes on to say it is cheaper to stop Russia now than to allow the AI weapons arms race to continue and have to protect every school, every piece of critical infrastructure, every port, and every ship from AI weapons.

Newsguard claims: "Despite a year of technical advancements in the AI industry, generative AI tools fail at a nearly doubled rate when it comes to one of the most basic tasks: distinguishing facts from falsehoods. The 10 leading AI tools repeated false information on topics in the news more than one third of the time -- 35 percent -- in August 2025, up from 18 percent in August 2024. When it comes to providing reliable information about current affairs, the industry's promises of safer, more reliable systems have not translated into real-world progress." "The increase reflects a structural tradeoff. As chatbots adopted real-time web searches, they moved away from declining to answer questions. Their non-response rates fell from 31 percent in August 2024 to 0 percent in August 2025."

"SWE-Bench Bash Only -- where models must fix real GitHub issues armed with just shell commands -- is one of the sharpest stress tests for agentic coding. Even the strongest models top out around 67% (Claude 4 Opus). That means on 1 in 3 issues -- or worse -- models fail." "To understand why, we ran Gemini 2.5 Pro, Claude Sonnet 4, and GPT-5 across the full SWE-bench suite, then had professional coders dissect every failed trajectory. One particularly revealing pattern emerged: spiraling hallucination loops, where small deviations from reality quickly spiral into disaster as models build further reasoning on shaky foundations." "Gemini encountered missing information early on. Instead of realizing, it filled in the gaps with assumptions and internal knowledge. These early inaccuracies quickly snowballed into hallucinated classes, methods, even fake terminal outputs. After dozens of turns and hundreds of lines of altered code, it gave up without a fix." "Claude made similar missteps early on. But when it crashed into runtime errors, it recognized the gap between its assumptions and reality, investigated more carefully, and eventually landed on the correct fix." "GPT-5 avoided hallucinations altogether. When it encountered missing context, it explicitly went back to re-check rather than guessing, and solved the problem on its first attempt." "Same task, three trajectories. One spiraled, one slipped and recovered, and one navigated cleanly. What separates them is how they handled missing information and whether they could tell the difference between ground truth (Seen), prior knowledge (Remembered), and unverified guesses (Guessed)." "The bug was simple: When writing an astropyTable to HTML, the formats argument in Table.write() is being ignored. Instead of applying custom column formatting like scientific notation, numbers are being dumped with full precision." "This problem isn't so much about how well models can write new code, it's about how well they can investigate and understand the structure of an existing codebase. In fact, the golden fix is just two lines: pass the columns to the data object and call _set_col_formats()." They go out of their way to say the point isn't ranking models, the point is understanding how models approach real-world problems, but I do think it's interesting that the largest model that also uses the most inference-time computing power -- GPT-5 -- did the best. I don't know why they used the less powerful Claude model, Sonnet 4, instead of Opus 4. Gemini 2.5 Pro is considered one of the best coding models, but maybe it is better at generating code from scratch than understand the structure of an existing codebase and modifying an existing codebase. This could all change by next week, the way these companies are always leapfrogging each other to have bragging rights for the world's best model.

If you'd asked me when humans began talking, I've heard that "humans" have existed as a species for somewhere between 200,000 and 300,000 years ago, so I would've guess sometime in that timeframe. But I found this podcast (from 2023 -- sorry for the lack of timeliness, but I just discovered this existed today) where a linguist (John McWhorter) recounts evidence that language goes back much further -- and that there may have been other species that had language -- species closely related to humans, namely neanderthals and homo erectus -- actually homo erectus isn't a separate species but a direct ancestor of us, homo sapiens. He cites evidence going progressively back in time, starting with caves, but it gets more interesting when he starts talking about genetics. Humans and neanderthals share genes related to language, and he highlights one in particular called FOXP2. Neanderthals were masterful hunters, suggesting they hunted in teams, which suggests they used language to plan. They also had rituals for the dead, which species without language (such as hyenas?) tend to not have. He then goes back to homo heidelbergensis (thought to be the last common ancestor between humans, neanderthals, and denisovans, though he does not mention this) who were hunter/gatherers who had carpentry 500,000 years ago. If the ability to make cave paintings 50,000 years ago counts as evidence a species (us) had language, carpentry 500,000 years ago ought to count, too. He then goes back to homo erectus. Homo erectus crossed "big water." Erectus did this a lot. Erectus got to Crete (an island in the eastern Mediterranean -- Greece is the closest modern country), and Secotra (off of Yemen -- actually you have to head off straight off into open ocean to find it -- it's in a different direction from the coast of Yemen to get to the horn of Africa, which is the modern-day country of Somalia). Erectus went from One Indonesian island to another. He cites Flores, an island that, while being part of a string of islands (the Lesser Sunda Island chain), he says the currents are "nasty", and that you have to teach people how to sail, you have to build the vessels, and travel to new places and settle them. "Were these people not talking?" he asks. He thinks they could talk. He pushes the date of the beginning of language back to 2 million years ago. The relevance of this to futurology (besides being interesting and different from what I thought), is that it challenges the notion of exponential change. We're so used to living in a world of exponential change and project this back into the past, and think that since the beginning of language, the exponential change trend that we are immersed in today began. At least that was kind of my thinking until recently. Now it looks like, actually, evolution invented language, and primates used it to survive as hunter/gatherers for millions of years, without exponential change. Exponential change began with the end of the last ice age, because that's when the agricultural revolution began. But even then, not really, until the invention of writing, which in this podcast, John McWhorter places at 5,500 years ago. But even then, not really until the invention of the printing press, which really kicked off the scientific revolution which ultimately led to the industrial revolution. We don't see exponential growth in the human population until the 1300s, and even then, not really until the 1800s when the industrial revolution really kicked in. Today, fertility rates are falling everywhere in the world, as if in anticipation of artificial intelligence taking over the planet. We see exponential growth in the capabilities of semiconductors and the sheer quantity of semiconductors on this planet. (Maybe you all are starting to see why I call semiconductors "solid state life".) The exponential growth has to stop at some point -- the laws of physics only allow semiconductors to get so small, and there are a limited number of atoms on this planet. So we are all living in a unique and anomalous period of exponential change.

An AI dashcam for truck drivers. It "combines more than ten distraction and drowsiness indicators. Among the inattention indicators the system tracks are head nodding or tilting, yawning, change in eye blink rate, long eyelid closures (indicating something called microsleeps), and gaze drifting from the road for extended periods (what happens when people text and drive). If a pedestrian enters the crosswalk and the driver is awake, alert, and not driving too fast, the system will remain silent under the assumption that the driver will slow down or stop so the person on foot can cross the street without incident. But if it notices that the driver is scrolling on their phone, it will sound an alarm -- and perhaps trigger a visual warning too -- in time to avoid causing injury." Apparently one of the keys to the system is not issuing "false positive" warnings or drivers get "alert fatigue" and start ignoring the alerts. Also note that it's not drivers, but supervisors, who pay for the system, and are the primary beneficiaries. Supervisors get notified when a driver is driving badly so supervisors can deal with them.

The TRLC-DK1 is "an open source dev kit for AI-native robotics." It includes all necessary parts, including robotic leader arm and cameras, takes about 2 hours to assemble, costs about $3,000, and connects with USB-C to Linux, MacOS, and Windows. Takes under a day to deploy reinforcement learning policies.

"Spotify peeved after 10,000 users sold data to build AI tools." Basically, about 10,000 Spotify users formed a "collective" to sell their data to make a better "Wrapped" feature, but Spotify's terms and conditions prohibits using any Spotify data for building machine learning or AI models. I wonder if it would actually be smarter for Spotify to just charge a reasonable licensing fee and let people have at it.

ARM says they have a new CPU for mobile devices for AI. They call it Lumex. "Up to 5x uplift in AI performance." "4.7x lower latency for speech-based workloads." "2.8x faster audio generation." Basically the idea here is, instead of adding a(nother) GPU to your phone for AI, to add instructions to the CPU. The new instruction set is called "SME2" (which stands for "Scalable Matrix Extension 2"), and provides new instructions for matrix multiplication and various other vector calculations, and built-in support for the "compressed, low-precision" floating-point number formats used in neural networks, especially neural networks "compressed" to run on mobile devices instead of on powerful machines in data centers.

"ChatGPT is calling the police on users". That's what sensationalistic headlines say, but what OpenAI actually said that is behind the headlines is: "When we detect users who are planning to harm others, we route their conversations to specialized pipelines where they are reviewed by a small team trained on our usage policies and who are authorized to take action, including banning accounts. If human reviewers determine that a case involves an imminent threat of serious physical harm to others, we may refer it to law enforcement." There is speculation this decision is in response to a news report of violence committed by a person who had an "AI psychosis" situation involving OpenAI's chatbot, but OpenAI does not mention any such thing in their blog post.

Today is Pythagorean Triple Square Day. Well sort of. You have to leave the "20" off "2025" and write it with the month first to get 09/16/25. Then each number is a "square" number, and the square roots are 3-4-5 which happen to be a Pythagorean triangle. If you keep the "2025", the article doesn't mention it but as luck would have it, 2025 is also a square number (it's 45 times 45). So it's still a square day, just not a Pythagorean square day, because 3-4-45 isn't a Pythagorean triangle. Also, the next year that's a square number is 46 times 46 which is 2116. I probably won't be alive that year.