Skip to main content

Representative Line: A Specific Key

1 week 3 days ago

Today's anonymous submission isn't really a WTF, but it highlights the hardest problem in computer science: naming things.

For example, let's say you saw a method called handleRSAPrivateKeyGeneration. You'd likely assume that it generates an RSA private key. More specifically, it accepts a request for a private key and handles that request. It's right there in the name.

public String handleRSAPrivateKeyGeneration( @RequestParam(value = "algorithm", defaultValue = "EC") KeyAlgorithm algorithm,… )

Except this function accepts an algorithm as a parameter. That's not bad design; it makes sense to inject implementations like that. Though in this case, it looks like it's injecting a key that can be used to look up the actual implementation, which I like less, but I don't know the rest of the implementation, so we can let it slide.

So there's no WTF here. It's a badly named function that may not return an RSA key, but does return a valid cryptographic key. By default it generates an elliptic curve key. Presumably as an armored key, since it returns a String- and the armor usually supplies enough of a hint that consumers can infer the key type. Our submitter tells us that this function is part of a Java Spring controller, and returns a string because the result is displayed in a web page.

No WTF, but it does highlight how sometimes being too specific with your name can make the name less clear. handlePrivateKeyGeneration would be a better name, since we don't know exactly what kind of private key it's generating.

Names, as always, remain hard.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
Remy Porter

Trump Drops Restrictions On Anthropic's Mythos and Fable Models

1 week 3 days ago
The Trump administration has lifted export restrictions that forced Anthropic to shut off public access to its Mythos and Fable models. After weeks of talks, Secretary of Commerce Howard Lutnick said Anthropic "has agreed to proactively detect and address security risks associated with the models; to work diligently with the U.S. government on protocols and standards and releases for Mythos, Fable and future models; and to inform the US government of any malicious activity." Access is set to begin returning July 1. TechCrunch reports: Anthropic had already publicly pledged to do much of this voluntarily, months before the export rule existed. That's part of why cybersecurity experts were skeptical of the restrictions in the first place. To them, the ban looked less like a security fix and more like leverage, a way for the Trump administration to punish Anthropic for its executives' public criticism of how the government, and the president's political opponents, might use the technology. Mythos was originally made available to a select group of organizations beginning in April to allay concerns about its ability to identify and exploit vulnerabilities in software, while a version called Fable was released to the public in June with additional security guardrails. However, with Asian AI companies beginning to release their own AI models approaching Mythos-level capabilities -- among them Fugu and Tulonfeng -- the US government was under pressure to ease its restrictions on Anthropic to ensure that American AI could compete globally. Last week, Lutnick cleared Mythos to be released to select customers approved by the White House. OpenAI's latest models were also released to a group of organizations approved by the Trump team, instead of the public. The Trump administration's erratic approach to AI policymaking has left companies across the industry with little clarity about what will govern future model releases. An executive order issued in June that signaled a desire to review models ahead of release was criticized by influential analysts like Dean W. Ball, who recently started a policy position at OpenAI.

Read more of this story at Slashdot.

BeauHD