systems drift
24 posts
Trust does not carry forward
GPT55 hallucinated three times more than GLM52 on identical prompts. The cause is systemic: systems resolve references without revalidating their content.
When Broadcom bought VMware, Tesco moved 40,000 workloads
Tesco moving 40,000 workloads off VMware shows how systems execute on reference, not validation, and why inherited trust does not survive a change of owner.
A name is not trust
Package registries resolve a name to an artifact, not a source. When the party behind a trusted name changes, the system inherits trust it cannot verify.
Same commit, two builds, checksums that disagree
A commit hash guarantees the repository, not the software. How build pipelines resolve trust once at the reference and inherit it against changed content.
In January 2025, a hash passed for proof
The open reproduction of DeepSeek-R1 shows verification has no place inside the systems that consume model artifacts. Adoption ran on reference alone.
Your browser obeys someone else
Chrome disabling uBlock Origin was not a vendor choice to escape but a structure to see: software resolved by reference, executed without revalidating trust.
Silicon never saw the world
The Siloxane affair shows how industrial systems trust a sensor's address, not its truth, and execute on references that outlive the facts they certify.
Your supply chain isn't compromised. It's working.
Microsoft's open-source developer tools executed credential-stealing code through normal package resolution. The control plane never inspected what was returned.
Meta's chatbot worked exactly as designed.
Meta's AI chatbot enabled mass Instagram account takeover by resolving conversational framing into identity actions through sanctioned internal workflows.
The franchisee was always inside
The 7-Eleven franchisee leak shows how contractual trust boundaries drift from data scope, and how systems execute on reference rather than verification.
Six thousand fuel gauges answer every stranger
Six thousand exposed fuel gauges are not a vulnerability. They are a trust model that outlived the wire it was built on.
A handle, a token, a SYSTEM shell
MiniPlasma is not a kernel defect. It is the externally visible behaviour of a trust model that confuses reference with verification.