Toby Murray
@tobycmurray.bsky.social
Professor at University of Melbourne and School of Computing and Information Systems cyber lead; Director @dsi-vic.bsky.social; Oxford DPhil (@compscioxford.bsky.social; @hertfordcollege.bsky.social). Cyber, verification, etc. He/him
Reposted by Toby Murray
I'm hiring again! 2 postdoc positions (3-years). Australian citizenship required.
Join my lab to research scalable human-centred AI for decision support in defence, balancing scalable decision support and human control in complex environments.
Details: uqtmiller.github.io/recruitment/
Join my lab to research scalable human-centred AI for decision support in defence, balancing scalable decision support and human control in complex environments.
Details: uqtmiller.github.io/recruitment/
Recruitment
uqtmiller.github.io
November 28, 2025 at 7:15 AM
I'm hiring again! 2 postdoc positions (3-years). Australian citizenship required.
Join my lab to research scalable human-centred AI for decision support in defence, balancing scalable decision support and human control in complex environments.
Details: uqtmiller.github.io/recruitment/
Join my lab to research scalable human-centred AI for decision support in defence, balancing scalable decision support and human control in complex environments.
Details: uqtmiller.github.io/recruitment/
This is super sensible and overdue. Where does one sign?
I’d also propose the following bits of hacklore misplaced advice:
- using Signal in place of iMessage or WhatsApp.
- having family “codewords” to detect when a scammer deepfakes your kids
I’d also propose the following bits of hacklore misplaced advice:
- using Signal in place of iMessage or WhatsApp.
- having family “codewords” to detect when a scammer deepfakes your kids
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 7:47 PM
This is super sensible and overdue. Where does one sign?
I’d also propose the following bits of hacklore misplaced advice:
- using Signal in place of iMessage or WhatsApp.
- having family “codewords” to detect when a scammer deepfakes your kids
I’d also propose the following bits of hacklore misplaced advice:
- using Signal in place of iMessage or WhatsApp.
- having family “codewords” to detect when a scammer deepfakes your kids
Thought-provoking piece from @alankohler.bsky.social including quoting @rodneyabrooks.bsky.social. www.abc.net.au/news/2025-11...
November 23, 2025 at 11:06 PM
Thought-provoking piece from @alankohler.bsky.social including quoting @rodneyabrooks.bsky.social. www.abc.net.au/news/2025-11...
Given they quoted Rivest, they really missed an opportunity to title this piece “Why Ronnie can’t decrypt”
And now we are famous: www.nytimes.com/2025/11/21/w... - congratulations to all colleagues who made the NYT (both through quotes, by playing a role, or by being on this picture)
November 22, 2025 at 7:52 AM
Given they quoted Rivest, they really missed an opportunity to title this piece “Why Ronnie can’t decrypt”
Big win for the UK
Kathleen Fisher is an inspired choice as the next ARIA CEO. And I was *just* reading her papers on PADS to send to @patrick.sirref.org as ideas for our time travelling shell! ariaresearch.substack.com/p/introducin...
Introducing ARIA’s next CEO
Kathleen Fisher will join us in February 2026.
ariaresearch.substack.com
November 21, 2025 at 12:48 AM
Big win for the UK
"Bibliometrics are to research assessment what diagnostic imaging is to medicine." Are you kidding me? When was the last time somebody optimised for the outcome of a medical imaging test? Bibliometrics create perverse incentives, unlike medical imaging tests for medical diagnosis.
“The debate between peer review and bibliometrics is too often framed as a battle.” No it isn’t. The most common framing is how to most responsibly combine quantitative & qualitative info in research assessment. This is a shallow & selective defence of the use of bibliometrics in RA.
Opinion: The case for metrics in research assessment is proven.
The question should be how best to combine measurements with peer review, says Giovanni Abramo.
www.researchprofessionalnews.com/rr-news-euro...
The question should be how best to combine measurements with peer review, says Giovanni Abramo.
www.researchprofessionalnews.com/rr-news-euro...
November 20, 2025 at 11:54 AM
"Bibliometrics are to research assessment what diagnostic imaging is to medicine." Are you kidding me? When was the last time somebody optimised for the outcome of a medical imaging test? Bibliometrics create perverse incentives, unlike medical imaging tests for medical diagnosis.
Reposted by Toby Murray
New piece w/ James Evans in Science explores what we call 'science after science', an era where our ability to control nature may exceed our ability to understand it; a new struggle to sustain curiosity & understanding under AI's predictive dominance. #ai #science
www.science.org/doi/10.1126/...
www.science.org/doi/10.1126/...
After science
Twenty-five years ago, Ted Chiang wrote a prescient science fiction short that began: “It has been 25 years since a report of original research was last submitted to our editors for publication, makin...
www.science.org
November 14, 2025 at 6:23 PM
New piece w/ James Evans in Science explores what we call 'science after science', an era where our ability to control nature may exceed our ability to understand it; a new struggle to sustain curiosity & understanding under AI's predictive dominance. #ai #science
www.science.org/doi/10.1126/...
www.science.org/doi/10.1126/...
I don’t miss Twitter, but I do miss being able to look at the list of trending topics and having the faintest clue what they might each be about
November 17, 2025 at 3:52 AM
I don’t miss Twitter, but I do miss being able to look at the list of trending topics and having the faintest clue what they might each be about
Andrew’s conclusions here are spot on, IMO, and should be instilled in every PhD student. This is especially true in computer science where PhD supervisors cannot physically check every single line of code that a student writes, yet experimental validity of hinges on code correctness
Getting nervous for the talk I'm about to give at a workshop about "using AI to drive impact" which features slides such as these.
November 6, 2025 at 11:44 PM
Andrew’s conclusions here are spot on, IMO, and should be instilled in every PhD student. This is especially true in computer science where PhD supervisors cannot physically check every single line of code that a student writes, yet experimental validity of hinges on code correctness
Is that a password on a post-it there?
The developers of Windows 95 look like a grunge band
November 4, 2025 at 8:40 PM
Is that a password on a post-it there?
Yes, but this same machine is also driving down the value of bullshit review articles to zero---where it should've been all along. In time it will likewise crater the value of papers that have no accompanying artifact aka reproduction package. 1/2
We created a machine that makes bullshit at scale and have effectively DDOS'd our information environment if not reality itself
This is why we can’t have nice things
November 2, 2025 at 10:12 PM
Yes, but this same machine is also driving down the value of bullshit review articles to zero---where it should've been all along. In time it will likewise crater the value of papers that have no accompanying artifact aka reproduction package. 1/2
Had my own “invisible gorilla” moment last night at the Oasis show in Melbourne. I was shocked to read the news reports this morning that a fan launched a flare into the crowd: not one of my family of four noticed it. Even more shocked to find it plain as day in the video my 11yo captured.
November 1, 2025 at 9:35 AM
Had my own “invisible gorilla” moment last night at the Oasis show in Melbourne. I was shocked to read the news reports this morning that a fan launched a flare into the crowd: not one of my family of four noticed it. Even more shocked to find it plain as day in the video my 11yo captured.
Canberra folks, is the same true your way?
DC friends: a reminder (seriously) that trick-or-treating at embassies is a thing, and can score interesting candy that’s sometimes not normally imported.
October 30, 2025 at 9:31 PM
Canberra folks, is the same true your way?
Thanks to the RAID’25 organisers, who invited me to speak. I had a wonderful time talking about our recent work on an alternative method for verified robustness for neural networks. (see verse.systems/blog/post/20...)
I couldn’t resist educating the younguns on “agents”
I couldn’t resist educating the younguns on “agents”
October 26, 2025 at 11:06 PM
Thanks to the RAID’25 organisers, who invited me to speak. I had a wonderful time talking about our recent work on an alternative method for verified robustness for neural networks. (see verse.systems/blog/post/20...)
I couldn’t resist educating the younguns on “agents”
I couldn’t resist educating the younguns on “agents”
Program verification methods aim to be scalable (able to reason about large programs), automatic (require little human input), and precise (reason about complex properties). Yet no method does all three. In fact, they form a "trilemma". See this very short post: verse.systems/blog/post/20...
October 22, 2025 at 11:26 AM
Program verification methods aim to be scalable (able to reason about large programs), automatic (require little human input), and precise (reason about complex properties). Yet no method does all three. In fact, they form a "trilemma". See this very short post: verse.systems/blog/post/20...
For anyone playing at home, in its 2008 invasion of Georgia, the Russian army used the Roki Tunnel (that links the two countries) as a key supply route. Georgia has also alleged that Russia used the tunnel to pre-position soldiers in Georgia ahead of the invasion.
October 17, 2025 at 10:00 PM
For anyone playing at home, in its 2008 invasion of Georgia, the Russian army used the Roki Tunnel (that links the two countries) as a key supply route. Georgia has also alleged that Russia used the tunnel to pre-position soldiers in Georgia ahead of the invasion.
Not contradicting you, but I’ve found LLMs to be a productive tool for learning intro level content in topics outside my expertise. Unlike a textbook I can say “tell me that another way”, “break that down for me”, or “isn’t there a connection between X and Y?”.
Even assuming one accepts LLMs as a specific, valid 'tool', tool-driven learning is a sure way to be Left Behind. Individual tools are inevitably superseded. Instead, foster the mind: the ultimate tool for any job. A well-nourished mind can always adapt to the task at hand.
Lots of people with money who want to make more are telling you this is a tool you have to learn or you'll be Left Behind but as with all tools, you can use your own brain and experience to decide if it's a thing that helps you do your job better and a thing you think is ethical.
October 16, 2025 at 7:28 AM
Not contradicting you, but I’ve found LLMs to be a productive tool for learning intro level content in topics outside my expertise. Unlike a textbook I can say “tell me that another way”, “break that down for me”, or “isn’t there a connection between X and Y?”.
I wonderful reminder that “trivial” need not mean “worthless”.
October 15, 2025 at 4:31 PM
I wonderful reminder that “trivial” need not mean “worthless”.
Reposted by Toby Murray
Computing @ Imperial are hiring four Ass. / Assoc. Profs! Priority areas:
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
Description
Please note that job descriptions are not exhaustive, and you may be asked to take on additional duties that align with the key responsibilities ment...
www.imperial.ac.uk
October 15, 2025 at 6:16 AM
Computing @ Imperial are hiring four Ass. / Assoc. Profs! Priority areas:
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
Reposted by Toby Murray
If you build it, they will come.
www.bbc.com/news/article...
www.bbc.com/news/article...
OpenAI boss says ChatGPT will soon allow erotica for verified adults
CEO Sam Altman says upcoming versions of the popular chatbot would enable it to behave in a more human-like way - "but only if you want it".
www.bbc.com
October 14, 2025 at 11:07 PM
If you build it, they will come.
www.bbc.com/news/article...
www.bbc.com/news/article...
Reposted by Toby Murray
You are an Early Career Researcher in #cybersec? Here is an opportunity: The AEC chairs of @USENIXSecurity '26 are looking for (self)nominations for the Artifact Evaluation Committee. Deadline: October 17th, 2025, so sign up soon!
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
October 10, 2025 at 10:16 AM
You are an Early Career Researcher in #cybersec? Here is an opportunity: The AEC chairs of @USENIXSecurity '26 are looking for (self)nominations for the Artifact Evaluation Committee. Deadline: October 17th, 2025, so sign up soon!
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
Reposted by Toby Murray
there's still great websites on the internet rouses.net
October 10, 2025 at 12:02 AM
there's still great websites on the internet rouses.net
It never fails to amaze and frustrate when it’s the companies pushing security products that fail the most basic tests of secure product development
PATCH YO' IVANTI...OH WAIT NVM
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
ZDI has publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Manager, including 12 RCE flaws and one local privilege escalation.
m.cje.io
October 10, 2025 at 12:59 AM
It never fails to amaze and frustrate when it’s the companies pushing security products that fail the most basic tests of secure product development
The latest chapter in the ANOM story, in which the FBI and AFP deployed a fake secure phone system to spy on organised crime. The Australian High Court has unanimously ruled the operation legal and data collected can be used as evidence in prosecutions www.abc.net.au/news/2025-10...
High Court endorses use of encrypted phone app to monitor crime figures
The High Court has ruled on the use of information gathered through the AN0M app, which was developed by the Australian Federal Police for surveillance.
www.abc.net.au
October 8, 2025 at 2:50 AM
The latest chapter in the ANOM story, in which the FBI and AFP deployed a fake secure phone system to spy on organised crime. The Australian High Court has unanimously ruled the operation legal and data collected can be used as evidence in prosecutions www.abc.net.au/news/2025-10...
This is a feature, not a bug. Rare events are, by definition, more informative than common ones.
October 7, 2025 at 11:30 PM
This is a feature, not a bug. Rare events are, by definition, more informative than common ones.