Toby Murray
@tobycmurray.bsky.social
Professor at University of Melbourne and School of Computing and Information Systems cyber lead; Director @dsi-vic.bsky.social; Oxford DPhil (@compscioxford.bsky.social; @hertfordcollege.bsky.social). Cyber, verification, etc. He/him
Andrew’s conclusions here are spot on, IMO, and should be instilled in every PhD student. This is especially true in computer science where PhD supervisors cannot physically check every single line of code that a student writes, yet experimental validity of hinges on code correctness
Getting nervous for the talk I'm about to give at a workshop about "using AI to drive impact" which features slides such as these.
November 6, 2025 at 11:44 PM
Andrew’s conclusions here are spot on, IMO, and should be instilled in every PhD student. This is especially true in computer science where PhD supervisors cannot physically check every single line of code that a student writes, yet experimental validity of hinges on code correctness
Is that a password on a post-it there?
The developers of Windows 95 look like a grunge band
November 4, 2025 at 8:40 PM
Is that a password on a post-it there?
Yes, but this same machine is also driving down the value of bullshit review articles to zero---where it should've been all along. In time it will likewise crater the value of papers that have no accompanying artifact aka reproduction package. 1/2
We created a machine that makes bullshit at scale and have effectively DDOS'd our information environment if not reality itself
This is why we can’t have nice things
November 2, 2025 at 10:12 PM
Yes, but this same machine is also driving down the value of bullshit review articles to zero---where it should've been all along. In time it will likewise crater the value of papers that have no accompanying artifact aka reproduction package. 1/2
Had my own “invisible gorilla” moment last night at the Oasis show in Melbourne. I was shocked to read the news reports this morning that a fan launched a flare into the crowd: not one of my family of four noticed it. Even more shocked to find it plain as day in the video my 11yo captured.
November 1, 2025 at 9:35 AM
Had my own “invisible gorilla” moment last night at the Oasis show in Melbourne. I was shocked to read the news reports this morning that a fan launched a flare into the crowd: not one of my family of four noticed it. Even more shocked to find it plain as day in the video my 11yo captured.
Canberra folks, is the same true your way?
DC friends: a reminder (seriously) that trick-or-treating at embassies is a thing, and can score interesting candy that’s sometimes not normally imported.
October 30, 2025 at 9:31 PM
Canberra folks, is the same true your way?
Thanks to the RAID’25 organisers, who invited me to speak. I had a wonderful time talking about our recent work on an alternative method for verified robustness for neural networks. (see verse.systems/blog/post/20...)
I couldn’t resist educating the younguns on “agents”
I couldn’t resist educating the younguns on “agents”
October 26, 2025 at 11:06 PM
Thanks to the RAID’25 organisers, who invited me to speak. I had a wonderful time talking about our recent work on an alternative method for verified robustness for neural networks. (see verse.systems/blog/post/20...)
I couldn’t resist educating the younguns on “agents”
I couldn’t resist educating the younguns on “agents”
Program verification methods aim to be scalable (able to reason about large programs), automatic (require little human input), and precise (reason about complex properties). Yet no method does all three. In fact, they form a "trilemma". See this very short post: verse.systems/blog/post/20...
October 22, 2025 at 11:26 AM
Program verification methods aim to be scalable (able to reason about large programs), automatic (require little human input), and precise (reason about complex properties). Yet no method does all three. In fact, they form a "trilemma". See this very short post: verse.systems/blog/post/20...
For anyone playing at home, in its 2008 invasion of Georgia, the Russian army used the Roki Tunnel (that links the two countries) as a key supply route. Georgia has also alleged that Russia used the tunnel to pre-position soldiers in Georgia ahead of the invasion.
October 17, 2025 at 10:00 PM
For anyone playing at home, in its 2008 invasion of Georgia, the Russian army used the Roki Tunnel (that links the two countries) as a key supply route. Georgia has also alleged that Russia used the tunnel to pre-position soldiers in Georgia ahead of the invasion.
Not contradicting you, but I’ve found LLMs to be a productive tool for learning intro level content in topics outside my expertise. Unlike a textbook I can say “tell me that another way”, “break that down for me”, or “isn’t there a connection between X and Y?”.
Even assuming one accepts LLMs as a specific, valid 'tool', tool-driven learning is a sure way to be Left Behind. Individual tools are inevitably superseded. Instead, foster the mind: the ultimate tool for any job. A well-nourished mind can always adapt to the task at hand.
Lots of people with money who want to make more are telling you this is a tool you have to learn or you'll be Left Behind but as with all tools, you can use your own brain and experience to decide if it's a thing that helps you do your job better and a thing you think is ethical.
October 16, 2025 at 7:28 AM
Not contradicting you, but I’ve found LLMs to be a productive tool for learning intro level content in topics outside my expertise. Unlike a textbook I can say “tell me that another way”, “break that down for me”, or “isn’t there a connection between X and Y?”.
I wonderful reminder that “trivial” need not mean “worthless”.
October 15, 2025 at 4:31 PM
I wonderful reminder that “trivial” need not mean “worthless”.
Reposted by Toby Murray
Computing @ Imperial are hiring four Ass. / Assoc. Profs! Priority areas:
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
Description
Please note that job descriptions are not exhaustive, and you may be asked to take on additional duties that align with the key responsibilities ment...
www.imperial.ac.uk
October 15, 2025 at 6:16 AM
Computing @ Imperial are hiring four Ass. / Assoc. Profs! Priority areas:
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
- PL
- Systems
- Security
- Software Eng.
- Computer Architecture
- Theoretical Computer Science
Applications from individuals from underrepresented groups especially welcome!
www.imperial.ac.uk/jobs/search-...
Reposted by Toby Murray
If you build it, they will come.
www.bbc.com/news/article...
www.bbc.com/news/article...
OpenAI boss says ChatGPT will soon allow erotica for verified adults
CEO Sam Altman says upcoming versions of the popular chatbot would enable it to behave in a more human-like way - "but only if you want it".
www.bbc.com
October 14, 2025 at 11:07 PM
If you build it, they will come.
www.bbc.com/news/article...
www.bbc.com/news/article...
Reposted by Toby Murray
You are an Early Career Researcher in #cybersec? Here is an opportunity: The AEC chairs of @USENIXSecurity '26 are looking for (self)nominations for the Artifact Evaluation Committee. Deadline: October 17th, 2025, so sign up soon!
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
October 10, 2025 at 10:16 AM
You are an Early Career Researcher in #cybersec? Here is an opportunity: The AEC chairs of @USENIXSecurity '26 are looking for (self)nominations for the Artifact Evaluation Committee. Deadline: October 17th, 2025, so sign up soon!
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
Reposted by Toby Murray
there's still great websites on the internet rouses.net
October 10, 2025 at 12:02 AM
there's still great websites on the internet rouses.net
It never fails to amaze and frustrate when it’s the companies pushing security products that fail the most basic tests of secure product development
PATCH YO' IVANTI...OH WAIT NVM
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
ZDI has publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Manager, including 12 RCE flaws and one local privilege escalation.
m.cje.io
October 10, 2025 at 12:59 AM
It never fails to amaze and frustrate when it’s the companies pushing security products that fail the most basic tests of secure product development
The latest chapter in the ANOM story, in which the FBI and AFP deployed a fake secure phone system to spy on organised crime. The Australian High Court has unanimously ruled the operation legal and data collected can be used as evidence in prosecutions www.abc.net.au/news/2025-10...
High Court endorses use of encrypted phone app to monitor crime figures
The High Court has ruled on the use of information gathered through the AN0M app, which was developed by the Australian Federal Police for surveillance.
www.abc.net.au
October 8, 2025 at 2:50 AM
The latest chapter in the ANOM story, in which the FBI and AFP deployed a fake secure phone system to spy on organised crime. The Australian High Court has unanimously ruled the operation legal and data collected can be used as evidence in prosecutions www.abc.net.au/news/2025-10...
This is a feature, not a bug. Rare events are, by definition, more informative than common ones.
October 7, 2025 at 11:30 PM
This is a feature, not a bug. Rare events are, by definition, more informative than common ones.
Reposted by Toby Murray
The deadline for my postdoc on scalable clinical decision support is closing in 1 week: 4 October (Australian Eastern standard Time). Please share with anyone that you think would be interested
I'm hiring again! Please share. I'm recruiting a postdoc research fellow in human-centred AI for scalable decision support. Join us to investigate how to balance scalability and human control in medical decision support. Closing date: 4 October (AEST).
uqtmiller.github.io/recruitment/
uqtmiller.github.io/recruitment/
Recruitment
uqtmiller.github.io
September 26, 2025 at 12:42 AM
The deadline for my postdoc on scalable clinical decision support is closing in 1 week: 4 October (Australian Eastern standard Time). Please share with anyone that you think would be interested
Reposted by Toby Murray
I wrote about Claude Code, which to my absolute astonishment is quite good at theorem proving. For people who don't know theorem proving, this is like spending your whole life building F1 engines and getting lapped by a Tesco's shopping trolley www.galois.com/articles/cla...
Claude Can (Sometimes) Prove It
www.galois.com
September 16, 2025 at 10:46 PM
I wrote about Claude Code, which to my absolute astonishment is quite good at theorem proving. For people who don't know theorem proving, this is like spending your whole life building F1 engines and getting lapped by a Tesco's shopping trolley www.galois.com/articles/cla...
Reposted by Toby Murray
I'm hiring again! Please share. I'm recruiting a postdoc research fellow in human-centred AI for scalable decision support. Join us to investigate how to balance scalability and human control in medical decision support. Closing date: 4 October (AEST).
uqtmiller.github.io/recruitment/
uqtmiller.github.io/recruitment/
Recruitment
uqtmiller.github.io
September 16, 2025 at 4:34 AM
I'm hiring again! Please share. I'm recruiting a postdoc research fellow in human-centred AI for scalable decision support. Join us to investigate how to balance scalability and human control in medical decision support. Closing date: 4 October (AEST).
uqtmiller.github.io/recruitment/
uqtmiller.github.io/recruitment/
Reposted by Toby Murray
My university is now on Bluesky 💙
Hello 👋
We're the official #UniMelb account!
Follow us for news, updates and information about UniMelb. For now, enjoy the blue skies over our Parkville campus 💙
We're the official #UniMelb account!
Follow us for news, updates and information about UniMelb. For now, enjoy the blue skies over our Parkville campus 💙
September 16, 2025 at 6:39 AM
My university is now on Bluesky 💙
Neat paper showing that automated bug fixing systems can be manipulated into introducing security flaws (eg. reverting CVE fixes) into your code. arxiv.org/pdf/2509.05372
arxiv.org
September 13, 2025 at 1:48 PM
Neat paper showing that automated bug fixing systems can be manipulated into introducing security flaws (eg. reverting CVE fixes) into your code. arxiv.org/pdf/2509.05372
You’d think that the car company run by the bloke who runs a rocket company would have learned from Apollo 1
🧵
1/ What is this photograph?
It's a custom-made mask fitted for a software engineer in northern Virginia who suffered third-degree burns on her face when the Tesla Model Y she was in crashed and caught on fire. A heroic crowd of bystanders could not open the doors
1/ What is this photograph?
It's a custom-made mask fitted for a software engineer in northern Virginia who suffered third-degree burns on her face when the Tesla Model Y she was in crashed and caught on fire. A heroic crowd of bystanders could not open the doors
September 12, 2025 at 7:13 AM
You’d think that the car company run by the bloke who runs a rocket company would have learned from Apollo 1
I’m hindsight it will seem obvious I think that perhaps the most under appreciated factor that kept memory safety so dangerous for so long was that no single company had control over the hardware, OS and compiler.
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: security.apple.com/blog/memory-...
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our adv...
security.apple.com
September 10, 2025 at 8:51 AM
I’m hindsight it will seem obvious I think that perhaps the most under appreciated factor that kept memory safety so dangerous for so long was that no single company had control over the hardware, OS and compiler.
Reposted by Toby Murray
My petition to the 🇦🇺 Australian government: make part-time PhD students' stipends tax exempt!
📋 Read and sign here: www.aph.gov.au/e-petitions/...
⏰ Deadline: October 1
📋 Read and sign here: www.aph.gov.au/e-petitions/...
⏰ Deadline: October 1
e-petitions
e-petitions
www.aph.gov.au
September 3, 2025 at 5:54 AM
My petition to the 🇦🇺 Australian government: make part-time PhD students' stipends tax exempt!
📋 Read and sign here: www.aph.gov.au/e-petitions/...
⏰ Deadline: October 1
📋 Read and sign here: www.aph.gov.au/e-petitions/...
⏰ Deadline: October 1