alt.hn

5/1/2026 at 11:53:22 AM

NHS goes to war against open source

https://shkspr.mobi/blog/2026/05/nhs-goes-to-war-against-open-source/

by edent

5/1/2026 at 3:23:50 PM

I get that this was probably difficult because of timing and such, but I wish Anthropic had announced at least one vulnerability in a closed-source program as part of the Mythos announcement. Since all the vulnerabilities announced at that time were in OSS, I think this contributed to the perception that the coming wave of security-research automation is specifically for programs where the LLM can look at the source code. (Anthropic claims that Mythos found vulnerabilities in closed-source programs, but that none of them had been fully patched yet as of the announcement, so didn't say what they were.)

by ameliaquining

5/1/2026 at 9:42:05 PM

Did Mythos find vulnerabilities in programs Anthropic didn't have source for?

by leereeves

5/3/2026 at 9:56:31 AM

Yes, by reverse-engineering the stripped binaries: https://red.anthropic.com/2026/mythos-preview/#:~:text=The%2...

by ameliaquining

5/1/2026 at 4:37:15 PM

Is that "obscurity through insecurity"?

by extraduder_ire

5/1/2026 at 1:50:37 PM

Perhaps I'm being paranoid and should assume ignorance rather them malice, but I can't help but wonder if there was significant lobbying from companies providing healthcare software to make these repos closed-source.

I know nothing about the NHS, so I have no idea if this is plausible.

by yummybrainz

5/1/2026 at 2:47:15 PM

Not paranoia, that is entirely the case here.

by keepupnow

5/1/2026 at 5:17:36 PM

That almost how you spell "palantir"...

by FerretFred

5/1/2026 at 3:00:54 PM

The last things the capitalist powers that be want, is any sort of socialism. Profit > people, rather than People > profit.

Just a reminder - socialism does not necessarily imply communism, and and implementation of communism thus far has been extremely corrupt.

I lived the in the UK for a couple of years in the early 2000's, the NHS was awesome. It's now a shallow shell of its former self.

Australia where I'm from is trying to imitate the privitisation of health, but my state-local for-profit hospital just went tits up and has been acquired by the government. Partially because a baby needlessly died because profit > caring about human lives, but it wasn't accountable and used tax havens etc. etc.

Fuckin' mess.

I feel for the the UK, because at their best, they probably had the best socialised healthcare system in the world (partly because their population size afforeded them access to medical equipment that other similar countries in Scandinavia etc. can't quite afford).

The US profit motive trumps well-being and healthcare tied to your employment just screws with our heads for most reasonable people. The people that need the help the most are denied it, whilst for the rich - it's built in.

by partomniscient

5/1/2026 at 12:03:53 PM

Like you say in the article, please make sure you mirror the repos back up to a public forge in the event that they’re closed.

I remember when I was at GDS back in 2016 a less-central team tried to make a repo private because of an security incident they decided not to prioritise, and they were surprised to find out that forks didn’t go private as well when they did it. Luckily they changed tack after a pointed conversation.

by robin_reala

5/1/2026 at 4:03:15 PM

So security through obscurity then.

by benj111

5/2/2026 at 2:24:23 PM

No it's confidentiality and integrity, and authentication. Which are pillars of the cia triad which you were taught in your 101 class.

by halJordan

5/1/2026 at 7:42:47 PM

To benefit from open source, you need to monitor external contributions. Which increasingly means going through mountains of LLM spam wasting everybody’s time. In a way, their approach makes sense.

by uncircle

5/1/2026 at 4:32:33 PM

Every secret service and military on the planet seems to think it's a valid tactic

by bcjdjsndon

5/1/2026 at 4:31:29 PM

> I've no idea what led to NHS England making this retrograde decision - so I've send a Freedom of Information request to find out.

Is he being naive here? They give explicit reasons for the change. I suspect the author is unaware of the wider picture here, he may be tech savvy but he does not know how to run a national health service and he's speaking way out of his comfort zone.

by bcjdjsndon

5/1/2026 at 4:51:05 PM

The author has this to say

> The majority of code repos published by the NHS are not meaningfully affected by any advance in security scanning. They're mostly data sets, internal tools, guidance, research tools, front-end design and the like. There is nothing in them which could realistically lead to a security incident.

Such repositories should not be closed due to a knee jerk reaction

by nextaccountic

5/1/2026 at 4:33:24 PM

Author is very much aware as author was a part of the organization and helped with the open sourcing efforts in the first place.

by skeledrew