certificate
What is Windows Secure Boot? Here's what to know
PCWorld explains Windows Secure Boot as a critical security feature that acts like a checkpoint, verifying software before Windows loads to prevent bootkit malware infections. The 2011 Secure Boot certificates are expiring by 2026, requiring updates to 2023 certificates for continued protection against startup attacks and future Windows compatibility. Users should check the Windows Security app's Device Security section for warning indicators and update UEFI/BIOS if needed to maintain robust system security. Most people don't spend time thinking about Secure Boot.
When Is a Draft Accepted? A Theory of Acceptance in Speculative Decoding
Speculative decoding accelerates language model inference by using a fast drafter to propose candidate tokens that are then verified by a larger target model. Existing theory largely studies the stochastic, distribution-preserving setting, where the goal is to exactly sample from the target distribution. In contrast, many practical systems use greedy decoding, relaxed acceptance rules, or tree-based candidate sets, where success is governed by local ranking and threshold events rather than exact distributional equality. We develop a theory for these regimes. We identify that many common acceptance criteria have rejection regions that can be characterized as lower level sets of the target distribution. For these, we characterize the exact KL divergence required for rejection yielding exact certificates and sharp margin-based bounds for strict greedy decoding, additive and multiplicative relaxed acceptance, top-(m) relaxed criteria, and entropy-thresholded acceptance. We then extend the framework to greedy tree decoding, deriving exact and margin-only certificates for when the target greedy token remains covered by the drafter's top-(m) candidates. Finally, we evaluate the resulting certificates on Qwen3 models, showing that relaxed and tree-based criteria substantially enlarge the region of certified acceptance, especially on decoding steps with low target model distribution margin. These results complement existing distribution-preserving analyses of speculative decoding by characterizing the deterministic local acceptance events common in practical inference systems.
On Local Population-Risk Certificates
We develop finite-sample certificates for local population-risk increments \(Pδ_v=R(θ_0+v)-R(θ_0)\), \(v\in\mathcal D\). The primitive object is an expected-valid upper endpoint \(\widehat{\mathsf U}_{\mathcal D}\) satisfying \(\mathbb E\sup_{v\in\mathcal D} \{Pδ_v-\widehat{\mathsf U}_{\mathcal D}(v)\}\le0\). This uniform criterion certifies any measurable update selected from the same sample and allows penalties to depend on empirical geometry. The main construction is a cross-fitted ridge calibration for linear feature classes. A pilot fold learns the ridge metric, the complementary fold calibrates the squared mean error in that metric, and complete split averaging recovers the full empirical covariance in the directional quadratic form \(\widehat q_{X,λ}\). The optimized diagnostic scale is \(\{\widehat q_{X,λ}(h) \widehat r_{X,n_{\rm p},λ}^{\rm cf}/n\}^{1/2}\), and the calibrated trace factor \(\widehat r_{X,n_{\rm p},λ}^{\rm cf}\) is compared with the ordinary ridge effective dimension \(\widehat r_{X,λ}\). For nonsmooth losses, an exact fixed-mask decomposition \(δ_v=J_v^0+R_v^\circ+C_v\) separates frozen Taylor fluctuations, good-path remainders, and interface crossings. Applying the linear and composite certificates componentwise yields endpoints for same-sample expected local search and concentrated release rules.
ITSPACE: Monotone Gaussian Optimal Transport Updates
Covariance matrices serve as compact descriptors of feature distributions in many machine-learning pipelines, including domain adaptation and Gaussian embeddings. Under a centered Gaussian approximation, the unregularized Wasserstein-2 optimal-transport (OT) discrepancy admits a closed form on covariances given by the Bures-Wasserstein (BW) objective on the symmetric positive definite (SPD) cone. We propose ITSPACE (Iterative Transport for Stable Proximal Alignment of Covariance Embeddings), a proximal majorization-minimization method that directly optimizes this exact BW objective through closed-form updates in a square-root factorization. In exact arithmetic, each iteration satisfies a sufficient-decrease inequality for the BW objective; under inexact polar computations, we provide an explicit certificate-gap bound controlling deviations from exact descent. The resulting iterations preserve PSD structure by construction and naturally support rank-restricted factors, making ITSPACE well-suited as a lightweight inner-loop primitive in settings where adaptation must be performed from unlabeled target batches under strict step and compute budgets. Across real-world covariance-alignment benchmarks, ITSPACE reaches low-BW-gap solutions substantially faster than BW-gradient descent, methods based on other covariance geometries, and entropically regularized sample-OT baselines.
Windows updated Secure Boot just in time. Here's what happened
PCWorld reports Microsoft released the Secure Boot 2023 certificate update for Windows 10 and 11 just before original 2011 certificates expired in 2026. This critical security update prevents potential PC boot issues and maintains protection against rootkits and bootkits at startup. Users can verify their certificate status through Windows Settings, with green indicating success and red requiring BIOS updates from manufacturers. Microsoft just pushed the Secure Boot 2023 certificate update to all eligible Windows 11 and Windows 10 computers, just in time given that old certificates were due to expire today . It's a good thing, too, since your PC could face real problems without updated certificates .
Windows Secure Boot certificates expire tomorrow. Don't ignore this deadline
PCWorld reports that Windows Secure Boot certificates expire on June 24th, affecting both Windows 10 and 11 systems receiving security updates. Users must install latest Windows updates to receive new certificates, as failure to update could cause serious boot failures. While the deadline isn't a hard cutoff, enabling Secure Boot now ensures automatic updates and enhanced protection against malware. On June 24th--that's tomorrow, as of this writing--Windows users will run into an important deadline: new Secure Boot certificates must be installed on all systems that use Secure Boot, the security feature that protects against various threats at startup. The first warning about updated certificates was issued back in January .
Tight analyses of first-order methods with error feedback
Communication between agents often constitutes a major computational bottleneck in distributed learning. One of the most common mitigation strategies is to compress the information exchanged, thereby reducing communication overhead. To counteract the degradation in convergence associated with compressed communication, error feedback schemes--most notably EF and EF21--were introduced. In this work, we provide a tight analysis of both of these methods. Specifically, we find the Lyapunov function that yields the best possible convergence rate for each method--with matching lower bounds.
Kernel of Partition Paths: A Unified Representation for Tree Ensembles
A recent line of work has reframed individual decision trees as linear models on engineered features associated with their splits, opening routes for oracle inequalities and featureimportance reinterpretation, but leaving open the question of what unified geometric object a forest induces when one indexes its feature map by nodes rather than by splits. The present paper studies that object. KPP indexes the feature map by the nodes of the forest, weighted by a path metric that turns each coordinate into a component of a squared-Euclidean pathisometric embedding. KPP unifies four pillars under a single node-indexed representation whose Gram is non-diagonal and carries a metric: prediction, exact additive attribution, deterministic Lipschitz robust radius in the KPP metric, and uniform Rademacher risk bounds for regression and classification under fixed, honest, or cross-fit conditioning. All probabilistic guarantees are conditional on the representation and are stated under three explicit conditioning regimes; the robust-radius guarantee is deterministic in the KPP metric rather than in a norm on the raw input. Conjectured fast-rate refinements for both regression and classification are stated as open problems and are not claimed as theorems.
Let a Neural Network Be Your Invariant
Safety verification ensures that a system avoids undesired behaviour. Liveness complements safety, ensuring that the system also achieves its desired objectives. A complete specification of functional correctness must combine both safety and liveness. Proving with mathematical certainty that a system satisfies a safety property demands presenting an appropriate inductive invariant of the system, whereas proving liveness requires showing a measure of progress witnessed by a ranking function. Neural model checking has recently introduced a data-driven approach to the formal verification of reactive systems, albeit focusing on ranking functions and thus addressing liveness properties only.