HackerTrans
TopNewTrendsCommentsPastAskShowJobs

poorman

no profile record

Submissions

ECDSA.fail Blows Past Googles Classified Quantium Circuit

ecdsa.fail
2 points·by poorman·الشهر الماضي·0 comments

comments

poorman
·قبل شهرين·discuss
I wonder if this could be used to track location of the vehicle
poorman
·قبل شهرين·discuss
They acknowledged the bug. Screenshot and chargeback
poorman
·قبل 3 أشهر·discuss
Yeah I think there's a dependency issue going on there. Something isn't installed that needs to be.
poorman
·قبل 3 أشهر·discuss
If you are worried about a $300 solar panel you are not going to like the cost of a Mac Studio M3 Ultra 512 GB! haha
poorman
·قبل 3 أشهر·discuss
As one of the only people running a Mac Studio M3 Ultra with 512 GB of RAM on the network, I can tell you at sustained 100% GPU utilization I am measuring 250 watts max (at the power outlet). My solar panels are easily producing this. The power calculation goes away once you connect a solar panel. You can get a 400 watt solar panel on Amazon for $300.
poorman
·قبل 4 أشهر·discuss
Same. I installed Forgejo two months ago when Github wouldn't let me create agent accounts. It's been awesome. Any time I want a new feature I open my agent on the server and tell it to add the feature to Forgejo. Took all of 15 minutes for it to add a working Show/Hide "Viewed" files on the PR reviews.
poorman
·قبل 4 أشهر·discuss
I am going to say this for all the people thinking like this. This attitude will get you nowhere in life. It historically never has and in the future it never will.
poorman
·قبل 5 أشهر·discuss
I was just thinking about this project the other day. Seems we have a whole lot of unused compute (and now GPU). I wish someone would create a meaningful project like this to distribute AI training or something. Imagine underfunded AI researchers being able to distribute work to idle machines like SETI@home did.
poorman
·قبل 7 أشهر·discuss
GitLab has some code in their repo if you want to see how to do it.
poorman
·قبل 7 أشهر·discuss
All SVGs should be properly sanitized going into a backend and out of it and when rendered on a page.

Do you allow SVGs to be uploaded anywhere on your site? This is a PSA that you're probably at risk unless you can find the few hundred lines of code doing the sanitization.

Note to Ruby on Rails developers, your active storage uploaded SVGs are not sanitized by default.
poorman
·قبل 7 أشهر·discuss
This is huge. A lot of these are the underpinnings of modern computer science optimizations. The ACM programming competitions in college are some of my fondest memories!
poorman
·قبل 7 أشهر·discuss
I think that's a great idea! I just checked one of my larger projects and it 55% ConcurrentHashMap and 45% HashMap so I'd personally benefit from this plan.
poorman
·قبل 7 أشهر·discuss
In a concurrent environment, I wonder if the overhead of wrapping every API call with a synchronized would make this significantly slower than using ConcurrentHashMap.
poorman
·قبل 8 أشهر·discuss
RL is still widely used in the advertising industry. Don't let anyone tell you otherwise. When you have millions to billions of visits and you are trying to optimize an outcome RL is very good at that. Add in context with contextual multi-armed bandits and you have something very good at driving people towards purchasing.
poorman
·قبل 8 أشهر·discuss
It's likely that yes, you will end up with an alias that links you because of a cookie somewhere, or a finger print of the elliptic curve when do do a SSL handshake, or any number of other ways.

The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.

The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.
poorman
·قبل 9 أشهر·discuss
There is definitely a miss-alignment of incentives with the bug bounty platforms. You get a very large number of useless reports which tends to create a lot of noise. Then you have to sift through a ton of noise to once in a while get a serious report. So the platforms up-sell you on using their people to sift through the reports for you. Only these people do not have the domain knowledge expertise to understand your software and dig into the vulnerabilities.

If you want the top-teir "hackers" on the platforms to see your bug bounty program then you have to pay the up-charge for that too, so again miss-alignment of incentives.

The best thing you can do is have an extremely clear bug-bounty program detailing what is in scope and out of scope.

Lastly, I know it's difficult to manage but open source projects should also have a private vulnerability reporting mechanism set up. If you are using Github you can set up your repo with: https://docs.github.com/en/code-security/security-advisories...
poorman
·قبل 9 أشهر·discuss
Totally agree. I was just thinking that I wouldn't want this feature for Claude Code but for Codex right now it would be great! I can simply let tasks run in Codex and I know it's going to eventually do what I want. Where as with Claude Code I feel like I have to watch it like a hawk and interrupt it when it goes off the rails.
poorman
·قبل 9 أشهر·discuss
Stimulus and Hotwire are the "rails way" now. I've read the docs and they still confuse the hell out me. Seems like you're reinveting your own javascript components over and over again.

In my opinion Rails 8 + Intertia.js + React so much less "reinventing the wheel" (especially if you use shadcn components).
poorman
·قبل 9 أشهر·discuss
Here's the thing. They could have put up link to a git repository where others can follow along with the maintenance of this project, but here isn't one. There is a list of maintainers explicitly mentioned on this page but no link to the git repository. This leads me to think this project is not about the code but about the people.
poorman
·قبل 10 أشهر·discuss
I hope this all works out. I remember the day Oracle bought Sun Microsystems and the impact it had on the community and maintainers.