HackerTrans
TopNewTrendsCommentsPastAskShowJobs

er4hn

no profile record

comments

er4hn
·vor 23 Tagen·discuss
signull is more of an anonymous sh*tposter than a known industry insider, but I think this does capture the sama contribution to OpenAI very well. At least from an outsider who follows this stuff based on vibes.
er4hn
·vor 24 Tagen·discuss
I wonder how it compares to https://github.com/inkle/ink of Sorcery! and 80 days fame?
er4hn
·vor 2 Monaten·discuss
This page came about because of how long it took PQC to get standardized. This was a slow enough process that a whole slew of QKD vendors arose and sold a lot of products promising this as a solution to dealing with quantum computers and harvest now decrypt later attacks. Many of those products did not do a great job at actually preventing listening in on their lines since QKD is an ongoing field of research where new issues are routinely being discovered.
er4hn
·vor 5 Monaten·discuss
This must be what gwern meant when he said to write for AI.
er4hn
·vor 6 Monaten·discuss
Right, that's the same situation as fuzz testing today, which is why I compared it. I feel like you're gesturing towards "Attackers only need to get lucky once, defenders need to do a good job everytime" but a lot of the times when you apply techniques like fuzz testing it doesn't take a lot of effort to get good coverage. I suspect a similar situation will play out with LLM assisted attack generation. For higher value targets based on OSS, there's projects like Google Big Sleep to bring enhanced resources.
er4hn
·vor 6 Monaten·discuss
I think the author makes some interesting points, but I'm not that worried about this. These tools feel symmetric for defenders to use as well. There's an easy to see path that involves running "LLM Red Teams" in CI before merging code or major releases. The fact that it's a somewhat time expensive (I'm ignoring cost here on purpose) test makes it feel similar to fuzzing for where it would fit in a pipeline. New tools, new threats, new solutions.
er4hn
·vor 7 Monaten·discuss
It's clear, from watching Russia fail to be completely sanctioned that this is not watertight. The question I have is: have these sanctions added a money laundering tax to doing business? How much? What is the cost of enforcing the sanctions vs the added cost and is that worth it?

I don't know if this has been explored, bit I think it's an interesting follow on to "all or nothing" watertight sanctions.
er4hn
·vor 7 Monaten·discuss
In theory it prevents failures of the allocator that would allow reading uninitialized memory, which isn't really a thing in Go.

In practice it provides a straightforward path to complying with government crypto certification requirements like FIPS 140 that were written with languages in mind where this is an issue.
er4hn
·vor 10 Monaten·discuss
Speaking (unofficially) as someone who works at one of the "other brands" that reeks of journalists having a bias.
er4hn
·vor 10 Monaten·discuss
Well the idea behind tokens is that they should be time and authZ limited. In most cases they are not so they degrade to a glorified static password.

Solutions like generating them live with a short lifetime, using solutions like oauth w/ proper scopes, biscuits that limit what they can do in detail, etc, all exist and are rarely used.
er4hn
·vor 10 Monaten·discuss
Not having redundant rails in case of breakdowns is something BART is well known for
er4hn
·vor 3 Jahren·discuss
“Nothing in this world can take the place of persistence. Talent will not; nothing is more common than unsuccessful people with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent. The slogan "press on" has solved and always will solve the problems of the human race” - Calvin Coolidge
er4hn
·vor 5 Jahren·discuss
It is worth noting that this is not an impossible problem. I'm not a js expert, and it seems that js loves imports, but Nix solves exactly this problem on Linux. You have, for each end binary, a set of dependencies. If they are exactly the same, they can be shared among programs, otherwise you would have different versions of the dependency, all the way down, per program.

It can be bloaty, and you have to manually look at and test packages if you want to get everyone on the same set of dependencies, but you end up with reproducible environments.
er4hn
·vor 5 Jahren·discuss
This makes it even better. Thank you for that insight!
er4hn
·vor 5 Jahren·discuss
> The user told the hackers to try depositing the stolen tokens without Tether, which the hackers did successfully and they deposited all the addresses into Curve. The hackers then sent the anonymous user about $45,000 worth of ethereum for their help.

Best part of the article is how an anonymous person helped the hackers launder their money and got a tip for it.