HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nurple

no profile record

Submissions

The SWE-Bench Illusion: When LLMs Remember Instead of Reason

arxiv.org
4 points·by nurple·vor 10 Monaten·0 comments

DNS SecURItY via Leet QueRieS [pdf]

astrolavos.gatech.edu
2 points·by nurple·vor 2 Jahren·1 comments

Avremu: An 8-Bit AVR Microcontroller Simulator Written in LaTeX

gitlab.brokenpipe.de
133 points·by nurple·vor 2 Jahren·19 comments

comments

nurple
·vor 2 Monaten·discuss
Don't forget user accounts!
nurple
·vor 2 Monaten·discuss
It's called "parallel construction".
nurple
·vor 2 Monaten·discuss
Yes! I run graphene, but still don't connect it to my android auto capable car.

The ability to control network connectivity for apps (and sensors) is really the killer feature for me. Maybe I'll give android auto a shot if I can figure out how to keep it from outside comms.
nurple
·vor 2 Monaten·discuss
Please provide a reference to the page that talks about the data that carplay collects. There are zero hits for "carplay" in that doc.

I have done extensive research into this, and Apple provide basically zero information about what information carplay collects about your vehicle.

Location data isn't the only kind of data that your car feeds to your device through the carplay connection.
nurple
·vor 2 Monaten·discuss
> Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB.

The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.

They are both very cagey with how they talk about this (or don't).
nurple
·vor 2 Monaten·discuss
Easy. One of the primary reason that I don't subscribe to any kind of news anymore is exactly because of all the advertising and the being owned by giant money and power concerns.

I would happily subscribe at a quite a bit higher rate for news orgs that go non-profit/co-op and nuke the ads, and I don't think I'm in the minority here.

Keep trying to do the same thing expecting a different outcome, and you know the rest of the story. I applaud this step and hope they push their differentiation as a people-aligned source of Utah news even further.

With how connected we are these days, what I'd really like to see is for them to make crowd-sourcing and discussion a systemic part of their processes and site/app. They can't be everywhere where news that's important to some is happening, but all of us together can.
nurple
·vor 3 Monaten·discuss
Yes, but promises are (unfortunately) _not_ monads!

https://rybicki.io/blog/2023/12/23/promises-arent-monads.htm...
nurple
·vor 3 Monaten·discuss
This is a really interesting space, and one that I've been playing with since the first GPTs landed. But it's even cooler than simply using completion choice to encode data. It has been mathematically proven that you can use LLMs to do stego that cannot be detected[0]. I'm more than positive that comments on social media are being used to build stego dead drops.

What I find really interesting about this approach is that it's one of the less obvious ways LLMs might be used by the general public to defend themselves against the LLM capabilities used by bad actors (like the more obvious LLMs making finding bugs easier is good for blackhats, but maybe better for whitehats), i.e semantic search.

The reasoning in my head being that it creates a statistical firewall that would preclude eaves-droppers with privileged access from being able to use cheap statistical methods to detect a hidden message (which is effectively what crypto _is_, ipso facto this is effectively undetectable crypto).

ETA, the abstract for a paper I've been working on related to this:

Mass surveillance systems have systematically eroded the practical security of private communication by eliminating channel entropy through universal collection and collapsing linguistic entropy through semantic indexing. We propose a protocol that reclaims these lost "bits of security" by using steganographic text generation as a transport layer for encrypted communication. Building on provably secure generative linguistic steganography (ADG), we introduce conversation context as implicit key material, per-message state ratcheting, and automated heartbeat exchanges to create a system where the security properties strengthen over time and legitimate users enjoy constant-cost communication while adversaries face costs that scale with the entire volume of global public text. We further describe how state-derived proofs can establish a novel form of Web of Trust where relationship depth is cryptographically verifiable. The result is a communication architecture that is structurally resistant to mass surveillance rather than merely computationally resistant.

0. https://arxiv.org/abs/2106.02011
nurple
·vor 7 Monaten·discuss
I agree with you, but I found the argument in this article that "glazing" could be considered a neurohack quite interesting: https://medium.com/@jeremyutley/stop-fighting-ai-glazing-a7c....
nurple
·vor 10 Monaten·discuss
Sounds like "we don't want you to have a portable abstraction between our platform and your automation". Also, their documentation directing users to reference github actions `@master` is classic fly...
nurple
·vor 11 Monaten·discuss
Neotree `close_if_last_window` config setting is helpful for this case.
nurple
·vor 11 Monaten·discuss
I've crashed an RC helicopter because of a similar software issue. Rotorflight is an OSS flight controller, and it has an internal mode for tracking if the vehicle is on the ground or not that isn't always quite accurate at the margins. If you're touching the ground and it's not in ground-handling mode, the I-term in the PID loop winds up really quickly (because the input isn't producing the expected rotation rate) and flips your model on its side.

Betaflight (flight controller for drones, which rotorflight is based on) has a similar function called "air mode" which is common to either disable or set to a switch for aerobatic drones so that they'll still have full rotation rates at zero throttle.
nurple
·vor 11 Monaten·discuss
The 787 had three such bugs, in 2015 it was found out if the plane wasn't restarted once every 248 days (2^31 100ths of a second), the AC generation system would shut off, even mid-flight[0].

In 2016 it was found that if the plane wasn't restarted once every 22 days the 3 flight computers could reboot simultaneously, also in mid-flight[1].

In 2020 it was found that if it wasn't restarted at least every 51 days that the stale data monitoring system, and the stall and overspeed horns all stop operating[2].

Some A350s also had an uptime-dependent fault found in 2019[3].

0: https://www.engadget.com/2015-05-01-boeing-787-dreamliner-so...

1: https://www.pcmag.com/news/boeing-787-dreamliner-bug-fix-req...

2: https://www.theregister.com/2020/04/02/boeing_787_power_cycl...

3: https://www.theregister.com/2019/07/25/a350_power_cycle_soft...
nurple
·letztes Jahr·discuss
My workstation seems fine:

  $ ls -R /{lib,usr,bin,sbin}
  ls: cannot access '/sbin': No such file or directory
  /bin:
  sh

  /lib:
  ld-linux.so.2

  /usr:
  bin

  /usr/bin:
  env
Oh right...

  $ ls -l /usr/bin/env
  lrwxrwxrwx 1 root root 65 Mar 21 23:39 /usr/bin/env -> 
  /nix/store/9m68vvhnsq5cpkskphgw84ikl9m6wjwp-coreutils-9.5/bin/env

  $ ldd /usr/bin/env 
        linux-vdso.so.1 (0x00007ffff7fc4000)
        libacl.so.1 => /nix/store/dyizbk50iglbibrbwbgw2mhgskwb6ham-acl-2.3.2/lib/libacl.so.1 (0x00007ffff7fb3000)
        libattr.so.1 => /nix/store/vlgwyb076hkz7yv96sjnj9msb1jn1ggz-attr-2.5.2/lib/libattr.so.1 (0x00007ffff7fab000)
        libgmp.so.10 => /nix/store/dsxb6qvi21bzy21c98kb71wfbdj4lmz7-gmp-with-cxx-6.3.0/lib/libgmp.so.10 (0x00007ffff7f06000)
        libc.so.6 => /nix/store/maxa3xhmxggrc5v2vc0c3pjb79hjlkp9-glibc-2.40-66/lib/libc.so.6 (0x00007ffff7d0e000)
        /nix/store/maxa3xhmxggrc5v2vc0c3pjb79hjlkp9-glibc-2.40-66/lib/ld-linux-x86-64.so.2 => 
        /nix/store/maxa3xhmxggrc5v2vc0c3pjb79hjlkp9-glibc-2.40-66/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fc6000)
nurple
·vor 2 Jahren·discuss
Thanks for writing this. It reminds me of Steve Job's commencement speech at Stanford.

> Again, you can’t connect the dots looking forward; you can only connect them looking backward. So you have to trust that the dots will somehow connect in your future. You have to trust in something — your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.
nurple
·vor 2 Jahren·discuss
I enjoyed his recent conversation with Lex, but I lost quite a bit of respect for his opinion on politics when he called the Cambridge Analytica scandal nonsense.
nurple
·vor 2 Jahren·discuss
Ah interesting, I haven't tried running it on k8s yet. Migrating my mail stack over to k8s has been on my todo list for a little while; should probably get around to it since dovecot and postfix have supported inet sockets for user/domain db and auth for ~12 years now.

Dovecot is really great, and a ton of stuff supports using it as a sasl auth backend (postfix being an important one). I made a simple facade service that feeds it and postfix from couchdb via its dict backend[0] and postfix's tcp_tables[1], then point everything at dovecot for auth. Couch document IDs map really well to email/user, domain, and sieve script lookups; helluva lot simpler than setting up and managing LDAP.

0. https://doc.dovecot.org/2.3/configuration_manual/dict/

1. https://www.postfix.org/tcp_table.5.html
nurple
·vor 2 Jahren·discuss
Not sure if you tried prosody[0], but I found it rather powerful and simple to configure, including multiuser chat(muc) and peering. It's written in lua and has a module system so it's easy to extend. In particular I used the dovecot auth module[1] so users could login with their email credentials and I could manage a single user repo.

0. https://prosody.im/

1. https://modules.prosody.im/mod_auth_dovecot
nurple
·vor 2 Jahren·discuss
Apparently, some DNS query implementations use an "0x20 bit encoding" to add additional random bits to the query ID for poisoning attack resistance.

I've been trying to track down a DNS latency issue in my network and noticed a device doing this and initially thought it was malware, but there is an RFC[0](though expired), and Google announced that they had implemented this for queries from their public DNS servers in 2023[1].

0. https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns...

1. https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M
nurple
·vor 2 Jahren·discuss
Yes! LEDs as photometers is something that you don't really see around much anymore, but it is really cool. Even an LED matrix can be used as a self-illuminating proximity sensor with the right setup.

https://www.youtube.com/watch?v=GaAtpAuNN_o