HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lima

8,794 karmajoined 10 years ago

comments

lima
·5 days ago·discuss
Even if you can't authenticate at the application level, it's still much better to encrypt/authenticate traffic on the wire (using a VPN or something like Tailscale) instead of 802.1x auth.
lima
·6 days ago·discuss
Non commercial licenses are not generally considered open source
lima
·8 days ago·discuss
Google solved credential phishing a long time ago using hardware tokens (gnubby - the predecessor to FIDO/U2F/Passkeys...).

There's other types of social engineering, but phishing is mostly an engineering issue.
lima
·8 days ago·discuss
Probably 802.1x, but it's easy to bypass if you have access to an authorized device. This kind of authentication has to be done at the application level, treating the network as a perimeter doesn't work.
lima
·8 days ago·discuss
The company also should have restricted network access to the port in the conference room so that an unknown device like a Raspberry Pi could not make an Ethernet connection from that spot

Bad take - the actual problem is that there was a trusted network in the first place. This kind of network access control is trivial to bypass, and trusted devices can get compromised.
lima
·8 days ago·discuss
This. It's easy to forget that Postgres is fundamentally a single-node database without distributed transactions. It won't pass the Jepsen test suite with multiple nodes. DBOS, Temporal and friends inherit this limitation.

Something like Restate actually implements distributed transactions.
lima
·9 days ago·discuss
[dead]
lima
·10 days ago·discuss
Gerrit's new UI comes pretty close, and it's also what Google uses for projects living outside of google3.

GitHub's PR review workflow is archaic in comparison, especially now that every page takes 2-3 seconds to load.
lima
·10 days ago·discuss
Don't worry, they accept PRs on that repo. They just merge them internally and then re-export them.

There are some variations, but this is generally the same with all open source projects which live in their internal monorepo, such as gVisor or Bazel.
lima
·last month·discuss
Yes it will, there's a clear purpose and the customer explicitly agrees.
lima
·last month·discuss
Fable on GCP requires accepting a 60-day retention policy: https://cloud.google.com/terms/advanced-ai-safety-addendum

I don't think it mentions sharing the data with third parties such as Anthropic?
lima
·last month·discuss
Higher IO latencies in HDs might actually make this attack easier - more contention means more bits of data.
lima
·2 months ago·discuss
Shor published multiple quantum algorithms, including one for discrete logarithms. The term is sometimes used interchangeably.

They're closely related, ECC and RSA are both instances of the hidden subgroup problem.
lima
·3 months ago·discuss
> How do you know the clanker respects the instruction not to search the internet?

You can't, but given that it's a previously unsolved problem, it doesn't seem relevant? (nor are the author's potential biases - the claims are easily verified independently)
lima
·4 months ago·discuss
We tried this, but the quota for Opus models defaults to 0 on VertexAI and quota increase requests are auto-rejected.

Any tips?
lima
·4 months ago·discuss
No, unless you count tricks which are explicitly against ToS
lima
·4 months ago·discuss
They use a buffer battery, it's quite feasible with that.
lima
·4 months ago·discuss
You can still use OpenCode with the Anthropic API.
lima
·4 months ago·discuss
Fun fact: In Germany, the civil courts will usually take the case anyways if it has merit, but the winner ends up paying for the whole lawsuit if they failed to make an effort to resolve the case before suing.
lima
·4 months ago·discuss
And Hungary is pretty much a rogue EU state - their government did go full authoritarian and is aligned with Russia.