HackerTrans
TopNewTrendsCommentsPastAskShowJobs

coppsilgold

no profile record

comments

coppsilgold
·hace 8 días·discuss
And those types of schemes will never see the light of day, read what they are actually proposing to implement.
coppsilgold
·hace 8 días·discuss
Those schemes will never see the light of day, attribution is by design. Without attribution you will just see those tokens sold by the penny.
coppsilgold
·hace 10 días·discuss
With ZKP age verification, services will not be able to track you without help from the CA. The CA will not be able to track you without help from the services. Both will contain the necessary information in their databases that when combined deanonymize you. The CA is the central authority/certificate authority.

So you should assume the government can track you, because you should assume both will be streaming those identifiers to it.
coppsilgold
·hace 10 días·discuss
Unfortunately ZKP's aren't magic.

When not doing privacy oriented cryptocurrency (cough money laundering cough) with ZKP's, if you really want private verification you are in a position where a single actor can authenticate the entire world and no one will know it happened. And to prevent it you assemble the pieces necessary to deanonymize anyone.

Make no mistake. ZKP age verification, as proposed, will just require multiple parties to collude to figure out your identity.

They can't even implement ZKP for remote attestation due to the auth-the-world problem.
coppsilgold
·hace 10 días·discuss
> Exposing the socket directly to the sandbox is dangerous, e.g. it would let the sandbox record the host's microphone directly.

libpipewire-module-pipe-tunnel

also: <https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_req...>
coppsilgold
·hace 14 días·discuss
Properly configured (including strict seccomp) bwrap on its own will be sufficient 99% of the time. But ultimately you are at the mercy of the enormous kernel attack surface and the 0days that result from it.

If you do anything valuable and are compromised it may get brought to the attention of whoever organized the automated attack (ex. AI agent doing interesting proprietary work that installed something it shouldn't have, chat logs got uploaded and analyzed) and they will then sell you to someone with the 0days to extract more value from you. Assuming you didn't screw up and leave a back door open somewhere of course.
coppsilgold
·hace 15 días·discuss
There is something wrong with your setup.

I just tried:

    bwrap ... --ro-bind /run/user/1000/pipewire-0 /run/user/1000/pipewire-0 ... -- runsc ... do ... -- mpv podcast.mp3
Flawless playback. I think it's a default pipewire configuration.
coppsilgold
·hace 15 días·discuss
That's good to hear! Hopefully the passt approach you are pursuing will include the ability to use an existing passt socket and not just launch one for you.

Wayland is tricky because there are memory buffers being shared between the compositor and the client. crosvm (also by google) adopted 2 custom solutions to it of which one got merged into mainline.

Achieving audio passthrough is trivial as it's just a unix socket. `-host-uds=all`
coppsilgold
·hace 15 días·discuss
It just didn't seem fully baked yet, the 'do' subcommand works fine while the 'bwrap' alias has this problem: `bash: cannot set terminal process group (1): Not a tty`. When executing 'bash -li'. Also the EROFS feature of 'do' should probably be included in 'bwrap', it can be useful. Include overlay options.

Also some things you can do to make gvisor better are Wayland passthrough, vulkan support (or virtio native context). Being able to get gvisor to populate a network interface inside itself through a 'passt' (or 'containers/gvisor-tap-vsock') socket on the host would also be ergonomic. All of those are available on 'muvm' (based on libkrun) which if you have the time to set up is the next step in DIY sandboxing of graphical apps as well. See: <https://git.clan.lol/clan/munix>
coppsilgold
·hace 15 días·discuss
The simplest worthwhile DIY sandbox you can have is to layer two tools: bwrap and gvisor.

    bwrap args -- gvisor args do args -- /path/sandboxee args

bwrap will set up the environment and then gvisor elevates it into a true sandbox.

Standalone gvisor (not the 'do' subcommand) used to be a mess with the OCI json requirement, but recently they began work on presenting their own bwrap interface (likely to pursue AI agent uses) though I wouldn't use it myself yet.

People often look down on gvisor because they think it's some kind of syscall filter, it is not. It can use one of ptrace, seccomp or even KVM to intercept ALL syscalls and service them with it's own logic (which is in Go). Basically it's a VMM and kernel in one.
coppsilgold
·hace 21 días·discuss
Identity theft is a thing. And if you gate a desirable commodity behind an identity it will become even more of a thing. There are 100's of millions of identities to steal.
coppsilgold
·el mes pasado·discuss
Alpine is a good system for the boot/main rootfs because it's rock solid and has the most recent kernel. When glibc is required or when you just want to access the repositories of other distros you can unshare and pivot_root into the respective rootfs (using bubblewrap). There is also flatpak (uses bubblewrap internally).

You can also go the extra mile and use bubblewrap to initialize the desired mount environment and then enter a sandbox from it using virtualization (/dev/kvm). Some VMM's such as muvm[1] even allow for hardware acceleration and performant Wayland pass-through.

[1] <https://github.com/AsahiLinux/muvm>

This project aims to do exactly what I described but defaults to Nix: <https://git.clan.lol/clan/munix>
coppsilgold
·el mes pasado·discuss
I believe it's a great deal worse than that. All the metacognitive insight we do have may just be confabulation and we are fooled into believing that we have it because the process for conjuring it is good at finding a plausible answer.

When you read about and observe the split-brain patient experiments the appropriate response is abject horror at the implications.
coppsilgold
·el mes pasado·discuss
The Opus model as usual impresses. Gave it a paper link with bullet point instructions and constraints (while baiting it to perform some mind reading of my intentions) and it implemented production ready code + the requested attack simulations: <https://gist.github.com/coppsilgold/00d3cd490cb7f8ffc3fe5c1c...>

The subject is Tardos traitor-tracing codes.
coppsilgold
·hace 2 meses·discuss
I'm sure the frontier labs figured out very clever ways to leverage user input and actions as data for training and signals for RL. DeepSeek wants in on the game.
coppsilgold
·hace 2 meses·discuss


    > Almost all human traits are partly genetic and partly due to the environment and/or random. If you could change the world and reduce the amount of randomness, then of course heritability would go up.
There has been a lot of effort to determine systematic environmental factors that would influence things like intelligence and while it's easy to do harm (lead exposure) it's all but impossible to do any good.

It implies that the only environment that matters is either purely random (truly random accidents, circumstances) or non-systematic (results from non-linear interaction of environment and genes).

When stated that way it almost feels like a tautology because this is what genes exist to do in the first place. To control the interactions of their vessel and environment to the maximum degree. And from the perspective of an individual gene, all the other genes are part of the environment too.

    > There is no such thing as “true” heritability, independent of the contingent facts of our world.
It's uncomputable (need to run Monte Carlo simulations on a human life). All efforts are to approximate it.
coppsilgold
·hace 2 meses·discuss
I was actually curious about this myself back when everyone was chiming in about how it was physically impossible.

This is first and foremost an engineering problem as you need to design a system that will both tolerate high heat and be able to pump even more heat to the radiators. The high temperature seems to be the primary objective to design for unless launch costs become absurdly low.
coppsilgold
·hace 2 meses·discuss
Yes, with blind signatures you still have a central authority which voluntarily 'launders' tokens for you. When you present it your certificate and ask it to give you a blind signature it can reject the certificate.

However if someone extracts a key and keeps it private, and instead gives out unblinded tokens there is nothing you can do other than rate limit - realistically, an adversary is going to trial different rates anyway to figure out which don't make them an outlier.
coppsilgold
·hace 2 meses·discuss
If A adopts a Blind Signature scheme it implies A is cooperating in establishing privacy infrastructure. If A is so malicious that it would advertise a sound privacy system and then it immediately sabotages it that's a different matter...
coppsilgold
·hace 2 meses·discuss


    Content Decryption Module (CDM) in your browser or Mobile SDK generates the license challenge
<https://go.buydrm.com/thedrmblog/the-anatomy-of-a-multi-drm-...>

The "license challenge" (it might be a mistake I think it's supposed to be a license request) is just a packet (that can be saved and later sent to anywhere) and it contains the encrypted certificate which doubles as your HWID. An adversary needs to control the private key of the license "server" the challenge is for (this is a privacy measure introduced to prevent the CDM from offering the HWID to anyone who wants it). Now if you want the HWID you need to work for it (one time) by stealing a private key, bribing/blackmailing employees or issuing secret edicts ("here is a new license server we need a certificate for"). Working for Hollywood is also an option I suppose.

Pirates sacrifice devices when they publish ripped content due to the certificate being revoked after Hollywood downloads the torrent and by doing things like this:

    For large-scale per-viewer, implement a content identification strategy that allows you to trace back to specific clients, such as per-user session-based watermarking. With this approach, media is conditioned during transcoding and the origin serves a uniquely identifiable pattern of media segments to the end user.
<https://docs.aws.amazon.com/wellarchitected/latest/streaming...>