HackerLangs
TopNewTrendsCommentsPastAskShowJobs

cryptonector

11,569 karmajoined hace 14 años

Submissions

Lite^3, a JSON-compatible zero-copy serialization format

github.com
152 points·by cryptonector·hace 7 meses·37 comments

comments

cryptonector
·hace 4 días·discuss
> What needs a change?

> The fix is pretty straightforward: treat comment content as untrusted data, not as potential instructions. Comments should be passed to the model with clear role boundaries that prevent them from being interpreted as system-level directives.

If only prompt injection were that easy to defeat! Then YouTube would have done it already, I'm sure, among many others.
cryptonector
·hace 5 días·discuss
Uh, no, homes should not be airtight. You'd have a hard time closing exterior doors if they were, and anyways, houses need to be able to "breathe" to be able to keep humidity down (you don't want mold problems), oxygen up, CO2 down, etc.
cryptonector
·hace 5 días·discuss
I carry an Atmotube with me to monitor VOCs and particulates, but it also measures CO2 and NOX. It's small, and it easily attaches to a backpack or belt loop with a carabiner it comes with. The only thing it's missing is different running average time scales.
cryptonector
·hace 5 días·discuss
CDC _never_ goes away, that's for sure. Maybe just for replication to a logical replica, but you'll often need a sync from one system to another -- it just ends up happening.
cryptonector
·hace 5 días·discuss
No, GP is right to ask. SQLite3 for example has WITHOUT ROWIDS precisely because these INTEGER PRIMARY KEYs are a bit artificial and they add an index (by rowid) that you might not need, thus increasing your index count by one. If you have a table of users with unique usernames, then the username is the logical primary key, and what you should use indeed as the primary key, and you should use foreign keys with ON UPDATE CASCADE and ON DELETE CASCADE (though you should allow neither renames nor deletions of user accounts, but I'm not speaking more generally).

Now, in many cases it's super convenient to have 'internal' -integers, UUIDs- entity IDs. If you're building a graph database with an EAV schema, then it's especially convenient, and it might even be the only way since different kinds of entities might have different numbers and kinds of attributes as their unique keys, but you might still need to reference them from an EAV table.

GP's is a very good question and it should not have been downvoted. It's a great question to explore.
cryptonector
·hace 9 días·discuss
> 3) The administration decision making is just wacky. In a normal administration they'd have actual policy documents you could look at to understand under what circumstances they think models have a problem. With this they just seem to make it up as they go, and the tools they use make no sense at all. If it is dangerous for cyber security reasons why would export controls make sense to use?

LLMs only really took off almost entirely under this administration. No one knows quite how to regulate these things. It's not surprising that they would flail a bit. It seems to have been DoD people who did the flailing here, and apart from Hegseth, there might have been others who did the overreacting, possibly before him.
cryptonector
·hace 19 días·discuss
It probably won't. It will probably have to be a U.S. passport.
cryptonector
·hace 19 días·discuss
Person is terrible. The U.S. itself should provide this service.
cryptonector
·hace 24 días·discuss
Everything ASN.1-related! For 3GPP, SET, and other telco and fintech apps -- all the encoding rules like PER and OER, etc.
cryptonector
·hace 24 días·discuss
I've had to convince ChatGPT that code is mine before it would do a security review.
cryptonector
·hace 24 días·discuss
If you're heading home then he'll want to know where from. Oh, a restaurant? Did you have anything to drink? I smell alcohol! Step of the car please. That's one way it can go, and then he can say you were wobbly on your step and now it's a DUI. People have gone to prison for DUIs where they blew a 0.0. You really have to gauge whether the cop is having a bad day and taking it out on you, then figure out how to best respond. I've had very little experience with this, so I can't quite tell you, but you'd want a lawyer's response anyways.
cryptonector
·hace 24 días·discuss
Losing days is better than losing decades.
cryptonector
·hace 24 días·discuss
There is a reprise, too. In 2014 the SCOTUS weakened 5A rights significantly, so now you are best off asserting your 6A rights (i.e., say you won't talk without your lawyer present, and then really don't talk).
cryptonector
·hace 24 días·discuss
He also knows what to keep proprietary and monetize.
cryptonector
·hace 24 días·discuss
This so much.
cryptonector
·el mes pasado·discuss
This. But TFA was specifically concerned with the relational algebra, so I'm giving it a pass :)
cryptonector
·el mes pasado·discuss
The continuations in CPS are closures. Goto basically isn't. GCC's computed goto is, but generally when people say 'goto' they mean the traditional C goto, which involves no closures. The goto analogy is not great for this reason.

A better analogy is that continuations are reified function call return addresses, since return addresses come with a frame pointer (explicit or implicit), and therefore are closure-like.
cryptonector
·el mes pasado·discuss
The rejections over the years that I saw were not about design.
cryptonector
·el mes pasado·discuss
But corporate devices can boot any OS you might like.

Sure, they have MEs that maybe you can't disable, but you can firewall them.

Server kit is just not like consumer kit. Even laptops are [still, for now] a lot better than smartphones in this regard.
cryptonector
·el mes pasado·discuss
But some of that is nonsense and incorrect. You can very much use local variables, and you'll find tons of vfork()-using code that does that and calls plenty of async-signal-safe functions.

The real restrictions are:

  - you can't damage the function call frame
    of the caller of vfork(), thus you can't
    return from it

  - you may only call async-signal-safe
    functions on the child side of vfork()
That's basically it. Yes, you'll want to call execve(2) or _exit(2) before long, but there is no time limit as to that, it's just that the whole point of calling vfork() is to make it real cheap to spawn a process, which means ultimately calling execve(2), with _exit(2) being what you do if it execve(2) fails (e.g., because ENOENT).

There is a ton of vfork()-using code that adheres to these real restrictions and has been working fine for decades. That includes several posix_spawn() implementations, the C shell, etc.

I demand evidence that this part: "the behavior is undefined if the process created by vfork() either modifies any data other than a variable of type pid_t used to store the return value from vfork()" is remotely true. That evidence must be of the form of bug reports that were accepted and which stand to scrutiny.

I've never found any such evidence. Have you?

Meanwhile I have a proof by existence that vfork() is safe used much more liberally than you say it may be used.

> You can't use local variables, or call any functions other than _exit or execve.

There are other async-signal-safe functions, and they get used routinely by posix_spawn() and other code to do child-side setup before execve(2), including: I/O redirection, process group setup, signal handling changes, etc.