HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mahemm

no profile record

comments

mahemm
·hace 13 días·discuss
The tl;dr on why IO is important is you can just use (effectively) one program, but stuff different secrets inside them with a guarantee that no one can pull those secrets back out.

Cryptographers have proven that it's possible to use this as a primitive from which you can rebuild the rest of common cryptographic primitives (public encryption, symmetric encryption, etc). So--if it's possible to put this together it'll be a novel construction for every cryptographic primitive that also dodges some of the problems with key distribution and negotiation.
mahemm
·el mes pasado·discuss
It's interesting to see such ongoing strong jobs data in the face of unprecedentedly negative sentiment[1]. Not only do the numbers fail to look as bad as the sentiment, the numbers are actually fantastic and (AFAICT) fully uncorrelated with sentiment.

I've been thinking that this is basically a result of people being overexposed to aspirational lifestyle marketing influencers--even though they're doing better than ever, they're more aware than ever that others are doing even massively better. Since it's influencer marketing, they're seeing people do better in specific ways that appeal to them instead of just being passively aware that others are richer.

[1]: https://www.sca.isr.umich.edu/files/chicsh.pdf
mahemm
·hace 3 meses·discuss
I'm surprised y'all stopped at the personal finance layer. I've been thinking for awhile that LLMs would be really effective as personal financial advisers, and this kind of hookup (plus I guess another one for investment accounts?) seems like all that's needed to bootstrap reasoning.
mahemm
·hace 4 meses·discuss
Would you be comfortable using this same logic to invest most of your net worth in lottery tickets/betting on black in a casino? If not, I'd be curious to hear what is different in that for you.
mahemm
·hace 4 meses·discuss
My FAANG employer launched a service ~6 months ago that today seems millions of DAUs. This service was 100% vibe coded. This service was created 20x faster than the median launch, and had notably fewer issues than the median launch. If AI stopped improving today, it would be a technological leap equivalent to a new high-level language paradigm for us.
mahemm
·hace 9 meses·discuss
The property you're talking about (next bit unpredictability) is important for a CSPRNG, but it doesn't matter at all for a PRNG. A PRNG just needs to be fast and have a uniform output. LCGs, for instance, do not have next bit unpredictability and are a perfectly fine class of PRNG.
mahemm
·hace 9 meses·discuss
What game is played? To me it seems pretty straightforward that for both the actual caloric content is ~0.
mahemm
·hace 9 meses·discuss
To me this is completely unrelated to the quality of the PRNG, because security is explicitly a non-goal of the design. A general-purpose non-cryptographically secure PRNG is evaluated primarily on speed and uniformity of output. Any other qualities can certainly be interesting, but they're orthogonal to (how I would evaluate) quality.
mahemm
·hace 9 meses·discuss
You replied to a claim that Telegram doesn't do E2EE for groups saying 'Neither does Whatsapp/Signal'.

That's wrong as `tptacek noted. If you meant something else, that wasn't clear.
mahemm
·el año pasado·discuss
Why not just read 64 bits off /dev/urandom and be done with it? All this additional complexity doesn't actually buy any "extra" randomness over this approach, and I'm skeptical that it improves speed either.
mahemm
·hace 2 años·discuss
Yep! We're lucky to be part of an org that's growing across a few teams, so there's several jobs up for the wider Stores AppSec umbrella
mahemm
·hace 2 años·discuss
Amazon | Full-time | Security Engineering/Management | Austin, TX | On-Site

I am hiring a new Application Security team in Austin to focus on making the highest-privilege applications in the non-AWS side of the company the planet's most secure.

This team will be joining a 9-month old effort to collaborate with developers of key apps on security assessment, architecture improvement, design and code review, and automation of the security process.

The pros of our team are technical excellence, a culture of sustainable work (we are working hard here, but strictly 9-5), the opportunity to have a significant influence on the security posture of the company as a whole, and the chance to hack on applications operating at a global scale, and low (1x/month) oncall expectations.

The cons of our team are moderate process debt (arising from our newness and some unexpected demand)and higher-than-normal ambiguity in tasks (we hold too many task definitions/bars in our head and haven't written them down yet).

Please apply to these roles through the links below:

* Security Engineering Manager: https://www.amazon.jobs/en/jobs/2769965/security-engineering...

* Senior Security Engineer: https://www.amazon.jobs/en/jobs/2778970/senior-security-engi...

* Security Engineer: https://www.amazon.jobs/en/jobs/2777245/security-engineer-ii...

I'll check this post periodically and respond to any questions (concerning non-confidential info about this job) if people are interested.