HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mlissner

no profile record

Submissions

Use DuckDB-WASM to query TB of data in browser

lil.law.harvard.edu
237 points·by mlissner·hace 9 meses·62 comments

Firefox Profiles: Private, focused spaces for all the ways you browse

blog.mozilla.org
4 points·by mlissner·hace 9 meses·1 comments

Senator castigates federal judiciary for ignoring "basic cybersecurity"

arstechnica.com
4 points·by mlissner·hace 11 meses·0 comments

[untitled]

1 points·by mlissner·hace 2 años·0 comments

Mozilla adding AI features to Firefox nightly

blog.nightly.mozilla.org
3 points·by mlissner·hace 2 años·1 comments

comments

mlissner
·hace 7 meses·discuss
We’re familiar with vulnerability disclosure philosophies, but what if the problem can’t be fixed because there’s no forward secrecy for the hundreds of millions of documents that are already out there?

It’s tricky stuff and we have limited resources, unfortunately.
mlissner
·hace 7 meses·discuss
It’s a fine line. Most redactions are for the good, to protect someone or something. For example even in the Epstein files, where some redactions are being abused, most redactions are protecting victims.

If there’s a way to undo huge amounts of redactions, that’d certainly be a net negative. Sort of like if encryption were suddenly broken, you wouldn’t publish a paper saying so.

Our goal has always been to educate about the problem so that it can be addressed. We didn’t have resources to push on the font metrics approach, so we stayed mostly quiet about it.
mlissner
·hace 7 meses·discuss
Really depends on the length and predictability of the redaction, but yes. If it's short and contextually it's only likely to be either "yes" or "no", you've got it. If it's longer and could contain an unknown person's name along with some other words, well, that's harder.
mlissner
·hace 7 meses·discuss
No, we worked with researchers that developed that kind of system, but didn't broadcast our work b/c the research was too sensitive. Seems the cat is out the bag now though.

I think the combination of AI and font-metrics is going to be wild though. You ought to be able to make a system that can figure out likely words based on the unredacted ones and the redaction's size. I haven't seen any redaction system yet that protects against this.
mlissner
·hace 7 meses·discuss
Cool to see this here. It’s funny because we do so many huge, complex, multiyear projects at Free Law Project, but this is the most viral any of our work has ever gone!

Anyway, I made X-ray to analyze the millions of documents we have in CourtListener so that we can try to educate people about the issue.

The analysis was fun. We used S3 batch jobs to analyze millions of documents in a matter of minutes, but we haven’t done the hard part of looking at the results and reporting them out. One day.
mlissner
·hace 9 meses·discuss
OK, this is really neat: - S3 is really cheap static storage for files. - DuckDB is a database that uses S3 for its storage. - WASM lets you run binary (non-JS) code in your browser. - DuckDB-Wasm allows you to run a database in your browser.

Put all of that together, and you get a website that queries S3 with no backend at all. Amazing.
mlissner
·el año pasado·discuss
Maine's remote work program is an incredibly promising development to prevent recidivism. The amazing thing about it is that it gives real jobs to prisoners that they can seamlessly continue after they get out of prison. Normally when you get out, it's impossible to get a job, and the clock is ticking. This leads to desperation, which leads to bad behavior.

There is a real risk of exploitation, but if it's properly managed, remote work for prisoners is one of the most hopeful things I've heard about the prison system. It gives people purpose while there and an avenue to success once they're out.
mlissner
·el año pasado·discuss
OK, here's the first thing popping up in court about this. There's a motion to unseal search warrants filed by a security researcher at Stanford that was just filed:

https://www.courtlistener.com/docket/69834044/in-re-motion-t...

This doesn't mean there are search warrants, necessarily, but this case might be the next place something pops up. If anybody wants to follow the case, you can do so with this link. :

https://www.courtlistener.com/alert/docket/new/?pacer_case_i...
mlissner
·el año pasado·discuss
I run CourtListener.com, which aggregates Pacer data.

So far nothing there, but I created an alert for his name, and I’ll post here and to Dan Goodin (the author of the article) if anything pops up.
mlissner
·el año pasado·discuss
Just for the record, they are being sued to oblivion:

https://www.courtlistener.com/docket/66607916/debt-cleanse-g...

You'd have to go study the case, but it's a class action case, so it'll hurt if they lose (and even if they don't). The court appears to be consolidating cases into this one, because LastPass has been sued in federal court 15 times so far:

https://www.courtlistener.com/?q=lastpass%20AND%20(caseName%...
mlissner
·hace 2 años·discuss
Wow, funny to see this here. I'm the director of Free Law Project. Juriscraper is a project we use to scrape and parse millions of court records. I'll be happy to answer any questions folks have about it.

It's on version 2.6.0 now, but it has had several hundred point releases over the years as we adapt to changing court websites. Fun stuff.

The result of using Juriscraper is that we have something like 200B tokens of court data that we make available in various ways: https://www.courtlistener.com/help/api/bulk-data/