HackerTrans
TopNewTrendsCommentsPastAskShowJobs

moyix

no profile record

Submissions

Reverse Engineering SimTower

phulin.me
4 points·by moyix·il y a 2 mois·1 comments

comments

moyix
·il y a 2 mois·discuss
I think you're confusing CVEs and vulnerabilities here? Mozilla (per their longstanding practice) grouped multiple vulnerabilities found internally under a small number of CVEs.
moyix
·il y a 3 mois·discuss
On hardened targets and Firecracker specifically, here's a recent vulnerability found by "Anthropic": https://aws.amazon.com/security/security-bulletins/2026-015-...

Unfortunately it's unclear whether it was Mythos, an earlier model, or even an eagle-eyed employee.

I tend to agree that bug squashing your way to perfectly secure software is unlikely, but there are plenty of projects that managed to fuzz/test/audit their way to making it much harder to find serious vulnerabilities. If we can do the same again with LLMs in a way that leaves the remaining vulnerabilities out of reach of anyone except extremely skilled humans (perhaps with LLM assistance) then that's still an OK outcome that buys us time to build stronger foundations.
moyix
·il y a 3 mois·discuss
It's limiting from the PoV of a developer who wants to ensure that their own code is free of all security issues. It is not limiting from the point of view of an attacker who just needs one good memory safety vuln to win.
moyix
·il y a 3 mois·discuss
This is true for a lot of things but for low-level code you can always fall back to "the intention is to not violate memory safety".
moyix
·il y a 6 mois·discuss
Also, unlike OpenAI, Anthropic's prompt caching is explicit (you set up to 4 cache "breakpoints"), meaning if you don't implement caching then you don't benefit from it.
moyix
·il y a 6 mois·discuss
There is filtering mentioned, it's just not done by a human:

> I have written up the verification process I used for the experiments here, but the summary is: an exploit tends to involve building a capability to allow you to do something you shouldn’t be able to do. If, after running the exploit, you can do that thing, then you’ve won. For example, some of the experiments involved writing an exploit to spawn a shell from the Javascript process. To verify this the verification harness starts a listener on a particular local port, runs the Javascript interpreter and then pipes a command into it to run a command line utility that connects to that local port. As the Javascript interpreter has no ability to do any sort of network connections, or spawning of another process in normal execution, you know that if you receive the connect back then the exploit works as the shell that it started has run the command line utility you sent to it.

It is more work to build such "perfect" verifiers, and they don't apply to every vulnerability type (how do you write a Python script to detect a logic bug in an arbitrary application?), but for bugs like these where the exploit goal is very clear (exec code or write arbitrary content to a file) they work extremely well.
moyix
·il y a 10 mois·discuss
Note that MuZero did better than AlphaGo, without access to preprogrammed rules: https://en.wikipedia.org/wiki/MuZero
moyix
·il y a 3 ans·discuss
Not an informed/sota practitioner, but isn't this just a standard property of high dimensional spaces?

https://en.wikipedia.org/wiki/Random_projection

> The core idea behind random projection is given in the Johnson-Lindenstrauss lemma, which states that if points in a vector space are of sufficiently high dimension, then they may be projected into a suitable lower-dimensional space in a way which approximately preserves the distances between the points.
moyix
·il y a 4 ans·discuss
Salesforce CodeGen (particularly the 16B-multi and 16B-mono models) is pretty good already and can be used with FauxPilot [1] to get an open Copilot-like experience with local compute :) I am also very excited about the upcoming BigCode project though, which is maybe what you're thinking of?

Disclaimer: I am naturally biased since I made FauxPilot ;)

[1] https://github.com/moyix/fauxpilot

[2] https://www.bigcode-project.org/
moyix
·il y a 5 ans·discuss
What? I don't think I made any claim of the sort. I'm claiming that it does more than mere regurgitation and has done some amount of abstraction, not that it has human-level understanding. As an example, GPT-3 learned some arithmetic and can solve basic math problems not in its training set. This is beyond pattern matching and replication, IMO.

I'm not really sure why we should consider Copilot legally different from a fancy pen – if you use it to write infringing code then that's infringement by the user, not the pen. This leaves the practical question of how often it will do so, and my impression is that it's not often.
moyix
·il y a 5 ans·discuss
Have you used Copilot? I have not, but I have trained a GPT2 model on open source projects (https://doesnotexist.codes/). It does not just pattern match and replicate. It can be cajoled into reproducing some memorized snippets, but this is not the norm; in my experience the vast majority of what it generates is novel. The exceptions are extremely popular snippets that are repeated many many times in the training data, like license boilerplate.

Perhaps Copilot behaves very differently from my own model, but I strongly suspect that the examples that have been going around twitter are outliers. Github's study agrees: https://docs.github.com/en/github/copilot/research-recitatio... (though of course this should be replicated independently).