HackerTrans
TopNewTrendsCommentsPastAskShowJobs

surround

3,163 karmajoined 7 वर्ष पहले

Submissions

Story of a Failed Pentest (2018)

web.archive.org
2 points·by surround·4 माह पहले·0 comments

comments

surround
·परसों·discuss
It seems that Deno made the right decision by choosing Rust from the get-go.
surround
·3 दिन पहले·discuss
How does the voice model delegate requests to GPT-5.5? Can the voice model generate text?
surround
·8 दिन पहले·discuss
If you look at a satellite image of the Great Salt Lake [1], it looks like there's a digital seam/glitch between the north and the south half of the lake. In reality, a railroad was built through the middle of the lake in 1904, separating the water. The salinity of the north half has since become toxic to all organisms except some algae and cyanobacteria.

[1] https://www.google.com/maps/@41.1985997,-112.4903027,201762m...
surround
·2 माह पहले·discuss
I'm not sure what you're referring to. If corn is replaced with solar panels that doesn't solve the fact that there will still be a ton of cars that demand ethanol-infused gasoline.
surround
·3 माह पहले·discuss
Its more efficient energy-wise, but isn't the issue that energy from solar panels can't power gas cars?
surround
·3 माह पहले·discuss
Fair enough. Though they certainly could still break in if the laptop isn't encrypted, so this tool is only useful when combined with disk encryption.
surround
·3 माह पहले·discuss
How do you define "state-level actor?" Police departments certainly have access to state and federal forensic resources to access unencrypted data in memory.
surround
·3 माह पहले·discuss
> in sensitive situations, law enforcement and border agents in many countries can compel a biometric unlock in ways they cannot with a password.

If the threat model includes state-level actors, then disabling biometrics won't prevent data from being retrieved from physical memory. It would probably be wiser to enable disk encryption and have a panic button that powers down/hibernates the computer so that no unencrypted data remains on RAM.

The website says shutdown "takes time" and "kills your session" but a hibernation button would take effect just as fast and would preserve the session.
surround
·3 माह पहले·discuss
It seems like Google's policy is unconcerned with the intent of the practice. If a website JS redirect ruins the user experience by breaking the back button, it will be demoted in search results. It doesn't matter whether or not the redirect was meant to be deceptive or malicious, websites shouldn't be ruining the user experience.
surround
·3 माह पहले·discuss
It seems Sam Altman has the same suspicion, based upon his response:

> There was an incendiary article about me a few days ago. Someone said to me yesterday they thought it was coming at a time of great anxiety about AI and that it made things more dangerous for me.

https://blog.samaltman.com/2279512

https://news.ycombinator.com/item?id=47724921
surround
·3 माह पहले·discuss
> There was an incendiary article about me a few days ago. Someone said to me yesterday they thought it was coming at a time of great anxiety about AI and that it made things more dangerous for me.

For context his blog post seems to be a response to this deep-dive New Yorker article:

"Sam Altman May Control Our Future—Can He Be Trusted?"

https://www.newyorker.com/magazine/2026/04/13/sam-altman-may...

https://news.ycombinator.com/item?id=47659135
surround
·3 माह पहले·discuss
Yes, DMCA made the mere act of breaking DRM illegal, even if what you do with the media is legal.
surround
·3 माह पहले·discuss
That's what the comment I was originally replying to was saying.
surround
·3 माह पहले·discuss
Try asking an LLM a question like "H o w T o P r o g r a m I n R u s t ?" - each letter, separated by spaces, will be its own token, and the model will understand just fine. The issue is that computational cost scales quadratically with the number of tokens, so processing "h e l l o" is much more expensive than "hello". "hello" has meaning, "h" has no meaning by itself. The model has to waste a lot of computation forming words from the letters.

Our brains also process text entire words at a time, not letter-by-letter. The difference is that our brains are much more flexible than a tokenizer, and we can easily switch to letter-by-letter reading when needed, such as when we encounter an unfamiliar word.
surround
·3 माह पहले·discuss
But for lisp, a more complex solution is needed. It's easy for a human lisp programmer to keep track of which closing parentheses corresponds to which opening parentheses because the editor highlights parentheses pairs as they are typed. How can we give an LLM that kind of feedback as it generates code?
surround
·3 माह पहले·discuss
I think you're right. Try asking GPT-5 this:

> Are the parentheses in ((((()))))) balanced?

There was a thread about this the other day [1]. It's the same issue as "count the r's in strawberry." Tokenization makes it hard to count characters. If you put that string into OpenAI's tokenizer, [2] this is how they are grouped:

Token 1: ((((

Token 2: ()))

Token 3: )))

Which of course isn't at all how our minds would group them together in order to keep track of them.

[1] https://news.ycombinator.com/item?id=47615876 [2] https://platform.openai.com/tokenizer
surround
·3 माह पहले·discuss
Wow I'm surprised, you're right, and it has happened before:

> the attacker issued and registered a free temporary 3-month certificate for the developers[.]kakao.com domain through SSL certificate issuer called ZeroSSL. Because the routing policy was already manipulated by the BGP Hijacking, the attacker was able to register the certificate.

https://medium.com/s2wblog/post-mortem-of-klayswap-incident-...
surround
·3 माह पहले·discuss
The graphic that shows that a hijacker can route traffic to their malicious website is a little misleading. Since the SSL certificate would be invalid, browsers would block the connection and show a warning.

I guess the attack could still be used for denial of service.
surround
·4 माह पहले·discuss
Your posts: https://twiiit.com/hac

2020 - "Ping"

2021 - "Pong"

2023 - "Boop."

2023 - "Bleep"

2023 - "will inventing new technology be the solution to our problems?"
surround
·4 माह पहले·discuss
Trust your own style, even if you aren't a native English speaker. Here's an example where a non-native speaker used an LLM to polish his post. The general consensus was that his own writing was preferable to the LLM's edited version.

https://news.ycombinator.com/item?id=45591707

For dyslexia, use a spell-checker. For grammar, use a basic grammar checker, like the kind of grammar checker that has come with MS word since the 1990s. But don't let a style-checker or an LLM rob you of your own voice.