HackerTrans
トップ新着トレンドコメント過去質問紹介求人

btdmaster

no profile record

投稿

Stackmaxxing for a recursion world record [video]

youtube.com
2 ポイント·投稿者 btdmaster·6 か月前·0 コメント

Steam Depot Downloader

github.com
1 ポイント·投稿者 btdmaster·6 か月前·0 コメント

Rust–: Rust without the borrow checker

github.com
2 ポイント·投稿者 btdmaster·6 か月前·0 コメント

What Happens When All Training Data Is AI Generated? [video]

youtube.com
1 ポイント·投稿者 btdmaster·7 か月前·0 コメント

Update for NGI Zero Entrust: GNS to DNS Migration

gnunet.org
3 ポイント·投稿者 btdmaster·10 か月前·0 コメント

Speech Enhancement Mamba

github.com
3 ポイント·投稿者 btdmaster·10 か月前·1 コメント

コメント

btdmaster
·3 か月前·議論
> Thus succeeding at making the telecommunications vendors used for Top Secret US national security data less secure, the obvious goal of the US National Security Agency, and the only reason they wouldn't use the better cryptography designed by Dr. Bernstein. /s

I guess the NSA thinks they're the only one that can target such a side channel, unlike, say, a foreign government, which doesn't have access to the US Internet backbone, doesn't have as good mathematicians or programmers (in NSA opinion), etc.

> Timing side channels don't matter to ephemeral ML-KEM key exchanges, by the way. It's really hard to implement ML-KEM wrong. It's way easier to implement ECDH wrong, and remember that in this hypothetical you need to compare to P-256, not X25519, because US regulation compliance is the premise.

Except for KyberSlash (I was surprised when I looked at the bug's code, it's written very optimistically wrt what the compiler would produce...)

So do you think vendors will write good code within the deadlines between now and... 2029? I wouldn't bet my state secrets on that...
btdmaster
·3 か月前·議論
> “Doesn’t the NSA lie to break our encryption?” No, the NSA has never intentionally jeopardized US national security with a non-NOBUS backdoor, and there is no way for ML-KEM and ML-DSA to hide a NOBUS backdoor.

The most concrete issue for me, as highlighted by djb, is that when the NSA insists against hybrids, vendors like telecommunications companies will handwrite poor implementations of ML-KEM to save memory/CPU time etc. for their constrained hardware that will have stacks of timing side channels for the NSA to break. Meanwhile X25519 has standard implementations that don't have such issues already deployed, which the NSA presumably cannot break (without spending $millions per key with a hypothetical quantum attack, a lot more expensive than side channels).
btdmaster
·3 か月前·議論
That's so cool.

This is interestingly very similar to domain fronting, except in this case the server doesn't need to work around it because it will still see the correct SNI.

Do DPI servers in your experience only check the first SNI packet for a given connection?
btdmaster
·5 か月前·議論
Very cool. The horsle demo made me think, how hard would it be to add a virtual memory address (or a non-8086 RAND instruction) that returns a random byte (that would allow it to pick a random value and get a standard wordle working in principle)

I see CSS random() is only supported by Safari, I wonder if there's some side channel that would work in Chrome specifically? (I guess timing the user input would work)
btdmaster
·5 か月前·議論
It emits a cmp/jmp still when arithmetic would be fine though which is the difference highlighted in the article and examples in this thread. It's nice that it simplifies down to assembly, but the assembly is somewhat questionable (especially that xor eax eax branch target on the other side).
btdmaster
·5 か月前·議論
I see yeah that makes sense. I wanted to highlight that "magic" will, on average, give the optimizer a harder time. Explicit offset loops like that are generally avoided in many C++ styles in favor of iterators.
btdmaster
·5 か月前·議論
In my experience C++ abstractions give the optimizer a harder job and thus it generates worse code. In this case, different code is emitted by clang if you write a C version[0] versus C++ original[1].

Usually abstraction like this means that the compiler has to emit generic code which is then harder to flow through constraints and emit the same final assembly since it's less similar to the "canonical" version of the code that wouldn't use a magic `==` (in this case) or std::vector methods or something else like that.

[0] https://godbolt.org/z/vso7xbh61

[1] https://godbolt.org/z/MjcEKd9Tr
btdmaster
·6 か月前·議論
I think you could argue there is already some effort to do type safety at the ISA register level, with e.g. shadow stack or control flow integrity. Isn't that very similar to this, except targeting program state rather than external memory?
btdmaster
·6 か月前·議論
Everything really is a file: if you do `cat /` you'll get back the internal representation of the directory entries in / (analogous to ls)

And they still had coredumps at the time if you press ctrl-\
btdmaster
·6 か月前·議論
You can also press `s` to save data from a pipe to a file rather than manually copy pasting.
btdmaster
·6 か月前·議論
Ah you can use https://github.com/NixOS/patchelf/pull/564

So you can do e.g. `patchelf --remove-needed-version libm.so.6 GLIBC_2.29 ./mybinary` instead of replacing glibc wholesale (step 2 and 3) and assuming all of used glibc by the executable is ABI compatible this will just work (it's worked for a small binary for me, YMMV).
btdmaster
·6 か月前·議論
Yes you can do this, thanks for mentioning I was interested and checked how you would go about it.

1. Delete the shared symbol versioning as per https://stackoverflow.com/a/73388939 (patchelf --clear-symbol-version exp mybinary)

2. Replace libc.so with a fake library that has the right version symbol with a version script e.g. version.map GLIBC_2.29 { global: *; };

With an empty fake_libc.c `gcc -shared -fPIC -Wl,--version-script=version.map,-soname,libc.so.6 -o libc.so.6 fake_libc.c`

3. Hope that you can still point the symbols back to the real libc (either by writing a giant pile of dlsym C code, or some other way, I'm unclear on this part)

Ideally glibc would stop checking the version if it's not actually marked as needed by any symbol, not sure why it doesn't (technically it's the same thing normally, so performance?).
btdmaster
·7 か月前·議論
> When you get into lower power, anything lower than Steam Deck, I think you’ll find that there’s an Arm chip that maybe is competitive with x86 offerings in that segment.

At which point does this pay off the emulation overhead? Fex has a lot of work to do to bridge two ISAs while going through the black box of compiler output of assembly, right?
btdmaster
·8 か月前·議論
See also "Parse, don't validate (2019)" [0]

[0] https://news.ycombinator.com/item?id=41031585
btdmaster
·10 か月前·議論
SEMamba is a speech enhancement model to denoise speech.

Demo: https://roychao19477.github.io/speech-enhancement-demo-2024/

Try it: https://huggingface.co/spaces/rc19477/Speech_Enhancement_Mam...
btdmaster
·3 年前·議論
It looks like they're getting users banned [0] for using alternative clients.

[0] https://github.com/tgalal/yowsup/issues?q=is%3Aissue+is%3Aop...
btdmaster
·4 年前·議論
You should not need to reverse engineer a piece of software for it to not spy on your network activity. Either way, it's not clear whether resolving cheatsite.com is that well-correlated with cheating. There's a reason why this is called Hacker News.