HackerTrans
トップ新着トレンドコメント過去質問紹介求人

self_awareness

1,173 カルマ登録 11 年前

投稿

New nanotherapy clears amyloid-β, reversing symptoms of Alzheimer's in mice

drugtargetreview.com
278 ポイント·投稿者 self_awareness·9 か月前·137 コメント

[untitled]

4 ポイント·投稿者 self_awareness·10 か月前·0 コメント

コメント

self_awareness
·23 時間前·議論
moi2389 should research the market and create a new value, not replace someone else by providing the same value.
self_awareness
·24 時間前·議論
Free and communal knowledge means you're easily replaceble by someone else.

I wonder what communal answer you have for someone who would say, "moi2388, your work will be now done by moi2389. Thanks and good bye."
self_awareness
·24 時間前·議論
I think licensing will have to be re-invented, because now it's trivial to just say: claude, do a "clean-room implementation", so that noone can accuse me of stealing code.

That's what LLM companies have done for years anyway. Inline completions are trained on licensed code. And nobody cares! ;)
self_awareness
·6 日前·議論
If you have a messy room, you don't throw a grenade in hopes that after explosion things will end up in "better" places than before.
self_awareness
·10 日前·議論
Well, if people would prefer physical discs over digital distribution and would insist of having a proof of ownership, I guess Sony wouldn't have a choice but to prefer physical distribution.

But since customers don't care, who else should care?

I always prefered physical disks. That was my #1 pro-console argument. Without those disks, I simply won't buy anything console related. I vote with my wallet, simple as that.

Of course I know that people will still buy digital disks and then cry when Sony will do something unthinkable like revoking access, but I guess that won't be my problem.
self_awareness
·12 日前·議論
It seems awesome, but I'm having a problem with figuring out how can a "normal" person use it. How would YOU use it, reader of this comment?
self_awareness
·16 日前·議論
Follow-up question: why upvote an article that you probably can't read?
self_awareness
·17 日前·議論
I see this as a project that re-vibes the filesystem implementation to a minimal, readonly version, that completely bypasses in-kernel caching.

Is it really faster than normal filesystem? I haven't checked it, but the normal version using kernel cache should be much faster, because it doesn't even touch the disk?
self_awareness
·18 日前·議論
Does official Apple security framework ("Apple EndpointSecurity") targeted at AV vendors serious enough for you? They themselves built an OS subsystem specifically for AVs to use, and Microsoft has done the exact same with AMSI.

There are actually very few techniques that are 99.999% effective. Cryptography when considered per se maybe is, but the wide topic of heuristic analysis is much lesser than that. Even if we consider some imagined, mythical 99.999% effectiveness, it's always measured in the specific boundaries we set during our analysis. Permission rights in the OS are 100% secure if we assume the authentication for sysop is secure. If we store the password for root in a public git repo, then OS permissions are 0% effective even if the system code hasn't changed at all. Your percent value is very fragile and relative to the boundaries we set. The unbreakable wall you think of can turn into a sheet of paper in the blink of an eye.

The cheap port-changing trick can even be 100% effective against generic massive port scanning attacks. But it's 0% effective against a targeted attack. It depends entirely on the surface area we want to defend against. If we define our protection to work against generic automated bots, then changing the port is an entirely effective solution. If we want to ensure our systems are globally "unbreakable" (whatever that means), then it's a weak security solution. In other words, effectiveness is not absolute; it's relative to the threat model.

It's not possible to inspect all the code we use. There's too much of it changing every second. The idea that developers have the time or ability to manually inspect every line of open-source code they import is an economic fantasy. In an era where frontier AI models like Mythos are finding and chaining 0-days in minutes, human review is simply outpaced. But even if we somehow did it, something would already change by the time you finish reading this paragraph. Everything needs to be reanalyzed because we don't know what shifted. And sometimes, the vulnerability manifests in the parts of the code that DIDN'T change.

By the way, I think you might not be aware that current, "next-gen" security solutions offered by Crowdstrike or SentinelOne are actually old antivirus techniques marketed as something new. EDRs are 'just' log aggregators and routers for signatures to be matched on.

Also, please don't think about programmers as someone immune to attacks, as this is not true at all. The fact that programmers invented a method of installation for programmer tools based on piping curl output directly to bash is direct proof that some programmers have absolutely no idea how security works. Especially web developers. If anything, programmers can be more dangerous than normal users because they assume they are better, and then they make the exact same mistakes as everyone else. They are just plain computer users who need to be defended from their own carelessness.
self_awareness
·18 日前·議論
With root, malware can reach out to UEFI anyway, and can do whatever it likes.
self_awareness
·18 日前·議論
And how a malware can use this if it's configured globally in a root:root owned config file?
self_awareness
·18 日前·議論
These are not 2000 approaches, these are approaches used today (signature based detection).

The difference is that in 2000s the signatures were written by hand and described static file info, today they're often autogenerated and describe the system behavior, either by looking at one executable, or a whole network of computers. But it is still signature based detection. Since they describe the program behavior, not the program structure, then if the program itself stayed the same (the sequence of system api calls stayed the same), no runtime packing/obfuscation makes a difference to a signature. Unless obfuscation changes the behavior.

Also security is not binary, it's layered. Sometimes we can address an attack vector by using multiple levels. And sometimes it's simply worth checking for low hanging fruits if only to make the attack more expensive. The "cat and mouse" game is always about the cost of attack and cost of defense, if we raise one then we win in this area, unless the other party finds a way of lowering the cost of their side. Or unless they pay an unexpected amount of cost, for example in state sponsored malware.

By the way, some security solutions also have actual parsers for example for PowerShell, so they can actually detect string concatenation that constructs the URL.
self_awareness
·19 日前·議論
Prepare for hard landing in 3... 2... 1...
self_awareness
·22 日前·議論
It would be like writing english words using cyrylic letters claiming you know Russian.
self_awareness
·25 日前·議論
American HN crowd knows better.
self_awareness
·25 日前·議論
I want to believe.

https://vimeo.com/940390507
self_awareness
·25 日前·議論
No, that's a regular programmer.
self_awareness
·25 日前·議論
Fabrice Bellard is the actual greatest programmer that has ever lived.

Carmack's "almost certainly" doesn't look good here.
self_awareness
·25 日前·議論
Compression uses a different license than Apache.

In various distros, the timescaledb installed by the package manager doesn't support other licenses than Apache.

This means that there's a high chance your distro doesn't allow stock timescaledb to use compression. You probably will need to install it manually.
self_awareness
·26 日前·議論
Why it "can't" work under nvidia?

Xorg worked under nvidias for years.