HackerLangs
トップ新着トレンドコメント過去質問紹介求人

surround

3,163 カルマ登録 7 年前

投稿

Story of a Failed Pentest (2018)

web.archive.org
2 ポイント·投稿者 surround·4 か月前·0 コメント

コメント

surround
·一昨日·議論
It seems that Deno made the right decision by choosing Rust from the get-go.
surround
·一昨日·議論
How does the voice model delegate requests to GPT-5.5? Can the voice model generate text?
surround
·8 日前·議論
If you look at a satellite image of the Great Salt Lake [1], it looks like there's a digital seam/glitch between the north and the south half of the lake. In reality, a railroad was built through the middle of the lake in 1904, separating the water. The salinity of the north half has since become toxic to all organisms except some algae and cyanobacteria.

[1] https://www.google.com/maps/@41.1985997,-112.4903027,201762m...
surround
·2 か月前·議論
I'm not sure what you're referring to. If corn is replaced with solar panels that doesn't solve the fact that there will still be a ton of cars that demand ethanol-infused gasoline.
surround
·3 か月前·議論
Its more efficient energy-wise, but isn't the issue that energy from solar panels can't power gas cars?
surround
·3 か月前·議論
Fair enough. Though they certainly could still break in if the laptop isn't encrypted, so this tool is only useful when combined with disk encryption.
surround
·3 か月前·議論
How do you define "state-level actor?" Police departments certainly have access to state and federal forensic resources to access unencrypted data in memory.
surround
·3 か月前·議論
> in sensitive situations, law enforcement and border agents in many countries can compel a biometric unlock in ways they cannot with a password.

If the threat model includes state-level actors, then disabling biometrics won't prevent data from being retrieved from physical memory. It would probably be wiser to enable disk encryption and have a panic button that powers down/hibernates the computer so that no unencrypted data remains on RAM.

The website says shutdown "takes time" and "kills your session" but a hibernation button would take effect just as fast and would preserve the session.
surround
·3 か月前·議論
It seems like Google's policy is unconcerned with the intent of the practice. If a website JS redirect ruins the user experience by breaking the back button, it will be demoted in search results. It doesn't matter whether or not the redirect was meant to be deceptive or malicious, websites shouldn't be ruining the user experience.
surround
·3 か月前·議論
It seems Sam Altman has the same suspicion, based upon his response:

> There was an incendiary article about me a few days ago. Someone said to me yesterday they thought it was coming at a time of great anxiety about AI and that it made things more dangerous for me.

https://blog.samaltman.com/2279512

https://news.ycombinator.com/item?id=47724921
surround
·3 か月前·議論
> There was an incendiary article about me a few days ago. Someone said to me yesterday they thought it was coming at a time of great anxiety about AI and that it made things more dangerous for me.

For context his blog post seems to be a response to this deep-dive New Yorker article:

"Sam Altman May Control Our Future—Can He Be Trusted?"

https://www.newyorker.com/magazine/2026/04/13/sam-altman-may...

https://news.ycombinator.com/item?id=47659135
surround
·3 か月前·議論
Yes, DMCA made the mere act of breaking DRM illegal, even if what you do with the media is legal.
surround
·3 か月前·議論
That's what the comment I was originally replying to was saying.
surround
·3 か月前·議論
Try asking an LLM a question like "H o w T o P r o g r a m I n R u s t ?" - each letter, separated by spaces, will be its own token, and the model will understand just fine. The issue is that computational cost scales quadratically with the number of tokens, so processing "h e l l o" is much more expensive than "hello". "hello" has meaning, "h" has no meaning by itself. The model has to waste a lot of computation forming words from the letters.

Our brains also process text entire words at a time, not letter-by-letter. The difference is that our brains are much more flexible than a tokenizer, and we can easily switch to letter-by-letter reading when needed, such as when we encounter an unfamiliar word.
surround
·3 か月前·議論
But for lisp, a more complex solution is needed. It's easy for a human lisp programmer to keep track of which closing parentheses corresponds to which opening parentheses because the editor highlights parentheses pairs as they are typed. How can we give an LLM that kind of feedback as it generates code?
surround
·3 か月前·議論
I think you're right. Try asking GPT-5 this:

> Are the parentheses in ((((()))))) balanced?

There was a thread about this the other day [1]. It's the same issue as "count the r's in strawberry." Tokenization makes it hard to count characters. If you put that string into OpenAI's tokenizer, [2] this is how they are grouped:

Token 1: ((((

Token 2: ()))

Token 3: )))

Which of course isn't at all how our minds would group them together in order to keep track of them.

[1] https://news.ycombinator.com/item?id=47615876 [2] https://platform.openai.com/tokenizer
surround
·3 か月前·議論
Wow I'm surprised, you're right, and it has happened before:

> the attacker issued and registered a free temporary 3-month certificate for the developers[.]kakao.com domain through SSL certificate issuer called ZeroSSL. Because the routing policy was already manipulated by the BGP Hijacking, the attacker was able to register the certificate.

https://medium.com/s2wblog/post-mortem-of-klayswap-incident-...
surround
·3 か月前·議論
The graphic that shows that a hijacker can route traffic to their malicious website is a little misleading. Since the SSL certificate would be invalid, browsers would block the connection and show a warning.

I guess the attack could still be used for denial of service.
surround
·4 か月前·議論
Your posts: https://twiiit.com/hac

2020 - "Ping"

2021 - "Pong"

2023 - "Boop."

2023 - "Bleep"

2023 - "will inventing new technology be the solution to our problems?"
surround
·4 か月前·議論
Trust your own style, even if you aren't a native English speaker. Here's an example where a non-native speaker used an LLM to polish his post. The general consensus was that his own writing was preferable to the LLM's edited version.

https://news.ycombinator.com/item?id=45591707

For dyslexia, use a spell-checker. For grammar, use a basic grammar checker, like the kind of grammar checker that has come with MS word since the 1990s. But don't let a style-checker or an LLM rob you of your own voice.