HackerLangs
TopNewTrendsCommentsPastAskShowJobs

ethin

763 karmajoined 6년 전
I'm a computer science graduate with experience in embedded systems seeking to get a career in software engineering. In my free time I love learning all kinds of things, working on complex projects in various programming languages such as C++ and Rust, etc.

comments

ethin
·12시간 전·discuss
The FCC is literally powerless nowadays for all intents and purposes. They've abrogated so much of their authority to the states now that they might as well be eliminated. What little authority that remains with it is bought and paid for to the point that I'm sure you could get anything "approved" if you wanted.
ethin
·3일 전·discuss
The fundamental problem with even the kind of mitigation you suggest is that it just doesn't work. You would need to build some kind of completely dynamic authorization system that could figure out the context of user-provided instructions and limit agent access based on that context, at least I think. I've said it before and I'll say it again: I don't think this is actually solvable. This isn't like SQL injections or similar where the grammar was fixed and there was a predefined set of possible inputs. Here the set of inputs is unbounded as long as natural language is the medium of expression.
ethin
·15일 전·discuss
IMO they're fantastic. You can write out a bit layout from a CPU's manual fro example and you can just use whatever bit width the manual specifies, and the compiler takes care of figuring out all the underlying manipulation for you. Which results in much more readable code because you don't have to worry about packing/unpacking it because the compiler will do that for you.
ethin
·26일 전·discuss
Problem with Scaleway (for me) is physics. I get 200ms (at minimum) roundtrip latency to any of their EU servers (and for their dedicated offerings that can boot custom Linux distros that's pretty much all I have access to).
ethin
·26일 전·discuss
Given that even Wikipedia effectively restates what he says, I'm pretty sure he's correct here:

> Ultimately, whether it is legal in the United States to falsely shout "fire" in a theater depends on the circumstances in which it is done and the consequences of doing it. The act of shouting "fire" when there are no reasonable grounds for believing one exists is not in itself a crime, and nor would it be rendered a crime merely by having been carried out inside a theatre, crowded or otherwise. If it causes a stampede and someone is killed as a result, then the act could amount to a crime, such as involuntary manslaughter, assuming the other elements of that crime are made out. Similarly, state laws such as Colorado Revised Statute § 18-8-111 classify knowingly "false reporting of an emergency," including false alarms of fire, as a misdemeanor if the occupants of the building are caused to be evacuated or displaced, and a felony if the emergency response results in the serious bodily injury or death of another person.[16] Somewhat more trivially, in some states it is a crime just to knowingly make a false report - or knowingly cause a false report to be made - of an emergency to emergency services.[16] In Colorado it is a crime to knowingly cause "a false alarm of fire" to be transmitted to "any...government agency which deals with emergencies involving danger to life or property."[16] This crime could plausibly be made out where, for instance, in response to the false shout, an innocent bystander calls emergency services to report the fire, and this is found to have been such a foreseeable response to the shouts that the shouter is deemed to have caused the false report to be made.

Whether those laws actually survive the Brandenburg test is untested, from my understanding. But given that potential first amendment violations are held to strict scrutiny, I question whether the government could actually pass the imminent lawless action test even had someone did it knowing it would cause a panic, and would need to try with some other offense.
ethin
·26일 전·discuss
Except that shouting fire in a crowded theater isn't actually a crime at all and you can't be prosecuted for it (doing so would violate your first amendment rights). You can be at most banned from the theater. However, it's understandable people would think that it's a criminal act given that even prosecutors repeat this long-standing myth. Legal Eagle has an excellent video describing just how wrong this is and it's history: https://www.youtube.com/watch?v=jTsPgiUoBKA
ethin
·지난달·discuss
I... Think you completely missed the point, which is that each and every method you enumerated is a brute-force tactic.
ethin
·지난달·discuss
I really have wanted to do this but Fossil lacks MFA, OIDC, and of course CI/CD. Maybe there's a way to get all three in it but Idk. I know for OIDC you could in theory just use a reverse proxy to do it but then you have to get Fossil to respect it and not just ask you to login again.
ethin
·지난달·discuss
What's the downvote for? Does someone really dislike Incus that bad?
ethin
·지난달·discuss
Yep... And just think: this is what AI boosters want us to do.
ethin
·지난달·discuss
Agreed, that's a huge turn off for me, and I thought this would genuinely be fascinating. I'm not a physics expert but I love reading about interesting things like this, but I can't stand this surface-level "well I in theory could be an expert on this topic but nobody knows because the machine removed all of the nuance and now it's shallow AI writing" style of writing.
ethin
·지난달·discuss
I primarily use Incus for all container stuff, not Docker. Is problematic if I want to e.g. use a docker-compose file, but I (think) it protects against these things because incus allows me to create a vm and not a container if I really need that level of isolation.
ethin
·지난달·discuss
I mean... It may be that most of the things I run aren't really scrape-able. I run Matrix (which requires authentication), an XWiki instance, Zulip, Terraria, Forgejo, Nextcloud, a Mastodon server... Most of those require auth behind my Kanidm instance to actually do anything. Well and most of them have APIs that are much better than "scrape the universe".
ethin
·지난달·discuss
If only there was a language which allowed one to express instructions for a computer to execute which was nearly unambiguous, precise, deterministic, and containerized such that the computer would do exactly what you told it to.

...

Oh wait.

Yes, the above was referring to programming languages. Which is what prompts are, essentially. It's just a different (and more verbose) way of instructing the computer on what to do. It also has a solution space of infinity and is ambiguous enough that there is no way to secure it because there are infinite combinations of saying anything imaginable. All prompt injections do is prove this point, over and over and over again, and "prompting" an LLM is just reverse-engineering programming languages in the worst possible way. I suspect that we will eventually have no other choice but to revert to using programming languages because they are the only way to get the kind of protections that people are trying to come up with with all these containerization and virtualization systems (which inevitably fail).
ethin
·지난달·discuss
That's really weird. My experience is quite different: I have several subdomains and all of them have TLS certs and I haven't (yet) seen this (thankfully). Either that, or my server is masking it. The weird thing is that my server is an OVH dedicated box that doesn't exactly have top-tier specs, so I have no idea what's going on there. Very weird indeed.
ethin
·지난달·discuss
Wait really? I'm not really sure what to think and I posted before I saw this... I wonder why the limit is so low?
ethin
·지난달·discuss
Ouch, looks like the HN hug of death struck again. Gives me error 429.
ethin
·지난달·discuss
Has anyone pointed an AI scraper at your server at all? Unless your website appears in search engine listings I don't think the AI scrapers will slam it. My server has never been hit by them but my server is also practically unknown. All of this said, I'm not going to claim that server loads can handle it because many sysadmins have claimed otherwise, and I would like to think that their claims are reliable.
ethin
·지난달·discuss
The problem is what is the alternative? I'm (not) defending them or this practice by any measure, but we all know what happens if you just open your site up without these, especially with AI bots which hammer servers and are in effect a legalized DDoS system. I've hated CAPTCHAs ever since I first encountered them and I can't wait for them to just finally die a permanent death, but I also don't know how we solve the "how do you identify a human and a bot" in a way which doesn't require server admins to have extremely beefy servers or similar setups to handle the extra load. I'm not going to do the "there HAS to be a way thing" either because, for all I know, this could just be one of those impossible-to-solve problems.
ethin
·지난달·discuss
I mean my idea isn't the only one in that solution space. My reasoning was to ensure that the government actually reviewed the patent and ensured it was valid instead of rubber stamping it. Or, even better, the filer of the patent application would do that. Although the best is probably to make software unpatentable anyway.