HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rmast

no profile record

Submissions

Ghidra Decompiler in the Browser

github.com
2 points·by rmast·2 maanden geleden·0 comments

cmakefmt: A lightning-fast CMake file formatter

github.com
2 points·by rmast·3 maanden geleden·0 comments

Breaking into a Govee Smart Display: From UART Shell to Device Impersonation

blog.kulkan.com
1 points·by rmast·3 maanden geleden·0 comments

Pokemon-themed E-paper Home Assistant dashboard

github.com
3 points·by rmast·4 maanden geleden·0 comments

I Hacked My Laundry Card. Here's What I Learned

hanzilla.co
27 points·by rmast·4 maanden geleden·6 comments

Get free ChatGPT Pro for open-source maintainers

developers.openai.com
2 points·by rmast·4 maanden geleden·0 comments

Casting SALT like Metal – What Happens? [video]

youtube.com
2 points·by rmast·4 maanden geleden·0 comments

How many AA batteries does it take to power a PC setup? [video]

youtube.com
1 points·by rmast·4 maanden geleden·0 comments

Zillow for Warcraft

zillowforwarcraft.com
3 points·by rmast·4 maanden geleden·0 comments

Project Silica's advances in glass storage technology

microsoft.com
1 points·by rmast·4 maanden geleden·0 comments

From Wi‑Fi Access to Root: Reverse Engineering a $50 CarPlay Dongle

medium.com
3 points·by rmast·4 maanden geleden·0 comments

FemtoClaw: Ultralight Port of OpenClaw/PicoClaw for ESP32 and Raspberry Pi Pico

github.com
3 points·by rmast·4 maanden geleden·0 comments

Turning a 2 ton robot into a 3D printer [video]

youtube.com
2 points·by rmast·5 maanden geleden·0 comments

[untitled]

1 points·by rmast·5 maanden geleden·0 comments

Hacking a NutriBullet blender via BLE: reverse-engineering the protocol

it4sec.substack.com
1 points·by rmast·5 maanden geleden·0 comments

Show HN: Analyze binary capabilities using capa directly in your browser

surfactant.readthedocs.io
1 points·by rmast·6 maanden geleden·0 comments

Running custom code on a PAX credit card machine by swapping the SoC

lucasteske.dev
2 points·by rmast·6 maanden geleden·0 comments

Hacking a Consumer Drone: Dumping Firmware and Bruteforcing ECC

neodyme.io
3 points·by rmast·6 maanden geleden·0 comments

Show HN: Find hidden binary dependencies & subprocess calls in Python packages

surfactant.readthedocs.io
2 points·by rmast·6 maanden geleden·1 comments

OGhidra: Automating dataflow analysis and vulnerability discovery via local LLMs

github.com
1 points·by rmast·7 maanden geleden·1 comments

comments

rmast
·14 dagen geleden·discuss
I was thinking that the other definition was right and this correction was wrong.

Then I did some searching and found multiple examples of both definitions in use, making things murky.

So I turned to Merriam-Webster’s dictionary: “ of, relating to, or being a vulnerability (as in a computer or computer system) that is discovered and exploited (as by cybercriminals) before it is known to or addressed by the maker or vendor”

And of course they use an “or” to make it ambiguous as to whether the days start counting when the vulnerability becomes known, or when the vendor has addressed it.
rmast
·23 dagen geleden·discuss
Duplicate of https://news.ycombinator.com/item?id=48538483
rmast
·27 dagen geleden·discuss
I applied for both. Heard back from neither. Mentioned two particular projects when applying, one with 2k stars and 5M monthly downloads, and another with 2M monthly downloads.
rmast
·28 dagen geleden·discuss
Maybe the only way to win is to cheat.
rmast
·vorige maand·discuss
I was using it to craft a CTF challenge for summer students involving a simulated mechanical dial safe, but with the fence replaced by a IR beam break sensor and a microcontroller handling the check + flag message display.

For generating the initial 3D simulated safe using three.js it worked well, but then modifications to print a flag tripped the safeguards; eventually got it narrowed down the part in the prompt about it being for a CTF for students, and the "thinking" for the model seems to drift to ideas of encryption/obfuscation of the safe combo so students can't just read out the answer... which makes sense logically to help force students into turning the simulated dial instead. But whatever detection Anthropic I guess just naively sees the model thinking about "encryption" and "obfuscation" without taking into account any of the context.

For writing the dummy firmware, it tripped the safeguards while thinking about how to track dial position in the firmware and output the message; however, when I left out talk about safes and just told it to write firmware for a microcontroller hooked up to an i2c display for showing a message with a beam break sensor to determine the message, and an unspecified i2c chip for getting an unspecified number (e.g. internal wheel positions) it worked fine.

An unrelated software task I asked it to write some code to translate CustomActions in a Windows MSI installer into human readable stuff, which has (exclusively?) defensive security applications for recognizing malicious behavior in an MSI installer. Maybe I'm going crazy, but I'm guessing as part of its research into MSI installer custom actions Fable found articles about analyzing malicious MSI installers, and that probably tripped the safeguards.

Overall my impression is that the safeguards are perhaps using an overzealous and naive implementation that just looks for a list of banned words in the prompt or the thinking -- which drives me crazy when the model says my prompt looks fine, and then 10 minutes in some part of the thinking trips the safeguard.
rmast
·vorige maand·discuss
So in other words... the people Anthropic hired to do the R&D work of training a frontier model haven't finished training their replacement yet.
rmast
·vorige maand·discuss
The things that are harder to get running in a browser via webassembly tend to have a GUI, network communication, or system calls that browsers don’t provide the APIs that are needed to support. But I’ve seen workarounds using websocket proxy servers to get around the lack of raw TCP or UDP socket access.

I’ve been surprised how easy it can be to get Python and C# code running in a browser.
rmast
·vorige maand·discuss
It looks like most of the sources might be under the “docs” subfolder.
rmast
·2 maanden geleden·discuss
I help maintain a project that is used as a dependency by a lot of security tools to handle PE files.

It’s disappointing that Anthropic and OpenAI never responded to the applications to their respective programs for open source maintainers. From my perspective it seems like their offers are primarily for the shiny well-known projects, rather than ones that get only a few million monthly installs but aren’t able to get thousands of stars due to being “hidden” as a dependency of popular tool.
rmast
·2 maanden geleden·discuss
Train it like Disney’s Olaf where it can adjust how it walks/stands to keep motor temperature under control.
rmast
·2 maanden geleden·discuss
If you read the epilogue, they weren't able to achieve the under $1000 price goal. Total cost ended up being around $1,450. Pretty good price reduction compared to CARA 1.0 though.

Hypothetically if I were to want a quadrupedal robot to experiment with it's not an impulse buy/build, but getting closer to that point... whereas $3000+ is a hard pass (e.g. Apple Vision Pro territory).
rmast
·2 maanden geleden·discuss
[flagged]
rmast
·2 maanden geleden·discuss
Agreed, many types of devices don’t need to be locked down so much.

I imagine the companies making the devices think they are “protecting” their secrets from competitors, though now it might be easier to ask an LLM for whatever feature they want to copy.
rmast
·2 maanden geleden·discuss
That just brought a whole new meaning to that message… and writing up a post-mortem.
rmast
·2 maanden geleden·discuss
I was kinda of disappointed when that happened earlier this month, but not as much now after seeing this change. My primary use had been trying out some of the newer Anthropic and OpenAI models, which probably would have burned through $10 worth of credits rather quickly given their new pricing.
rmast
·3 maanden geleden·discuss
FreeBSD CI testing is the part I’ll miss the most… time to find an alternative for open source projects.
rmast
·3 maanden geleden·discuss
I mostly clicked the link because I was curious if Cirrus Labs operates Cirrus CI and if so how that would be impacted.

Looks like I’ll need to move the FreeBSD CI jobs for open source projects I maintain to another solution. Anyone have suggestions for alternatives?
rmast
·3 maanden geleden·discuss
That part is amazing. Back when I first heard of tart I thought it was amazing, with the one downside being the license.

Hopefully development on it continues, or a community maintained version keeps it going.
rmast
·3 maanden geleden·discuss
How about for a real life Rainbow Road made by the Quantum Mushroom startup? I think that might be the aerospace applications reference in the article:

> CERN’s Knowledge Transfer Group has begun discussions with European startup company Quantum Mushroom to explore aerospace applications and powering for next-generation anti-gravity vehicles.
rmast
·3 maanden geleden·discuss
They’ve also got:

> schoolteacher Yoshi Kyouryuu, mid-way through painting spots on eggs