HackerTrans
TopNewTrendsCommentsPastAskShowJobs

adeon

no profile record

comments

adeon
·2 miesiące temu·discuss
I played this game a bit back in 3.4.3 times.

It's been great on long-haul flights to play on the laptop. Doesn't demand your battery.
adeon
·4 miesiące temu·discuss
I get the vibe that it's more like there's unexpected complexity and it's difficult to be confident you know how zipcodes work with enough detail to make the feature work. And that is just one example of possible complexity.

Do zipcodes change for example? Can your drop-down quickly go out-of-date? You'd need a way to manually enter a city so people are able to tell the system an address. Do you want to bother making an auto-updating zipcode feature just for a form?

Is it going to confuse people because nobody else has bothered to make this superfancy selection feature thing?

Is this USA only? There are postal codes/zipcode-equivalents in other countries.

It starts to feel it's likely not worth the time and effort to try to be smart about this particular feature. At least not if I'm imagining this us some generic, universal address web form that is supposed to be usable for USA-sized areas.

To me it feels similar to that famous article about what you can and cannot assume about people's names; turns out they can be way more complicated and weird than one might assume.

Although maybe zipcodes don't really go that deep in complexity. But on the spot I would not dare to assume they are.
adeon
·6 miesięcy temu·discuss
Yeah I agree. I think even if you block CSP images, attacker could still hide information, or attempted exfiltration.

The post got me now instead wondering how to not make people shallowly dismiss perfectly fine articles for dumb reasons, like I almost did. It's not even that unclear what the attack is, in the article's its opening when I look at it now again, and I now went around their posts to see how PromptArmor generally does their writing because I got curious about the writing part...

I've seen in the past vulnerabilities that were way overblown but hyped up, so this made me notice how that armor has made me be skeptical whenever some article like this feels it combines marketing + vulnerability reporting.
adeon
·6 miesięcy temu·discuss
I found the tone in the article annoying, but my skim reading was that it is an actual vulnerability. The screenshot from OpenAI loads an image from a third-party site and the URL of the image might have all sorts of details etc.

I think the viewer should have some CSP policy in place to not do that.

That being said, if it was closed as "Not Applicable" it gives me a bit of reason to wonder if some crucial details about the whole chain was either not articulated or mentioned by PromptArmor. Maybe for other reasons it is not actually reasonable to put that on OpenAI site. I'm not sure on the spot. But on a skim read it looks like a legit vulnerability from OpenAI's part that they should fix.

I really wish PromptArmor just opened with "OpenAI's log viewer page lacks CSP policies, so it can load arbitrary URL images and here is an example how such things can easily end up on that page". This was really annoying to read but I kept going because I was curious was it a legit thing or not...

Edit: I don't know if the article was edited just now but there is a clarification paragraph that actually makes it a bit more clear. PromptArmor if you are reading this, I wonder if my gut reaction of being skeptical simply because of the tone and presentation is a common thing and there are ways to both be convincing right at the start of an article, but still allowing yourself to be marketing-like. I probably would have started with a paragraph that dryly describes exactly the vulnerability "OpenAI's Log viewer is not secure against maliciously crafted logs, which can result in data exfiltration. On this page, we show a realistic scenario by which a malicious third-party can sneak in an image URL to this page and exfiltrate data." and then go on with the rest of the article.
adeon
·7 miesięcy temu·discuss
I dumped it here just now: https://github.com/Noeda/landlock-network-sandboxer-tool

It hopefully will be obvious that nobody should expect quality :) it is like a simplified version of the sandboxer sample in my other comment. E.g. it maybe does not need to touch filesystem stuff at all.

I'd also look at some of the sibling comments for maybe more refined tooling than this thing. Maybe it's useful as a sample though.
adeon
·7 miesięcy temu·discuss
I've used Landlock to detect and stop unwanted telemetry. I wrote some C that stopped networking except to accept connections on a single port, no outgoing connections and no accepting connections on any other port.

`dmesg` shows the connections it blocks (I think this is maybe the audit feature). I used an example sandboxer.c as a base (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux...) except I just set mine up to not touch file restricting, just networking so that it has that one whitelisted incoming port.

    ./network-sandboxer-tool 8000 some-program arg1 arg2 etc.
I like it because it just works as an unprivileged usermode program without setting anything up. A tiny C program. It works inside containers without having to set up any firewalls. Aside from having to compile a small C program, there is little fuss. I found the whole Landlock thing trying to find out alternatives to bubblewrap because I couldn't figure out how to do the same thing in bwrap conveniently.

The "unprivileged" in "Landlock: unprivileged access control" for me was the selling point for this use case.

I don't consider this effective against actively adversarial programs though.