HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mlissner

no profile record

Submissions

Use DuckDB-WASM to query TB of data in browser

lil.law.harvard.edu
237 points·by mlissner·9 เดือนที่ผ่านมา·62 comments

Firefox Profiles: Private, focused spaces for all the ways you browse

blog.mozilla.org
4 points·by mlissner·9 เดือนที่ผ่านมา·1 comments

Senator castigates federal judiciary for ignoring "basic cybersecurity"

arstechnica.com
4 points·by mlissner·11 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by mlissner·2 ปีที่แล้ว·0 comments

Mozilla adding AI features to Firefox nightly

blog.nightly.mozilla.org
3 points·by mlissner·2 ปีที่แล้ว·1 comments

comments

mlissner
·7 เดือนที่ผ่านมา·discuss
We’re familiar with vulnerability disclosure philosophies, but what if the problem can’t be fixed because there’s no forward secrecy for the hundreds of millions of documents that are already out there?

It’s tricky stuff and we have limited resources, unfortunately.
mlissner
·7 เดือนที่ผ่านมา·discuss
It’s a fine line. Most redactions are for the good, to protect someone or something. For example even in the Epstein files, where some redactions are being abused, most redactions are protecting victims.

If there’s a way to undo huge amounts of redactions, that’d certainly be a net negative. Sort of like if encryption were suddenly broken, you wouldn’t publish a paper saying so.

Our goal has always been to educate about the problem so that it can be addressed. We didn’t have resources to push on the font metrics approach, so we stayed mostly quiet about it.
mlissner
·7 เดือนที่ผ่านมา·discuss
Really depends on the length and predictability of the redaction, but yes. If it's short and contextually it's only likely to be either "yes" or "no", you've got it. If it's longer and could contain an unknown person's name along with some other words, well, that's harder.
mlissner
·7 เดือนที่ผ่านมา·discuss
No, we worked with researchers that developed that kind of system, but didn't broadcast our work b/c the research was too sensitive. Seems the cat is out the bag now though.

I think the combination of AI and font-metrics is going to be wild though. You ought to be able to make a system that can figure out likely words based on the unredacted ones and the redaction's size. I haven't seen any redaction system yet that protects against this.
mlissner
·7 เดือนที่ผ่านมา·discuss
Cool to see this here. It’s funny because we do so many huge, complex, multiyear projects at Free Law Project, but this is the most viral any of our work has ever gone!

Anyway, I made X-ray to analyze the millions of documents we have in CourtListener so that we can try to educate people about the issue.

The analysis was fun. We used S3 batch jobs to analyze millions of documents in a matter of minutes, but we haven’t done the hard part of looking at the results and reporting them out. One day.
mlissner
·9 เดือนที่ผ่านมา·discuss
OK, this is really neat: - S3 is really cheap static storage for files. - DuckDB is a database that uses S3 for its storage. - WASM lets you run binary (non-JS) code in your browser. - DuckDB-Wasm allows you to run a database in your browser.

Put all of that together, and you get a website that queries S3 with no backend at all. Amazing.
mlissner
·ปีที่แล้ว·discuss
Maine's remote work program is an incredibly promising development to prevent recidivism. The amazing thing about it is that it gives real jobs to prisoners that they can seamlessly continue after they get out of prison. Normally when you get out, it's impossible to get a job, and the clock is ticking. This leads to desperation, which leads to bad behavior.

There is a real risk of exploitation, but if it's properly managed, remote work for prisoners is one of the most hopeful things I've heard about the prison system. It gives people purpose while there and an avenue to success once they're out.
mlissner
·ปีที่แล้ว·discuss
OK, here's the first thing popping up in court about this. There's a motion to unseal search warrants filed by a security researcher at Stanford that was just filed:

https://www.courtlistener.com/docket/69834044/in-re-motion-t...

This doesn't mean there are search warrants, necessarily, but this case might be the next place something pops up. If anybody wants to follow the case, you can do so with this link. :

https://www.courtlistener.com/alert/docket/new/?pacer_case_i...
mlissner
·ปีที่แล้ว·discuss
I run CourtListener.com, which aggregates Pacer data.

So far nothing there, but I created an alert for his name, and I’ll post here and to Dan Goodin (the author of the article) if anything pops up.
mlissner
·ปีที่แล้ว·discuss
Just for the record, they are being sued to oblivion:

https://www.courtlistener.com/docket/66607916/debt-cleanse-g...

You'd have to go study the case, but it's a class action case, so it'll hurt if they lose (and even if they don't). The court appears to be consolidating cases into this one, because LastPass has been sued in federal court 15 times so far:

https://www.courtlistener.com/?q=lastpass%20AND%20(caseName%...