HackerLangs
TopNewTrendsCommentsPastAskShowJobs

rmast

no profile record

Submissions

Ghidra Decompiler in the Browser

github.com
2 points·by rmast·2 เดือนที่ผ่านมา·0 comments

cmakefmt: A lightning-fast CMake file formatter

github.com
2 points·by rmast·3 เดือนที่ผ่านมา·0 comments

Breaking into a Govee Smart Display: From UART Shell to Device Impersonation

blog.kulkan.com
1 points·by rmast·3 เดือนที่ผ่านมา·0 comments

Pokemon-themed E-paper Home Assistant dashboard

github.com
3 points·by rmast·4 เดือนที่ผ่านมา·0 comments

I Hacked My Laundry Card. Here's What I Learned

hanzilla.co
27 points·by rmast·4 เดือนที่ผ่านมา·6 comments

Get free ChatGPT Pro for open-source maintainers

developers.openai.com
2 points·by rmast·4 เดือนที่ผ่านมา·0 comments

Casting SALT like Metal – What Happens? [video]

youtube.com
2 points·by rmast·4 เดือนที่ผ่านมา·0 comments

How many AA batteries does it take to power a PC setup? [video]

youtube.com
1 points·by rmast·4 เดือนที่ผ่านมา·0 comments

Zillow for Warcraft

zillowforwarcraft.com
3 points·by rmast·4 เดือนที่ผ่านมา·0 comments

Project Silica's advances in glass storage technology

microsoft.com
1 points·by rmast·4 เดือนที่ผ่านมา·0 comments

From Wi‑Fi Access to Root: Reverse Engineering a $50 CarPlay Dongle

medium.com
3 points·by rmast·4 เดือนที่ผ่านมา·0 comments

FemtoClaw: Ultralight Port of OpenClaw/PicoClaw for ESP32 and Raspberry Pi Pico

github.com
3 points·by rmast·4 เดือนที่ผ่านมา·0 comments

Turning a 2 ton robot into a 3D printer [video]

youtube.com
2 points·by rmast·5 เดือนที่ผ่านมา·0 comments

[untitled]

1 points·by rmast·5 เดือนที่ผ่านมา·0 comments

Hacking a NutriBullet blender via BLE: reverse-engineering the protocol

it4sec.substack.com
1 points·by rmast·5 เดือนที่ผ่านมา·0 comments

Show HN: Analyze binary capabilities using capa directly in your browser

surfactant.readthedocs.io
1 points·by rmast·6 เดือนที่ผ่านมา·0 comments

Running custom code on a PAX credit card machine by swapping the SoC

lucasteske.dev
2 points·by rmast·6 เดือนที่ผ่านมา·0 comments

Hacking a Consumer Drone: Dumping Firmware and Bruteforcing ECC

neodyme.io
3 points·by rmast·6 เดือนที่ผ่านมา·0 comments

Show HN: Find hidden binary dependencies & subprocess calls in Python packages

surfactant.readthedocs.io
2 points·by rmast·6 เดือนที่ผ่านมา·1 comments

OGhidra: Automating dataflow analysis and vulnerability discovery via local LLMs

github.com
1 points·by rmast·7 เดือนที่ผ่านมา·1 comments

comments

rmast
·14 วันที่ผ่านมา·discuss
I was thinking that the other definition was right and this correction was wrong.

Then I did some searching and found multiple examples of both definitions in use, making things murky.

So I turned to Merriam-Webster’s dictionary: “ of, relating to, or being a vulnerability (as in a computer or computer system) that is discovered and exploited (as by cybercriminals) before it is known to or addressed by the maker or vendor”

And of course they use an “or” to make it ambiguous as to whether the days start counting when the vulnerability becomes known, or when the vendor has addressed it.
rmast
·23 วันที่ผ่านมา·discuss
Duplicate of https://news.ycombinator.com/item?id=48538483
rmast
·27 วันที่ผ่านมา·discuss
I applied for both. Heard back from neither. Mentioned two particular projects when applying, one with 2k stars and 5M monthly downloads, and another with 2M monthly downloads.
rmast
·28 วันที่ผ่านมา·discuss
Maybe the only way to win is to cheat.
rmast
·30 วันที่ผ่านมา·discuss
I was using it to craft a CTF challenge for summer students involving a simulated mechanical dial safe, but with the fence replaced by a IR beam break sensor and a microcontroller handling the check + flag message display.

For generating the initial 3D simulated safe using three.js it worked well, but then modifications to print a flag tripped the safeguards; eventually got it narrowed down the part in the prompt about it being for a CTF for students, and the "thinking" for the model seems to drift to ideas of encryption/obfuscation of the safe combo so students can't just read out the answer... which makes sense logically to help force students into turning the simulated dial instead. But whatever detection Anthropic I guess just naively sees the model thinking about "encryption" and "obfuscation" without taking into account any of the context.

For writing the dummy firmware, it tripped the safeguards while thinking about how to track dial position in the firmware and output the message; however, when I left out talk about safes and just told it to write firmware for a microcontroller hooked up to an i2c display for showing a message with a beam break sensor to determine the message, and an unspecified i2c chip for getting an unspecified number (e.g. internal wheel positions) it worked fine.

An unrelated software task I asked it to write some code to translate CustomActions in a Windows MSI installer into human readable stuff, which has (exclusively?) defensive security applications for recognizing malicious behavior in an MSI installer. Maybe I'm going crazy, but I'm guessing as part of its research into MSI installer custom actions Fable found articles about analyzing malicious MSI installers, and that probably tripped the safeguards.

Overall my impression is that the safeguards are perhaps using an overzealous and naive implementation that just looks for a list of banned words in the prompt or the thinking -- which drives me crazy when the model says my prompt looks fine, and then 10 minutes in some part of the thinking trips the safeguard.
rmast
·เดือนที่แล้ว·discuss
So in other words... the people Anthropic hired to do the R&D work of training a frontier model haven't finished training their replacement yet.
rmast
·เดือนที่แล้ว·discuss
The things that are harder to get running in a browser via webassembly tend to have a GUI, network communication, or system calls that browsers don’t provide the APIs that are needed to support. But I’ve seen workarounds using websocket proxy servers to get around the lack of raw TCP or UDP socket access.

I’ve been surprised how easy it can be to get Python and C# code running in a browser.
rmast
·เดือนที่แล้ว·discuss
It looks like most of the sources might be under the “docs” subfolder.
rmast
·2 เดือนที่ผ่านมา·discuss
I help maintain a project that is used as a dependency by a lot of security tools to handle PE files.

It’s disappointing that Anthropic and OpenAI never responded to the applications to their respective programs for open source maintainers. From my perspective it seems like their offers are primarily for the shiny well-known projects, rather than ones that get only a few million monthly installs but aren’t able to get thousands of stars due to being “hidden” as a dependency of popular tool.
rmast
·2 เดือนที่ผ่านมา·discuss
Train it like Disney’s Olaf where it can adjust how it walks/stands to keep motor temperature under control.
rmast
·2 เดือนที่ผ่านมา·discuss
If you read the epilogue, they weren't able to achieve the under $1000 price goal. Total cost ended up being around $1,450. Pretty good price reduction compared to CARA 1.0 though.

Hypothetically if I were to want a quadrupedal robot to experiment with it's not an impulse buy/build, but getting closer to that point... whereas $3000+ is a hard pass (e.g. Apple Vision Pro territory).
rmast
·2 เดือนที่ผ่านมา·discuss
[flagged]
rmast
·2 เดือนที่ผ่านมา·discuss
Agreed, many types of devices don’t need to be locked down so much.

I imagine the companies making the devices think they are “protecting” their secrets from competitors, though now it might be easier to ask an LLM for whatever feature they want to copy.
rmast
·2 เดือนที่ผ่านมา·discuss
That just brought a whole new meaning to that message… and writing up a post-mortem.
rmast
·2 เดือนที่ผ่านมา·discuss
I was kinda of disappointed when that happened earlier this month, but not as much now after seeing this change. My primary use had been trying out some of the newer Anthropic and OpenAI models, which probably would have burned through $10 worth of credits rather quickly given their new pricing.
rmast
·3 เดือนที่ผ่านมา·discuss
FreeBSD CI testing is the part I’ll miss the most… time to find an alternative for open source projects.
rmast
·3 เดือนที่ผ่านมา·discuss
I mostly clicked the link because I was curious if Cirrus Labs operates Cirrus CI and if so how that would be impacted.

Looks like I’ll need to move the FreeBSD CI jobs for open source projects I maintain to another solution. Anyone have suggestions for alternatives?
rmast
·3 เดือนที่ผ่านมา·discuss
That part is amazing. Back when I first heard of tart I thought it was amazing, with the one downside being the license.

Hopefully development on it continues, or a community maintained version keeps it going.
rmast
·3 เดือนที่ผ่านมา·discuss
How about for a real life Rainbow Road made by the Quantum Mushroom startup? I think that might be the aerospace applications reference in the article:

> CERN’s Knowledge Transfer Group has begun discussions with European startup company Quantum Mushroom to explore aerospace applications and powering for next-generation anti-gravity vehicles.
rmast
·3 เดือนที่ผ่านมา·discuss
They’ve also got:

> schoolteacher Yoshi Kyouryuu, mid-way through painting spots on eggs