HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cperciva

64,370 karmajoined 19 yıl önce
Founder of tarsnap: http://www.tarsnap.com/

Email: <me>@tarsnap.com

Twitter: @<me>

Submissions

FreeBSD 15.1-Release Now Available

lists.freebsd.org
10 points·by cperciva·26 gün önce·0 comments

20 years on AWS and never not my job

daemonology.net
260 points·by cperciva·3 ay önce·66 comments

FreeBSD 14.4-Release Now Available

lists.freebsd.org
4 points·by cperciva·4 ay önce·0 comments

BSDCan 2006 Talks, Tutorials, and Registration

blog.bsdcan.org
7 points·by cperciva·5 ay önce·3 comments

FreeBSD 15.0 is now available

lists.freebsd.org
37 points·by cperciva·7 ay önce·8 comments

comments

cperciva
·5 gün önce·discuss
the oxide to pure aluminum ratio is high

For some definition of high? Standard foil is around 20 um thick while the oxide layer only goes about 10 nm deep.
cperciva
·7 gün önce·discuss
I've seen plenty of people saying "Mythos isn't all that exceptional, lots of LLMs can find security vulnerabilities" -- and indeed there is some evidence for that; it sounds like Anthropic was taken somewhat by surprise at how easily a simple prompt managed to get Mythos to deliver exploits and didn't distinguish immediately between the effectiveness of Mythos and the effectiveness of the prompt.

But the claim of "LLMs aren't making a difference in vulnerability discovery" has been laughable to anyone who has been reading security advisories for the past 3 months. Just look at the Credits lines.
cperciva
·7 gün önce·discuss
This is hardly news? We've known for months that a flood of AI-assisted vulnerabilities was coming; I posted on Twitter in March calling 2026 the year of a million CVEs: https://x.com/i/status/2035045573116789002
cperciva
·10 gün önce·discuss
This was CVE-2005-0109.
cperciva
·10 gün önce·discuss
Frankly, there's no way any arch venue at the time would have done anything beyond rejecting it with "caches make RSA fast, what's the problem?"

Security wasn't something CPU designers paid much attention to, and cryptography wasn't something they were even particularly aware of. Even seven years ago, when an Intel VP was giving a talk at re:Invent about "processor technologies for improving security in virtual machines", my question to him about cache collision side channel attacks was met with "what's a side channel attack?"
cperciva
·10 gün önce·discuss
They publish lots of papers about side channel attacks, including very hardware based ones like power consumption analysis.

It just happened that "leak information into microarchitectural state and then retrieve it" didn't exist as a subfield until my work (and the OST work a few weeks behind mine).
cperciva
·10 gün önce·discuss
My paper demonstrating a side channel attack on RSA via hyperthreading was rejected from the crypto preprint archive on the basis that it was "not cryptography".

(Reviewers at J.Crypto subsequently sat on it for a year and then suggested I submit it to a journal on CPU microarchitecture instead.)

Novel research is uniquely susceptible to "cool but it's not part of our field", because that critique is entirely correct until the research gets published!
cperciva
·27 gün önce·discuss
FreeBSD 15.1! Scheduled to be announced 2026-06-16 00:00 UTC; just need to get some release documentation polished now.
cperciva
·30 gün önce·discuss
Square root of the population is because that's what it takes to normalize large vs small countries. Imagine slicing a country into quarters; each slice has a quarter of the population and half the radius.
cperciva
·geçen ay·discuss
It would be interesting to see a map which was not minimizing [distance to capital] but instead minimized [distance to capital]/sqrt([national population]). The latter would be more robust against Sybil attacks.
cperciva
·geçen ay·discuss
arguably the whole scheme should be replaced by finer-grained feature detection.

This seems like a strange thing to say. Fine grained feature detection was around long before "microarchitecture levels" and never went away. The microarchitecture levels were introduced because they were easier to use.
cperciva
·geçen ay·discuss
True. The amount of free float increasing dramatically will probably also depress the share price.
cperciva
·geçen ay·discuss
Now with this incredible deal, SpaceX is now GAAP profitable under the existing rules, and they get to join the index next year without a rule change.

Didn't they also run up against a "minimum free float" rule?
cperciva
·geçen ay·discuss
That information should still be in the commit messages. "No functional change intended." appears widely in FreeBSD commit logs when code is being refactored (or, rarely, restyled).

And the issue isn't whether you can remember what you changed yesterday; this is largely about making sure other developers can quickly identify relevant commits. If you're a solo non-OSS developer, this is entirely relevant to you.
cperciva
·geçen ay·discuss
I've done this with code review. "Another LLM reviewed the attached code and produced the attached report. What do you think?"

Lots of "the other LLM clearly hallucinated this part". To be fair, it has never accused the other, err, itself, of being incompetent; it accepts that hallucinating is just something which happens.
cperciva
·geçen ay·discuss
Is that true for every type and format

Yes, OTC for everything. I've heard that some pharmacists ask more questions about types which are commonly abused by body builders but that's about the extent of it.

Funny story since you mention cats: My brother's cat was diabetic and prescribed long acting insulin which cost $250/vial. I looked it up and... apparently it was just relabeled lantus, because of course nobody is going to waste money on a separate manufacturing line. Ended up buying it from my local pharmacy, without a prescription, instead of using the vet prescription.
cperciva
·geçen ay·discuss
One issue here which is obvious to me is that access to insulin should not be gated on paperwork. I can walk into any pharmacy in Canada and say "I'm diabetic and need insulin" and the pharmacist will sell it to me. They'll ask questions of course since this is not the usual path but my doctor's office being open will have no influence on whether I get it -- just on whether it's a 5 minute process or a 15 minute process, and potentially whether I have to pay myself or have it covered by insurance.
cperciva
·geçen ay·discuss
There's a wide gap between "ignored" and "received the attention they deserved".
cperciva
·geçen ay·discuss
They don't hand out Nobel prizes for glossed over topics.

Leaving aside the fact that the Economics prize isn't actually a Nobel Prize, topics which historically haven't been given enough attention are exactly where the highest impact research takes place.

If externalities had always received the attention they deserved, Coase would have never received his prize, because his work would not have been so important.
cperciva
·geçen ay·discuss
That solves the traffic tampering problem, but not the "malicious peer" problem. You want to be able to sync files without accidentally sharing root privileges.