Readit News logoReadit News
Anunayj commented on Bitwarden SDK relicensed from proprietary to GPLv3   github.com/bitwarden/sdk-... · Posted by u/ferbivore
blendergeek · a year ago
Thank you to Bitwarden for relicensing a thing to Free/Open License! Unfortunately, I no longer recommend Bitwarden for normal people because the built-in password manager in Firefox is too good. But for anyone with more advance needs (or who doesn't trust a password manager built into a web browser, I always recommend Bitwarden because KeepassXC + syncing is way too difficult for normal people.
Anunayj · a year ago
Can someone also comment on how secure the built in password in manager in Firefox is to unsophisticated malware attacks that simply copy your browser extension data and such. Compared to bitwarden which requires a password to unlock it, and as I understand stores everything encrypted on disk.
Anunayj commented on Forget ChatGPT: why researchers now run small AIs on their laptops   nature.com/articles/d4158... · Posted by u/rbanffy
Anunayj · a year ago
I recently experimented with running llama-3.1-8b-instruct locally on my Consumer hardware, aka my Nvidia RTX 4060 with 8GB VRAM, as I wanted to experiment with prompting pdfs with a large context which is extremely expensive with how LLMs are priced.

I was able to fit the model with decent speeds (30 tokens/seconds) and a 20k token context completely on the GPU.

For summarization, the performance of these models are decent enough. However unfortunately in my use case I felt using Gemini's Free Tier with it's multimodal capabilities and much better quality output made running local LLMs not really worth it as of right now, atleast for consumers.

Anunayj commented on A Real Life Off-by-One Error   leejo.github.io/2024/09/0... · Posted by u/leejo
PeterStuer · a year ago
Little known trivia: the code that won the RSA rc5 56bit challange had an off by 1 error.

https://archive.nytimes.com/www.nytimes.com/library/cyber/we...

Anunayj · a year ago
Where was the off by one error? I read the article and didn't find any mention of it.
Anunayj commented on Show HN: OBS Live-streaming with 120ms latency   github.com/Glimesh/broadc... · Posted by u/Sean-Der
Anunayj · a year ago
Why is low latency livestream so hard, while at the same time Cloud Gaming Tech like Nvidia Gamestream and such can have such a flawless experience?

I've used Moonlight + Nvidia Gamestream with ~40ms RTT and couldn't feel a difference in competitive shooters, so total latency must be pretty low.

Does it have something to do with the bandwidth requirements? (1 stream v/s potentially hundreds)

Anunayj commented on Secure Boot is broken on 200 models from 5 big device makers   arstechnica.com/security/... · Posted by u/verifex
snailmailman · a year ago
I’ve had so many issues with secure boot on my machines causing issues that if I ever saw a secure boot error message I would never think “oh I must have a rootkit”

Instead I would assume, in order

- my config broke it

- OS update broke it

- the bios doesn’t properly handle any case that isn’t “preinstalled OEM windows”

I had a laptop that as far as I could tell, could only boot into windows’ default bootmgr.efi. I could turn off secure boot, and tamper with that efi to boot Linux, but it refused to acknowledge other boot loaders from within the bios. It wouldn’t surprise me in the slightest if secure boot isn’t properly handled. I’ve had too many issues with cheap computers having janky bioses.

Anunayj · a year ago
Was this laptop in question from Hewlett Packard (HP)? Because I swear I've seen this exact behaviour on a HP laptop.
Anunayj commented on French court orders Google, Cloudflare, Cisco to poison DNS to stop piracy   torrentfreak.com/google-c... · Posted by u/popcalc
blackeyeblitzar · a year ago
Is there some decentralized anti-censorship technology that can prevent this type of action, where ISPs and DNS providers and other points of centralization are forced to implement things on behalf of other parties (like Canal+ or a government)?
Anunayj · a year ago
Well there are a couple of ways one can do this!

1. Recursively lookup DNS, so domains will have to be blocked at the registrar level, since DNS is unencrypted, it can be blocked at ISP level as well.

2. Use a protocol alternative to DNS, a good mature example is GNS. It aims to replace DNS, with a built from group up, modernish protocol. Using a DHT and public-key cryptography.

3. There are "block chain" solutions to the whole domain problem, look at Handshake, ENS etc.

Anunayj commented on Swipos-GIS/GEO, nationwide GNSS RTK correction for centimeter accurate location   swisstopo.admin.ch/en/swi... · Posted by u/RedlineTriad
skzv · a year ago
> Also, the GNSS software in most phones is sadly unable to accept the correction data from any of these systems, regardless of whether it's a nationwide network or your personal setup. This is purely a software limitation on the vendor GNSS stack, but sadly there is not enough demand for this. (An app will not fix this, we're talking vendor specific low level system code here.)

I don't think that's true. Android surfaces raw GNSS measurements including carrier phase (sub wavelength measurements) to do centimeter level positioning through the raw measurements API [0].

There's even an API to specify the phone antenna phase pattern to correct the carrier phase measurements (source: I implemented it [1]). For those that aren't familiar, the idea is that the antenna pattern on phones isn't perfectly symmetrical, and depending on the direction of the incoming signal, it may appear longer. Knowing the antenna pattern, you can correct for this.

[0] https://developer.android.com/reference/android/location/Gns...

[1] https://developer.android.com/reference/android/location/Gns...

Anunayj · a year ago
I wanted to play around with this! But too bad I have a Samsung Snapdragon :(

And it doesn't expose ADR/carrier phase.

Anunayj commented on NOAA Forecasts Solar Storm (G4)   swpc.noaa.gov/news/media-... · Posted by u/geerlingguy
Anunayj · a year ago
Are there any observable effects of such events that I can see on everyday equipment? Something like increased Bit Flips caused by Cosmic Rays or such?
Anunayj commented on Tried Vision Pro. Here's what I thought   old.reddit.com/r/OculusQu... · Posted by u/layer8
nradov · 2 years ago
There won't be a spacial computing "lifestyle" until we have hardware that's far less intrusive, like something close to a regular pair of eyeglasses. Realistically that is probably decades away. Until then, AR/VR goggles will remain as special purpose peripherals that users don for short periods to accomplish specific tasks.
Anunayj · 2 years ago
I really shouldn't be the one to doubt, considering the size we've seen computers go from and to. But is it even possible to fit all that in that size? Like as I understand optics limits a lot about how far the screen has to be, even with the use of lenses. And it wouldn't be fully passthrough if they use the Google glass like approach as I understand?
Anunayj commented on Forging signed commits on GitHub   iter.ca/post/gh-sig-pwn/... · Posted by u/rokkitmensch
sureglymop · 2 years ago
One should treat git itself as insecure. When you sign a commit, the signature is based on the commit message and commit metadata including tree object_id and parent object_id. But if sha1 is used to generate commit hashes, one can theoretically forge a commit. This means that in an elaborate supply chain attack, one could spoof a commit with a valid signature. That signature would then still appear valid for the spoofed commit and probably make it seem more legitimate than it is.
Anunayj · 2 years ago
For people who might be wondering why git hasn't moved to sha256 yet, here's a lwn article on it: https://lwn.net/Articles/898522/
A

u/Anunayj

KarmaCake day597February 6, 2021
About
I'm no one, stop stalking me

Contact: me [at] anu.ninja

View Original