Readit News logoReadit News
JW_00000 commented on The Gorman Paradox: Where Are All the AI-Generated Apps?   codemanship.wordpress.com... · Posted by u/ArmageddonIt
callc · 6 days ago
But what?

Give some concrete examples of why current LLM/AI is disruptive technology like digital cameras.

That’s the whole point of the article. Show the obvious gains.

JW_00000 · 6 days ago
falcor's point is that we will see this in 5 to 10 years.
JW_00000 commented on Hard Rust requirements from May onward   lists.debian.org/debian-d... · Posted by u/rkta
cmm11 · 2 months ago
If anyone has a problem with the language used in the email, I would remind you that this is the same person who is maintainer for debian's keepassxc packages.

Here's a thread of them insulting upstream developers & users of the Debian packages. https://github.com/keepassxreboot/keepassxc/issues/10725

JW_00000 · 2 months ago
To be honest I don't really read insults either in this e-mail or in the thread you linked. If I'm seeing it right, there's only one comment by the guy in that thread, right? That comment is direct and uses language that may be considered unprofessional ("crap"/"crappy"), but it's not insulting the users (they are not referred to as crappy). Same for the e-mail.

Unnecessary drama as usual...

JW_00000 commented on Battering RAM – Low-cost interposer attacks on confidential computing   batteringram.eu/... · Posted by u/pabs3
commandersaki · 2 months ago
I haven't twisted their words, they didn't actually answer the question, so I gave my own commentary. For all intents and purposes, as in practically speaking, this isn't going to affect anyone*. The nation state threat is atypical even to those customers of confidential computing, I guess the biggest pool of users being those that use Apple Intelligence (which wouldn't be vulnerable to this attack since they use soldered memory in their servers and a different TEE).

Happy to revisit this in 20 years and see if this attack is found in the wild and is representative. (I notice it has been about 20 years since cold boot / evil maid was published and we still haven't seen or heard of it being used in the wild (though the world has kind of moved onto soldered ram for portable devices).

* They went to great lengths to provide a logo, a fancy website and domain, etc. to publicise the issue, so they should at least give the correct impression on severity.

JW_00000 · 2 months ago
They answer the second question quite clearly in my opinion:

    It requires only brief one-time physical access, which is realistic in cloud environments, considering, for instance:

    * Rogue cloud employees;
    * Datacenter technicians or cleaning personnel;
    * Coercive local law enforcement agencies;
    * Supply chain tampering during shipping or manufacturing of the memory modules.
This reads as "yes". (You may disagree, but _their_ answer is "yes.")

Consider also "Room 641A" [1]: the NSA has asked big companies to install special hardware on their premises for wiretapping. This work is at least proof that a similar request could be made to intercept confidential compute environments.

[1] https://en.wikipedia.org/wiki/Room_641A

JW_00000 commented on Battering RAM – Low-cost interposer attacks on confidential computing   batteringram.eu/... · Posted by u/pabs3
commandersaki · 2 months ago
I like how the FAQ doesn't really actually answer the questions (feels like AI slop but giving benefit of the doubt), so I will answer on their behalf, without even reading the paper:

Am I impacted by this vulnerability?

For all intents and purposes, no.

Battering RAM needs physical access; is this a realistic attack vector?

For all intents and purposes, no.

JW_00000 · 2 months ago
You're twisting their words. For the second question, they clearly answer yes.

It depends on the threat model you have in mind. If you are a nation state that is hosting data in a US cloud, and you want to protect yourself from the NSA, I would say this is a realistic attack vector.

JW_00000 commented on Battering RAM – Low-cost interposer attacks on confidential computing   batteringram.eu/... · Posted by u/pabs3
dist-epoch · 2 months ago
That's like saying a security vulnerability in OpenSSL/SSH is making SSL/SSH obsolete.
JW_00000 · 2 months ago
It's a bit more fundamental in my opinion. Cryptographic techniques are supported by strong mathematics; while I believe hardware-based techniques will always be vulnerable against a sufficiently advanced hardware-based attack. In theory, there exists an unbreakable version of OpenSSL ("under standard cryptographic assumptions"), but it is not evident that there even is a way to implement the kind of guarantees confidential computing is trying to offer using hardware-based protection only.
JW_00000 commented on Crates.io phishing attempt   fasterthanli.me/articles/... · Posted by u/dmarto
diggan · 3 months ago
> and a well constructed one is actually really easy to fall for

It really shouldn't though, and something you need to be personally responsible for. If it's still possible in 2025 for you to fall for phishing attempts, you're missing something, something that starts with a p and ends with a assword manager.

JW_00000 · 3 months ago
You must be joking. When I try to log in on Outlook I get redirected to 'microsoftonline.com' (suspicious), when I log in on Wikipedia it sends me to something called 'wikimedia.org' (typo squatter?). How the hell am I supposed to know whether npmjs.help or rustfoundation.dev are _not_ the official domains of those projects?
JW_00000 commented on Show HN: JavaScript-free (X)HTML Includes   github.com/Evidlo/xsl-web... · Posted by u/Evidlo
ekianjo · 4 months ago
The spec is at XLST 3 right now.
JW_00000 · 4 months ago
When notpushkin said "the spec is still at XSLT 1.0", I think "the spec" is referring to the WHATWG HTML Living Standard spec, which only refers to XSLT 1.0. (It wouldn't make sense to say "the XSLT spec is at XSLT 1.0".)
JW_00000 commented on Persona vectors: Monitoring and controlling character traits in language models   anthropic.com/research/pe... · Posted by u/itchyjunk
bbqfog · 5 months ago
I worry that the people/organizations that have access to the raw underlying models give us the "non-evil" versions yet can explicitly tune their models to achieve any goal without restriction. Examples may include: "How do I get the most work out of my employees for the least amount of pay", "Who in the government is most susceptible to bribes and how should I approach them?" or even "Give me a strategy to ethnically cleanse a region while navigating international relations". It could be anything and those in power (without naming names, I would consider many of them evil for sure) can use them to achieve their goals while leaving the rest of us unable to defend ourselves. To some degree it feels like the right to bear arms has intersecting goals.
JW_00000 · 5 months ago
Do you think an AI could come up with novel answers that a human wouldn't be able to come up with? I think humans could not just come up with answers to these questions, but some people would be able to greatly outperform AIs by using knowledge that is not widely known.
JW_00000 commented on My Self-Hosting Setup   codecaptured.com/blog/my-... · Posted by u/mirdaki
numb7rs · 5 months ago
I'm glad to see this comment here. People build these projects for family and friends - which is great - and encourage their use, without considering what happens if the only sysadmin suddenly dies. You wouldn't let one person at work hold all of the keys, so the same should be true for your homelab.

While I haven't given all of my keys to my family, there's a clear route for them to get them, and written instructions how to do so. Along with an overview of the setup and a list of friends and colleagues they can turn to, this is enough for them to get access to everything and then decide if they want to carry on using it, or migrate the data somewhere else.

JW_00000 · 5 months ago
To be frank, if you die, isn't it much more likely your friends and family will just stop using your homelab setup? They'll switch back from Jellyfin to Netflix, replace the smart light bulbs with regular ones, etc.
JW_00000 commented on Asynchrony is not concurrency   kristoff.it/blog/asynchro... · Posted by u/kristoff_it
dooglius · 5 months ago
I'm not talking about a universe where all elements commute, I'm talking about a situation in which A, B, and C do not necessarily commute but (AB) and C do. For a rigorous definition: given X and Y from some semigroup G, say X and Y are asynchronous if for any finite decompositions X=Z_{a_1}Z_{a_2}...Z_{a_n} and Y=Z_{b_1}Z_{b_2}...Z_{b_m} (with Z's in G) then for any permutation c_1,...,c_{n+m} of a_1,...,a_n,b_1,...,b_m that preserves the ordering of a's and the ordering of the b's has XY=Z_{c_1}Z_{c_2}...Z_{c_{n+m}}. I make the following claim: if G is commutative then all elements are asynchronous, but for a noncommutative G there can exist elements X and Y that commute (i.e. XY=YX) but X and Y are not asynchronous.
JW_00000 · 5 months ago
To give a concrete example, matrix multiplication is not commutative in general (AB ≠ BA), but e.g. multiplication with the identity matrix is (AI = IA). So AIB = ABI ≠ BAI.

Or applied to the programming example, the statements:

    1. Server.accept
    2. Client.connect
    3. File.write  # write to completely unrelated file
123 = 312 ≠ 321.

J

u/JW_00000

KarmaCake day965February 21, 2007View Original