Readit News logoReadit News
Randor commented on Emailing a one-time code is worse than passwords   blog.danielh.cc/blog/pass... · Posted by u/max__dev
iEchoic · 25 days ago
Four times a day, I get an email notification that someone requested a password reset for my Microsoft account, which gives me a six-digit number to recover my account. So every day, an attacker has four shots in 1,000,000 of stealing my account by just guessing the number. They've been doing this for years.

If the attacker's doing this to thousands of accounts - which I'm sure they are - they're going to be stealing accounts for free just by guessing.

I wrote up a security report and submitted it and they said that I hadn't sufficiently mathematically demonstrated that this is a security vulnerability. So your only option is to get spammed and hope your account doesn't get stolen, I guess.

Randor · 25 days ago
Microsoft allows you create a second "login only" account username to access your e-mail and other services. I was having the same problem as you but much worse. Check into it, only takes a few minutes to setup.

Deleted Comment

Randor commented on WorstFit: Unveiling Hidden Transformers in Windows ANSI   blog.orange.tw/posts/2025... · Posted by u/notmine1337
Randor · 8 months ago
That was a long read. Just be happy that you never had to deal with Trigraphs. https://learn.microsoft.com/en-us/cpp/c-language/trigraphs?v...
Randor commented on How is my Browser blocking RWX execution?   rwxstoned.github.io/2025-... · Posted by u/lucasRW
dblohm7 · 8 months ago
I'm the engineer who spearheaded adding the blocking technique outlined by OP. Security vendors are some of the worst offenders when it comes to injecting buggy DLLs into processes.
Randor · 8 months ago
A brilliant idea, maybe all software should block DLL without English names. Could even incorporate the new technique into the operating system.
Randor commented on How is my Browser blocking RWX execution?   rwxstoned.github.io/2025-... · Posted by u/lucasRW
pjc50 · 8 months ago
Anyone naming their DLL with random hex digits is definitely up to no good.
Randor · 8 months ago
It's a very common security technique to avoid being targeted by malware. I believe even the Microsoft KSLDriver drops randomly named DLL and device drivers along with creating a randomly named system service. Uses 8 hex characters.

Several third-party vendors use the same technique, mostly security vendors.

Randor commented on How is my Browser blocking RWX execution?   rwxstoned.github.io/2025-... · Posted by u/lucasRW
syncsynchalt · 8 months ago
Looks like firefox: https://searchfox.org/mozilla-central/source/toolkit/xre/dll... (via https://searchfox.org/mozilla-central/source/toolkit/xre/dll... )

I'd assumed it would be Edge since the author was crawling through decompiled output and worrying about litigiousness, but the above code in a BaseThreadInitThunk() interceptor matches what the author is describing.

Randor · 8 months ago
Some horrible code in there too:

https://searchfox.org/mozilla-central/source/toolkit/xre/dll...

Indiscriminate blocking of any DLL in the world with 12/6 hex digit filenames.

Randor commented on Moonshine, the new state of the art for speech to text   petewarden.com/2024/10/21... · Posted by u/freediver
magicalhippo · 10 months ago
Having played with the GB sized Whisper models, I'm amazed to learn the 80MB version is actually useful for anything.

I was aiming for an agent-like experience, and found the accuracy drop below what I'd consider useful levels even above the 1GB mark.

Perhaps for shorter, few word sentences like "lights on"?

Randor · 10 months ago
Looks like Moonshine is competing against the Whisper-tiny model. There isn't any information in the paper to see how it compares to the larger whisper-large-v3.
Randor commented on Love being interrupted when my monitor asks me to accept user agreements   twitter.com/snwy_me/statu... · Posted by u/h2odragon
account42 · 10 months ago
I suspect these are just rebadged generic soda cans but there is something oddly dystopian about a company drink.
Randor · 10 months ago
No, if I remember correctly it was a local beverage company. It wasn't unusual for Microsoft to back local businesses. I remember a very talented Indian software engineer that left Microsoft and purchased 3 "food trucks" and decided to serve food instead, true story. He parked his truck outside building 88 for a few years.
Randor commented on AI engineers claim new algorithm reduces AI power consumption by 95%   tomshardware.com/tech-ind... · Posted by u/ferriswil
littlestymaar · 10 months ago
How does the liked article relate to BitNet at all? It's about the “addition is all you need” paper which AFAIK is unrelated.
Randor · 10 months ago
Yeah, I get what you're saying but both are challenging the current MatMul methods. The L-Mul paper claims "a power savings of 95%" and that is the thread topic. Bitnet proves that at least 70% is possible by getting rid of MatMul.
Randor commented on AI engineers claim new algorithm reduces AI power consumption by 95%   tomshardware.com/tech-ind... · Posted by u/ferriswil
kayo_20211030 · 10 months ago
I'm not an AI person, in any technical sense. The savings being claimed, and I assume verified, are on ARM and x86 chips. The piece doesn't mention swapping mult to add, and a 1-bit LLM is, well, a 1-bit LLM.

Also,

> Additionally, it reduces energy consumption by 55.4% to 70.0%

With humility, I don't know what that means. It seems like some dubious math with percentages.

Randor · 10 months ago
> I don't know what that means. It seems like some dubious math with percentages.

I would start by downloading a 1.58 model such as: https://huggingface.co/HF1BitLLM/Llama3-8B-1.58-100B-tokens

Run the non-quantized version of the model on your 3090/4090 gpu and observe the power draw. Then load the 1.58 model and observe the power usage. Sure, the numbers have a wide range because there are many gpu/npu to make the comparison.

R

u/Randor

KarmaCake day292March 20, 2019View Original