rckoepke (u/rckoepke)

rckoepke commented on FBI seizes bot shop ‘Genesis Market’ amid arrests targeting operators, suppliers krebsonsecurity.com/2023/... · Posted by u/todsacerdoti

javajosh · 2 years ago

So, as a web programmer, I'd like to infer how this data got into the marketplace in the first place. The offerings are all powered by browser data exfiltration! Which means their vector is another process on the host, or it could be a malicious browser extension, or a resource 0-day. Or the tokens could be exfiltrated from from the server-side, too.)

Does anyone know how they get this data?

rckoepke · 2 years ago

Chrome has a browser extension API which allows plugins to access all cookies, but its use is considered suspicious and a red flag; an extension which uses it would generally get caught during initial review. However, Chrome extensions are also allowed to “hotload” portions of their own code/scripts from external 3rd party servers.

So an extension will seem benign when it initially gets checked by Google as part of becoming part of its submission to the Chrome Store. Then, later, the external “3rd party” script that is hosted remotely will get replaced with a different, malicious script. The malicious extension carries on stealing cookies, credentials, and fingerprints until someone reverse engineers it and reports it to Google.

Google will not always recognize the issue immediately because the 3rd-party malicious code is not strictly “part of” the extension so there’s a bit of a song and dance while the person who reversed it convinces Googles reviewers that “yes, this really is actually malicious, you need to analyze the third party code that loads later” and then Google eventually takes it down after a semi-involved back-and-forth where extensive documentation and video walk-throughs are provided by the exasperated white-hat Good Samaritan.

rckoepke commented on Convex Hulls – The Metapict Blog soegaard.github.io/blog/m... · Posted by u/soegaard

blamestross · 3 years ago

So, about that. Do the math on how many faces a 768-simplex has.

rckoepke · 3 years ago

Revisiting this. Isn't it a bit of a red herring to enquire about the number of 2-faces that an n-simplex has? It still only has n+1 vertices. A 768-simplex may have 75.5 million faces but it will still only have 769 vertices which completely define the shape. So why would I expect a large number of the other >90% of the 10,000 samples I have to lie on the surface, rather than inside the interior volume?

To be more direct, what's the specific relevance of bringing up the number of 2-faces that an n-simplex has?

rckoepke commented on Convex Hulls – The Metapict Blog soegaard.github.io/blog/m... · Posted by u/soegaard

blamestross · 3 years ago

So, about that. Do the math on how many faces a 768-simplex has.

rckoepke · 3 years ago

I believe the answer is:

(n+1)!/((k+1)!*(n-k)!) where n=768 and k=2

Or about 75.5 million triangular faces. Which explains a lot. Thanks for that.

rckoepke commented on Convex Hulls – The Metapict Blog soegaard.github.io/blog/m... · Posted by u/soegaard

blamestross · 3 years ago

> Qhull does not support triangulation of non-convex surfaces, mesh generation of non-convex objects, medium-sized inputs in 9-D and higher, alpha shapes, weighted Voronoi diagrams, Voronoi volumes, or constrained Delaunay triangulations,

You are going to have to roll your own.

One trick you can use is that most convex hull algorithms chase O(nlg(n)). That lg(n) implies a branching step which lowers efficiency on GPUs. Your coefficients in high dimensions likely mean an O(n^2) branchless algorithm could run faster on a GPU.

Cull points aggressively too, for what little that is worth in high dimensions.

I found https://www.sciencedirect.com/science/article/abs/pii/S01678... which looks like it could be a starting point.

The real problem is that in dimensions that high, the point set probably already is the hull and all this is a zero signal gain operation.

rckoepke · 3 years ago

> The real problem is that in dimensions that high, the point set probably already is the hull and all this is a zero signal gain operation.

Well, if I have 10,000 samples of a 768-dimension volume, most of those points will probably be inside the volume, and not per se a vertex of the hull.

I’m very comfortable rolling my own solution, so thank you for pointing me to Jarvis’ algorithm!

rckoepke commented on Convex Hulls – The Metapict Blog soegaard.github.io/blog/m... · Posted by u/soegaard

rckoepke · 3 years ago

I've been trying to use convex hulls to explore ML embedding spaces. However, the dimensionality (768+ dimensions) seems to crash established options like QHull[0], even with 64GB RAM (and 16 CPU cores, albeit libqhull is not multi-threaded).

Are there more appropriate algorithms for finding convex hulls where dimensions are ~768? Or any parallelized / GPU-optimized options that I should look into?

0: http://www.qhull.org

rckoepke commented on YKK zippers: Why so many designers use them (2012) slate.com/business/2012/0... · Posted by u/georgecmu

pastrami_panda · 3 years ago

Do note that a decent waterproof rain flap is probably more important if you need actual waterproofing for persistent rain. Since AquaGuard isn't waterproof, it's water resistant, just like all zippers I've seen in the wild.

rckoepke · 3 years ago

Check out TIZIP SuperSeal zipper -- it was used on some "dry suits" I wear for offshore sailboat racing in cold-water environments and is truly water-proof. It's advertised to be water-proof up to 700 millibar of pressure differential, which is equivalent to 23 feet of water depth. This zipper does require maintenance in the form of regular lubrication using, for example, a food-grade silicone grease/lubricant like the ones used for slushie/daiquiri machines.

I've looked into getting it worked into bags from Montrose Rope and Sail in Scotland when I worked in offshore industrial environments, but they don't have the equipment to do the "vinyl welding" necessary so you'd have to buy the bag without zippers and then find someone else who could do that welding.

rckoepke commented on $250k for your AI-first product startup aigrant.org/... · Posted by u/amrrs

alecfreudenberg · 3 years ago

Fuck yes. This is the type of program that can actually hear a proper pitch. I teared up reading it.

As someone who has a lot of tinkering and research underway on a big idea, this motivates me to scrap and scrounge to get the demo party together.

Spending 8k-ish to build a product demo for my friends rich uncle is too uphill for me to risk. But for this, I mean fuck yeah.

rckoepke · 3 years ago

> Spending 8k-ish to build a product demo for my friends rich uncle is too uphill for me to risk.

That’s something I could potentially fund. No equity, just pro-bono / repay if it works out. Feel free to reach out and chat if it’s a dream you believe in.

But $250k from this might go a lot further.