Readit News logoReadit News
tedivm commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos   research.kudelskisecurity... · Posted by u/spiridow
tadfisher · 5 days ago
Then it should open a PR for those tests so it can go through the normal CI and review process.
tedivm · 5 days ago
Doing that requires write access if you're a Github Application. You can't just fork repositories back into another org, since Github Applications only have the permissions of the single organization that they work with. Rulesets that prevent direct pushes to specific branches can help here, but have to be configured for each organization.

Deleted Comment

tedivm commented on When DEF CON partners with the U.S. Army   jackpoulson.substack.com/... · Posted by u/OgsyedIE
ghostpepper · 11 days ago
what happened with the lock pick village?
tedivm · 10 days ago
From my understanding they were told they were no longer allowed to fundraise in the village, which meant they could not afford to continue coming.
tedivm commented on OpenIndiana: Community-Driven Illumos Distribution   openindiana.org/... · Posted by u/doener
tedivm · 11 days ago
I've spent two minutes look at this website and I still have no idea what this project is.
tedivm commented on When DEF CON partners with the U.S. Army   jackpoulson.substack.com/... · Posted by u/OgsyedIE
sylens · 12 days ago
Defcon is no longer a counterculture conference, and arguably hasn't been for a while. It's a place for security professionals to go to hang out in Vegas for a few days on their company's dime, or to extend their stay after Black Hat.

The conference has gotten too big for its own good. It now inhabits the Las Vegas Convention Center, which is less convenient than when it was in one of the hotels (or multiple hotels clustered together). The one positive of the LVCC is that it has a ton of room but there are still issues with things like sound equipment that plague the villages and their talks/workshops.

tedivm · 12 days ago
Once they scared off the people running the Sky Talks, which were always awesome, and messed with groups like the lockpicking folks ability to fundraise, I think the idea of it being a hacker con really died and it turned into just another corporate convention.
tedivm commented on GitHub is no longer independent at Microsoft after CEO resignation   theverge.com/news/757461/... · Posted by u/Handy-Man
hardwaregeek · 13 days ago
They could add stacked diffs, large monorepo features (allow user to view a slice of a repo), better submodule support (why can’t I PR multiple repos at once?). A good desktop app that is faster than the slow web client.
tedivm · 13 days ago
The current desktop client is missing support for a bunch of important things too, like signing commits.
tedivm commented on Open models by OpenAI   openai.com/open-models/... · Posted by u/lackoftactics
modeless · 19 days ago
Nah, these are much smaller models than Qwen3 and GLM 4.5 with similar performance. Fewer parameters and fewer bits per parameter. They are much more impressive and will run on garden variety gaming PCs at more than usable speed. I can't wait to try on my 4090 at home.

There's basically no reason to run other open source models now that these are available, at least for non-multimodal tasks.

tedivm · 19 days ago
Qwen3 has multiple variants ranging from larger (230B) than these models to significantly smaller (0.6b), with a huge number of options in between. For each of those models they also release quantized versions (your "fewer bits per parameter).

I'm still withholding judgement until I see benchmarks, but every point you tried to make regarding model size and parameter size is wrong. Qwen has more variety on every level, and performs extremely well. That's before getting into the MoE variants of the models.

tedivm commented on Open models by OpenAI   openai.com/open-models/... · Posted by u/lackoftactics
x187463 · 19 days ago
Running a model comparable to o3 on a 24GB Mac Mini is absolutely wild. Seems like yesterday the idea of running frontier (at the time) models locally or on a mobile device was 5+ years out. At this rate, we'll be running such models in the next phone cycle.
tedivm · 19 days ago
It only seems like that if you haven't been following other open source efforts. Models like Qwen perform ridiculously well and do so on very restricted hardware. I'm looking forward to seeing benchmarks to see how these new open source models compare.
tedivm commented on ‘No Other Land’ consultant Awdah Hathaleen killed by Israeli settler   latimes.com/entertainment... · Posted by u/_shadi
ml-anon · a month ago
I guess if they are viewed as an occupying force, it’s much less unprecedented. In fact it’s exactly how you’d expect an occupation to act.
tedivm · a month ago
This isn't an occupation, it's an ethnic cleansing.
tedivm commented on Anthropic Faces Potentially "Business-Ending" Copyright Lawsuit   obsolete.pub/p/anthropic-... · Posted by u/Invictus0
Ajedi32 · a month ago
That's very interesting, because it totally makes sense legally, but the practical effect is ludicrously stupid. The law is effectively forcing companies to spend millions re-scanning the same books over and over for no reason. It'd be like if we had a law which stated "Before you can train an AI, you must light 1 million dollars on fire. After that you can do whatever you want.". It serves no purpose but to waste societal resources on nothing.
tedivm · a month ago
The law isn't forcing people to do this, economics are. Nothing about the law forces people to use physical books, just that they actually pay for the books instead of stealing them. The company thinks they can get away with this cheaper than negotiating for a digital copy of the book, so that's what they are doing.
t

u/tedivm

KarmaCake day14452December 29, 2009
About
Blog: https://www.tedivm.com

Book: https://www.manning.com/books/terraform-in-depth

Portfolio: https://projects.tedivm.com/

Github: https://github.com/tedivm

Fediverse: https://hachyderm.io/@tedivm

LinkedIn: http://www.linkedin.com/in/roberthafner

Comments are my own and not those of my employer.

View Original