meantime, another proof SMS as two-factor authentication are insecure - in addition to the fact they could be intercepted by a LOT of parties, Mitto AG, Twitter's 2FA provider, sold user location to surveillance companies when they used SMS to login to Twitter (as you need to know the closest cell tower to deliver the text/place a call)
https://wz.ax/sms-spying-2fa
https://wz.ax/sms-spying-2fa
Engadget
Twitter parts ways with two-factor provider following claims of secret surveillance | Engadget
A Mitto AG founder allegedly operated a secret surveillance operation..
SymForce: Symbolic Computation and Code Generation for Robotics
In theory, Julia should cover both Python and C++ parts of SymForce. In practice, well… Looks impressive and practical at the same time.
https://wz.ax/symforce-skydio
In theory, Julia should cover both Python and C++ parts of SymForce. In practice, well… Looks impressive and practical at the same time.
https://wz.ax/symforce-skydio
Skydio
Open-sourcing SymForce
Skydio has open-sourced SymForce, their in-house library for fast symbolic computation, code generation, and nonlinear optimization for robotics.
ρ-calculus: A Reflective Higher-order Calculus
... an asynchronous message-passing calculus built on a notion of quoting. Names are quoted processes, and as such represent the code of a process, a reification of the syntactic structure of the process as an object for process manipulation.
https://wz.ax/n5-rho-calculus
... an asynchronous message-passing calculus built on a notion of quoting. Names are quoted processes, and as such represent the code of a process, a reification of the syntactic structure of the process as an object for process manipulation.
https://wz.ax/n5-rho-calculus
UEFI rootkits: a touch of paranoia for all you paranoids out there
https://wz.ax/undetectable-uefi-rootkits
https://wz.ax/undetectable-uefi-rootkits
Ars Technica
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
Turns out they're not all that rare. We just don't know how to find them.
that's a rare beast! sqlite <3.39.2 (2022-07-21) C API string size check on x64 (not exploitable via sqli)
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
The Trail of Bits Blog
Stranger Strings: An exploitable flaw in SQLite
Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022).…
TLDR: swap SIM card, change SIM PIN and you’re in. Pixel 5, Pixel 6, maybe others
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
bugs.xdavidhu.me
Accidental $70k Google Pixel Lock Screen Bypass
David Schütz's bug bounty writeups
well... i've yet to read this through, but likely this is THE thing that made calculus and linear algebra so hard for me (learning discrete math was definitely worth it too, but still!)
> This is a collection of ambiguous, inconsistent, or just unpleasant conventions in mathematical notation, started by Christian Lawson-Perfect.
https://wz.ax/math-wtf
> This is a collection of ambiguous, inconsistent, or just unpleasant conventions in mathematical notation, started by Christian Lawson-Perfect.
https://wz.ax/math-wtf
I agree crypto & defi are often controversial but where else do you get so much nerd-wild-west fun?
https://twitter.com/danielvf/status/1626641254531448833
https://twitter.com/danielvf/status/1626641254531448833
X (formerly Twitter)
Daniel Von Fange (@danielvf) on X
In a dazzling reverse hack, a substantial chunk of the Playtpus hack stolen funds have been recovered.
Here's how it worked: (1/4)
Here's how it worked: (1/4)
Voxel 3D light field rendering, a thing which I dreamed of building since high school, tried to build multiple times back in 2010, somewhat succeeded in 2015. Made possible by neural networks now. IMHO This is the future of 3d art and entertainment. Unlimited detail, lighting effects of any complexity, etc etc.
(Try different rendering modes, it's all glitchy but it's starting to work!)
https://wz.ax/luma-neural-rendering
https://wz.ax/luma-neural-trees
and others on the luma labs website
(Try different rendering modes, it's all glitchy but it's starting to work!)
https://wz.ax/luma-neural-rendering
https://wz.ax/luma-neural-trees
and others on the luma labs website
Reflective Playground - Created by @TommyOshima with Luma
January 20, 2023
i honestly don't know if this goes here or into the other channel 😂
Parachute use to prevent death and major trauma when jumping from aircraft: randomized controlled trial
https://wz.ax/10.1136/bmj.k5094/parachutes
Parachute use to prevent death and major trauma when jumping from aircraft: randomized controlled trial
https://wz.ax/10.1136/bmj.k5094/parachutes
The BMJ
Parachute use to prevent death and major trauma when jumping from aircraft: randomized controlled trial
Objective To determine if using a parachute prevents death or major traumatic injury when jumping from an aircraft.
Design Randomized controlled trial.
Setting Private or commercial aircraft between September 2017 and August 2018.
Participants 92 aircraft…
Design Randomized controlled trial.
Setting Private or commercial aircraft between September 2017 and August 2018.
Participants 92 aircraft…
😁3
the dark side of indistinguishability obfuscation: machine learning models can encode arbitrary functions, therefore provably undetectable backdoors as well
https://arxiv.org/abs/2204.06974
https://arxiv.org/abs/2204.06974
hmm, guys from Stanford claim that for instruction-tuning LLaMA 7B is enough. good! waiting for the fine-tuning code 🧐
https://crfm.stanford.edu/2023/03/13/alpaca.html
https://crfm.stanford.edu/2023/03/13/alpaca.html
Forwarded from Dmytro S
GitHub
GitHub - cksystemsteaching/selfie: An educational software system of a tiny self-compiling C compiler, a tiny self-executing RISC…
An educational software system of a tiny self-compiling C compiler, a tiny self-executing RISC-V emulator, and a tiny self-hosting RISC-V hypervisor. - cksystemsteaching/selfie
🤩3
while the public is ranting, Bellard ships
ts_server is a web server proposing a REST API to large language models. They can be used for example for text completion, question answering, classification, chat, translation, image generation, ...
https://wz.ax/textsynth-server
ts_server is a web server proposing a REST API to large language models. They can be used for example for text completion, question answering, classification, chat, translation, image generation, ...
https://wz.ax/textsynth-server