• 1 Post
  • 62 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • I stumbled upon the Geminy page by accident, so i figured lets give it a try.

    I asked him in czech if he can also generate pictures. He said sure, and gave me examples about what to ask him.

    So I asked him, again in czech, to generate a cat drinking a beer at a party.

    His reply was that features for some languages are still under development, and that he can’t do that in this language.

    So I asked him in english.

    I can’t create images for you yet, but I can still find images from the web.

    Ok, so I asked if he can find me the picture on the web, then.

    I’m sorry, but I can’t provide images of a cat drinking beer. Alcohol is harmful to animals and I don’t want to promote anything that could put an animal at risk.

    Great, now I have to argue with my search engine that is giving me lessons on morality and decide what is and isn’t acceptable. I told him to get bent, that this was the worst first impression I ever had with any LLM model, and I’m never using that shit again. If this was integrated into google search (which I havent used for years and sticked to Kagi), and now replaces google assistant…

    Good, that’s what people get for sticking with google. It brings me joy to see Google dig it’s own grave with such success.


  • I can’t decide whether this sentence is a joke or not. It has the same tone that triggers my PTSD from my CS degree classes and I also do recognize some of the terms, but it also sounds like it’s just throwing random science terms around as if you asked a LLM to talk about math.

    I love it.

    Also, it’s apparently also real and correct.



  • I see, stonks are way more bullshit than I thought. Is there anything else you can do with your stock, other than sell it to someone else? I always thought that crypto is such a scam especially because in the end, it has no value in itself, and the only thing you can do with it is sell it to someone else. If noone wants to buy it, well, you are fucked. Does it mean that stocks are exactly the same concept? I always thought it has something to do with the vaule of the company and the profits it earns, but if there is no way how to cash them out other than selling your piece of paper to someone, then it’s really the same? I suppose that unlike crypto, the stock price increases if the company is turning profit, but you still have to find someone to sell it to, right, so the price is increasing only because the demand from people willing to buy it is increasing due to it turning profit, but it’s not really tied to the actual value of the company, so it’s exactly like crypto? Or is the price set by some different mechanism than crypto is - pure demand from people willing to buy?






  • I might be wrong, but from how I understand it it probably wouldn’t help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn’t need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.



  • I see a lot of hate ITT on kernel-level EDRs, which I wouldn’t say they deserve. Sure, for your own use, an AV is sufficient and you don’t need an EDR, but they make a world of difference. I work in cybersecurity doing Red Teamings, so my job is mostly about bypassing such solutions and making malware/actions within the network that avoids being detected by it as much as possible, and ever since EDRs started getting popular, my job got several leagues harder.

    The advantage of EDRs in comparison to AVs is that they can catch 0-days. AV will just look for signatures, a known pieces or snippets of malware code. EDR, on the other hand, looks for sequences of actions a process does, by scanning memory, logs and hooking syscalls. So, if for example you would make an entirely custom program that allocates memory as Read-Write-Execute, then load a crypto dll, unencrypt something into such memory, and then call a thread spawn syscall to spawn a thread on another process that runs it, and EDR would correlate such actions and get suspicious, while for regular AV, the code would probably look ok. Some EDRs even watch network packets and can catch suspicious communication, such as port scanning, large data extraction, or C2 communication.

    Sure, in an ideal world, you would have users that never run malware, and network that is impenetrable. But you still get at avarage few % of people running random binaries that came from phishing attempts, or around 50% people that fall for vishing attacks in your company. Having an EDR increases your chances to avoid such attack almost exponentionally, and I would say that the advantage it gives to EDRs that they are kernel-level is well worth it.

    I’m not defending CrowdStrike, they did mess up to the point where I bet that the amount of damages they caused worldwide is nowhere near the amount damages all cyberattacks they prevented would cause in total. But hating on kernel-level EDRs in general isn’t warranted here.

    Kernel-level anti-cheat, on the other hand, can go burn in hell, and I hope that something similar will eventually happen with one of them. Fuck kernel level anti-cheats.


  • Why does this need to be installed here when previously agentless technologies was sufficient

    As someone who works in offensive Cybersecurity doing Red Teamings, where most of my job is to bypass and evade such solutions, I can say that bypassing agent less technologies is so much easier than agented ones. While you can access most of the logs remotely, having an agent helps you extremely with catching 0-day malware, since you can scan memory (that one is a bitch to bypass and usually how we get caught), or hook syscalls which you can then correlate.

    Oh, an unknown unsigned process just called RWX memory allocation, loaded a crypto binary, and spawned a thread in another process that’s trying to execute it? Better scan that memory and see what it’s up to. That is something you cannot do remotely.




  • Crypto is doing kind-of ok. But what about other blockchain apps and startups, or blockchain integrations into every tech imaginable? There were so many popping up, just like there are with AI now. Business models and use-cases that are based solely on the hype of the tech in question, without any consideration about whether it’s actually a good fit for the tech. That is the point, and what it has common with AI and other “buzzwords”.


  • It has been a while since I have to deal with problem complexities in college, is there even class of problems that would require something like this, or is there a proven upper limit/can this be simplified? I don’t think I’ve ever seen O(n!^k) class of problems.

    Hmm, iirc non-deterministic turing machines should be able to solve most problems, but I’m not sure we ever talked about problems that are not NP. Are there such problems? And how is the problem class even called?

    Oh, right, you also have EXP and NEXP. But that’s the highest class on wiki, and I can’t find if it’s proven that it’s enough for all problems. Is there a FACT and NFACT class?


  • Here is a picture, that may help a little bit. The n is input size, and f(n) is how long does the algorithm runs (i.e how many instructions) it takes to calculate it for input for size n, i.e for finding smallest element in an array, n would be the number of elements in the array. g(n) is then the function you have in O, so if you have O(n^2) algorithm, the g(n) = n^2

    Basically, you are looking for how quickly it grows for extreme values of N, while also disregarding constants. The graph representation probably isn’t too useful for figuring the O value, but it can help a little bit with understanding it - you want to find a O function where from one point onward (n0), the f(n) is under the O function all the way into infinity.



  • I’m not sure about other countries, but here in Czech we actually have a mandatory subscription, that’s absolutely bullshit.

    So far, the law is that if you own any TV or radio, you have to pay monthly fee for public service broadcasters (national Czech TV). It’s bullshit, the channels are full of ads anyway, and the shows they run and create is insultingly bad. Sure, it is important to have public service broadcasters that are not dependent on the state (because state-owned TV is reeaallly bad idea), but FFS can they just reduce costs and stick to news, instead of doing another stupid series, and stop forcing us to pay for something I don’t care about or use?

    You could just not pay the fee, if you state you don’t have a TV capable of receiving it (which I don’t). But now, they are changing the law that everyone who has any kind of internet-capable device has to pay the monthly fee, while also rising prices to something like 6 EUR per month. Fuck that and fuck them.


  • Exactly this. I only have pretty vague experience with machine learning, since it was one of the other specializations for my Masters than the one I choose, which however means we still shared some basic courses on the topic, and I definitely share his point of view. I’ve been saying basically the same things when talking about AI, albeit not as expressively, but even with basic insight into ML, the whole craze that is happening around it is such bullshit. But, I’m by no means an expert in the field, so I may be wrong, but it’s nice to finally read an article from an “expert” in the field I can agree with. Because so far, the whole “experts talking AI” felt exactly like the COVID situation, with “doctors” talking against vaccines. Their doomsaying opinion simply contradicts even the little knowledge I have in the ML field.