calling all #coding connoisseurs, #webdev hobbyists, #html heroes, #css comrades, #blog buffs, and digital #art aficionados!

the #32bitcafe's second annual #halloween event will be starting this weekend for two weeks! 🎃

we'll have four ways to participate with either art, writing, or code, including a FRANKENSITE! oooo~ scary~ 👹

you have the 13th-27th to submit something that fits into our theme/format! :)

can't wait to see what everyone sends in! 👻

https://32bit.cafe/halloween24

#indieweb #personalweb #smallweb #web #internet #codejam #personalsites #personalwebsites

Apple did the research; LLMs cannot do formal reasoning. Results change by as much as 10% if something as basic as the names change.

https://garymarcus.substack.com/p/llms-dont-do-formal-reasoning-and

Sent from San Diego, California, U.S.A. on April 4, 1994. https://postcardware.net/?id=20-18

wow, check out this time lapse from last night's solar storm 😍

@stilescrisis @raptor CCs are literally written on the card, visible to anyone who looks at my hand while I pay. Why should I keep it secret? (Not sure if this is part of the actual thought process but I think this is an interesting angle)

🤖 GSM-Symbolic: Understanding the Limitations of Mathematical Reasoning in Large Language Models

"Recent advancements in Large Language Models (LLMs) have sparked interest in their formal reasoning capabilities, particularly in mathematics. The GSM8K benchmark is widely used to assess the mathematical reasoning of models on grade-school-level questions. While the performance of LLMs on GSM8K has significantly improved in recent years, i…"

https://machinelearning.apple.com/research/gsm-symbolic

Two relatives of mine got scammed/phished recently. Nothing serious happened fortunately. Some interesting observations:

- People see URL's as opaque blocks. They have 0 clue where they point to since they have 0 clue about how to read them.
- "Check the domain" doesn't help (even assuming the knowledge of what part of an URL string is a domain) if you have no information about what domains are "normal" (whatever that means).
- Regular people don't see giving out CC's or other sensitive information as a critical task. One of the victims told me they gave out their CC while doing two other things - I'd drop everything to focus such a task, while for them it's just another boring physical copy-paste.

Based on this most of our awareness advise is shit.

#phishing #scam

@SteveSyfuhs
"Admins can check the events in the Microsoft Defender XDR"
"Microsoft Defender XDR will raise an alert"

What if I'm not willing to pay a company to detect the exploitation of a protocol that was shipped to me by the very same company? Are there some event ID's, correlations one can implement (using FOSS tools maybe), independently from the Mothership?

@tmr232 Same with the docs: sometimes it's like finding a forgotten library room behind a brick wall. Actually fascinating!

@jwz faster than my mobile data connection

This is ...I don't know, but a little bit funny. Fortinet is DIGGING DEEP into some Ivanti exploited vulnerabilities.

if only they could dig equally deep into their own shit.

https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa

#Fortinet #Ivanti #Vulnerabilities

@tmr232 I'm in that rabbit hole now, but it's seems surprisingly hard to get the optimal combination of versions for each tool: I already worked around a bug in buildGhidraJar, downgraded Gradle, and now trying to make intellij-ghidra to work with the latest IDEA, but I feel that now it's time to read a book...

Generally, it seems that unofficial tooling just can't go in lockstep with Ghidra releases while I try to be on bleeding edge.

But I agree with you that IDEA will be the way forward, I probably just have to wait and/or debug a bit until the stir caused by 11.2 settles.

We can't stop here...this is Dependency Hell!

#ghidra #java

Latest update on the DDOS attack from @brewsterkahle (Oct 11 @ 10:22am PT):

"The data is safe.

Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.

Estimated Timeline: days, not weeks.

Thank you for the offers of pizza (we are set)."

@lcamtuf There are probably creative ways to decorate the ballot either to deliberately invalidate it or to make it remain just valid enough

We wrote a thing https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/

Another Ghidra build script bug yaay...

@tmr232 Yeah I get the latter reasons, but I just updated Eclipse (because I had to upgrade GhidraDev because it somehow couldn't be upgraded in the earlier version...) and having seen things like VSCode or IDEA I feel like walking into a torture chamber. And I practically grew up with Eclipse!

Edit: also important to note that I mostly think of e.g. Swing as an early attempt that didn't end up that good, while I think the IDE could you know, make some sense?

I wonder how much did Eclipse contribute to the bad reputation of Java...