Sent by Mike from Arlington, Texas, U.S.A. on March 21, 1995. https://postcardware.net/?id=39-19

Diving into ADB protocol internals:

part 01: https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12

part 02: https://www.synacktiv.com/en/publications/diving-into-adb-protocol-internals-22

#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering

Project: python/cpython https://github.com/python/cpython
File: Lib/ntpath.py:343 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Lib/ntpath.py#L343

def expanduser(path):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fntpath.py%23L343&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fntpath.py%23L343&colors=light

Progress security advisory: WhatsUp Gold Security Bulletin December 2024
@cR0w Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:

• CVE-2024-12105 (6.5 medium) authenticated information disclosure via specially crafted HTTP request
• CVE-2024-12106 (9.4 critical) unauthenticated attacker can configure LDAP settings
• CVE-2024-12108 (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

“This button vaporises the finger of anybody who presses it!”

“Why do you always focus on the negative? You critics should talk about the benefits of the Vaporiser2000™. Every press mints $100K USD. That’s an amazing societal benefit.”

“It mints it in the offices of those who make the button! The presser doesn’t get any. They’re using bribes and pressure to force the finger vaporisation onto others!”

“There you go again, focusing on the negative. This is why nobody takes critics seriously”

I think everyone who has an opinion, positive or negative, about LLMs, should read how @simon summed up what’s happened in the space this year. He’s the most credible, most independent, most honest, and most technically fluent person watching the space. https://simonwillison.net/2024/Dec/31/llms-in-2024/

Cost of false positives | Kellan Elliott-McCrea: Blog
https://alecmuffett.com/article/110781
#OnlineHarms #OnlineSafetyAct #classifiers #ofcom

Uhhh, I have a strange request. If you own a bread knife with a flat-sided handle in your kitchen, and calipers or something else that will measure to the nearest millimetre or so, and want something to do for 30 seconds, could you tell me how thick the handle is?

Yes, I'd like to collect some random samples of bread knife handle widths. Doesn't matter what brand, what it looks like, how long the blade is or where in the world you are.

I will explain later. Boosts appreciated.

#AskFedi

I wanted to correct something, because I know the archive's actions/function can encourage tea-leaf reading, but:

There is no throttling on the upload speed/bandwidth. There's no actual "well, only give this person X amount of speed, ha ha, tally ho" in effect.

What IS in effect, post-hack, are re-factoring of the security and networking aspects of the Archive's internals, with a focus on security before speed, and getting speed back to full is taking some time.

So there you go.

me neither, solaris

I made a 🦋Bluesky bot that posts hourly control-flow-graphs.
Because why not.

https://bsky.app/profile/cfgbot.bsky.social

Currently taking random functions from CPython's source code.

#python #bluesky #bot

A lot of the current hype around LLMs revolves around one core idea, which I blame on Star Trek:

Wouldn't it be cool if we could use natural language to control things?

The problem is that this is, at the fundamental level, a terrible idea.

There's a reason that mathematics doesn't use English. There's a reason that every professional field comes with its own flavour of jargon. There's a reason that contracts are written in legalese, not plain natural language. Natural language is really bad at being unambiguous.

When I was a small child, I thought that a mature civilisation would evolve two languages. A language of poetry, that was rich in metaphor and delighted in ambiguity, and a language of science that required more detail and actively avoided ambiguity. The latter would have no homophones, no homonyms, unambiguous grammar, and so on.

Programming languages, including the ad-hoc programming languages that we refer to as 'user interfaces' are all attempts to build languages like the latter. They allow the user to unambiguously express intent so that it can be carried out. Natural languages are not designed and end up being examples of the former.

When I interact with a tool, I want it to do what I tell it. If I am willing to restrict my use of natural language to a clear and unambiguous subset, I have defined a language that is easy for deterministic parsers to understand with a fraction of the energy requirement of a language model. If I am not, then I am expressing myself ambiguously and no amount of processing can possibly remove the ambiguity that is intrinsic in the source, except a complete, fully synchronised, model of my own mind that knows what I meant (and not what some other person saying the same thing at the same time might have meant).

The hard part of programming is not writing things in some language's syntax, it's expressing the problem in a way that lacks ambiguity. LLMs don't help here, they pick an arbitrary, nondeterministic, option for the ambiguous cases. In C, compilers do this for undefined behaviour and it is widely regarded as a disaster. LLMs are built entirely out of undefined behaviour.

There are use cases where getting it wrong is fine. Choosing a radio station or album to listen to while driving, for example. It is far better to sometimes listen to the wrong thing than to take your attention away from the road and interact with a richer UI for ten seconds. In situations where your hands are unavailable (for example, controlling non-critical equipment while performing surgery, or cooking), a natural-language interface is better than no interface. It's rarely, if ever, the best.