> the tokens are actually generated by the user and the server never sees them (unblinded) before their first usage Here is how I see it: 1. The user generates a token/nonce => T 2. The user blinds the token with secret…
I just tried it and I'm actually surprised with how well they work even with base64 encoded inputs. This is assuming they don't call an external pre-processing decoding tool.
Just a clarification, they tuned on the public training dataset, not the semi-private one. The 87.5% score was on the semi-private eval, which means the model was still able to generalize well. That being said, the fact…
This looks cool! I now almost exclusively get my HN feed through a simple script I wrote to get desc sorted posts by score or trend (score/time): https://github.com/faroukfaiz10/hackernews-homepage The result looks…
Not magic-wormhole compatible, but saw these shared on other comments: - https://wormhole.app - https://sendfiles.dev - https://file.pizza - https://winden.app
Clickbait is BLUF with a deceptive bottom line (BL). Clickbait is bad. You can choose to write in BLUF style without that. In my experience, I only prefer "Classical philosophical writing" when I'm already convinced of…
> I'll be calling "private" repos "unlisted" That might be a bit too strict. I'd still expect my private repos (no forks involved) to be private, unless we discover another footnote in GH's docs in a few years ¯\_(ツ)_/¯…
> People don't believe it's possible for software to be secure Rightfully so. You'd statistically be almost always right considering a software unsecure given enough time (for the vulnerabilities to be introduced then…
Adding two resources to the mix: 1. https://growth.design: case studies + cognitive biases & principles that affect your UX 2. https://lawsofux.com/: a collection of best practices that designers can consider when…
Thanks for the effort. Probably nitpicking but these types of measures are usually tricky to interpret because there is a high chance your indexes (maybe even rows) are still on PostgreSQL shared buffers and OS cache…
That would indeed be more precise, but it would be harder to obfuscate. If I simply curl the script (without piping to bash), I'd be less suspicious if I saw a sleep than I would be if I saw a callback to a server.
It seems that it was a social engineering attack. From their notice: https://blog.lastpass.com/2022/12/notice-of-recent-security-... > some source code and technical information were stolen from our development…
I've never thought about this problem until now. Now that I see it, it makes total sense one would want to monitor those packages for changes. What surprises me is that there seems to be no other way than hacking…
Congrats on the launch and good luck! Reading through thus just reminded me of Datadog browser tests. It's not exactly the same, but it might be interesting to check them out.
> the tokens are actually generated by the user and the server never sees them (unblinded) before their first usage Here is how I see it: 1. The user generates a token/nonce => T 2. The user blinds the token with secret…
I just tried it and I'm actually surprised with how well they work even with base64 encoded inputs. This is assuming they don't call an external pre-processing decoding tool.
Just a clarification, they tuned on the public training dataset, not the semi-private one. The 87.5% score was on the semi-private eval, which means the model was still able to generalize well. That being said, the fact…
This looks cool! I now almost exclusively get my HN feed through a simple script I wrote to get desc sorted posts by score or trend (score/time): https://github.com/faroukfaiz10/hackernews-homepage The result looks…
Not magic-wormhole compatible, but saw these shared on other comments: - https://wormhole.app - https://sendfiles.dev - https://file.pizza - https://winden.app
Clickbait is BLUF with a deceptive bottom line (BL). Clickbait is bad. You can choose to write in BLUF style without that. In my experience, I only prefer "Classical philosophical writing" when I'm already convinced of…
> I'll be calling "private" repos "unlisted" That might be a bit too strict. I'd still expect my private repos (no forks involved) to be private, unless we discover another footnote in GH's docs in a few years ¯\_(ツ)_/¯…
> People don't believe it's possible for software to be secure Rightfully so. You'd statistically be almost always right considering a software unsecure given enough time (for the vulnerabilities to be introduced then…
Adding two resources to the mix: 1. https://growth.design: case studies + cognitive biases & principles that affect your UX 2. https://lawsofux.com/: a collection of best practices that designers can consider when…
Thanks for the effort. Probably nitpicking but these types of measures are usually tricky to interpret because there is a high chance your indexes (maybe even rows) are still on PostgreSQL shared buffers and OS cache…
That would indeed be more precise, but it would be harder to obfuscate. If I simply curl the script (without piping to bash), I'd be less suspicious if I saw a sleep than I would be if I saw a callback to a server.
It seems that it was a social engineering attack. From their notice: https://blog.lastpass.com/2022/12/notice-of-recent-security-... > some source code and technical information were stolen from our development…
I've never thought about this problem until now. Now that I see it, it makes total sense one would want to monitor those packages for changes. What surprises me is that there seems to be no other way than hacking…
Congrats on the launch and good luck! Reading through thus just reminded me of Datadog browser tests. It's not exactly the same, but it might be interesting to check them out.