Associate at Harvard SEAS. Founder at DiceKeys. Former researcher at Microsoft Research & MIT Lincoln Laboratory. Debunker of security questions, site-authentication images, & mandatory password resets.
We tested that AI that wants you to 'cheat at everything.'
It sucks? Took 20 seconds to provide responses, was clearly just feeding whatever prompt into ChatGPT/other models. Simply wouldn't work in a real situation.
https://www.404media.co/the-man-who-wants-ai-to-help-you-cheat-on-everything/
When your kids are begging you to bring a furball into your universe, they will use iron-clad logic to convince you that you will find effectively-infinite resources to support this furry lifeform.
When you actually need someone to walk your furball, you will start to suspect you are alone in this universe.
Scientists call this the fur-me paradox.
@natematias The salient fact is that you don't believe the methods section is complete enough for someone to replicate. That's true of lots of crap that gets published at "peer-reviewed" venues.
We do the public a disservice when we treat publication review as a salient signal of quality. You can get most anything accepted if you try enough times or submit to a venue that cares more about how much attention the work will draw than correctness.
@SteveBellovin call me a literalist in reading great ancient texts, but I believe we are meant to think twice before putting anyone remotely related to healh care on the next ship off planet. Consider that the B ark was conceived at a time when we didn't use phones while on the toilet, yet it still predicted civilization would be wiped out because we had rid ourselves of everyone who knew how to sanitize one.
@rauschma Sorry. I just added that to the end of your playground window and it didn't bother to create a new link from it.
@rauschma
If filing a bug with the TS team, this might be helpful to add.
const arr3 = [
[Red as typeof Red | typeof Green, 'RED'],
[Green as typeof Red | typeof Green, 'GREEN'],
] as const;
new Map(arr3); // OK
@dangoodin FIDO has focused on standardizing authentication protocols, whereas researchers who work in usable security know that the much bigger challenge is key management. Good to see reporters not buying the hype that passkeys are a solution, rather than the agreed upon rules with which platforms are going to fight over owning their users' identities.
That rancher thought there was little risk in branching into marijuana cultivation, but he later realized that the steaks were high.
The Economist calls DARK WIRE, my book on the FBI's secret running of a tech company for organized crime, as one of the best books of the year.
"The author spent years getting to know the players, many of them unsavoury international gangsters." https://www.economist.com/culture/2024/11/22/the-best-books-of-2024-as-chosen-by-the-economist
@allanfriedman Don't do it!
Tubeless is for extreme cyclists who want to run tires pressures too low for tubes (not you) and care about tube weight (not you).
With tubes, you have two layers of protection against flats, and that inner layer can be replaced easily should both fail. Don't give that up!
I bought a bike that came tubeless and learned to đź’™ tubes the hard way when I got an unfixable flat. I regret having taken tubes for granted.
If you want to experiment, maybe try TPU tubes?
@natematias The terms "trust" and "safety" have been co-opted by companies that regularly violate user trust and prioritize the perception of safety over keeping their users safe. The term has come to mean keeping people users from other users, so that they continue using your product and so that you can continue exploiting their data. Having been to T&S conference, I came away believing you can't work in the field if you're unwilling to be gaslit about what "trust" and "safety" mean.
@boblord When possible, I prefer the third option: talking through the decision, while listening to and learning from those seeking advice to understand their circumstances, capabilities, and constraints.
People often don't listen to security advice because our field has an unfortunate history of being too eager to tell others what to do without validating that the benefit outweighs the harm. (I'd guess listening also increases compliance with advice.)
@rmondello this animal wonders if fewer humans would call others animals if the rest of us mocked them for being ignorant that they, too, are animals (just less self-aware ones).
I'm sorry I missed my appointment.
Sadly, with all the time required to archive the emails and texts confirming the scheduling of my appointments, to answer your calls reminding me of them, responding 1 to texts asking me to confirm them, and filling out forms to pre-checkin for them, I no longer have time to actually attend them.
Please press 1 to confirm.
📢 New post: The State of ES5 on the Web.
For years, we defaulted to transpiling to ES5 in order to support IE. But is that still necessary?
I took a look at the data to find out, and I'll just say that the results were *actually* quite surprising! 🙀
https://philipwalton.com/articles/the-state-of-es5-on-the-web/
The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday.
The cryptographic flaw, known as a side channel, resides in a small microcontroller that’s used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.
A source with knowledge of the incident said the cemetery official tried to prevent Trump staffers from filming and photographing in a section where recent U.S. casualties are buried. The source said Arlington officials had made clear that only cemetery staff members would be authorized to take photographs or film in the area, known as Section 60.
When the cemetery official tried to prevent Trump campaign staff from entering Section 60, campaign staff verbally abused and pushed the official aside, according to the source.
https://www.npr.org/2024/08/27/nx-s1-5091154/trump-arlington-cemetery
We joined forces with @tallpoppy to evaluate seven different people-search removal services.
Today we’re releasing the full report of our findings.
Given a spoken phrase like “hurt people hurt people”, only our AI can correctly interpret its nuanced meaning and cultural implications. Only our AI can reason that hurting others becomes endemic. Only our AI can conclude that the only way to stop humans from hurting each other is to eliminate them all.
Yes, a lesser AI might take the same action after interpreting the phrase as a repeated two-word command, but only ours can take moral responsibility by choosing the action on its own.
