Security researchers identify new malware targeting Linux
ESET researchers have identified multiple samples of Linux backdoor, which we have named WolfsBane, that we attribute with high confidence to the Gelsemium advanced persistent threat (APT) group. This China-aligned threat actor has a known history dating back to 2014 and until now, there have been no public reports of Gelsemium using Linux malware. Additionally, […]
Show HN: Llama 3.2 Interpretability with Sparse Autoencoders
Source: OpenAI – Extracting Concepts from GPT-4 Project Overview Modern LLMs encode concepts by superimposing multiple features into the same neurons and then interpeting them by taking into account the linear superposition of all neurons in a layer. This concept of giving each neuron multiple interpretable meanings they activate depending on the context of other […]
The FORTH code for Chipwits is released in the game’s 40th anniversary
Open Source Announcement This month marks the ๐๐๐ 40th anniversary of ChipWits! ๐๐๐ To celebrate, weโre releasing all of the original Mac and Commodore 64 FORTH source code (or as much as we could recover) as open source! You can find the code at https://github.com/chipwits/chipwits-forth. Read on for some history and analysis. ChipWits Mac Source […]
Emacs Code Conversion Language
20/07/2019 Update: I forgot that I did a brief analysis on this many years ago, using ROT13 as example. Update: Noam Postavsky pointed out on #emacs that CCL is not turing-complete after all as a full simulation (as opposed to just interpreting a single line) requires an Emacs Lisp loop. This loop cannot be done […]
Listen to the whispers: web timing attacks that work
Websites are riddled with timing oracles eager to divulge their innermost secrets. It’s time we started listening to them. In this paper, I’ll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface. This is not a theoretical […]
Handling cookies is a minefield
Handling Cookies is a Minefield If you’re mostly here to read about how things are broken, hop on down to why this matters. HTTP cookies are a small piece of data set by either Javascript or HTTP servers, and which are essential for maintaining state on the otherwise stateless system known as the World Wide […]
Launch HN: Fresco (YC F24) โ AI Copilot for Construction Superintendents
Hi HN! We’re Arvind and Akhil, and we’re building Fresco (https://fresco-ai.com/). We use AI to quickly create and manage documentation for construction superintendents. Hereโs a demo video: https://www.youtube.com/watch?v=mKIQQKkjv_4. Superintendents are the busiest and most expensive people on construction sites. Just like doctors in a hospital, supers diagnose and triage issues, make observations about conditions, and […]
The Rectangular Cows of UK Art (2018)
Spending time among the thousands of paintings on Art UK often throws up questions. What is a sun fish? Why is there a painting of the Queen with Robert Burns? What makes this tie hot? For a while, Iโve been wondering about a mystery I shall call โthe rectangular cows of Art UKโ. Some time […]
Show HN: Yami โ An Open Source Music Player with Spotdl Integration
๐Overview Yami is a lightweight, open-source music player built in Python. It focuses on simplicity and ease of use, providing an intuitive user interface (UI) for users to manage and play their music. Whether you’re playing local files or downloading from online sources using spotdl, Yami offers a seamless experience. This project is designed for […]
I hacked the Dutch government and all I got was this t-shirt
The NCSC-NL (National Cyber Security Centre โ Netherlands) sent me a โlousyโ t-shirt on behalf of the Dutch government. Together with the t-shirt was a thank you letter. Thank you for bringing a vulnerability to our attention. Together with vulnerability reporters like you we can increase the resilience of Dutch society in the digital domain […]