• 0 Posts
  • 30 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • It’s best to have a local copy of package repos with whitelisted libraries, or so I’ve heard. But containers are fine, too. Especially with VSCode .devcointainers, it’s super easy to setup and distribute with the repo, there’s really no reason not to do that.

    The biggest issue here that a lot people don’t realize is Bing AI, it’s insanely easy to poison it’s results, since it summarizes search results. It’s only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.



  • I might be wrong, but from how I understand it it probably wouldn’t help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn’t need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.


  • Exactly this. I only have pretty vague experience with machine learning, since it was one of the other specializations for my Masters than the one I choose, which however means we still shared some basic courses on the topic, and I definitely share his point of view. I’ve been saying basically the same things when talking about AI, albeit not as expressively, but even with basic insight into ML, the whole craze that is happening around it is such bullshit. But, I’m by no means an expert in the field, so I may be wrong, but it’s nice to finally read an article from an “expert” in the field I can agree with. Because so far, the whole “experts talking AI” felt exactly like the COVID situation, with “doctors” talking against vaccines. Their doomsaying opinion simply contradicts even the little knowledge I have in the ML field.



  • My favorite windows update was when I was attending an onsite coding competition hosted my Microsoft. We were all in this large meeting hall that looked like a theater, and we spent first 10 minutes or so at the start of the competition just looking at Windows update, with the Microsoft rep apologizing to us, because his pc decided to do the “Forced update restart you cant postpone any more” literally two minutes into the presentation


  • My favourite take on DI is this set of articles from like 12 years ago, written by a guy who has written the first DI framework for Unity, on which are the currently popular ones, such as Zenject, based on.

    The first two articles are pretty basic, explaining his reasoning and why it’s such a cool concept and way forward.

    Then, there’s this update:

    Followed by more articles about why he thinks it was a mistake, and he no longer recommends or uses DI in Unity in favor of manual dependency injection. And I kind of agree - his main reasoning is that it’s really easy for unnecessary dependencies to sneak up into your code-base, since it’s really easy to just write another [Inject] without a second thought and be done with it.

    However, with manual dependency injection through constructor parameters, you will take a step back when you’re adding 11th parameter to the constructor, and will take a moment to think whether there’s really no other better way. Of course, this should not be an relevant issue with experienced programmers, but it’s not as inherently obvious you’re doing something potentially wrong, when you just add another [Inject], when compared to adding another constructor parameter.


  • Oh, I see. Oh well.

    Can I send money to my friends with Taler? Taler supports push and pull payments between wallets (also known as peer-to-peer payments). While the payment appears to be directly between wallets, technically the operation is intermediated by the payment service provider which will typically be legally required to identify the recipient of the funds before allowing the transaction to complete.


  • I tried reading the website, but Im not really sure I get it. What it’s supoosed to be? A way how to make FIAT payments thats open-sourced and private (so you dont have to pay stupid fees to banks), and it integrates into the current banking system, or is it some kind of digital currency that’s not blockchain based?

    If it’s the former - isnt any kind of payment without KYC almost impossible, since its heavily regulated? So, you can’t really have private payments in environment where there’s stupid amount of laws about how much you can actually pay without it being identifiable, for example the super small monthly limit on anonymous prepaid debit cards?



  • Mikina@programming.devtoProgrammer Humor@programming.dev===
    link
    fedilink
    arrow-up
    18
    ·
    edit-2
    9 months ago

    It’s also important if you’re checking hashes (at least, it was - if you’re using correct hashing algorithm that isn’t ancient, you will not have this problem).

    Because if you take for example “0e462097431906509019562988736854” (which is md5(“240610708”), but also applicable to most other hashing algorithms that hash to a hex string), if(“0e462097431906509019562988736854” == 0) is true. So any other data that hashes to any variantion of “0e[1-9]+” will pass the check, for example:

    md5("240610708") == md5("hashcatqlffzszeRcrt")

    that equals to

    "0e462097431906509019562988736854" == "0e242700999142460696437005736231"

    which thanks to scientific notation and no strict type checking can also mean

    0462097431906509019562988736854 == 0242700999142460696437005736231

    which is

    0 == 0 `

    I did use md5 as an example because the strings are pretty short, but it’s applicable to a whole lot of other hashes. And the problem is that if you use one of the strings that hash to a magic hash in a vulnerable site, it will pass the password check for any user who’s password also hashes to a magic hash. There’s not really a high chance of that happening, but there’s still a lot of hashes that do hash to it.


  • Thank you! My main issue is that while I’m familiar with all those algorithms, its usually pretty simple to find how do they work and how to use them for very basic stuff, but its almost impossible to research into actual best practices in how and when to use them, once you are working on moderately complex problem, especially stuff like formations, squad cooperation and more complex behavior (where I.e behavior trees start to have issues once you realize you have tons of interrupt events at almost every node, defeating the point of behavior trees - which can happen if you’re using them wrong, but no one usually talks about it at that level).

    And I’m also dealing with issue that isn’t really mentioned too much, and that is scale. Things like GOAP would probably be infeasible to scale at hundreds of units on the screen, which require and entirely different and way less talked-about algorithms.

    I’ve eventually found what I needed, but I did have to resort to reading through various papers published on the subject, because just googling “efficient squad based AI behavior algorithm” will unfortunately not get you far.

    But its possible that I’m just being too harsh, and that the search results were always the same level of depth - only my experience has grown over the years, and such basic solutions are no longer sufficient for my projects, and it makes sense that no-one really has a reason to write blog posts of such depth - you just publish papers and give talks about it.

    Aside from the AI related keywords. I’m still salty about what the buzzword did to my search results.


  • While I did see Kagi recommended on Lemmy, I’ve made the switch because of a recommendation by my colleague at work (now that I thing about it, that would funnily probably be the case even if I was actually working for Kagi :D), and it has been a nice experience so far. Plus, we’ve just been talking about it today at the office, so I was in the mood of sharing :D But I haven’t done any actual search comparisons, so it may just be placebo. I’d probably say it’s caused by a lot people trying to be more privacy-centric here, and mostly deeply against large corporations, so the software recommendations tend to just turn into an echo-chamber.

    As for the second point, yeah, I guess you are right, Brave Browser being one of the finest examples of it. But it’s a good reminder that I should do some research about the company and who’s behind it, just to avoid the same situation as with Brave, thanks for that.



  • That’s what I was reffering to. I’m looking for articles and inspiration about how to cleverly write NPC game AI that I’m struggling with, I don’t want to see how are other people raping game deveopment, or 1000th tutorial about steering behaviors (which are, by the way, awfull solution for most of use-cases, and you will get frustrated with them - Context Steering or RVHO is way better, but explain that to any low-effort youtuber).

    I’ve recetly just had to start using Google Scholar instead of search, just so I can find the answers I’m looking for…


  • I’d recommend getting Kagi.com. It’s one of the best software investments I’ve recently made, it makes searching for technical questions so much better, because they have their own indexer with a pretty interresting philosophy behind it. I’ve been using it for a few months by now, and it has been awesome so far. I get way less results from random websites that are just framing clicks on any topic imaginable by raping SEO, and as an added bonus I can just send selected pages, such as Reddit, to the bottom of search results.

    Plus, the fact that it’s paid, I don’t have to worry about how they are monetizing my data.


  • This is unfortunately not true - AI has been a defined term for several years, maybe even decades by now. It’s a whole field of study in Computer Science about different algorithms, including stuff like Expert Systems, agents based on FSM or Behavior Trees, and more. Only subset of AI algorithms require learning.

    As a side-note, it must suck to be an AI CS student in this day and age. Searching for anything AI related on the internet now sucks, if you want to get to anything not directly related to LLMs. I’d hate to have to study for exams in this environment…

    I hate it when CS terms become buzzwords… It makes academic learning so much harder, without providing anything positive to the subject. Only low-effort articles trying to explain subject matter they barely understand, usually mixing terms that have been exactly defined with unrelated stuff, making it super hard to find actually useful information. And the AI is the worst offender so far, being a game developer who needs to research AI Agents for games, it’s attrocious. I have to sort through so many “I’ve used AI to make this game…” articles and YT videos, to the point it’s basically not possible to find anything relevant to AI I’m interrested it…