kennwhite

@kennwhite@mastodon.social

cryptography • neuro • cloud • biscuits
ORD-DCA-NYC-BCN ✈️

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Patricia, to random
@Patricia@vivaldi.net avatar

Ok, I’m sorry, I’m going to ruffle feathers here but… I’m trying to read some newer development process books and… oh my… even super popular ones are so immensely long winded and unconvincing in their dogmatic argumentation: this is bad, this is good, because I said so that’s why.

Recent examples that I’m struggling to finish: “Team Topologies” and “Data Mesh” - I mean they might be great but I’m getting strong “this should’ve been a blogpost” feels.

kennwhite,

@Patricia I appreciate you, Patricia.

peterhoneyman, to random
@peterhoneyman@a2mi.social avatar

vatican city

image/jpeg

kennwhite,

@peterhoneyman I love everything about this thread. I don't know if you are flying United on any long hauls on your return, but if so, DM me and I'm happy to apply PlusPoints for a Polaris upgrade. ✌️

kennwhite, to random

I missed this story when it broke last month, but obligatory "this confirms my priors" dunk: RIP Post News, I never knew ye.

https://techcrunch.com/2024/04/19/post-news-the-a16z-funded-twitter-alternative-is-shutting-down/

kennwhite, to random

them: why do we need AI ethics researchers really?

me: “On Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited”

https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/

kennwhite, to random

He just noticed a neighbor mowing the lawn.

kennwhite, to random

After Microsoft invested $10 billion, OpenAI snubs Windows 11 as it releases ChatGPT app first on Mac. “We’re just prioritizing where our users are.”

https://www.windowscentral.com/software-apps/windows-11/after-microsoft-invested-dollar10-billion-openai-snubs-windows-11-as-it-releases-chatgpt-app-first-on-mac-were-just-prioritizing-where-our-users-are

kennwhite, to random

Slow cooked short rib & lamb with fire-grilled Guajillo, Ancho, & New Mexico chilis, 3 heads of roasted whole garlic, and a little Sam Adams deglaze prior for good measure. 👨‍🍳

kennwhite, to random

Today will be the day he gets that squirrel. He can just feel it.

kennwhite, to random

Hello my old arch nemesis. Let the games begin.

kennwhite,

Well it's not a—
Sure go wild.

kennwhite,

::reboots 3 times::
::desktop appears::

Me: Cool. Hi, I'd like to install this hello world Node.js script.

Node: Sure, just need to add one dependency.

Me: okey dokey

Node: And this build library.

Me: sure.

Node: Which requires this Python module.

Me: um…

Node: And of course this other Windows specific pkg installer

Me: I— wait, WTF is "chocolatey"??

Node: —which requires VS2017.

Me: No, I—

Node: Fatal: Exiting chocolatey abnormally. Please manually clean up anything not finished.

kennwhite, to random

Wow is the competition stiff this year for Black Hat USA. Some really solid research headed to the main stage in August.

kennwhite,

@azonenberg that's the heartbreaking part of being on the review board — there's just not enough slots to accommodate all the excellent submissions.

kennwhite,

First round of accepted BH talks are out. Super excited to see these!

https://www.blackhat.com/us-24/briefings/schedule/

kennwhite, to random

Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)

A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!

image/jpeg
image/jpeg

kennwhite, (edited )

Liu et al's preprint: https://arxiv.org/pdf/2309.02926.pdf
BlackHat abstract: https://www.blackhat.com/asia-24/briefings/schedule/index.html#llmshell-discovering-and-exploiting-rce-vulnerabilities-in-real-world-llm-integrated-frameworks-and-apps-37215

kennwhite,

TL;DR: The most popular chat-assisted app frameworks aren't even doing basic process sandboxing or sane file/network isolation. We are still very much in the early infancy of security maturity with current gen LLMs.

kennwhite,

@loke yes. I'm on the BH Asia review board and here for the rest of the conference.

kennwhite,

Tong's Google Scholar for related work: https://scholar.google.com/citations?hl=en&user=egWPi_IAAAAJ

kennwhite, to random

Good morning California.

kennwhite, to random

Nice to meet you, Vanuatu.

kennwhite, to random

It''s that time of year reviewing security conference submissions where the proposals range from: "I literally cannot provide a single coherent sentence about what the hell my talk is about." to: "I've been quietly working in solitude for 2 years and can now demonstrate full cross-customer pwn on [insert major cloud platform]. With zero logging or detection."

kennwhite, to random

Nice sunset in Melbourne.

kennwhite, to random

Good morning Sydney.

kennwhite,

@kcarruthers just passing through for a few days

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • everett
  • magazineikmin
  • Durango
  • InstantRegret
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • thenastyranch
  • kavyap
  • ethstaker
  • megavids
  • tacticalgear
  • cubers
  • cisconetworking
  • osvaldo12
  • khanakhh
  • ngwrru68w68
  • modclub
  • tester
  • anitta
  • normalnudes
  • Leos
  • provamag3
  • lostlight
  • All magazines
    •