I couldn't care less for some of the "generative AI" articles on here, but I do like some papers or research that is posted here which I find interesting, even though I don't always fully understand them.
For example, here are a couple from my HN favorites list, and I wouldn't mind seeing more of these articles:
There are many "reputation management" companies that do this sort of thing, via various sorts of tricks, which are most often bogus copyright or legal claims.
I can't say what happened in this case, but there's a report from the NY AG[1] about companies running an astroturfing anti net-neutrality campaign, so nothing surprises me at this point.
This is not a sour way to put it; extreme levels of information hoarding, cookie licking[1] and building and defending fiefdoms were the norm from what I saw at my time at a FAANG.
Let us just say that not all friendships, even the ones that start out strong, end up having the same depth to them because of the loss of shared context (e.g. moving out of the same city for jobs, new responsibilities caused by marriage etc.)
In such cases, there's still some reason for the two people involved to at least have a general idea of what's going on in other people's lives, and even reach out should there be something significant, such as a birth of a child or a loss in their families, etc. Without the broadcast aspect, once communication has ceased for some amount of time, it is very difficult to restart it, at any level.
As an introvert, I still find broadcasts weird, because there's that tingling notion that people wouldn't care anyway; and was one of the reasons I ceased to be on social media many years ago. However, I understand why some people choose to do things differently.
(There are similar anecdotes throughout this thread, I'd encourage you to read it for perspectives on this matter.)
One point I do not see addressed in the article is how the location is collected.
It'd be a little bit of a stretch to call IP geolocation as collecting location data as it is usually no more accurate than just procuring the geolocation yourself, so there's no need to get it from a broker. However, on an Android for example, both ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION require permission dialogs, so how does it exactly work?
At least some, if not the majority, is likely derived from the IP address used in the ad bidding process.
> Franaszek also says that “a significant amount of this geolocation dataset appears to be inferred by IP address to geolocation lookups, meaning the vendor or their source is deriving the user's geolocation by checking their IP address rather than by using GNSS [Global Navigation Satellite System]/GPS data. That would suggest that the data is not being sourced entirely from a location data SDK.”
I think it means permissions work if the app owner is not participating in the ad-buy market, but if they are, then certain permissions (any covering data provided to bidders) are skirted by google.
It's a stretch to call out a game for tracking every IP use use and trying to location track you using that? A game should not be trying to track my location at all, not get a pass because technically it's not very accurate.
When I was working for a major retailer, who, you'd assume would have thought about these things well enough, you were prevented from executing sudo, except for being able to use it for text editing (sudo vi). I needed to install some packages with a root shell at the time, so I used the command execution feature within vi to get that.
In the Middle Ages, when Internet access wasn't in your pocket all the time, I was in a hostel which had Internet kiosks, you'd put a coin in a machine, and the PC would start 2 browser windows: 1 with just a countdown, and one for you to browse. You'd have to put more coins or when the time ends the browser would be killed.
Of course there was nothing else in the UI except this window and the browser, but on ancient Firefox, in the print window you had the option to specify the command line to print. I tried "xterm", hit "Print", and voila, a prompt!
Using ps, I managed to figure out the difference between the unpaid browser and the paid one, and next time around I could launch a browsing session without payment...
As someone who used to sysadmin and was well aware of this trick, sometimes a developer or dba will bully their way through leadership to make sure they never need to ask for permission to edit their configs
We all knew it was a bad idea but when your boss and their boss say do it, it’s done.
I’m pretty sure the dba (autocorrect magically suggested “diva” here) knew as well and just wanted a backdoor to have root for whatever they wanted.
I later busted the same team applying patches out of band with tripwire. Hey, wonder how you pulled that off…
Nobody should ever need permission to edit their own configs. E.g., if a box is used solely as a database server, then the DBAs should have full root to it.
lol, restricting administrative access to the administrators is pretty much a security best practice in every company everywhere.
Ever heard of the principle of least privilege?
They didn’t give me admin in the database and I don’t want it. They aren’t trained in the system and if you’ve ever seen what kind of mess a bunch of amateurs can make of a shared system you wouldn’t sound like such an idiot right now
Ill be sure to tell the auditors that they are gatekeeping dicks for requiring change management on the financial databases
that is all true. but admins need to be aware of the reasons other groups desire to go around them. obviously they needed some patches on their database product.
OK, what's the easiest way to get it? option 1: call the IT admin and say "hey bud, can we get these patches and see if it fixes my thing?" or option #2 play some political long game to get sudo vi access via intense political pressure and then hack into the system to install said patches.
if you have to do option #2, then it's the FAULT of the IT system: people follow the path of least resistance. if there was so much hassle having a support organization actually help you such that it was actually easier to do it yourself and fighting (and winning) some political fight with the other dept. to get there, you tell me what's wrong with that support org?
this is why DevOps is an improvement.
you're trying to point at the auditors as being the dicks? nope. any engineer in the company can be equally responsible for configuration management. wanna bet that the IT dept. has no process to allow other engineers to update configuration? or that they won't do it on your behalf in a timely fashion? simply delegate the patch configuration management of the DB to the DBAs and send the auditors to see the experts. there's a good chance they'd take the responsibility seriously and do a better job of it than you.
These were solaris 8 or 9 patches for some Oracle DB. Patch management back then was wild and conflicting patches could cause problems.
Of course there were no consequences for someone bypassing the approval process and doing unscheduled changes as root. Now, if my team had made those changes without running it past the DBAs...
My high school computer lab had an incredibly incompetent admin whose idea of security was to look through the bash history of problem students and go from there. Anyway, at one point they decided that someone had used cp to copy things to places they should’ve have been (did I mention they didn’t really understand UNIX permissions?) they decided to just remove cp altogether. So of course I made a fake cp (in Java, because that was all I knew at the time) to replace it.
I once encountered a good anti sudo control.
Execute sudo and you get a warning “log in as root instead!”
Firstly, no
Secondly did you just “prevent” sudo by aliasing it?
This is similar to Msty's[1] "Delvify" feature that generates links for keywords in a given text, with the ability to "delve" into each highlighted topic.
While I'm unfamiliar with how it's implemented there, I can certainly see this working with multiple rounds of prompting, and possibly some external data sources and human curation to ensure that the terminology index is actually useful to readers.
For example, here are a couple from my HN favorites list, and I wouldn't mind seeing more of these articles:
* An Intuitive Explanation of Sparse Autoencoders for LLM Interpretability (https://news.ycombinator.com/item?id=42268461)
* Scaling Monosemanticity: Extracting Interpretable Features from Claude 3 Sonnet (https://news.ycombinator.com/item?id=40429540)
* Refusal in LLMs is mediated by a single direction (https://news.ycombinator.com/item?id=40242939)
reply