- There are many different tools that attempt to solve the same problem, with varying levels of competency.
They can't all use the same name. If you want to build a better alternative to an existing solution, you need to choose a different name, this leads to names being arbitrary.
- For the occasional local LLM query, running locally probably won't make much of a dent in the battery life, smaller models like mistral-7b can run at 258 tokens/s on an iPhone 17[0].
The reason why local LLMs are unlikely to displace cloud LLMs is memory footprint, and search. The most capable models require hundreds of GB of memory, impractical for consumer devices.
I run Qwen 3 2507 locally using llama-cpp, it's not a bad model, but I still use cloud models more, mainly due to them having good search RAG. There are local tools for this, but they don't work as well, this might continue to improve, but I don't think it's going to get better than the API integrations with google/bing that cloud models use.
- I ran your exploit-rce-v4.js with and without the patched react-server-dom-webpack, and both of them executed the RCE.
So I don't think this mechanism is exactly correct, can you demo it with an actual nextjs project, instead of your mock server?
- A CVSS score of 10.0 may be warranted in this case, but so many other CVSS scores are wildly inflated, that the scores don't mean a lot.
- Any new term you come up with, will end up being misused by marketers.
- A soft-realtime multiplayer game is always incorrect(unless no one is moving).
There are various decisions the netcode can make about how to reconcile with this incorrectness, and different games make different tradeoffs.
For example in hitscan FPS games, when two players fatally shoot one another at the same time, some games will only process the first packet received, and award the kill to that player, while other games will allow kill trading within some time window.
A tolerance is just an amount of incorrectness that the designer of the system can accept.
When it comes to CRUD apps using read-replicas, so long as the designer of the system is aware of and accepts the consistency errors that will sometimes occur, does that make that system correct?
- Another way to think about the price, is that it's slightly less than we spend per day on the NDIS(~126 million)
- The most useful LLM "extension" isn't even mentioned in this article, and that is shell use.
An LLM with a shell integration can do anything you need it to.
- The impulse console command originates from Quake, the Half-Life 1 engine (GoldSrc[0]), was based on the Quake engine, and the Half-Life 2 engine (Source), was based on GoldSrc.
In quake, the impulse commands were used mostly to switch weapons[1]. I'm not really sure about the naming though, why choose the word "impulse".
[0]: https://en.wikipedia.org/wiki/GoldSrc.
[1]: https://github.com/id-Software/Quake/blob/0023db327bc1db0006...
- TLDR: They generated some phishing emails using LLMs, they sent the emails to 108 elderly people who agreed to be in a study, 11% of the recipients clicked a link.
Generating a phishing email isn't very difficult to do, with or without an LLM, and claiming that because someone clicked on a link, they were "compromised" seems disingenuous.
More interesting to me, is using LLMs in multi-turn phishing correspondence with victims, the paper mentions this in the discussion, but it isn't something that they appear to have actually tested.
- Have you done any analysis of what proportion of the lin file is being read in total?
You stated in the blog post, that your goal is to try and find unused content, however if as described, the file is just a record of how the game loads the data, then it won't contain any hidden unused assets, since unused assets would never have been read from the original unoptimised file, and thus never written to this optimized file.
- So the emails had proper DKIM signatures.
Did the support agents have the ability to send arbitrary emails from commerce@coinbase.com? If not, how did the scammers send a properly signed email?
- I’m not certain either way, but part of the document tries to make a big deal about some GitHub profiles having the “arctic code vault archive” badge, and implying that has something to do with running an archive website.
Pretty much anyone who has made any kind of commit to an open source project has that badge.
- Probably works against a fair few sites, but not if they are using RDNS.
- Presumably you don’t need to handle traffic at line speed, you just need to process it faster than userspace applications can produce and consume it.
What I don’t really understand is why iptables and tv is so slow.
If the kernel can’t route packets at line speed, how are userspace applications saturating it?
- Nothing on that page contradicts anything I said.
- I’m not a New Yorker or even an American, but it’s interesting just how much coverage this election has gotten in social media.
I think most of his major policies are pretty bad, but I also think the reaction against him has been over the top.
He is going to need cooperation from the state legislature, if he wants to collect the taxes needed to fund his policies, and I’m not sure how successful he will be at that.
A lot of people are rooting both for and against him, so it’s going to be interesting either way.
- Over 50% of rented units in New York are regulated somehow. 34% “rent stabilised pre-74”, 8% “rent stabilized post-73”, 1% rent controlled, 7% public housing, 2% other
- They are both price controls on rent. The eligibility criteria are different, and the terms by which rent may increase are different, but they seem pretty close to the same thing to me.
In fairness react present it as an "experimental" library, although that didn't stop nextjs from widely deploying it.
I suspect there will be many more security issues found in it over the next few weeks.
Nextjs ups the complexity orders of magnitude, I couldn't even figure out how to set any breakpoints on the RSC code within next.
Next vendors most of their dependencies, and they have an enormously complex build system.
The benefits that next and RSC offer, really don't seem to be worth the cost.