1. axoltl 2 days ago parent

   For modern systems, stack buffer overflow bugs haven't been great to exploit for a while. You need at least a stack cookie leak and on Apple Silicon the return addresses are MACed so overwriting them is a fools errand (2^-16 chance of success).

   Most exploitable memory corruption bugs are heap buffer overflows.

2. axoltl Dec 17, 2025 parent

   Yep! 60t/s on the 8 bit MLX on an M4 Pro with 64GB of RAM.
3. axoltl Dec 16, 2025 parent

   There's MLX versions of the model, so yes. LM Studio hasn't updated their mlx-lm runtime yet though, you'll get an exception.

   But if you're OK running it without a UI wrapper, mlx_lm==0.30.0 will serve you fine.

4. axoltl Oct 25, 2025 parent

   It means more surface (both from extensions themselves and the loader code), relaxation of things like KTRR/CTRR (you now need to add executable EL1 pages at runtime), plus the potential for signing keys to leak (Finding enterprise signing keys even for iOS is fairly easy).

   As far as Windows goes, https://www.loldrivers.io is a thing.

5. axoltl Oct 25, 2025 parent

   I do vulnerability research. Those things would do the exact opposite of what you're aiming for. They'd be received with glee by mercenary spyware companies, _especially_ being able to load things into higher levels of privilege.
6. axoltl Sep 26, 2025 parent

   You're confusing your opinion of the company with the perception by the general public. Apple's definitely not perceived as 'an office appliance company' by your average person. It's considered a high-end luxury brand by many[1].

   1: https://www.researchgate.net/publication/361238549_Consumer_...

7. axoltl Sep 22, 2025 parent

   It'd run on a 5090 with 32GB of VRAM at fp8 quantization which is generally a very acceptable size/quality trade-off. (I run GLM-4.5-Air at 3b quantization!) The transformer architecture also lends itself quite well to having different layers of the model running in different places, so you can 'shard' the model across different compute nodes.
8. axoltl Sep 17, 2025 parent

   From what I've been reading the inference workload tends to ebb and flow throughout the day with much lower loads overnight than at for example 10AM PT/1PM ET. I understand companies fill that gap with training (because an idle GPU costs the most).

   So for data centers, training is just as important as inference.

9. axoltl Sep 10, 2025 parent

   I believe they mean the source region's tag, rather than the destination.
10. axoltl Sep 10, 2025 parent

    I have some inside knowledge here. KPP was released around the time KTRR on A11 was implemented to have some small amount of parity on <A11 SoCs. I vaguely remember the edict came down from high that such a parity should exist, and it was implemented in the best way they could within a certain time constraint. They never did that again.
11. axoltl Aug 15, 2025 parent

    So are caffeine and nicotine, I'm not sure what your point is.
12. axoltl Aug 15, 2025 parent

    Concerta is extended release methylphenidate. It is not an amphetamine.
13. axoltl Aug 4, 2025 parent

    This isn't a transformer, it's a diffusion model. You can't split diffusion models across compute nodes.
14. axoltl Aug 2, 2025 parent

    Just from my limited experience:

    Barton Springs in Austin is always brimming with people and Shiner Bock makes a frequent appearance.

    Dolores Park in SF never has a dull moment and you can buy shrooms or edibles from vendors walking around.

    Golden Gate Park in SF is massive and there are tons of clusters of people socializing and drinking throughout the park (especially near the Conservatory of Flowers!)

    Central Park in NY in many ways mirrors Golden Gate Park only its way busier. Good luck finding a spot near the south side of the park on a sunny day. You might spot a mimosa or two, three…

15. axoltl Jul 29, 2025 parent

    Something is lost as well if you do 'research' by just asking an LLM. On the path to finding your answer in the encyclopedia or academic papers, etc. you discover so many things you weren't specifically looking for. Even if you don't fully absorb everything there's a good chance the memory will be triggered later when needed: "Didn't I read about this somewhere?".
16. axoltl Jul 26, 2025 parent

    Yep. Though if you don't place any of them - depending on how technical you want to get - that's a DE0.
17. axoltl Jul 25, 2025 parent

    https://uk.rs-online.com/web/p/d-sub-connectors/0481049 https://uk.rs-online.com/web/p/d-sub-connectors/2748593
18. axoltl Jul 24, 2025 parent

    It'd be the final piece of Apple's vertical integration puzzle.
19. axoltl Jul 12, 2025 parent

    I can't comment on MCP use specifically but I can comment on using an LLM while reversing. I use a local instance of whatever ends up being SOTA for local reasoning LLMs at 30B-70B params quantized to 4-6b. I feed it decompiled code to identify functions that are 'tedious' to reverse engineer. I recently reversed a binary that was compiled with soft float and had no symbols or strings. A lot of those functions end up being a ton of bit-twiddling. While I reversed the business logic I had the reasoning model identify the soft float functions with very minimal prompting. It did quite well on those!

    I also tried to have it automatically build some structs from code showing the access patterns, and it failed miserably on that task. Likely a larger model (o3 or opus) would do better here.

    I personally don't think letting an LLM do large parts of the reversing would be useful to me as I build up a lot of my mental model of the system during the process, so I'd be missing out on that. But for handling annoying bits of code I'd likely just forego otherwise? Go ham!

20. axoltl Jul 11, 2025 parent

    I'm actually very surprised this happened. I've dis- and reassembled dozens of iPhones (from the iPhone 4 all the way up to the iPhone 16) and I've never torn a single flex cable.

    You just have to be careful not to pull on the flex, but the connector instead. This logic applies as much to pulling a plug out of a wall socket as it does a thin flex with a board-to-board connector.

    That said, would I characterize disassembling any Apple product as "quite friendly"? No. Do not attempt unless you're either familiar with how things go together or you're willing to spend the money to replace the parts you broke. If those aren't options, find a local repair shop.

21. 3 points Jul 5, 2025

    Compost is an RPC protocol generator with a simple wire format

    2 comments axoltl github.com
22. axoltl Jul 5, 2025 parent

    Are you saying Nvidia could spin up their own chip fabs in short order?
23. axoltl Jun 27, 2025 parent

    I can't comment on AMD or Intel but Apple Silicon definitely uses ECC for at least the system level cache. On top of that it performs cache healing (swapping out bad lines for spares) on every cache level every time the system boots.
24. axoltl Jun 7, 2025 parent

    It’s a slightly more involved project, but tmbinc managed to write arbitrary pictures to a DVD surface:

    https://debugmo.de/2022/05/fjita-the-project-that-wasnt-mean...

25. axoltl Mar 17, 2025 parent

    You are, of course, 100% correct. In my haste to explain the 'sourcing' behaviour of the errata I accidentally jumped to the sinking verbiage. Input pins are "pressure gauges", not "flow meters".
26. axoltl Mar 17, 2025 parent

    I frequently have to interface with custom on-the-wire protocols and the PIO block is fantastic. Situations where I'd used to need a CPLD or full-blown FPGA I can now do with a sub-$1 microcontroller. It significantly reduces development time as well.

    It's like XMOS but actually usable.

27. axoltl Mar 17, 2025 parent

    So normally when you have a microcontroller pin and you configure it as an input, you expect it to SINK current (as in, take voltage 'in'). The bug is that if the external voltage is between 1V and 2.5V (I don't remember the exact voltages, don't quote me on that) the pin will SOURCE current, acting almost as if you'd set it to be an output pin. It's not a lot of current, but it's enough to hold the pin at 2.2V.

    This happens on all microcontrollers btw. Random charge accumulates and pushes the voltage on your pin to some arbitrary point. The way you fix this normally is by providing a path for that charge to escape in the form of a pull-down resistor. Usually you need something in the 100k range. Because of this bug you need something more in the 5k range.

    For some circuits that's fine, for others it's more problematic.

28. axoltl Mar 17, 2025 parent

    I haven't completely thought through this, but I can see issues with porting PIO-USB [0] for example. USB relies on a few different pulls to Vcc and Gnd with pre-defined values. On the host side you have to pull your signal lines to ground with 15k resistors. Those aren't strong enough to overcome the current leakage. The tricks where you enabled pad inputs only when you're reading the pin don't work here either as you can't do that in PIO.

    Things like logic analyzers are going to have similar issues where their inputs will have to be buffered to provide a suitably low impedance path.

    It's not insurmountable but it's enough for me to just fall back on the RP2040 in situations where I don't want to spend the effort to validate the RP2350.

    0: https://github.com/sekigon-gonnoc/Pico-PIO-USB

29. axoltl Mar 17, 2025 parent

    The E9 errata has evolved since the early days when the built-in pull-downs were implicated. The issue is related to the input pad macro sourcing excess (120uA) current when the external voltage is between Vil and Vih. This causes the pad to float at 2.2V, whether the built-in pulldown is activated or not. The internal pulldowns don't sink enough current to force the voltage outside of the undefined range.

This user hasn’t submitted anything.