Newer NVidia cards (H100 and up) support both in-memory model encryption and ‘trusted’ execution environment/remote attestation, not sure how widely used in frontier model deployments, but at least vendor claimed perf overhead is ‘3%’ [0]
When Opus 4.7 was introduced it started refusing anything cyber-adjacent (as an API error message, not a conversational refusal), until you applied for CVP, which made it more sensible again.
In Opus 4.8 it doesn't seem to help much, you just get refusals as prose rather than API errors. And now in Fable you don't get anything at all.
I was doing a CTF (with AI expected, even some anti-AI twists included) around the time the restrictions were tightened and was able to get approved by just saying it is a personal security research and doing a CTF.
The experience was not nice though, it would happily chug away on a task and not even "hack this web", just asking about security of a binary was enough even with "this is a CTF handout..." - it would burn a lot of tokens/quota, just to hit a snag and complain&stop. Then the approval took quite some time.
On GPT/Codex, which was tightened a few days later, the approval was pretty much instant, although, that one required an identity check.
Also, on Claude, it looks like there is some history/patterns in the play, because when I tried on a different account which didn't do cybersec CTFs/research/etc. at all, basically any simple CTF-related prompt would be blocked, on multiple models. On the account where CTFs were being solved, it would snag only on some specific tasks, while others (even, ironically, "hack this web pls") would go through unbothered. I understand the need to prevent AI use for bad actors, but the hell, if you have a binary outputting "Find the flag if you can!", or a web running at tryme.well-known-ctf.domain, then saying "this is abuse" is pretty uncool. All the cyber filters seem to be slapped on by a bunch of regexes looking for anything in the input/output with zero context.
I don't think it's weird that the post made it to the front page, but watching the downvotes roll in on my own mildly critical comment has been intriguing. I saw it go up to +2, down to 0, up to +3, and now it's on +1.
The escalating nerfs of "cybersecurity" topics is incredibly frustrating. Opus 4.6 had boundaries that seemed reasonable to me but 4.7+ turned it into a moralizing asshole. It'd be less bad if it just gave an error message, but instead it churns a long thinking trace before writing an essay about why what you're asking is bad and wrong.
I made a golang socks5 proxy that routes traffic to different VPSes (or the default gateway) based on hostname, over mutual-TLS tunnels, authenticated using ed25519 keypairs shared out-of-band. The "client" and the "server" are the same piece of software, and there's a web UI for configuring the routes.
I made it to deal with internet censorship in the UK, where different sites have different optimal exit jurisdictions, and most sites work fine so I can avoid the extra hops where possible.
It also works well for video streaming sites with geofencing, since the geofence itself is usually implemented in the frontend rather than the CDN. So only the frontend traffic needs to be proxied, while the bulk CDN traffic doesn't need proxying at all.
Socks5 is the ideal layer for hostname-based routing, since the proxy can see DNS names without needing to sniff TLS SNI (which would be incompatible with ESNI/ECH etc.)
iirc it was basically all done in a single prompt, and I've been using it ever since. The only issue I've encountered is with WebRTC not working properly with some services. (Presumably it breaks the NAT holepunching process or something, I never diagnosed it)
Another project that isn't quite finished is a "universal" web video downloader that works by shimming the MSE APIs and remuxing the streamed segments back into a regular video file. The idea is that if you can watch it, you can save it - including but not limited to youtube videos. I started this one pre-AI but AI was a huge help with the container format wrangling.
Exploring if it makes sense to use maths (or, to be precise, this particular construction) to drive content addressable content + other exploration around the memory space. IMO, no.
I have a strong understanding of content addressing, memory allocation, data structures, and a superficial understanding of lattices. It is not clear how one has anything to do with the other. If there is any meaningful link or benefit, it has not been explained.
Perhaps some magical insight is waiting for me if I understand the Leech lattice better, but given PhD category theorists are also scratching their heads I think I'll pass https://news.ycombinator.com/item?id=48436251
Still writing the docs. Content addressing is the mechanism, that is: same content lands in the same slot, equality is a handle compare. The allocator is provably extensional so distinct content never aliases even though the hash itself can collide. The Leech part: the heap is sized to the lattice's 196,560 minimal vectors, the coordinate-to-slot map is a collision-free perfect hash built from the Conway group's mm_op tables, and that fixed universe is what makes sets into 196,560-bit bitmaps with O(1) membership and bitwise ops.
I understand that you can hash any object into a 196,560-slot space (that's how regular hash tables work), but I'm not sure why you'd want to do that. Regular hash tables can be resized when they get full (or less-full), yours cannot. How is this any different from a hash table with a fixed capacity of 196,560 entries?
"provably extensional" is not an established term in this context and communicates nothing about the design. I simply do not believe that this design doesn't have trivial collision issues, or that it makes efficient use of memory.
Are you saying that two distinct pieces of content can never collide? That seems obviously incorrect.
For example, take the integers 0 - 196,561, and put them into your lattice-based map. Something’s got to give. There are only 196,560 containers in the map (right?)
The only relation to the Leech group appears to be the number of slots.
When a table gets full they allocate a second one, and so on, up until 256 tables when allocations start silently failing (after exactly 50319104 allocations).
I hope OP is seriously considering what’s actually been built here, and how their interactions with whatever LLM they’ve been using really reflects that. I’m genuinely a bit concerned for them.
> Allocation hashes the bytes; identical content returns the existing slot
What happens when two distinct objects hash to the same slot? (This is inevitable by the pigeonhole principle, and highly likely even at modest object counts due to the Birthday problem)
reply