Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Feed
All
Post Types
- Rants
- Jokes/Memes
- Questions
- Collabs
- devRant
- Random
- Undefined
Cancel
All
-
Welp, I made a chatGPT bot, which talks to Amazon support instead of me lol .
So far there is 48 hours of discussions and my bot insist on pick up on my location to return and thier is you need to print label and bring it to postal service.
I'll let the 2 bots figure it out2 -
Hey, been gone a hot minute from devrant, so I thought I'd say hi to Demolishun, atheist, Lensflare, Root, kobenz, score, jestdotty, figoore, cafecortado, typosaurus, and the raft of other people I've met along the way and got to know somewhat.
All of you have been really good.
And while I'm here its time for maaaaaaaaath.
So I decided to horribly mutilate the concept of bloom filters.
If you don't know what that is, you take two random numbers, m, and p, both prime, where m < p, and it generate two numbers a and b, that output a function. That function is a hash.
Normally you'd have say five to ten different hashes.
A bloom filter lets you probabilistic-ally say whether you've seen something before, with no false negatives.
It lets you do this very space efficiently, with some caveats.
Each hash function should be uniformly distributed (any value input to it is likely to be mapped to any other value).
Then you interpret these output values as bit indexes.
So Hi might output [0, 1, 0, 0, 0]
while Hj outputs [0, 0, 0, 1, 0]
and Hk outputs [1, 0, 0, 0, 0]
producing [1, 1, 0, 1, 0]
And if your bloom filter has bits set in all those places, congratulations, you've seen that number before.
It's used by big companies like google to prevent re-indexing pages they've already seen, among other things.
Well I thought, what if instead of using it as a has-been-seen-before filter, we mangled its purpose until a square peg fit in a round hole?
Not long after I went and wrote a script that 1. generates data, 2. generates a hash function to encode it. 3. finds a hash function that reverses the encoding.
And it just works. Reversible hashes.
Of course you can't use it for compression strictly, not under normal circumstances, but these aren't normal circumstances.
The first thing I tried was finding a hash function h0, that predicts each subsequent value in a list given the previous value. This doesn't work because of hash collisions by default. A value like 731 might map to 64 in one place, and a later value might map to 453, so trying to invert the output to get the original sequence out would lead to branching. It occurs to me just now we might use a checkpointing system, with lookahead to see if a branch is the correct one, but I digress, I tried some other things first.
The next problem was 1. long sequences are slow to generate. I solved this by tuning the amount of iterations of the outer and inner loop. We find h0 first, and then h1 and put all the inputs through h0 to generate an intermediate list, and then put them through h1, and see if the output of h1 matches the original input. If it does, we return h0, and h1. It turns out it can take inordinate amounts of time if h0 lands on a hash function that doesn't play well with h1, so the next step was 2. adding an error margin. It turns out something fun happens, where if you allow a sequence generated by h1 (the decoder) to match *within* an error margin, under a certain error value, it'll find potential hash functions hn such that the outputs of h1 are *always* the same distance from their parent values in the original input to h0. This becomes our salt value k.
So our hash-function generate called encoder_decoder() or 'ed' (lol two letter functions), also calculates the k value and outputs that along with the hash functions for our data.
This is all well and good but what if we want to go further? With a few tweaks, along with taking output values, converting to binary, and left-padding each value with 0s, we can then calculate shannon entropy in its most essential form.
Turns out with tens of thousands of values (and tens of thousands of bits), the output of h1 with the salt, has a higher entropy than the original input. Meaning finding an h1 and h0 hash function for your data is equivalent to compression below the known shannon limit.
By how much?
Approximately 0.15%
Of course this doesn't factor in the five numbers you need, a0, and b0 to define h0, a1, and b1 to define h1, and the salt value, so it probably works out to the same. I'd like to see what the savings are with even larger sets though.
Next I said, well what if we COULD compress our data further?
What if all we needed were the numbers to define our hash functions, a starting value, a salt, and a number to represent 'depth'?
What if we could rearrange this system so we *could* use the starting value to represent n subsequent elements of our input x?
And thats what I did.
We break the input into blocks of 15-25 items, b/c thats the fastest to work with and find hashes for.
We then follow the math, to get a block which is
H0, H1, H2, H3, depth (how many items our 1st item will reproduce), & a starting value or 1stitem in this slice of our input.
x goes into h0, giving us y. y goes into h1 -> z, z into h2 -> y, y into h3, giving us back x.
The rest is in the image.
Anyway good to see you all again.25 -
yesterday my phone upgraded from Android 14 to 15
soooo, nothing's new?
there's some "auto transcript" for media or something
Like I'd love to see you try transcribing my "hidden camera POV JAV" bruh4 -
So uh, I haven't been here in a while.
Are there actual rants about dev topics anywhere or is it all schizoposting, AI and politics..?7 -
On the day of my birthday, both Skype and Boris Spassky, the chess grandmaster world champion, died. Our metamodernist timeline is so fucking weird2
-
What's the point of having a filter "Job not already seen" if the first one that appears are marked "You have already applied to this job" Indeed?3
-
Working on an OS again has made my *really* appreciate ChatGPT
I've always thought that it's a useful tool if you can use it, but most of the time I couldn't. Low level engine work or whatever where the hardest thing is knowing what you want to do doesn't benefit from an LLM at all
But for os dev? It's honestly insane. Not that chatgpt is always right (it's mostly wrong) but the *ideas* it gives you to try other stuff and check other stuff. Those are invaluable. A dozen times it has saved my ass over the last 2 days when I was stuck
I think a big part is that when you can converse with someone who comes up with new ideas it keeps your motivation up. I remember doing osdev 5 years ago and I just quit after 2 weeks because I was stuck and I didn't know what to do15 -
A thing that I am annoyed that people are getting wrong is security by obscurity.
You have heard of it and being told it is bad. It is so bad that it alone is a counter argument. Let me set you straight:
>>>Security by obscurity is the best security you will ever have<<<
There is an asterisk: It is probably not right for your business. But that is for the end.
Security by obscurity means to hide something away. Most security is based on hiding. You hide your private key or your password or whatever other secret there is. If you had a 2048 long sequence of port knocking, that would be fine, too.. Or it would be fine if it wasn't observable. You could write this down in your documentation and it wouldn't be security by obscurity. It would just be security. Weird, but fine.
The real meat of obscurity is: No one knows that there is someone. The server you port knock looks like a harmless server, but suddenly has an open port to a bad application for an IP, but only if that IP went to 25 other ports first.
In the animal kingdom, there are different survival strategies. One of them is being an apex predator or at least so big and lumbering that no predator wants a piece of you. That's our security. It is upstream security. It is the state.
But what is the rest of the animal kingdom going to do? Well, run away. That works. Not being caught. And those not fast enough? Hide! Just be invisible to the predators. They cannot triple check every leaf and expect to be done with the tree before starving. That's security by obscurity. Or hide in the group. Zebras. Easy to see, hard to track in the group. Look like everyone else.
There is a reason why drug smugglers don't have vaults in the carry-on. Arrive at the customs and just refuse to open the vault. If the vault is good enough. Nope, they lack the upstream security by the state. The state is there enemy, so they need obscurity rather than cryptographic safety.
And so, for a private person, having a port knocking solution or disguising a service as another service is a great idea.
Every cryptography course happily admits that the moment they can catch you physically, cryptography is useless. They also teach you about steganography. But they omit to tell you that obscurity is the second best solution to having a stronger army when you cannot rely on your state as upstream security.
Why did I say, not a good idea for companies?
1. It is self-defeating, since you have to tell it to all employees using it. A shared secret is no secret. And therefore it cannot be documented.
2. It makes working with different servers so much harder if there is a special procedure for all of them to access them. Even if it were documented. (See 1.)
3. You're a company, you are advertising your services. How to hide that you run them?
Do you see how those are not security relevant questions? Those are implementation relevant questions.
Here is an example:
Should you have your admins log into servers as normal users before elevating to root or is that just obscurity? Well, not for security purposes. Because that foothold is so bad, if compromised, it makes little difference. It is for logging purposes, so we have a better server log who logged in. Not only always root. But if our log could differentiate by the used private key, there is no issue with that.
If it is your private stuff, be creative. Hide it. Important skill. And it is not either, or. Encrypt it your backup, then hide it. Port knock, then required an elliptic curve private key to authenticate.
It is a lot of fun, if nothing else. Don't do it with your company. Downsides are too big. Cheaper to hire lawyers if needed.4 -
Do coding test for Vue.js job, because I don't want to work with shitty Angular anymore.
HR person sends React test, with some random string manipulation question in vanilla JavaScript.
I don't do React, but tried the test anyway. Better than shitty Angular.
Told her uhm this is the wrong framework...
I hate web dev.15 -
Sorry guys. Wtf indeed. Will take some time to restore.
The service will not be online today anymore. It needs a serious refactor on certain part. It became a bit messy.6 -
Do you know that app where you catch monsters by throwing balls at them?
It's called tinder I think9 -
New guy gets a task: "Add a thing to the thing". One liner. Simple enough.
Commits code written by chatGPT to an unrelated branch, proudly screenshots the resulting screen and posts to work chat - "My first task!! What is next?"
I don't think I want to work in this field anymore.6 -
Should the dR servers go down for good and David would pull the plug. Do we, devRanters, have a place to got to? Some discord or smth? It would be a shame for the community [or what's left of it] to cease to exist in a blink.
I know where to find retoor -- molodetz.nl . Yet it's not the means to communicate (still more than nothing) and the others won't be there.
P.S.
> 16s until you can post another rant.
:D sssoooo close27 -
Conversation at work
Colleague 1: "Have you added it to our documentation system?"
Colleague 2: "Not yet."
Colleague 1: "The Sumerians created the first writing systems 5000 years ago, but sadly, not everyone got the memo."2 -
This fucking Integration test with h2 is driving me insane as it just doesn't work for what I need it to! 😤
The setup seems correct, the sql files are "processed" according to logs. Everything seems to be set up as supposed, as AI, colleagues or internet recommend ... yet no insert statements are shown and no data is found on retrieve. No schemas or tables exist in h2 console although log says all these millions of tables are apparently created.
WTF am I doing?9 -
It’s not wise to play chess with a pigeon. It will throw all pieces away, shit on the board and tell everybody it won.10
-
Why can't I run a GUI Linux VM on Windows without hating myself in the process? I tried all (aside of VMWare Workstation since its free license forbids commercial use): Hyper-V, WSL, VirtualBox and everyone of them is slow, buggy or both4