Even SHA pinning only lets you go one hop. If the pinned action itself uses any non pinned actions, you’re still susceptible.
I don’t think this problem is fixable without a higher level way to specify the full nested tree. Something like TOFU for the first time your action ran (pinning all children as of that run) might be an improvement, but that is still can be gamed by a timed attack that modifies the action at a later date (literally, if time greater than X do …).
Secrets are detected before encryption in the user buffer but rewrites happen post encryption in the kernel buffer to be sent on the wire.
packets boundaries are not an issue because detection happen at the SSL write where we have the full secret in the buffer and its position so we can know at rewrite time that the secret is cross 2 packets and rewrite it in 2 separate operations. We also have to update the TLS session hash at the end to not corrupt the TLS frame.
Yup! That's what I was thinking about. In fact I did read this right before posting (though I had found it at https://doc.cat-v.org/bell_labs/utf-8_history) but only to validate that it had been in a NJ diner, so I missed my confusion of UTF-8 with Unicode.
> Old server nginx converted to reverse proxy We wrote a Python script that parsed every server {} block across all 34 Nginx site configs, backed up the originals, and replaced them with proxy configurations pointing to the new server. This meant that during DNS propagation, any request still hitting the old IP was silently forwarded. No user would see a disruption.
What was the config on the receiving side to support this? Did you whitelist the old server IP to trust the forwarding headers? Otherwise you’d get the old server IP in your app logs. Not a huge deal for an hour but if something went wrong it can get confusing.
> i presume they wont let you “manage all your AI spend in one place” for free.
Of course they will. In return they get to control who they’re routing requests to. I wouldn’t be surprised if this turns I to the LLM equivalent of “paying for order flow”.
shivers? as in it frightens you? i believe there is no way around tokens being prices like gasoline at the gas station - it changes every hour. Any other system means you are either over- or underspending.
They can route between models but you pay the standard rate for whichever model is selected (plus 5% fee). Afaik all current model providers have fixed prices per tokens which don't vary depending on, say, demand or hardware availability.
And also completely meaningless as a credit rating in the context of creditworthiness specifically means the ability to repay. And they can always print dollar bills to do so.
Now whether that $1 in 20 years will buy anything is an entirely different story.
That's not how it used to work. That's still not how it works in my country. I buy my bread from a specialized shop, my cheese from another, and my fresh produce from yet another. I know people who only buy their meat from a butcher (I do it sometimes, but not always).
I understand your point of view. But in cities of all sizes, it's easier to not have to do that. For example in NYC, a medium size city, you can easily go do your shopping in multiple places, and not at the same time.
Economic viability isn't what led to "wide availability and inventory". No, it's imperialism. It's exploitation of the Global South. It's paying slave wages through subsidiaries in West Africa to cocoa farmers while making sure those countries stay poor, for example.
We also wage economic war on our our anointed enemies like Cuba and then use the inevitable result of that economic warfare as a reason why our system is good.
I don’t think this problem is fixable without a higher level way to specify the full nested tree. Something like TOFU for the first time your action ran (pinning all children as of that run) might be an improvement, but that is still can be gamed by a timed attack that modifies the action at a later date (literally, if time greater than X do …).
reply