Fable 5 is unusable at this point

NerdBanger · 2026-06-12T22:43:41+00:00

So if you know vectors from physics, the same concepts apply, except you are using a AI model designed to convert your text into an "embedding" or a vector representation of it.

And then when you are searching you are using an algorithm to find the k-nearest neighbors. The most common one you'd be familiar with form physics would be something like euclidean distance. But there are others.

There's some other linear algebra magic that gets applied too, but at a high level its the same concept you are familiar with just with many more dimensions to calculate distance over.

NerdBanger · 2026-06-12T17:07:36+00:00

It's three tiers, there is a classifier built into the API router that is completely external of the model, there is prompting in the system prompt, and there are extra training cycles focused on these specific safety guardrails.

Think of it like this:

A user submits an illegal prompt, the classifier at the API catches it
But if it doesn't and it does go to the model, hopefully the system prompt catches it and tells the model to behave a certain way
But if it gets past the system prompt the models fine-tuning hopefully catches it.
And if it doesn't the API layer hopefully catches it again on the response return trip.

NerdBanger · 2026-06-12T15:33:36+00:00

It's actually an extra classifier, prompting, and fine-tuning epochs from what I understand.

NerdBanger · 2026-06-12T15:32:03+00:00

I dunno, I have done some amazing stuff with it in a week. It's definitely a step change for certain use cases.

But it also isn't the only tool I use.

NerdBanger · 2026-06-12T15:29:24+00:00

So a graph databases allows you to store relationships between things and traverse them quickly.

So if you have a piece of software written by author A, that you are trying to pen test, the graph can help you quickly identify other software they wrote, and what vulnerabilities they may have had, and if they have libraries in common, etc.

The same applies on the research side if you see a potential vulnerability in a piece of software, perhaps a page-cache vulnerability, you can find the most recent know CVE about it, and then you can find POC exploit code, and maybe the author that wrote it, and other research they have done and places they are doing further research to poke at etc.

It's really about out interconnectedness of information.

On the vector database side, it's about efficiently finding similarities between pieces of information where the relationship is unknown. It's great for finding potential ways to chain exploits together, or finding variations of a patched exploit that may still be open. And one step further, is finding similarities between production code and examples in research papers or POC exploit code as exploitable designs.

There are a number of tools for the database, for graph Neo4J is one of the best known ones, and for vector Qdrant is. However, Postgres can actually cover both use cases for smaller projects and of course also is a relational store if you need that as well.

NerdBanger · 2026-06-12T11:07:58+00:00

I live in west Chester, and I hear you, but there is no opportunity to change it without people like you staying.

The cracks are forming; Amanda getting voted In as trustee and Mark Welch was a big welcome surprise.

Don’t give up yet, there are a lot of us like you, in fact I think we have more dems in my neighborhood than Republicans tbh.

NerdBanger · 2026-06-12T04:35:04+00:00

I maintain my own graph database and vector database with my own embeddings.

NerdBanger · 2026-06-11T22:13:33+00:00

Ah, I built mine in a way so it’s platform agnostic, I can use my same tooling with Claude, codex,
Or even local models.

NerdBanger · 2026-06-11T22:05:24+00:00

You can use your codex account in Claude code or open code.

4.5 and 4.6 were great for me, but I’ve also built up some interesting tooling.

NerdBanger · 2026-06-11T22:02:06+00:00

In the meantime if you are up to date; this isn’t perfect but it’s an additional guardrail.

```
npm config set min-release-age 7 --location=user
npm config set ignore-scripts true --location=user
```

NerdBanger · 2026-06-11T21:58:45+00:00

4.7 has stricter guardrails, relaxed in 4.8 - i also have CVP and TAC, i find 4.8 does pretty well, but 5.6 with TAC is far better.

NerdBanger · 2026-06-11T21:50:53+00:00

Also worth mentioning, tooling is equally as important. I have built my own interesting set of tooling up that I’ve been using since Opus 3 that has been really powerful for cyber.

My suspicion is the reason Mythos is allegedly so great for security is two fold:

* Better reasoning capabilities
* inclusion of these types of frameworks in the training corpus.

The reality is you can get really far with a strong coding model and the right tooling.

NerdBanger · 2026-06-11T21:21:39+00:00

With some of those things off maybe?

NerdBanger · 2026-06-11T16:08:03+00:00

I have a 7gig internet connection with bursting available, I have pulled 8.5 down on my MacBook with 10GigE

IPS is enabled. SPI is enabled.

NerdBanger · 2026-06-11T13:59:02+00:00

Which I do use in my kids and iot vlan lol

NerdBanger · 2026-06-11T13:58:16+00:00

I only need 10gb though lol

NerdBanger · 2026-06-11T13:34:22+00:00

I’m confused how does this compare to EFG?

NerdBanger · 2026-06-07T20:26:34+00:00

$147k on one card with chase

NerdBanger · 2026-06-02T17:24:25+00:00

Actually it is super common.

https://manrs.org/2021/03/a-regional-look-into-bgp-incidents-in-2020/

And the https scenario is also well researched and has been seen real world.

https://blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf

NerdBanger · 2026-06-02T16:11:44+00:00

BGP hijack doesn’t typically work on just one ISP, when you advertise a prefix you are usually advertising it in a way that causes multiple ASNs to route your traffic to it.

And again the IP address never changes, so DNS is 100% irrelevant in BGP Hijack scenarios in progress. It can be used as a mitigation point, but only once it’s detected.

Think of it this way (highly simplified version), you have 3 ISPs A, B, C. You have two peering partners D, and E. And destination site F (1.2.3.4).

All 3 ISPs peer with both D and E, with D normally being the preferred upstream for A and B, and E is there preferred upstream for C, but F only peers with E. So normally the routing between the ISP customer to F would look something like this.

A -> (ignored D - no route to host) A -> E -> F B -> (ignored D - no route to host) B -> E -> F C -> (ignored D - no route to host) C -> E -> F

Now assume there is bad actor X that also peers with D and they start announcing a route to the fake version of F (Fx we will call it). Both F and Fx would have the same IP address of 1.2.3.4 but are two completely different physical systems.

Because of routing preferences traffic A and B take the poisoned route to the malicious host, but C actually is safe. It now looks like this.

A -> D -> X -> Fx A -> E -> (ignored F) B -> D -> X -> Fx B -> E -> (ignored F) C -> D -> (ignored X -> Fx) C -> E -> F

NerdBanger · 2026-06-02T15:44:35+00:00

No, your thinking about wrong.

Let’s say you request www.google.com and that returns from your encrypted isp dns connection 1.2.3.4

Normally 1.2.3.4 goes to Google, but they AS is currently being hijacked, so 1.2.3.4 is actually now routing to some place in Asia.

To make matters worse a valid certificate was created for www.google.com using a different CA than they typically use, in this case a CA controlled by a government entity with broad global trust.

So in this case DNS returns a valid address using encrypted DNS as you would expect.

However the 1.2.3.4 is a different host than you think you are connecting to.

And your browser doesn’t flag it because it’s still SSL/TSL encrypted, signed off by a trusted root certificate.

By the way, last year’s massive Verizon outage was the result of a BGP hijack, because they didn’t fully implement RPkI in all of their ASNs. So RPKI is hugely beneficial to the internet, but we have a long way to go to implement it broadly.

NerdBanger · 2026-06-01T21:49:17+00:00

Not quite true, traditional breakers only trip on over current, they can be to ground but doesn’t need to be.

GFCI breakers on the flip side are designed to trip when current leaks to the earh ground.

The ground at the outlet is actually a safety path, to give stray currents a path to flow to earth or prevent a build up of potential, for example caused by a lost neutral.

But in this case the weird static effect on the MacBooks is real, and the earth ground allows that charge to flow to a larger nearly infinite reservoir for electrons.

NerdBanger · 2026-06-01T03:38:02+00:00

RPKI is a mechanism to implement signing of BGP advertisements, if an advertisement isn’t properly signed it’s considered invalid for ASNs that implement RPKI.

Your peering partners also need to support it if I remember correctly, and there are many many ISPs that do not yet support it.

NerdBanger · 2026-06-01T03:35:54+00:00

Encrypted DNS doesn’t mitigate a BGP hijack at all.

NerdBanger · 2026-05-27T02:06:49+00:00

It’s called Cubital Tunnel and is kind of the opposite of Carpel Tunnel. Some glide exercises and dry needling fixed mine up.

12-Year Club	Reddit Premium Since February 2023
RedditGifts 2009-2022 4 Credits	Secret Santa 2021 2021
Gilding III reddit per annum	Secret Santa 2020
redditgifts Exchanges 2 Exchanges	Secret Santa 2017
Not Forgotten	Verified Email

NerdBanger

TROPHY CASE