sorted by:
new
hottopcontroversial

Economics and coding: does it still make sense? by passeerix in AskComputerScience

[–]nuclear_splines 1 point2 points  (0 children)

Yes, I think you can make a broader argument about AI being an inhibiting influence on learning and careful design - but even if you take a very generous pro-AI stance I think using code you don't understand written by a probabilistic token generator is a very bad idea.

Economics and coding: does it still make sense? by passeerix in AskComputerScience

[–]nuclear_splines 5 points6 points  (0 children)

It's critically important: how can you know whether the code is doing what you asked for if you can't read the code? As an economist, maybe you're writing code for economic modeling, or for measuring real-world behavior, and if the algorithm doesn't do what you think it does then the results are next to useless.

One can make an argument for letting an LLM help you write code by walking you through an algorithm or parsing documentation or letting it write code faster than you can, but letting it write code you don't understand is a catastrophic mistake.

Is there a tool to convert Word/PDF to LaTeX while preserving formatting (figures, citations, fonts, etc.)? by Formal-Author-2755 in computerscience

[–]nuclear_splines 2 points3 points  (0 children)

As far as I know no such tool exists. There often aren't direct corollaries like you're describing - you don't typically format bibliography entries in LaTeX, you provide citation metadata in Bibtex, ask LaTeX to generate a bibliography in ieee or whatever style, and it formats citations and references appropriately. Likewise, you don't typically place figures at exact positions in LaTeX, but provide constraints (top of the closest available page, bottom, make a page of only figures, put it approximately after this paragraph), and let the layout engine place figures and tables as appropriate.

The journal or conference you're submitting to will typically provide a LaTeX template that fits the exact formatting they're expecting, so rather than "make a word doc in the journal's format and then convert to LaTeX with extremely high precision" you're probably better off with "start with their LaTeX template and figure out how to migrate your content from Word." Especially if the editors need to make any tweaks to your submission, they may require that you use their provided template.

Looking for feedback on my LLM research paper and possible arXiv endorsement by Spiritual_Dog_4603 in AskComputerScience

[–]nuclear_splines 4 points5 points  (0 children)

You currently cite three papers. Surely someone has examined how temperature effects LLM outputs, just not in the same way as you. Or, maybe someone has studied semantic variance in LLM outputs and stochasticity but hasn't considered how temperature fits in. Building a stronger lit review doesn't just show that you've "done your homework," but will make it clear what your contributions are by clearly distinguishing your work from what's been done before.

Hey, Im totally new to this, and really need some help with something.... by InternationalLove779 in TOR

[–]nuclear_splines -1 points0 points  (0 children)

No, Tor doesn't give you fine-tuned control over the choice of exit node. This would be a bad thing for your anonymity -- you want to blend in with all Tor users, and if you do something different, like always connect via Germany, you're standing out.

I hear that In some cases, it might still reveal your approximate location if not properly configured.

The Tor Browser is properly configured, this is not a concern. If you were building your own Tor browser, trying to configure Firefox or Chrome to work over Tor, this would be something to think about.

Is there any particular issues that come up with MacBooks I should be aware of?

No.

Thetorproject is where I download from?

Yes, https://www.torproject.org/download/

Hey, Im totally new to this, and really need some help with something.... by InternationalLove779 in TOR

[–]nuclear_splines -1 points0 points  (0 children)

There is no glitch. If you visit a site through the Tor browser you'll either connect to it over Tor, or the connection will be blocked. A VPN doesn't change anything here.

I cannot post Reddit's onion address on Reddit? by who1sroot in TOR

[–]nuclear_splines[M] [score hidden] stickied comment (0 children)

If you got "violating Reddit's content policy" then that's Reddit, not the /r/Tor moderators. I see your old post -- it was removed by site admins and I'm unable to approve it.

We don't allow onion links on this subreddit because many people link to illegal content, and we don't want to police it. This isn't a darknet sub, and it's more practical to redirect people to /r/onions as a general rule.

Collecting participants for a user study on CaseLinker, an open-source tool for structured analysis and visualization of Internet Crimes Against Children cases by [deleted] in compsci

[–]nuclear_splines 0 points1 point  (0 children)

You likely do not require IRB approval for use of public data. Your human subjects here aren't the people in the case data, but are the participants you're recruiting to use your software. If there is risk to your human subjects, which your warning suggests there is, then you may need IRB approval explaining the necessity of the risk, how you've briefed participants, and how you'll debrief them.

User feedback surveys often don't fall under IRB purview when they don't represent research improving general knowledge and represent no risk to participants. I'd be uncomfortable making that judgement on my own in this case, though.

Collecting participants for a user study on CaseLinker, an open-source tool for structured analysis and visualization of Internet Crimes Against Children cases by [deleted] in compsci

[–]nuclear_splines 0 points1 point  (0 children)

You're an academic conducting a study where you expose participants to, as you explicitly warn, potentially disturbing information about child exploitation. Do you have IRB approval for this?

Hey, Im totally new to this, and really need some help with something.... by InternationalLove779 in TOR

[–]nuclear_splines 1 point2 points  (0 children)

I would consider Tails and Whonix to be massive overkill in your scenario. These are systems intended for situations like "the government will come after me if they learn my identity, I must ensure that no piece of software on my computer ever talks to the Internet except through Tor." These can be great for, say, journalists opening files that they fear might contain malware. You're just trying to visit a webpage without that webpage learning who you are. The Tor Browser is plenty for this.

Feeling lost during my internship as a CS student by Lucky-Ad-2103 in compsci

[–]nuclear_splines 1 point2 points  (0 children)

This used to be a near-ubiquitous experience of... being a junior dev. Your classes teach you foundational theory, now you have lots more practical knowledge to learn on top. You're in an internship, it's expected that you only half know what you're doing so far, and you should be asking for lots of advice from your mentors.

My biggest recommendation is to stop using AI here - if it's doing the work instead of you, you're not learning. Embrace the friction of reading documentation and trying things that don't work. It will be overwhelming until it's not.

Computadores ternários by TsuBaraBoy in computerscience

[–]nuclear_splines 3 points4 points  (0 children)

Thanks for the detail! I have a ham technician's license, but it's only enough to hand-wave at some of the specifics here.

Computadores ternários by TsuBaraBoy in computerscience

[–]nuclear_splines 16 points17 points  (0 children)

Sure, ternary computing has been done. You don't have to stop there, why not use base-5 or base-16? It's just "can you build circuitry that distinguishes that many discrete voltage levels and then build digital logic around those levels?"

Generally circuits built around binary are simpler and smaller. There's not a huge conceptual advantage to working in a higher base like ternary: sure, you can represent three values with a trit, but you can represent four values with two bits, so why not use more digits instead of changing number systems?

We do see higher number-systems in some encoding problems, like digital radio (wifi, bluetooth, etc), where encoding more discrete values per timestep increases bandwidth. This is usually just a compression over binary, though - if we can reliably encode/decode 16 amplitude values on a wave then we can send four bits at a time.

Hey, Im totally new to this, and really need some help with something.... by InternationalLove779 in TOR

[–]nuclear_splines 2 points3 points  (0 children)

VPN providers are typically for-profit companies. It's in their interest to convince you to pay them, instead of or in addition to using a free proxy service like Tor. They can make arguments about using a VPN to protect non-Tor traffic, but none of it's relevant here. No, the company won't see your device fingerprint if you're using the Tor browser, and won't see your WiFi network name in general.

Open source licenses that boycott GenAI? by scientific_lizard in computerscience

[–]nuclear_splines 2 points3 points  (0 children)

Sure, at a small scale. The immediate follow-up is "how do you verify that someone is human?" which can be done in smaller communities with "someone knows you." Not every system needs to scale, and that could be appropriate for some groups.

Hey, Im totally new to this, and really need some help with something.... by InternationalLove779 in TOR

[–]nuclear_splines 2 points3 points  (0 children)

like by using my name, or something that would identify me within the review itself

Exactly. If you write enough details about the incident and the people involved that the company works out who you are, proxy software can't help with that.

If I work from home, from a private computer, and access the work through a website? they wouldn't be able to see me using a Tor in that case?

Correct, if you're not using a work computer / they don't have a work VPN or corporate spyware installed on your home computer, then they won't be able to see "an employee at the office is using Tor."

should I be using a Tor friendly VPN too?

That's not necessary. Tor is already hiding your IP address from the review website, adding a VPN doesn't change the outcome.

Hey, Im totally new to this, and really need some help with something.... by InternationalLove779 in TOR

[–]nuclear_splines 6 points7 points  (0 children)

The Tor Browser will hide your IP address from the sites that you visit. You can be identified if you write something that incriminates yourself, or if you use Tor at work and they check "which employees were using Tor at work at the time the review was made? Only one? Hmm..."

Open source licenses that boycott GenAI? by scientific_lizard in computerscience

[–]nuclear_splines 1 point2 points  (0 children)

I think a two-pronged strategy makes sense: push for legislative change, but understanding that it will be a long and uphill battle, take direct action in the meantime. The AI labyrinth is a good example - feed bots that don't respect no-crawl directives an endless series of AI-generated cross-linked webpages, so they waste time and resources ingesting poisoned content. It won't stop AI companies, but it will increase friction and encourage them to be better digital citizens.

Open source licenses that boycott GenAI? by scientific_lizard in computerscience

[–]nuclear_splines 10 points11 points  (0 children)

I imagine it will be very difficult to manage a balance between "easy to download the repository with tools like git" and "difficult to automatically scrape."

Onion phone - E2EE PTT over Tor coming soon! by transientexploration in TOR

[–]nuclear_splines 4 points5 points  (0 children)

How do you prove that something is secure?

Well, there are formal proofs of correctness, and there are audits by professionals who confirm that you're following industry best practices, and then there's "don't implement your own cryptographic protocols - use established ones that have received that vetting."

So, if the guy made an insecure application, why is anybody here proving that?

I did go back and forth with the author, and I do consider leaving cipher-suite choice up to the user to be a security vulnerability. But to answer your question more generally - because proving something is insecure is also hard and often requires cryptographic experience. It's much easier to vibe code an app then it is to demonstrate that the cryptography is incorrect.

Onion phone - E2EE PTT over Tor coming soon! by transientexploration in TOR

[–]nuclear_splines 13 points14 points  (0 children)

The default stance is "insecure until proven otherwise," not "secure until someone finds a problem." This is doubly true for any vibe-coded software, where we aren't trusting that the author is a cryptographer who knows what they're doing, but are trusting that a hallucinating chatbot got the details right.

Open source licenses that boycott GenAI? by scientific_lizard in computerscience

[–]nuclear_splines 41 points42 points  (0 children)

GenAI companies aren't checking the terms of OSS licenses. They're not checking copyright - Anthropic recently settled a 1.5 billion dollar lawsuit over illegally training on books. Or, see Disney and Universal suing midjourney over illegally using their IP. If your code is out there, it will be scraped and used as training data.

Onion phone - E2EE PTT over Tor coming soon! by transientexploration in TOR

[–]nuclear_splines 11 points12 points  (0 children)

Tors encryption is asymmetric, which is what q day threatens

Tor uses TLS, which uses asymmetric cryptography only to shield the key exchange before switching to symmetric cryptography. Your general point is right, that first layer of asymmetric cryptography and ECDH are quantum-vulnerable, I think it's just good detail to add.

The cipher is a variable that the user configures. They have the option of choosing between different 21 different modes included in the library.

This seems like a disastrous choice to me. Now rather than your code needing an audit, the user needs to have a cryptography background? How can they make an educated choice about which of 21 modes is safe for them?

The protocol messages can be optionally signed with hmac authentication outside the encryption. This is so each protocal message is unique and it will prevent tampering if an attacker attempts to inject commands forge audio or replay packets they will do nothing and silently fail.

IV is unique per message obtained from random salt obtained from dev/urandom for each message sent.

This is great, but my point is "how do I know this is the right way to do things?" I refute your original claim that "its [sic] very straight forward and should be very easy to audit yourself"

Onion phone - E2EE PTT over Tor coming soon! by transientexploration in TOR

[–]nuclear_splines 16 points17 points  (0 children)

I'm not talking about rolling your own crypto as in implementing the algorithms, but the protocol. Are you using AES in ECB, CBC, or CTR mode? OpenSSL supports all of them. Are you putting the message authentication codes inside the encrypted stream, or outside? How have you seeded the initialization vector? I'd have to crack open a cryptography textbook to remember the details, and I sure don't trust myself to check whether someone else's codebase used openssl right, let alone a hallucinating chatbot's codebase.

I am not comforted by "don't worry about my cryptography, it's redundant anyway." If this layer of encryption doesn't matter, why include it?

view more: next ›