I've noticed a couple of issues with the search and filtering this evening, I'll have to look at it tomorrow. In the meantime, https://sbc.compare/arm (there's also /risc-v and /x86) may help a little here!
Looks like garbage "vulnerabilities" generated by ChatGPT from a random sample of log messages. None of it looks even remotely substantiated and I have no idea how this made it to the front page so quickly.
I do feel frustrated with the current state of evaluations for long-lived sessions with many tool calls -- by default OpenAI's built-in eval system seems to rate chat completions that end with a tool call as "bad" because the tool call response is only in the next completion.
But our stack is in Go and it has been tough to see a lot of observability tools focus on Python rather than an agnostic endpoint proxy like Helicone has.
Hey! I work for the LLM Ops platform LangWatch and I've been working on building out our Go support the past few months as a little hobby of mine (I hope more people adopt this, so I can spend more of my working hours on this).
If you're interested our Go SDK has full support for OpenAI, and any OpenAI compatible endpoints, as well as some nice OpenTelemetry tracing support too.
We send OTP codes for our login flow and iCloud is definitely a big source of delayed email complaints. Codes eventually arrive, but not before a support ticket is created. Instant on every other ISP.
Didn’t spend enough time to find the root cause, but at enough volume this option caused some of our inserts to take several seconds, even with awaiting for success disabled. Just moved to using an in-memory queue in our app and it fixed it.
I ran Tor nodes, had a bunch of blacklisted IPs, and just stopped running them and it was fine? Blacklisting Tor nodes requires updating the data often, so it falls off pretty quickly. To discard an entire /24 would be pretty funny over that!
Most people just use a DNSBL to block Tor exit nodes. They're pretty trivial to find online and presumably, very easy to set up because the list of Tor exit nodes is publicly available.
This also means the expiry time is usually tied to however long a Tor exit node stays on the DNSBL + 3 or so days (depends on how long the software is configured, but 3 days is typically the assumed default for IPs that tend to get mixed up with automated spam, of which Tor is also a massive purveyor.)
On the bright side, this bug seems to require an ECDSA operation, and I would guess that most ePassports are using RSA. Can't seem to find any statistics but the standards support both.
Since it's a non constant time implementation of a specific part of the EC operation (modular inversion) my guess would be they reused the code for that everywhere and it's probably also present in ecdh and all other algorithms requiring a modular inversion.
reply