User Profile

This paper formally equates (lossless) compression algorithms with LLM/learning. While the Hutter Prize has postulated the connection, this paper shows how an LLM can act as a better compressor for multi-modality data than the domain specific standards of today. The authors also use the gzip compression algorithm as a generative model, with rather poor success, but build a mathematical framework to build on.

The paper also covers tokenization as compression, which is something that's been lacking in a lot of other scientific discourse on this subject. Overall a nice read, 4* only because it ends abruptly without fully exploring the space of compressors as generative models.

Basically this research combines a legacy IPv6 addressing scheme where the MAC address is put into the address with crowd-sourced WiFi network scanning geo-location databases. The trick is figuring out the delta in MACs between the WAN and WLAN adaptors, but they are usually close, so with some clustering, they were able to get 39m accuracy for ~12M routers in over 100 countries.

Crazy to think putting a MAC address in a world-routing IP address was ever considered a good idea, but with networking gears' long life cycle, it will be a long-lasting mistake!

This paper (and the associated code/service: timevault.drand.love/) may be one of the most/only valuable contributions to come from the entire web3 ecosystem. The ability to commit to a future decryption time is a powerful primitive, such as in auctions, coordinated disclosure, and other "dead man's switch" scenarios.

I look forward to this work being critiqued and built-upon for a whole host of interesting offerings.

This paper predictably finds a lack of authentication and cryptographic protections in a legacy RF protocol that is designed to work around the world for life-saving signals. While they determine is it possible to spoof a signal in a lab environment, and call for improved authentication, etc. they fail to include the international legal framework surrounding these signals, and the fact that in a safety-critical environment, a signal discarded due to lack of nonce freshness is more risky than allowing bad actors with drones to send illegal signals.

This paper explored the weaknesses and risks associated with modern exception handlers (across all major OS and architectures) in unwinding attacker-controlled state. The most powerful example is a bypass of stack canaries where a function throws an exception after the overflow but before the function return; the exception handler would eventually execute attacker-controlled memory.

There is an attempt to quantify the overall impact of this mitigation bypass by looking at the Debian repos for code that uses exception handlers, but it is quite context sensitive. The paper concludes with three CVEs that would be exploitable with current mitigations (stack canaries, etc.) using the new technique.

Nice applied research on automatically searching for privesc weaknesses in signed Windows driver binaries. While they found a lot of initial drivers to test, the corpus was slimmed down by the sources and sinks they used to search for. Still managed to find a few dozen new vulnerabilities.

This book got me interested in what expressive types can do for software development, maintenance, etc. While I never built anything real with Idris, I did love the programming approach versus that of Coq; I was able to express some type declarations that not only enforced a semantic correctness property, but also a worst-case runtime for the implementation.

I hope to see languages like Idris become more real-world useful, and more popular languages improve the expressiveness of their type systems.

This talk covers such an important concept of market forces and complexity and the resulting security externalities. It does so in a clean manner that can be widely understood. It reminds me of a [paraphrased] quote of Mike Walker, "that software tells the CPU what it cannot do".

It is both an explanation for the current state of affairs, and a call to arms to improve and look for simplicity and concise definitions of the needed functionality. As a proponent of LangSec, I heartily agree!

This is required reading for every new Thinkst employee, and it was a treat to be exposed to it. It helps contextualize the process of getting stuff done, and how easy it is to build processes and offramps to not focusing on what is important.

Coming back to it periodically when I've had a bit of a lull in my own research helps to revive my interest in exploring and learning new things through research.

[Included in ThinkstScapes]

This paper explored using ML techniques to identify LTE devices streaming specific content via their bandwidth fingerprint. The authors identify that video streaming encodes a specific duration of video into a data-chunk, so each video has a unique sequence of transmitted chunk sizes, allowing for fingerprinting a media sample, and then classifying an encrypted network stream to determine if it is that video.

The experiment ran both open and closed world, and showed high accuracy, even with other device processes using data, and with other channel usage to increase channel capacity. In short, they were able to [with high confidence] determine what video every LTE device was watching in a cell (assuming it was seen prior).