Right, you can’t actually guess a letter (byte) at a time but you can guess a token at a time (I believe the vocabulary is 200000 possible tokens in gpt 5)
So you could send each of the 200000 possible tokens, see which is cached, and then send 200000 more tokens to find the next cached token
Certainly less efficient but well within the realm of a feasible attack
It's a good call out re: tokens vs letters, but I think you might have misunderstood my point - you can't do it a token at a time unless the intermediate KV cache is stored after each token is generated.
This won't be the case in any non toy implementation, as it would be unneccessary and slow.
Ah, fair enough. Anthropic caches at a block level (basically a single message) so for non-trivial messages this is really less of a concern, although I definitely understand why they still scope cache to a single tenant
A remote code execution bug in ios is valuable - it may take a long time to detect exploitation (potentially years if used carefully), and even after being discovered there is a long tail of devices that take time to update (although less so than on android, or linux run on embedded devices that can’t be updated)
That’s why it’s worth millions on the black market and apple will pay you $2 million dollars for it
An XSS is much harder to exploit quietly (the server can log everything), and can be closed immediately 100% with no long tail. At the push of an update the vulnerability is now worth zero. Someone paying to purchase an XSS is probably intending to use it once (with a large blast radius) and get as much as they can from it in the time until it is closed (hours? maybe days?)
What do you use for the other controls? Start, select, exit, confirm... I have an older L-Tek and I really wish I had one with all nine step buttons (for other dance games) plus control button on top. Also kudos for not using a cheater bar :D. I don't see the old-school no-bar playing much anymore but I find it much more impressive.
I have a wireless keyboard nearby that I used to select songs.
Yeah I have never used the bar. Probably because I learned to play at home, starting on a basic foam pad, and so obviously didn't have the bar available.
To be honest I've been using the same Stepmania 3 installation for decades. Never updated to Stepmania 5 because the step chart format changed and I didn't want to find all the songs again. I have not kept up on recent developments.
L-Tek is probably the best option by far that is somewhat affordable.
Definitely penny-mod them too (just remove the panels, tape washers under the edge of each metal contact point - it makes the pads way more responsive and more fun to use).
You can also buy a portable barre bar on amazon, that's what I use. Super stable and easy to stow away. A bar lets you maintain form on crossovers/jumps, and I recommend for anyone not super casual (playing 12+).
Lastly, if you are really serious, you can buy a replica DDR pad from China for about 4-5k, or a used real pad for similar. The arcade feel is much better than L-Tek, but you need a lot of space for these. [1]
They have crazy growth. They reached $100M/ARR in 18 months, and 3.5 times that in less than 24 months more, so around 85% growth YoY. This is a purchase for future potential, not current earnings
It seems you are thinking of the crypto exchange as selling crypto to customers and then "holding on" to their money. That's not the right model.
Party A deposits 1 BTC into the exchange. Party B deposits $1000 into the exchange. Party A wants to sell a BTC for $1000 and party B wants to buy a BTC. They trade through the exchange, pay some fee to the exchange, and an entry in a database is changed such that the $1000 in the exchange now belongs to A and the 1BTC in the exchange's wallet now belongs to B.
Since actually holding cryptocurrency is inconvenient for users, many will just choose to keep the BTC on the exchange until they want to use it/sell it for cash or a different cryptocoin. Many crypto users are speculators who view it the same as holding stocks in brokerage accounts and not as just an exchange.
This money is held in the exchange platform but belongs to the users. They should in theory be able to withdraw it whenever they want.
Instead the crypto exchange decides to make use of these idle customer funds and invest in speculative funds/embezzle all the money and all of a sudden there is not enough funds in the exchange for all users to withdraw.
MD5 is not broken in the way you think it is. Even without salting if you give a hash H there is basically no way to recover a string that hashes to it other than randomly trying strings 2^128 times.
What you can do trivially is find 2 strings X1 and X2 such that md5(X1) == md5(X2). In this case seeding the way you described won't help because md5(X1+S) will equal md5(X2+S) due to the way MD5 works
reply