I also like to think this was maybe done as a form of malicious compliance. Someone inside the agency was tasked with redacting this, and found a way to sneak the information through but still getting it passed by their supervisors, so that the information got out.
To me this is the only explanation that makes sense.
However wouldn’t they risk repercussions when this is inevitably found out? I assume they have records who redacted which documents
> I assume they have records who redacted which documents
(1) Considering it was a rush job (2) general ineptness of this administration and (3) the management wouldn't have defined the explicit job description ("completely black out, not use black highlighter"), the likeliness that there is any evidence that this was intentionally malicious is pretty low.
This happens too regularly across both minor and major issues for me to think this is entirely redactors intentionally messing up. It's just a lot of people being pulled on to the job and not all of them are competent. Maybe some of it is intentional but not all of it I'm certain.
Not in this case, this is just a cover for the guilty because this shows that Epsteins Estate also works for Trump. The rot runs deep. There is no investigation, that is the point.
Out of a thousand people? Where they probably have an email from a PHB that says something like "put a black box over all references to <this list of things?"?
Aider was designed to do single turns becasue LLMs were way worse when it was created. That being said, Aider could do multiple turns of tool calling if command confirmation was turned off, and it was trivial to configure Aider to do multiple turns of code generation by having a test suite that runs automatically on changes and telling Aider to implement functionality to get the tests to pass. It's hard coded to only do 3 autonomous turns by default but you can edit that.
Yes but unfortunately it appears that Aider development has completely stopped. There had been an MCP support PR that was open for over half a year, many people validated it and worked on it but the project owner never responded.
It’s a bit of a shame, as there are plenty of people that would love to help maintain it.
All things considered Anthropic seems like they’re doing most things the right way, and seemed to be focused on professional use more than OpenAI and Grok, and Opus 4.5 is really an incredibly good model.
Yes, they know how to use their safety research as marketing, and yes, they got a big DoD contract, but I don’t think that fundamentally conflicts with their core mission.
And honestly, some of their research they publish is genuinely interesting.
Because in my mind, as a person not working directly on this kind of stuff, I figured that caching was done similar to any resource caching in a webserver environment.
It´s a semantics issue where the word caching is overloaded depending on context. For people that are not familiar with the inner workings of llm models, this can cause understandable confusion.
Being wrong about details like this is exactly what I would expect from a professor. They are mainly grant writers and PhD herders, often they are good at presenting as well, but they mostly only have gut feelings about technical details of stuff invented after they became a professor.
That’s not practical in many situations, as the normalization alone may very well be more expensive than the search.
If you’re in control of all data representations in your entire stack, then yes of course, but that’s hardly ever the case and different tradeoffs are made at different times (eg storage in UTF-8 because of efficiency, but in-memory representation in UTF-32 because of speed).
I get why it sounds that way, but it’s not actually true.
StringZilla added full Unicode case folding in an earlier release, and had a state-of-the-art exact case-sensitive substring search for years. However, doing a full fold of the entire haystack is significantly slower than the new case-insensitive search path.
The key point is that you don’t need to fully normalize the haystack to correctly answer most substring queries. The search algorithm can rule out the vast majority of positions using cheap, SIMD-friendly probes and only apply fold logic on a very small subset of candidates.
I go into the details in the “Ideation & Challenges in Substring Search” section of the article
Modern processors are generally computing stuff way faster than they can load and store bytes from main memory.
The code which does on the fly normalization only needs to normalize a small window. If you’re careful, you can even keep that window in registers, which have single CPU cycle access latency and ridiculously high throughput like 500GB/sec. Even if you have to store and reload, on-the-fly normalization is likely to handle tiny windows which fit in the in-core L1D cache. The access cost for L1D is like ~5 cycles of latency, and equally high throughput because many modern processors can load two 64-bytes vectors and store one vector each and every cycle.
The author published the bandwidth of its algo, it's one fifth of a typical memory bandwidth (it's not possible to go faster than memory obviously for this benchmark, since we're assuming the data is not in cache).
You’re misunderstanding: you just convert to 32 bits once and reuse that same register all the time.
You’re running the exact same code, but are more more efficient in terms of “I immediately use the data for comparison after converting it”, which means it’s likely either in a register or L1 cache already.
That’s an unhelpful take, if you expect everyone to be fluent in the language of the country they’re traveling to.
Another note: I live in Cambodia, where many French people live, and nearly none of them speak the local language, and a very decent amount of them don’t even speak English. Worse yet, the older generation is still hung up in the idea that it’s better for the locals to learn French than English or Chinese.
This is really a very French thing, and you don’t see the same behavior in eg Germany or Italy.
I'm from Poland, but my grandma was living in Germany (Essen). When I was (rarely, she was visiting Poland much more often) visiting her I definitely experienced similar behaviour from Germans.
My German is very poor, I used to somewhat understand what was spoken to me (if simple language was used), and to speak is short, basic sentences with shortage of vocabulary. This is just to provide some context - I never actually tried to learn German.
So I was trying to use English as often as possible. A lot of people - and I mean persons like clerks, salespersons, not random passers-by - either straight-up ignored me, or issuing comments like "Du solltest Sprachen lernen".
On the other hand, I never had similar experience when I was speaking broken French in France (or Marocco).
Please note that I don't want to bash Germans or to defend French. But it all depends on who you encounter - but these encounters might on some level shape your opinion on the whole nation no matter of you want it or not
Since I'm also from the region and familiar with local issues: are you sure this was not the good old anti-immigrant hostility? Germany has (or had) a lot of immigration from Poland and some locals could think you're an immigrant who refuses to learn the language. In my country I sometimes see similar behavior targeted specifically at Ukrainian speakers.
FWIW, I only ever experienced the discussed issue (locals who clearly understand English but refuse to acknowledge me or respond in their language) in France. I really suspect it's specific to french speakers. They uniquely feel that their language was lingua franca and lost the status to English.
Could also be anti-immigration sentiment, because I'm from the US, but I traveled to Germany a few years before the pandemic and while there was only ever one German person whom ever gave me crap about English, there was indeed one and it was a very inconvenient person to take such a harsh stance on. It was in a little airport (which, if it matters, was very close to france) that we were taking to leave Germany and head down toward Italy. The person looking over the bins for carryons was herding people through and she pointed at me and said something I didn't understand in German. So I guessed and pointed at a thing or two, and when she kept saying "no", I finally gave the ol' "es tut mir leid, mein Deutsch ist schlecht. Sprechen sie englisch?", to which she replied slowly and aggressively: "noooo. sprichst du deutsch?"
Which... is certainly understandable! I'm sure she sees a lot of tourism and tourists. But for a neurotic person, being singled out as someone holding up the line by someone who is ostensibly there to help things move faster, because I didn't know a language that I expressly said I didn't know and apologized for, was quite jarring. Up until that point, every single person I met with talked to me like I had a second head that they were generally aware of but didn't care about while they tried to be as polite as possible about not bringing it up. It was a kind of clipped politeness that I have been told is just "german". Nobody cares to be friendly, everyone just wants to exchange only the information needed and, while they do so, they would be as happy and pleasant as a person could be. But as soon as the information had been exchanged, they were right back to bewildered disinterest ("why are you still talking to me? we've finished.", while smiling and nodding).
Anyway, whatever it was that she was trying to tell me, the message never got through. When I answered "no" to her question, she just moved me on through. So maybe she was trying to be polite and I showed my ass or something. Or maybe she was just trying to make a joke and then moved past it when there was no way to make me get it. Whatever the case, I left with the distinct feeling that the author described about that French street. "some people here, sometimes, are going to be very uncharitable about your lack of cultural integration. beware of that." Which, on the one hand is pretty obvious; people are just people all over. But on the other hand, it's probably something most cultures would aspire to minimize.
Yep, concentration of wealth leads to a smaller group of people that buy their way out of taxation leading to further concentration of wealth and services falling apart for the masses.
> It’s much easier to tax the general population than businesses, as they don’t push back as much.
Businesses don't pay taxes. People do. Every dime that a corporation pays is a reduction of capital returns to shareholders, or a reduction of investment into business activity, both of which are taxed again by the people who ultimately receive the capital.
Businesses can play the game where they shop around various municipalities and get them in a race-to-the-bottom on tax breaks if they move their business to their community.
I think it may be about the absolute memory address to the secret being stored, which may itself be exploitable (ie you’re thinking about the offset value, rather than the pointer value). it’s about leaking even indirect information that could be exploited in different ways. From my understanding, this type of cryptography goes to extremely lengths to basically hide everything.
That’s my hunch at least, but I’m not a security expert.
The example could probably have been better phrased.
I don't see how a single absolute address could be exploitable based on my understanding of the threat model of this library. The library is in charge of erasing the secrets from memory. Once the secrets have been erased from memory, what would an attacker gain from knowing an absolute address?
The only thing that makes sense to me is a scenario with a lot of addresses. E.g. if there's an array of 256 integers, and those integers themselves aren't secret. Then there's a key composed of 32 of those integers, and the code picks which integers to use for the key by using pointers to them. If an attacker is able to know those 32 pointers, then the attacker can easily know what 32 integers the key is made of, and can thus know the key. Since the secret package doesn't erase pointers, it doesn't protect against this attack. The solution is to use 32 array indexes to choose the 32 integers, not 32 pointers to choose the 32 integers. The array indexes will be erased by the secret package.
reply