I came across this claim in a machine learning paper
As a result, an n-dimensional representation may encode features not with the n basis directions (neurons) but with the possible almost orthogonal directions (Elhage et al., 2022b) , leading to polysemanticity.
All that the reference had to say about it was this:
This post is a writeup of a reversing challenge from a CTF competition called KalmarCTF, that took place 7th-9th March 2025.
The prompt for this challenge was:
The Kalmar FlagSecurityEngine�'s usage of the loadall() function will surely protect the flag from reverse engineering, right?
Snyk hosted a free online Capture The Flag (CTF) competition on 27th-28th February. This is my write-up of the web challenges.
Snyk is a cybersecurity company. Their main offering is static code analysis to help identify vulnerabilities in code before they make it to production. In my job as a penetration tester, I mainly interact with Snyk via their online library of JavaScript vulnerabilities. I find out what versions of what JavaScript libraries are running, and check those for known vulnerabilities. Snyk is a great resource for this because it includes vulnerabilities that don't have a CVE, which many other tools will miss. Most of these issues have an advisory on GitHub or the vendor website, but occasionally the only documentation is a blog post.
On 26th February, during a web application test for a client, I was browsing Snyk and saw this banner:
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
The prompt for this challenge was:
We've been working on a little side project - it's a URL unfurler! Punch in any site you'd like and you'll get the metadata, main image, the works. We're publishing it open source soon, so we figured we'd let you take a shot at testing its security first!
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
The prompt for this challenge was:
I WANT TO BELIEVE. He can't be all three. Something doesn't add up!
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
The prompt for this challenge was:
TimeOff is an early build for our upcoming line of business application that will help us manage our employee's PTO requests. Please give it a thorough security test and let us know if you find anything. To set you up for success, our devs have given you the full source code and a development build of the current app. Feel free to build a local instance for your security test. If you find anything exploitable, prove it by capturing the flag.txt file on the live instance!
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
The prompt for this challenge was:
Web-LOG? We-BLOG? Webel-OGG? No idea how this one is pronounced. It's on the web, it's a log, it's a web-log, it's a blog. Just roll with it.
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
The prompt for this challenge was:
We purchased a web dev project off of a gig site to build our new plant subscription service, Plantly. I think the dev was a bit rushed and made some questionable choices. Can you please pentest the app and review the source code? We need to know if there are any major issues before going live! We'll give you the source code so you can run a local instance. We also have a live dev instance so if you find any major vulnerabilities, exploit the live instance and prove it by grabbing the flag!
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
The prompt for this challenge was:
VulnScanner is our new open source project to help developers, security researchers, and bug bounty hunters identify attack surfaces! It's uses a flexible, customizable YAML templating engine to define web scans. We set up a website that hooks into a safe version of the scanner for demonstation purposes. That should be fine, right?
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
Disclaimer: I did this challenge after the live competition was over.
The prompt for this challenge was:
This post is one of a series of write-ups from a competition called Fetch The Flag. You can read more about the competition and see write-ups of other challenges here .
Disclaimer: I did this challenge after the live competition was over.
The prompt for this challenge was:
When I was a child, about once a year when the sales were on, my mum would make me go through my wardrobe and decide which clothes to get rid of. These would be taken to a charity shop, and then we would go on a family shopping trip and buy new clothes.
As a child, it was sufficient to remove things that no longer fit (not that I always found this easy at the time). As I was continually growing, it was guaranteed that any given item would eventually be too small and the number of clothes I owned would remain finite. Now that I am a grown-up [citation needed] , I no longer outgrow clothes but still accumulate them. Some I buy, some are gifts, some are from University careers fairs, conferences, or similar, and then I had a recent phase where I was addicted to Vinted. I need a new method to decide what to cull.
We need to go beyond "does this spark joy?" and ask "Exactly how much joy does this spark? How many days of shrimp torture is this worth?".
Note, the events described in this post took place between February and March 2023
I once had occasion to dress up as a Mad Hatter. Well what would a Mat Hatter costume without a Mad Hat be?
It turns out, hats are hard. Possibly the hardest item of clothing to make yourself, except maybe shoes.
In July 2024, fashion brand Mango attracted a lot of attention for their AI generated advertising. You can read their take on it here. I can understand the appeal for companies: it saves a lot of time and money that would be spent on hiring and shooting models. But for consumers, it completely misses the point of seeing what the clothes look like and how they would fit a person.
Here's an example from their campaign:
The Mango advertisements, while AI generated, are good quality and have clearly been through a lot of human supervision, editing, and quality control to make sure that the pictures actually represent the product they are selling. I'm not mad at them.