The adversarial example attacks work against most known machine learning models, including statistical models, decision trees, feed-forward nets, convolutional nets, recurrent nets. They not only work against classifiers, but also against regression, and RL models.
HN Threads on articles unrelated to technology matters tend towards the dumpster-fire end of the spectrum. The aforementioned classification is orthogonal to the (insert leftist news site here)/(insert rightist news site here) axis.
Personally, I receive a Startup Digest newsletter tailored for Madrid and BCN, curated by Alex Barrera, who I think is famous in the startup scene, and Maria Encinar. They cover jobs, rounds, events and talks...the usual. That might be interesting for you.
TensorFlow supports weight quantization, but XNOR seems to be rewriting the trained model graph into a one that only uses binary boolean ops, and probably optimizing the graph along the way.
Exactly my point. Feed forward can run on much lower specs just fine. So their whole "prison of supercomputers" analogy is for the wrong side of the equation.
So what you do is you use the DRM API to negotiate a way to transfer a decryption key to a secure hardware module in the consumer's device. Having the source code to the Firefox component doesn't give you access to the firmware or keys stored in the module. (Yes, you can hack hardware. But it's way more expensive.)
It's still your computer... Capture the firmware when loading, and decompile it.
The problem starts only when "they" decide to mandate in our hardware. (And yep, "they" are already doing it, for several values of "they". We are fighting the wrong war here.)
I have some insider knowledge of how these chips work. First, you get the chips with crypto keys already installed, so having a copy of the firmware source code won't help. Second, the keys are unique to the device, so getting it won't give you much. Third, the firmware is authenticated so modifying the firmware won't help. Fourth, the chip is designed to be resistant to physical attack.
You don't need to compromise every chip. You just need to compromise one. That's not particularly hard. You can use some fancy equipment to extract the private key, and then you can decode any video the chip could decode.
Or, if you want to be lazy, just hook a VGA cable up to a transcoder.
But a particular chip will only have the keys for a small number of videos. When you buy a movie, you download that movie encrypted with a unique key, and the unique key is encrypted with your device key. So compromising one chip won't give you any kind of "master key" or anything especially valuable. The movie can be stored anywhere, when you need to play it you will pass the encrypted key to the device and the device will use it to decrypt, decode, and then send the movie directly to video output (possibly re-encrypted with something like HDCP, although that's a broken scheme).
The chip will also not send high-definition output to VGA, so you will need to do better. Basically, you have to hack the hardware.
I'd like to clarify that I'm not defending DRM, just that circumventing DRM is not as easy as people in this thread intimate. I think the reason why DRM will fail is because of economic pressures: the cost of deploying millions of devices designed to protect ubiquitous data against a small number of highly intelligent and motivated cryptography experts and hardware hackers.
This is a neat summary of an idea that always turns up on every DRM thread. If the best way to copy a movie is to buy some extra hardware to plug into your VGA port, and then play the movie back at regular speed while you record it, then DRM is working. Joe Bloggs isn't going to do that to give his mates copies of a movie he enjoyed.
Of course, someone out there will go through that and put it on the internet. But Joe's mate is worried that the government will track his downloads, or his computer will get a virus from these dodgy downloads. And every few weeks, the source he's using shuts down and he has to find a new one. Before long, he'll just decide it's worth giving Netflix a few dollars a month to get movies the easy way.
Most piracy isn't about Joe Bloggs giving the video to his friends. It's established institutions uploading videos to popular torrent sites, where they get millions of downloads. There is simply no way to prevent that.
Piracy isn't about Joe giving the video to his friends precisely because of DRM. If it was trivial to click 'save as' and copy the movie to a memory stick, I think people would be swapping movies routinely.
I already outlined precisely how they limit the influence of illegal download sites: ensure that the effort to find them and the perceived risk of prosecution and malware exceeds the cost of getting the movie legally. Once people start working and appreciate the value of their time, it's not actually very hard to tip that equation in their favour.
Capturing, decompiling the code will give you the routes / hardware key access points which you can then manipulate by pretending to be whatever they expect, et voila assuming you can decompile the transcoded information being passed along.
