heuristic
US /hjʊˈrɪstɪk/
・UK /hjuˈrɪstɪk/
C1 高級
adj.形容詞 啟發式教育法
She had a heuristic approach to her studies
影片字幕
45歲的你注意!如果你是40歲左右,請一定要看這支影片: (I'm 45. If you're in your 40s, watch this:)
- Number 35: a great heuristic in life is to always ask yourself if you will regret the decision that you are currently going to make.
所以他們不會一而再、再而三地說。
- A great heuristic in life is to always ask yourself if you will regret the decision that you are currently going to make.
人生中一個很棒的判斷準則,就是隨時問自己,你會不會後悔現在即將做出的決定。
事實 vs 迷思:哪種學習方式最好? (Facts vs Fiction: What is Better for Learning?)
- Nonfiction provides our mind a theory, a heuristic and a framework that allows us to make assumptions and generalize.
非虛構作品為我們的頭腦提供了一種理論、啟發式方法和框架,使我們能夠做出假設和概括。
- Nonfiction provides our mind a theory, a heuristic, and
你怎麼看?
SANS Stormcast 4 月 18 日:Remnux 雲端環境;Erlang/OTP SSH 漏洞;Brickstorm 攻擊... (SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Ba…)
- hello and welcome to the friday april 18th 2025 edition of the sands internet storm centers stormcast my name is johannes ulrich and today i'm recording from orlando florida today we got another guest diary by one of our undergraduate interns jacob clay camp did write about how to get started in malibu analysis of course we have plenty of diaries always about malibu analysis didier and xavier most notably are heavily contributing to this this is more the beginners view of malibu analysis and sort of how to get started with malibu analysis using a cloud-based system a couple interesting parts here first of all jacob is using aws a free instance and then uses chasm workspaces in order to essentially get a remote desktop into a container which then runs remnux this is lenny seltzer's reverse analysis environment all of this is linux-based and since it is set up in a container it's also easy to reset and the cloud deployment of course makes it nice and isolated from anything that you may have going on in your home network overall interesting setup and then jacob is going over a quick analysis of a red tail sample and how to apply this particular environment to the analysis of this particular matter interesting a write-up and nice step-by-step guide to help you get started and then we have a critical vulnerability affecting the erlang otp ssh library this affects any ssh servers written in this language the vulnerability was found by researchers at the ruhr university city in bochum now the otp here in erlang otp does not stand for one term one-time password instead it does stand for the open telecom platform this particular version of erlang was created and maintained initially by ericsson and is often used in telecom related devices routers and the like so certainly there is quite a number of affected devices out there the cbss score of the vulnerability is a perfect 10.0 because it does allow for arbitrary code execution without authentication the problem is that some ssh messages some ssh protocol messages can be sent and executed before authentication finishes due to this bug and that then leads to execution now the user this this code executes at depends on the user the ssh server is running at at the time it receives these messages definitely upgrade but of course since this is a vulnerability in the library used to create the ssh server you may have to wait for respective vendors to actually release updates here in the meantime the only alternative you have is to disable or firewall the ssh server and belgium security company inviso did release a report with details regarding some of their recent findings of the brickstorm backdoor brickstorm has been used in linux in in sort of vmware environments but now they also found a version of this backdoor on windows there are a couple interesting things to note here unlike most backdoors this backdoor actually does not have a remote code execution capability they say that typically rdp and such is used instead by the attacker and that they specifically didn't include a remote code execution capability to evade some heuristic and behavioral detection that you often find that would flag any code execution behavior instead this particular backdoor is able to read write files from the file system it also has some network components that would allow an attacker to essentially use an affected system as a pivot to scan other systems in the network so certainly a capable piece of malware also interesting as a command control channel they're using cloud flare workers and similar systems that again are less likely going to trigger alerts interesting report and it also includes some good indicators of compromise and the ways and techniques how you can actually find if you are affected by this particular backdoor and openai released its latest greatest model gpt 4.1 but this didn't happen amid some controversy around the security aspects here first of all this model was released without the usual safety reports or system cards which typically outline how this particular model was created to be safe meaning not for example allowing to create malware and apparently some of these safeguards that you often find in these models are missing from gpt 4.1 making it trivial to create malware with this model interesting problem here and not even sure if this will be something that the openai will fix in short notice but definitely we have seen malicious models of course before but not from major vendors like openai well that is it for today so thanks again for listening and thanks everybody who i met here i mean all of you listeners at the event here in orlando and well i'll talk to you again on monday bye
大家好,歡迎收聽2025年4月18日星期五的金沙互聯網風暴中心風暴播報,我是約翰尼斯-烏爾裡希,今天我在佛羅里達州奧蘭多錄製節目。當然,我們有很多關於Malibu分析的日記,其中Didier和Xavier的貢獻最大,這篇日記更像是Malibu分析初學者的觀點,以及如何使用雲系統開始Malibu分析。首先,Jacob 使用 aws 免費實例,然後使用 Chasm 工作區,以便將遠程桌面接入容器,然後運行 remnux,這是 Lenny Seltzer 的反向分析環境。當然,雲部署使其很好地與家庭網絡中發生的
- They say that typically RDP and such is used instead by the attacker and that they specifically didn't include a remote code execution capability to evade some heuristic and behavioral detection that you often find that would flag any code execution behavior.
Joseph Pine - 顧客真正想要的到底是什麼? (中英雙字幕) (Joseph Pine - 什麼是顧客真正想要的? (中英雙字幕))
- And using the same heuristic, what happens when you customize a service?
有個對抗商品大眾化的辦法, Now, there's an antidote to commoditization,
- and use, in that same heuristic, what happens when you customize a service?
應用同樣的法則,當你客製服務後會產生什麼? and use, in that same heuristic, what happens when you customize a service?
「奮鬥文化」偷走了「卓越」這詞,掏空了它的真諦 | Brad Stulberg:完整訪談 (Hustle culture stole the word excellence and gutted its true meaning | Brad Stulberg: Full Interview)
- So we at least have a heuristic or a schema for how it should be done, whether it's shooting a basketball, or playing the violin, or building a table, or leading a team, and we know that we're not doing it.
所以我們至少有一個方法或一個架構,知道該怎麼做,無論是投籃、拉小提琴、製作桌子,還是領導團隊,而且我們知道自己還沒做到。
- So we at least have a heuristic or a schema for how it should be done, whether it's shooting a basketball or playing the violin or building a table or leading a team.
雖然心流可以是卓越的一部分,但卓越也包含了進入心流狀態之前和之後的所有事情。
別再過度解釋!用「3S法則」展現你的權威感! (Stop Over-Explaining: The 3 S’s Rule For Projecting Authority)
- So confidence is actually a heuristic.
好的,這樣聽起來好像有點道理。
- So confidence is actually a heuristic.
所以自信其實是一種捷徑。
AI 的進化與創造力:哈拉瑞 x 宇多田光 深度對談! (The Evolution of AI and Creativity: Yuval Noah Harari × Hikaru Utada / AIの進化と創造性【ユヴァル・ノア・ハラリ×宇多田ヒカル】)
- The effort heuristic, where people, if they know that if a human or maybe even AI, if they've done it in a more difficult way or something where it's very limited access, then if someone has spent time making it and they know that an actual human being has struggled and because the source of your book, itself, writing it in itself is a struggle or a lot of work, but you're putting in your entire life's experience into what you make at that point, right?
我沒辦法為不同的人寫出稍微不同的書。
- The effort heuristic, um, where people, if they know that, you know, if pe a human or maybe even AI, if they've done it in a more difficult way or something where it's very limited access, um, then if someone has spent time making it and they know that a-an actual human being has struggled and because the source of your I mean, your book itself writing it in itself is a struggle but or a lot of work, but you're putting in your entire life's experience into what you make at that point, right?
努力捷徑,嗯,也就是說,如果人們知道,你知道,如果人類,或者甚至 AI,如果他們用更困難的方式完成,或者在某些地方有非常有限的存取權限,嗯,那麼如果有人花時間製作,而且他們知道是真人付出了努力,因為你的來源,我的意思是,你寫書本身就是一種掙扎,或者很多工作,但你把你的畢生經驗都投入到你當時所做的東西裡,對吧?
史丹佛溝通學教授的必殺技!讓大家愛上你的 #1 閒聊技巧! (The #1 Small Talk Rule That Makes People Like You (Stanford Communication Professor))
- But had I really listened and observed in that moment and not immediately jumped into that heuristic of feedback, I would have noticed he was looking down.
但如果我真的在那一刻仔細聆聽和觀察,而不是立刻跳進意見回饋的這個捷徑,我就會注意到他低著頭。
- But had I really listened and observed in that moment and not immediately jumped into that heuristic of feedback, I would have noticed he was looking down.
他從後門離開。