HackerTrans
TopNewTrendsCommentsPastAskShowJobs

awirth

no profile record

comments

awirth
·قبل 7 أشهر·discuss
I have a 60L fish tank in my Tokyo apartment on around the 10th floor. It's sitting on stand that is not bolted to the wall. I have several friends with similar setups.

In the last 6 years there have been two or three earthquakes that caused enough water to slosh on to the floor.

Of those only the 2021 Fukushima earthquake caused any fish to slosh out - perhaps 10 medaka if I recall correctly. Luckily I was home and I was able to save all the fish, however there was one adult red cherry shrimp that didn't make it because I had trouble picking it up off the floor. I cleaned up the water with some paper towels and it didn't seem to cause any lasting damage.

I think if I had a 600 lb (270L?) tank or expensive fish though I would probably have a different perspective.
awirth
·قبل 10 أشهر·discuss
It's been a year. Has it been disclosed what tool had this misconfiguration?
awirth
·قبل 10 أشهر·discuss
I also got a lot of value out of wanikani even without completing it.

I tried and failed several times to get started with Anki before having success with Wanikani. The key diffentiator for me was the learning step. Anki is great for remembering things you were taught or learned outside of it, but using Anki to learn new things is very much a learned skill that Wanikani holds your hand through.

I have N2 and am working on N1 now, and feel I still have a very long way to go before getting to CEFR C1. Now I only use Anki with the yomitan and takoboto integrations to quickly add any words I look up, which seems to be working well.
awirth
·قبل 11 شهرًا·discuss
These tokens never expire, and there is no way for organization administrators to get them to expire (or revoke them, only the user can do that), and they are also excluded from some audit logs. This applies not just to gh cli, but also several other first party apps.

See this page for more details: https://docs.github.com/en/apps/using-github-apps/privileged...

After discussing our concerns about these tokens with our account team, we concluded the only reasonable way to enforce session lengths we're comfortable with on GitHub cloud is to require an IP allowlist with access through a VPN we control that requires SSO.

https://github.com/cli/cli/issues/5924 is a related open feature request
awirth
·قبل 11 شهرًا·discuss
What you're describing is a specific case of a confused deputy problem: https://en.wikipedia.org/wiki/Confused_deputy_problem

This is captured in the OWASP LLM Top 10 "LLM02:2025 Sensitive Information Disclosure" risk: https://genai.owasp.org/llmrisk/llm022025-sensitive-informat... although in some cases the "LLM06:2025 Excessive Agency" risk is also applicable.

I believe that some enterprise RAG solutions create a per user index to solve this problem when there are lots of complex ACLs involved. How vendors manage this problem is an important question to ask when analyzing RAG solutions.

At my current company at least we call this "権限混同" in Japanese - Literally "authorization confusion" which I think is a more fun name