HackerTrans
TopNewTrendsCommentsPastAskShowJobs

febusravenga

172 karmajoined قبل 4 سنوات

comments

febusravenga
·قبل 4 أيام·discuss
No but those have less or no guards against it - so _we the society_ ;) stand and try guard them.

Rest of us have some chance to stand against persuasion.
febusravenga
·قبل 12 يومًا·discuss
Our customers are CEOs and CTOs - kinda checks out.
febusravenga
·قبل 12 يومًا·discuss
If you're telling dirty jokes, there are many flavors and those ive' mentioned are not special.

This is example. There are _bad_/_hard_/_dark_ jokes about women, grandmas, blacks, whites, east-asia. They have place - unless you're harming someone they are _ok_ for situation.

But only for situation. When recorded, stored and reheard years after it's not longer that situation. By recording, you're basically extending every private situation to infinity.

People in private situation, in close groups behave in ways they consider private - they cross boundaries, they "challenge" authorities/boundaries and it's ok.

It's not ok to take this freedom by assuming you can't say anything controversial in any setting.
febusravenga
·قبل 13 يومًا·discuss
Its not about saying illegal things. It's mostly about saying things that can get you canceled in future in future culture.

Dark jokes and strong opinions are example - you something filthy - let's say dark Holocaust/Nazi joke but funny in situation In group that accept it and it's ok. But if it's recorded, it'll stay forever and will surface in most unexpected moment, like job interview or some other screening by gov/corpos.

Don't say that dirty jokes should be punished in future if in given situation they were received as ok and only later someone else, not in situation is going to judge it
febusravenga
·قبل 20 يومًا·discuss
when I entered site, all bubbles contained dicks/balls and combination of these... so... someone found words that are not banned, but still abused forum in most primitive way ..

you're wrong, moderation is needed in ventures like this
febusravenga
·قبل شهرين·discuss
> hostname: tauceti

The other Hail Mary reference is on top of HN today.

Well done Andy Weir.
febusravenga
·قبل شهرين·discuss
> always been simple: to help you ask anything on your mind

No, it was to search. Search within resources that are external to Google. Like index in library.

(stating the obvious). Starting article like this - that is with attempt to rewrite history - is very sad.
febusravenga
·قبل شهرين·discuss
It's not failure of npm/js ecosystem. It's Github Actions failure that allowed this to happen.
febusravenga
·قبل شهرين·discuss
This is GitHub FU.

Key issue here is cache poisoning, that is feature/bug that exist in utility functions/actions provided by Github.

Even if there was misconfiguration on tanstack side, then root cause is on. GH for even allowing insecure workflows to interfere with secure ones.

Here people are trying to fix defaults - not to write cache in insecure context -> https://github.com/actions/cache/issues/1756

(even if sufficiely smart attacker would find the key somewhere and skip this kind of prodection, not sure where but write-allowing-key it must exist somewhere in runtime if actions/cache can us it)

Someone else on this thread:

> On GitLab even if you set the same cache key it will not cross between unprotected and protected runs.
febusravenga
·قبل شهرين·discuss
> This is a critical insight: SLSA provenance confirms which pipeline produced the artifact, not whether the pipeline was behaving as intended. A compromised build step can produce a validly-attested but malicious package.

They basically confirm that this whole provenance only proves origin. That origin was broken/flawed and was coerced to do something bad. (?)

Again, untrusted workflows can't write anywhere - cache poisoning was they key problem. If cache would be clean, release build/run would be clean too.
febusravenga
·قبل شهرين·discuss
I think more proper solution is to limit writes of untrusted actions - they shouldn't be allowed to update cache. Only read - for perf reasons.
febusravenga
·قبل شهرين·discuss
I think biggest concern here was cache poisoning.

Well, one of simplest mitigation is that `pull_request_target` jobs shouldn't have access to write to cache, they can read for performance, but not write.

To extrapolate rule, the `pull_request_target` shouldn't have any ways to invoke external side effects.

In most strict scenario, they shouldn't have access to network at all ... or only to GET <safeUrl> - where safeUrls are somehow vetted previously on main, derived from yarn.locks and similar manifests. Pita to setup, no wonder nobody does that.
febusravenga
·قبل 3 أشهر·discuss
In other words, he's cutting branch he's sitting on.
febusravenga
·قبل 3 أشهر·discuss
I can only juggle 3, but I prefer clubs. Balls are so boring they are so small and not spectacular. Clubs on the other hand, man they are rotating. Once, twice, treetimes, backwards. I believe that if someone stuck at this basic level of juggling 3 balls, he should try clubs - at least for me it's pure satisfaction watching these rotating in various variants before.
febusravenga
·قبل 4 أشهر·discuss
Och, hello fellow monotone user.
febusravenga
·قبل 4 أشهر·discuss
"If you hate react" feels like very bad argument in engineering.

Anyway, interesting approach for up to medium pages (not apps!). Totally not replacement for react.
febusravenga
·قبل 4 أشهر·discuss
How bugs are still possible now when we all write everything in Rust?
febusravenga
·قبل 4 أشهر·discuss
In my company, overuse of LLm and sloppy pasta is feature of those that you can't fire.

For me it destroyed company as aligned group of people, at C level, it's just bazaar of drones throwing AI slow at each other.
febusravenga
·قبل 4 أشهر·discuss
Good to hear, some countries already have some privacy laws protecting is from this type of products. Anyone has share more specifics about those laws, how's that they are effective in this case (unlike GDPR which is annoying and usually toothless).
febusravenga
·قبل 5 أشهر·discuss
First sentence we would understand from Dolphins language: thanks for all the fish!