HackerLangs
TopNewTrendsCommentsPastAskShowJobs

smsm42

no profile record

Submissions

[untitled]

1 points·by smsm42·le mois dernier·0 comments

How we caught the Axios supply chain attack

elastic.co
8 points·by smsm42·il y a 3 mois·1 comments

Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"

arstechnica.com
3 points·by smsm42·il y a 6 mois·2 comments

[untitled]

1 points·by smsm42·il y a 6 mois·0 comments

Coverd – gambling with your credit card purchases

coverd.us
1 points·by smsm42·il y a 7 mois·0 comments

[untitled]

1 points·by smsm42·il y a 8 mois·0 comments

Public toilets in China are making people watch ads for toilet paper

dexerto.com
15 points·by smsm42·il y a 10 mois·4 comments

comments

smsm42
·il y a 10 jours·discuss
https://en.wikipedia.org/wiki/Profession_(novella)
smsm42
·il y a 10 jours·discuss
Welcome to the future. Make no mistakes.
smsm42
·il y a 10 jours·discuss
Yes. And since LLMs can not improve knowledge - I mean, they can generate new arrangements of information, but they have no idea whether any of it real or making sense, unless humans - explicitly or through training - tell them, the more we rely on LLM knowledge the less the quality of it would be. Right now the LLMs are mainly in auxiliary role, so most of the knowledge erosion they generate is laughed at and relatively quickly corrected. But would this hold once the role of generative AIs increases? We already essentially entered the chaos period with news content - there's so much noise that it's basically impossible to know if any news message you read is true or manipulated somehow. This is going to start happening to more fundamental knowledge too, either on purpose or just by the force of the probabilistic nature of generative AI.
smsm42
·il y a 11 jours·discuss
They were the part of the organized criminal group that executed the shooting and later tried to help other criminals to avoid responsibility. If you are part of the group that does the crime, everybody in the group shares the responsibility (not equally, some part of it extends to accomplices) - not only she immediate shooter, but people who helped him to do it too.

> The “crime” investigation obstructed by hiding the zines is being left-wing.

That's nonsense. There are literally tens of millions of people in the country that are left wing (including literal communists openly calling for destruction of the United States and Western civilization). As long as they don't get violent, they don't have any trouble for it - in fact, some of them even win elections (including literal communists openly calling for destruction of the United States and Western civilization). The recipe is very simple - do not shoot people. Unfortunately, for the part of the left-wing, this is somehow too hard. They think shooting people who are not left-wing is A-OK. Those people need to be stopped, and putting them in jail for a long time is a good way to stop them. Not for their speech, but for the fact that speech is not good enough for them, and they choose violence.
smsm42
·il y a 11 jours·discuss
[flagged]
smsm42
·il y a 11 jours·discuss
One might consider a lot of things. But if you are at shooting war with United States government, then when United States government puts your away, you don't get to claim it's a free speech issue. You can't sit on those two chairs at once. Either you are a Warrior of Light battling the Nazis, and then it's way beyond free speech, or it's a public discussion and then "free speech" does not include shooting people. You can't claim both. If you're "ordinary citizen", you don't get to shoot at police, or you go to jail, and everybody who helps you does too. If you're a brave revolutionary, then we have a violent revolution, and it's not about "free speech" anymore, revolution is way beyond speech.
smsm42
·il y a 11 jours·discuss
Domestic terrorists who shoot people in the neck. Among millions of things that the government claims to protect mw from, this is one of a few things that I don't doubt I want to be protected from. There's absolutely zero free speech issues here.
smsm42
·il y a 11 jours·discuss
[flagged]
smsm42
·il y a 11 jours·discuss
[flagged]
smsm42
·il y a 11 jours·discuss
[flagged]
smsm42
·il y a 12 jours·discuss
Not to worry, eventually somebody will file a class action lawsuit, and after mere 12 years of litigation everybody affected will get $2.17 in store credits (in another 5 years).
smsm42
·il y a 12 jours·discuss
Many projects have CI setups that run code (Makefile can run any code, for example). Which means, an untrusted third-party contribution would allow that party to run arbitrary code on CI platform. Yes, the solution is to not let untrusted third-party code to be run without manual review.
smsm42
·il y a 12 jours·discuss
Security-wise, there's no such thing as constrained PHP execution, at least with the standard PHP engine. The surface is too wide. You still have OS constraints of the user and capabilities and such, but beyond that if you can run PHP code, you can run anything.
smsm42
·il y a 13 jours·discuss
Yes and no. Yes, theoretically you can initiate ACH transfer with just the account number. But practically, you will need to have a bank that would allow you to do that and agree to be on the hook if the transfer is going to be reversed. Which means if you are a criminal who wants to do it systematically at scale, you have to be big enough to have your own licensed pocket bank. Which is not a service available to a random criminal. Of course, a random criminal could forge a check with your numbers and cash it, but the account owner would rarely be on the hook for the funds, it's whoever agreed to cash the check. It can cause significant annoyance and inconvenience to the real owner of the account (including having to change account number and all accompanied legwork) but rarely results in funds actually being removed from the rightful owner. The banks prefer this system to the alternatives even with the risk of fraud.
smsm42
·il y a 13 jours·discuss
Your SSN had been already stolen in the Equifax breach - unless you're so young or recently arrived that you haven't had SSN by then, in which case it had been stolen in one of a dozens of the breaches since then. And if somehow you avoided all that, it will be stolen in the inevitable next breach, which would happen regardless of what you do.
smsm42
·il y a 13 jours·discuss
PHP one is at best a moderate-level bug in SOAP client which I don't see any realistic way to exploit (the whole convoluted setup in the POC assumes PHP execution access, which begs the question why bother if you already can execute arbitrary code?) - does not look like "genuine critical" at all.
smsm42
·il y a 13 jours·discuss
PHP one appears to be a convoluted way of executing arbitrary code on a local server conditioned on the ability of already executing arbitrary PHP code. In other words, not a security issue at all. The cookie parsing issue might be a bug with security implications if you talk to hostile SOAP servers (didn't look deeper into it but it's plausible) but I can't see how it can be effectively exploited without having a level of access on the target server which makes the whole exploiting question moot.
smsm42
·il y a 13 jours·discuss
I didn't discuss morality. I discuss the fact that if somebody signs a contract, draws a salary and other benefits under that contract, then sign another agreement while leaving, get the cash and benefits under that agreement, and then violate all those agreements - there's nothing "bizarre" in the fact that the other side demands to hold the signer responsible. If Wynn-Williams were driven by sense of morality alone, she could say to FB to shove their severance and sign nothing, but she did not.
smsm42
·il y a 13 jours·discuss
Didn't Wynn-Williams sign an NDA before leaving? What's bizzarre in Facebook trying to hold her to what she voluntarily signed?
smsm42
·il y a 14 jours·discuss
"We all know people are overpaid for doing nothing, but if we don't talk about it somehow it would continue forever"? Doesn't sound like a smart strategy to be honest. The truth will come out.