HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cataflam

no profile record

comments

cataflam
·bulan lalu·discuss
Congrats gaeld and team

The demo is very impressive!

disclaimer: I've known the founder for a while, as legitimate as it gets in deep tech, real years of research and engineering behind this, not vaporware
cataflam
·2 bulan yang lalu·discuss
> For monitoring I use and recommend UpDown.io, which doesn’t seem to be listed there.

It doesn't seem very well known, but I've been a happy user. Most of the others have become over-bloated with a shitty UI.
cataflam
·2 bulan yang lalu·discuss
> Nicholas Carlini, a researcher at Anthropic, orchestrated 16 parallel Claude agents to write a production C compiler in Rust.

To write a proof-of-concept C compiler, not a production-grade one...

Hard to take the article seriously after this
cataflam
·3 bulan yang lalu·discuss
You misinterpreted the comment you are citing.

This non-determinism would not and did not cause replays to diverge (the PRNG seed was most likely stored and would reproduce exactly the same results).
cataflam
·4 bulan yang lalu·discuss
Your AI powered comment is wrong. Le monde has been doing this for years. They have a series of articles about this. There is no "gap closing."
cataflam
·4 bulan yang lalu·discuss
it cannot email your secret key to an attacker because of prompt injection etc.
cataflam
·4 bulan yang lalu·discuss
Almost a month old, original source: https://cybernews.com/security/global-data-leak-exposes-bill...

and I've never seen any confirmation elsewhere

Looks like CyberNews have edited the article with more info since first I saw it, it used to look quite suspicious and untrustworthy, it now has more info. Still doesn't say exactly what a record is, or how many uniques there are.
cataflam
·4 bulan yang lalu·discuss
You're getting downvoted because you didn't read the article.

It is specifically about cleaning up the data by removing these 3 and showing a clearer picture of acceleration without these 3 factors.
cataflam
·6 bulan yang lalu·discuss
Great series of articles!
cataflam
·8 bulan yang lalu·discuss
Don't they?

https://git.ffmpeg.org/gitweb/ffmpeg.git?a=search&h=HEAD&st=...
cataflam
·9 bulan yang lalu·discuss
Wow. Maybe I'm missing something but it seems really weird to replace a tool with a rewrite that doesn't pass the test suite!
cataflam
·9 bulan yang lalu·discuss
This comment[0] explains it.

The core bug seems to be that support for `date -r <file>` wasn't implemented at the time ubuntu integrated it [1, 2].

And the command silently accepted -r before and did nothing (!)

0: https://lwn.net/Articles/1043123/

1: https://github.com/uutils/coreutils/issues/8621

2: https://github.com/uutils/coreutils/pull/8630
cataflam
·10 bulan yang lalu·discuss
Amazing they are still alive and kicking. Started using them with Windows 95 (different specific ones, same general concept)

These and Sysinternals (bought by Microsoft around 2006) were must have when I was still using Windows.

https://learn.microsoft.com/en-us/sysinternals/
cataflam
·10 bulan yang lalu·discuss
> update your password, update your 2FA

should practice it for ENTER your password, ENTER your 2FA ;)

> Still, I don’t understand how npmjs.help doesn’t immediately trigger red flags

1. it probably did for quite a few recipients, but that's never going to be 100% 2. not helped by the current practices of the industry in general, many domains in use, hard sometimes to know if it's legit or not (some actors are worse in this regard than others)

Either way, someone somewhere won't pay enough attention because they're tired, or stressed out, or they are just going through 100 emails, etc.
cataflam
·10 bulan yang lalu·discuss
Indeed.

At least the crowd here should _know_ that TOTP doesn't do anything against phishing, and most of the critical infrastructure for code and other things support U2F so people should use it.
cataflam
·10 bulan yang lalu·discuss
My apologies, somehow after all these years, I didn't know that (and first time I've done it)!
cataflam
·10 bulan yang lalu·discuss
Yes! Here is the whitepaper (from 2017 I think), I read that and used it, it's excellent

https://karla.io/files/ichthyology-wp.pdf

> At Stripe, rather than focusing on mitigating more basic attacks with phishing training, we decided to invest our time in preventing credential phishing entirely. We did this using a combination of Single Sign On (SSO), SSL client certificates, and Universal Second Factor (U2F)
cataflam
·10 bulan yang lalu·discuss
Still would have done nothing in this case, as they pulled the correct email address he uses for npm from another source (public API I think?).

That's exactly why I said all the other "helpful" recommendations and warning signs people are using are never foolproof, and thus mostly useless given the scale at which phishing campaigns operate.

Great if it helps you in the general case, terrible if it lulls you into a sense of confidence when it's actually a phishing email using the right email address.
cataflam
·10 bulan yang lalu·discuss
As for any of these cases, we do receive legitimate emails that require being logged in, Google or otherwise

The answer is simple: use your bookmarks/password manager/... to login yourself with a URL you control in another tab and come back to the email to click it

(and if it still asks for a login then, of course still don't do it)
cataflam
·10 bulan yang lalu·discuss
In that case

1. You just requested it, I'm not saying to never click link on transactional emails you requested. You still need to click on those verify email links

2. It replaces entering your password, so you're not entering your password on a link from an email, which is the very wrong thing.