HackerLangs
TopNewTrendsCommentsPastAskShowJobs

n0on3

279 karmajoined 15 tahun yang lalu

Submissions

PixelSmash – FFmpeg's MagicYUV decoder vuln leads to RCE via media file

jfrog.com
10 points·by n0on3·17 hari yang lalu·1 comments

comments

n0on3
·6 hari yang lalu·discuss
“the most powerful AI agent file-editing tool in the world […] patent-pending”… tl;dr: turn tool calls into more structured loops, give it some fancy name and slop about it https://hic-ai.com/blog/tool-response-engineering

Good luck with that
n0on3
·8 hari yang lalu·discuss
Seems cool from the docs page, I was about to give it a shot but https://github.com/vlm-run/mm goes 404 …
n0on3
·13 hari yang lalu·discuss
Apparently nobody cares. A few days ago I bumped-into and submitted this: https://news.ycombinator.com/item?id=48655747 . I thought given the general trust people seem to place in media files it would have raised a few eyebrows but it did not ̄\_(ツ)_/ ̄
n0on3
·22 hari yang lalu·discuss
I second the sentiment, it’s unbelievably annoying. Even more so when the suggested solution from the “support” appears to be “You can downgrade to a version before we introduced this bug”. I’m not even gonna try switching to that new crapware, I’m just going to change client altogether.
n0on3
·bulan lalu·discuss
Sure, but #80 out of 190, still not great ain’t it?
n0on3
·2 bulan yang lalu·discuss
Oh boy, this did not age well. Most cases of “extremely successful” people I can think of exhibit the opposite of these core principles: have no “knack” whatsoever, except not giving a shit about whatever they pretend to be their focus while only focusing on personal return; they contract clusterfucks of debts, just usually never end up having to repay them personally; very few of them even know what “going all in” means, they usually live easy while exploiting others to actually do anything; they have no integrity whatsoever, and they do not have to, since apparently demonstrating lack of it is no longer cause for being told by everyone to fuck off into oblivion anymore.

And yes, yes, of course there are good people out there too that just want (/need) money to get by, but it’s funny to read this and think about those with _lots_ of money
n0on3
·2 bulan yang lalu·discuss
Except most of the complexity has nothing to do with “understanding and exploring the universe”, it’s just byproduct of the ever changing fractal composition of attempts to gain or obtain something over someone else.
n0on3
·2 bulan yang lalu·discuss
> humans would see that the quoted significance makes no sense

I wonder how long that will last
n0on3
·4 bulan yang lalu·discuss
Would you be aware of it if that was the case? I don’t mean this to be hostile or anything but the senario in which one does not notice himself and it goes unnoticed or silently accepted externally does not seem too far fetched to me.
n0on3
·5 tahun yang lalu·discuss
I think we already know how to build secure tech, we just don't because of the cost, which is not 2x or 10x but way higher to the point that is deemed not worth/feasible both for private companies and governments, so it affects everyone and we are not getting out of it anytime soon (if anything sometimes we go in the opposite direction following the goal of money and calling it innovation). Heck, I think it would take a book just to even explain all the components of this argument. Go figure do something meaningful about it. Safe/unsafe languages is just one piece of this thing, and frankly a quite easy one to wrap one's head around: we already have so much stuff we use everywhere written when memory-safety was not really cared for and no-one wants to rewrite / catch up / surpass (there you go: because of the cost). So we get on with it, because meanwhile life goes on, bread needs to put on the table, people want to play with their shiny phones and whatnot, etc.