HackerLangs
TopNewTrendsCommentsPastAskShowJobs

arcwhite

76 karmajoined 16 anni fa
Director of Software Engineering at Bugcrowd (also employee #1!). Infosec, Ruby, Kotlin, Flutter, Obj-C/Swift.

Sydney, Australia.

comments

arcwhite
·l’altro ieri·discuss
Instant turn-off, couldn't finish it. The moment I sense this style, now, I have to close the tab
arcwhite
·2 mesi fa·discuss
It doesn't do that though. Understand. That's not how LLMs work.
arcwhite
·2 mesi fa·discuss
Mu.
arcwhite
·3 mesi fa·discuss
She is indeed some sort of wizard
arcwhite
·5 mesi fa·discuss
Huh? The bot can communicate with me freely as it sees fit. A "conversation" in telegram parlance is not time-limited, it's ongoing once established, so no it's not only inbound. It can awaken and ping me whenever it wants. This can also work if it's added to a group chat.

If you mean it's not outbound as in it can't message arbitrary random users out of nowhere, well yeah, and that's a very desirable trait.
arcwhite
·5 mesi fa·discuss
Once a conversation with a user is established, telegram bots can bleep away at you. Mine pings me whenever it puts a PR up, and when it's done responding to code reviews etc.
arcwhite
·7 mesi fa·discuss
Compared to what? What's your baseline for how much a user-interaction-required XSS vulnerability should be worth?
arcwhite
·7 mesi fa·discuss
It's actually pretty on-par for most bug bounties. They used the same exploit on a few programs and got $11k total which ain't bad return on time.
arcwhite
·7 mesi fa·discuss
There's generally no grey market for XSS vulns. The people buying operationalized exploits generally want things that they can aim very specifically to achieve an outcome against a particular target, without that target knowing about it, and operationalized XSS vulns seldom have that nature.

Your other potential buyers are malware distributors and scammers, who usually want a vuln that has some staying power (e.g. years of exploitability). This one is pretty clearly time-limited once it becomes apparent.
arcwhite
·7 mesi fa·discuss
I've seen code persist a long time because it is unmaintainable gloop that takes forever to understand and nobody is brave enough to rebuild it.

So no, I don't think persistence-through-time is a good metric. Probably better to look at cyclomatic complexity, and maybe for a given code path or module or class hierarchy, how many calls it makes within itself vs to things outside the hierarchy - some measure of how many files you need to jump between to understand it
arcwhite
·9 mesi fa·discuss
Or do people stop changing their minds because they're worn down, their brains no longer as capable of making space and joy for new ideas?

Which these stem cells, if they pan out, very specifically fix
arcwhite
·9 mesi fa·discuss
Not really - that 1GB is the seed for a procedural generation mechanism that has been finely tuned to its unfolding in an environment over 4 billion years.

DNA is the ultimate demoscene exe
arcwhite
·10 mesi fa·discuss
A bunch of us in the rest of the world are making great strides in reducing our greenhouse gas emissions without it tanking our economies. Australia is, per-capita, one of the worst offenders and we're on track to reach net zero by 2050.

I think your position is based on very cynical premises. There is no reason to assume with high confidence that humans will obliterate each other in that next 50 years (especially if we do something about one of the major stressors causing conflict)

There is also no reason to believe that reducing greenhouse gas emissions over 15-20 years will cause "more" damage than the worst impacts of climate change? Can you cite sources on this claim?

It is still possible to mitigate the worst effects of anthropogenic climate change.