HackerTrans
トップ新着トレンドコメント過去質問紹介求人

guns

no profile record

コメント

guns
·8 か月前·議論
https://github.com/mozilla-firefox/firefox/blob/FIREFOX_143_...

  # Use 17 for Ctrl, 18 for Alt, 91 or 224 for Meta, 0 for none.
  - name: ui.key.accelKey
    type: uint32_t
  #ifdef XP_MACOSX
    value: 224
  #else
    value: 17
  #endif

  // user.js
  user_pref("ui.key.accelKey", 91);
guns
·8 か月前·議論
You could use Firefox and then set the accelerator key to Super, changing all application bindings to use Super instead of Control. This is my setup and it’s great.
guns
·2 年前·議論
Reminds me of “Flashed face distortion effect”:

https://en.m.wikipedia.org/wiki/Flashed_face_distortion_effe...

https://youtu.be/VT9i99D_9gI?si=QHhzR00tib3ZuX-5
guns
·3 年前·議論
> People keep forgetting to sanitize inputs, for example. Does that render input sanitization a broken idea?

Possibly. You could prevent careless use of unsanitized inputs with a type system. Fail-safe designs should be more common.
guns
·3 年前·議論
This is what Stephen Wolfram concludes in a recent article about ChatGPT:

> The specific engineering of ChatGPT has made it quite compelling. But ultimately (at least until it can use outside tools) ChatGPT is “merely” pulling out some “coherent thread of text” from the “statistics of conventional wisdom” that it’s accumulated. But it’s amazing how human-like the results are. And as I’ve discussed, this suggests something that’s at least scientifically very important: that human language (and the patterns of thinking behind it) are somehow simpler and more “law like” in their structure than we thought.

https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-...
guns
·3 年前·議論
This attack also doesn't work if you `exec su lowpriv_user` since there is no parent shell.
guns
·4 年前·議論
Essay writing unconsciously reinforces one’s opinion on a topic. This is an excellent tool for intellectual development when the student is free to argue any sensible position. Unfortunately, teachers often require students to choose orthodox positions, and thus essays become a primary tool for indoctrination.

Cheating has no place in an academic institution, but machine generated essays are an interesting way for students to avoid enforced compliance.
guns
·4 年前·議論
> Layoffs like this can have a more pronounced impact on marginalized communities, so we were particularly focused on ensuring our layoffs – while a business necessity today – were carried out through an Anti-Racist/Anti-Oppression lens.

You are mistaken. The letter is quite clear.
guns
·4 年前·議論
> In the above example how is someone going to send traffic to 172.17.0.2:80 through the Docker host from a box on a different network than the Docker host?

The attacker and host will generally need to be on the same network so that the attacker's packets are not dropped because they are addressed to a non-routable private IP address.

You could access the containers at 106.12.52.111 if you were in the same network (e.g. 106.12.52.0/24) and the packets did not have to traverse a router.

> Also is this still exploitable if you reject everything at the iptables level before you start using Docker?

Yes. Docker appends the FORWARD chain with custom rules that explicitly forward traffic to published ports.
guns
·4 年前·議論
Docker users on the Mac are not affected by this issue, but they should be aware that the "Automatically allow downloaded signed software to receive incoming connections" option in the firewall settings must be unchecked in order to block incoming connections to container ports published to 0.0.0.0.

This is necessary because Docker Desktop for Mac is presumably signed by Apple.
guns
·4 年前·議論
Publishing ports to '*' is commonly done to allow Mac and Windows users to access containers through their browsers.

The macos firewall is able to block connections to these exposed sockets but:

1. The user has to explicitly turn on the firewall since it is off by default

2. The option "Automatically allow downloaded signed software to receive incoming connections" must be unchecked because Docker Desktop is signed by Apple.

I don't use a Mac, but all of the developers that use Macs at my company either did not have their firewall enabled or did not realize that connections to Docker Desktop were whitelisted.
guns
·4 年前·議論
Original author of password-store was Jason Donenfeld (of Wireguard fame), and it was indeed well-written.