HackerTrans
トップ新着トレンドコメント過去質問紹介求人

l-albertovich

no profile record

コメント

l-albertovich
·2 か月前·議論
You know, Fox turned into a hardcore sex channel so gradually, I didn't even notice.
l-albertovich
·3 か月前·議論
Yeah, I tried all of them with all the combinations of presets and orbit styles and the closest I could get was using tinkercad but couldn't match the orbit style correctly.
l-albertovich
·3 か月前·議論
I just tested it out of curiosity and found that viewport manipulation behaves in a very similar way to onshape which feels very natural to me.

I've been thinking about trying to implement this in freecad but I'm still exploring the idea.
l-albertovich
·4 か月前·議論
It's not even about API boundaries, it's about logic and the language isn't really responsible for that.

Expecting it to prevent it would be as gullible as expecting it to prevent a toctou or any other type of non trivial vulnerability.

That's why even though I appreciate the role of these slightly safer languages I still have a bit of a knee-jerk reaction to the exagerated claims of their benefits and how much of a piece of crap C is.

Spoiler, crappy programmers write crappy code regardless of the language so maybe we should focus on teaching students to think of the code they're writing from a different perspective and focus safety and maintainability rather than "flashiness"
l-albertovich
·4 か月前·議論
It's a race condition that can be used as a primitive to achieve privilege escalation which makes it legitimate but even if it you couldn't use it for anything else but to trick the system into acting on a directory it didn't meant to it would still be a valid vulnerability (regardless of the application).

Claiming it's not a valid bug would be similar to claiming an infoleak isn't as well when it's one of the building blocks of modern exploitation.

I'm not trying to be an ass, I'm just trying to add a bit of context to ensure that the implication is well understood.
l-albertovich
·7 か月前·議論
I felt the same way when I read the bold part that says "But that C codebase is an issue" so I quickly checked out the public databases and couldn't find a single serious vulnerability in the past 7 years.

Admittedly I stopped after going through a bunch of useless stuff related to CVE-2017-8823 (which was initially reported as remotely exploitable with no proof at all).

I went through the tor repository (not vidalia though) and read a bunch of conversations about some of the memory related bugs but none of those were exploitable either (exploitable as in remote execution, not a DoS) and most of the (not so many) bugs were actually logical bugs.

I really don't care what they decide to do with their project and honestly anything that can potentially improve the security of such a system is fine by me but I really think they're doing themselves and the language a disservice by communicating the way they do.

Also, as a side note, even with a C codebase there is SO MUCH you could (and should) do to minimize the impact of a vulnerability that the fact that some choose to present just rewriting code in a different language is not even funny.
l-albertovich
·7 か月前·議論
Something I hadn't thought about is, could it be that electric cars are not perceived as a threat due to the lack / different of noise, vibration and heat when compared to a combustion car?

I know animals nap under cars all the time but at least with "regular" cars they seemed to be more aware of the danger.

I'm not talking about waymo, self driving, human in the loop or any of that here, I'm just curious because I wonder if the same thing would've happened with a combustion engine and if there are any "easy wins" in terms of deterrence.
l-albertovich
·5 年前·議論
To me the big plus is compartmentalizing, having my games in an isolated environment designed /optimized for that makes it easier to keep my computer safe because I no longer have to consider GPU driver availability / stability in Linux or even running Windows in my computer and that's a big plus.