HackerLangs
TopNewTrendsCommentsPastAskShowJobs

0x0

18,059 karmajoined 16 jaar geleden

comments

0x0
·8 dagen geleden·discuss
Shame the article is absolutely littered with AI-isms.
0x0
·16 dagen geleden·discuss
I just wish Valve could add official macos-arm64 builds of the various hl2 games on Steam :-/
0x0
·2 maanden geleden·discuss
Just recently noticed this got posted to deb-multimedia, although I think there is a typo in the package description....

https://www.deb-multimedia.org/dists/unstable/main/binary-am...

... it says "fast and small AV1 video stream decoder"

... should probably be "AV2" ?
0x0
·2 maanden geleden·discuss
Details here: https://eclecticlight.co/2023/09/25/postscripts-sudden-death...
0x0
·2 maanden geleden·discuss
Such a shame that macOS lost all its built-in postscript support including Preview.app in recent versions :(
0x0
·2 maanden geleden·discuss
I find it curious to call someone dropping a weaponized root exploit before major distros or even LTS kernel git branches have patches ready "good guys". This could have been handled with much more grace.
0x0
·2 maanden geleden·discuss
The disclosure doesn't appear very "full". Looks like this was slipped into mainline linux among dozens of other mostly-irrelevant "CVEs" with nobody highlighting the fact that it is in fact dirty-cow-on-steroids.

https://x.com/spendergrsec/status/2049566830771970483

https://lore.kernel.org/linux-cve-announce/2026042214-CVE-20...

Or is everyone expected to upgrade and reboot every 48 hours for all eternity and just deal with potential regressions all the time?

I think this reflects poorly on the original reporters. If you have a weaponized 700-byte universal local root exploit script ready to go, perhaps you should coordinate with major distros for patches to be available before unleashing it on the world. No matter how "veteran" you are.
0x0
·2 maanden geleden·discuss
Dropping a public exploit on github before distros have patches available isn't very cool, or is that just how veterans roll these days?
0x0
·4 maanden geleden·discuss
Enumeration of the entire DNS space is not available in general, but it does appear that some TLDs offer complete zone files for legitimate research purposes, see for example https://czds.icann.org/help#zone-files
0x0
·4 maanden geleden·discuss
The breakout engineering to exploit Dolphin has already happened, see for example:

* https://dougallj.wordpress.com/2016/11/13/exploiting-dolphin...

* https://gist.github.com/hthh/502ae16db55612f64d3966769a154c3...

* https://github.com/dolphin-emu/dolphin/pull/4447
0x0
·4 maanden geleden·discuss
> "they can't be provisioned by the website itself."

It's funny, we used to have a html tag that would exactly that: <keygen />
0x0
·7 maanden geleden·discuss
They were great in the beginning, and then when you issued a few more certs than they liked you were asked to pony up some $$$, and then when you did that and actually "verified" who you were on a personal international phone call, you got a grace, and then issued a few more, they decided they didn't like you so they would randomly reject your renewals close to the expiration date, and then they got bought out by some scummy foreign outfit which apparently caused the entire CA to be de-listed as untrustworthy in all major browsers. Quite the ride.

Also, the only website I've ever encountered that actually used the HTML <keygen> tag.
0x0
·7 maanden geleden·discuss
Same here, and the worst part is the duplicates appear to reuse the same Message-id, which confuses macOS Mail.app to no end :-/
0x0
·8 maanden geleden·discuss
It's actually a requirement by app store connect to use a modern sdk for uploading binaries, and modern sdk versions will often raise the minimum supported ios version, so this is not always the developer's fault. See for example https://developer.apple.com/news/upcoming-requirements/?id=0...
0x0
·8 maanden geleden·discuss
I'm sure there's lots of x86_64 specific code in the macOS userland that is much more than just a recompile - things like safari/javascriptcore JIT, various quartz composer core animation graphics stack and video encoder decoder stack libraries, as well as various objective-c low level pointer tagging and message passing ABI shenanigans and so on. This is probably why 32bit intel mac app support was dropped pretty hard pretty fast, as the entire runtime and userland probably required a lot of upkeep. As just one example, 32bit intel objective-c had "fragile instance variables" which was a can of worms.
0x0
·8 maanden geleden·discuss
I'm guessing they don't want to maintain and build and test x86_64 versions of all the macos libraries like Appkit and UIKit (including large changes like liquid glass) when they are no longer shipping x86_64 macOS versions. Which is not entirely unreasonable as I'm sure it takes a lot of effort to keep the whole ui library stack working properly on multiple archs.

Perhaps that's what they're hinting about with the note about a "subset of Rosetta". So maybe there is hope that the core x86_64 binary translator will stick around for things like VM and emulation of generic (linux? wine?) binaries, but they don't want to maintain a whole x86_64 macOS userspace going forward.

Space savings from not shipping fat binaries for everything will probably also be not insignificant. Or make room for a new fat binary for a future "arm64v2" :)
0x0
·2 jaar geleden·discuss
Looks like the Jia Tan OpenPGP key was replaced a few months ago as well: https://github.com/tukaani-project/tukaani-project.github.io...
0x0
·2 jaar geleden·discuss
All these older (4.x, 5.0.x etc) releases that were suddenly uploaded a few months ago should probably also be considered suspect: https://github.com/tukaani-project/tukaani-project.github.io...
0x0
·2 jaar geleden·discuss
Interesting commit in January where the actual OpenPGP key was changed: https://github.com/tukaani-project/tukaani-project.github.io...
0x0
·2 jaar geleden·discuss
Wow, that's a lot of anonymous accounts adding comments there urging for a fast merge!

And this "Hans Jansen" guy is apparently running around salsa.debian.org pushing for more updates in other projects as well: https://salsa.debian.org/users/hjansen/activity