HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rot25

no profile record

Submissions

Building a Working Game of Tetris in Conway's Game of Life

codegolf.stackexchange.com
3 points·by rot25·5 jaar geleden·0 comments

Chrome Issue 652543: ContextualSearchLayer::SetProperties takes 51 parameters

bugs.chromium.org
2 points·by rot25·5 jaar geleden·2 comments

comments

rot25
·3 jaar geleden·discuss
How anyone is applauding OpenAI is beyond me. They have done nothing but make AI a more closed ecosystem since their inception.
rot25
·5 jaar geleden·discuss
Vulnerability researcher here. This vulnerability was patch-gapped before it was disclosed.

When the patch went out 9 days ago [1], many vulnerability researchers were able to look at it and identify the root cause within minutes. Exploits started going out over a week ago before it was publicly disclosed and the CVE was released. Good security orgs that can hire skilled vulnerability researchers started patching on December 6th/7th/8th. All the chaos started on December 9th when people started leaking the poc on twitter.

The same thing happens to google chrome when they release a patch for a security vulnerability. Very skilled researchers can produce a POC and exploit given the patch alone [2]

[1] https://github.com/apache/logging-log4j2/commit/d82b47c

[2] https://blog.exodusintel.com/2019/09/09/patch-gapping-chrome...
rot25
·5 jaar geleden·discuss
Vulnerability researcher here.

It's really hard for vulnerabilities as simple as this one to stay under wraps. When the patch went out 9 days ago [1], many vulnerability researchers were able to look at it and identify the root cause within minutes. Exploits started going out over a week ago before the CVE was released. Good security orgs that can hire skilled vulnerability researchers started patching on December 6th/7th/8th. All the chaos started on December 9th when people started leaking the poc on twitter.

The same thing happens to google chrome when they release a patch for a security vulnerability. Very skilled researchers can produce a POC and exploit given the patch alone [2]

The same thing happens even with embargoes like the one you describe in place.

[1] https://github.com/apache/logging-log4j2/commit/d82b47c [2] https://blog.exodusintel.com/2019/09/09/patch-gapping-chrome...
rot25
·5 jaar geleden·discuss
android::ContextualSearchLayer::SetProperties(int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, float, scoped_refptr<cc::Layer> const&, bool, float, float, int, int, bool, float, float, int, int, bool, float, bool, float, float, float, float, float, float, float, float, float, float, float, float, float, float, float, float, float, bool, bool, float, bool, bool, float, int, int, int, float, bool, float, float, float, bool, float, float, int, int)
rot25
·6 jaar geleden·discuss
It is true for most engineers here. Most of us don't want to go to prison though. Most tech companies are the same way.
rot25
·6 jaar geleden·discuss
For those of you who are unaware, Comex is one of the most respected security researchers of all time and has done extensive research into Chrome and won Pwn2Own multiple times. He is completely correct, keystone is just Chrome's auto updater. The technical content of this article is super thin. This shouldn't be on the top of hacker news.