HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tmsbrg

no profile record

comments

tmsbrg
·2 miesiące temu·discuss
Apeldoorn? I don't know any government offices there. Most of it seems to concentrate in The Hague, with some agencies spread through the country.
tmsbrg
·3 miesiące temu·discuss
Kind of weird article. If you want cars to stay out of bike lanes, make them protected like in here in the Netherlands. But also why do people expect to be taken to a bike lane rather than a parking space?

Also seeing a lot of ignorance about cycling here in the comments. Would recommend some people to watch some Not Just Bikes videos. Building better cycle infrastructure is better for everyone, cars and cyclists included. Less people die, and cars don't have to deal with cyclists on the road. Ex https://www.youtube.com/watch?v=d8RRE2rDw4k
tmsbrg
·6 miesięcy temu·discuss
I never noticed any issues, actually. I guess the zsh base is solid and stable.
tmsbrg
·6 miesięcy temu·discuss
He calls it the "miracle", I want to shout "It's not a miracle! It's other people!"

I feel he's depending on others' kindness and not even really acknowledging them. It's like he feels it's a miraculous power that's helping him (God?) rather than the actual individuals choosing to help him. Maybe that explains why he doesn't seem to feel the need to give back to them.

It reminds me of an episode of The Wire where a mediocre detective tries to use magic to solve a case. After he wakes up the next day he goes to the office and finds the case is solved. He says the magic worked! And the police chief tells him it wasn't magic, it's his colleagues who worked all night solving cases.
tmsbrg
·6 miesięcy temu·discuss
I tried fish for a while but as someone who heavily used bash before I couldn't get used to the new language. I also didn't feel they the language was much better than bash, at least for my usage. But I loved the default automatic coloring of arguments, underlining of files, etc.

Later I found fizsh, which I love and still use as default shell now. It's basically a configuration around zsh adding the colors, completions, and other good stuff inspired by fish to zsh. Can really recommend it for those who are used to zsh or bash but want their CLI to be more readable. Colors especially help with big command line arguments to show where they start and end, and keeping track of complex stuff like loops and conditional logic in your commands.
tmsbrg
·6 miesięcy temu·discuss
I'm surprised there's no mention about disclosing the bug to IBM?. Usually these kinds of disclosures have a timeline showing when they told the vendor about the bug and when it was fixed. Now it looks like they just randomly released the vulnerability info on their blog.

Also a bit annoyed there's no date on the article, but looking at the HTML source it seems it was released today (isn't it annoying when blog software doesn't show the publish date?).
tmsbrg
·6 miesięcy temu·discuss
Maybe there's a key idea for something to replace StackOverflow as a human tech Q&A forum: Having a system which somehow incentivizes asking and answering these sorts of challenging and novel questions. These are the questions which will not easily be answered using LLMs, as they require more thought and research.
tmsbrg
·6 miesięcy temu·discuss
Thanks for the answers! Will look into this some more. I'm not based in the US I'm afraid but thanks for mentioning it.
tmsbrg
·6 miesięcy temu·discuss
Hey, I just saw your talk and for someone who's not really up to date with the latest AI developments it's eye opening what you got going in SoC investigations.

I personally work as pentester and we're still doing a lot of manual work with AI simply as a better version of Google, but seeing the BOTS presentation I feel we can do better. Do you have any idea if anyone's working on something similar to Louie in pentesting space, or if Louie could work with pentesting workflows?
tmsbrg
·7 miesięcy temu·discuss
Seems it's overloaded now. I like the UX though. My usual question with any hosting is how do you avoid this being abused by hackers, scammers, etc.? Right now it's easy to just create any VMs for free based on a mail account, that seems ripe for exploitation (maybe it's down now cause someone's exploiting it?)
tmsbrg
·7 miesięcy temu·discuss
Some talks which sound really brilliant. I love [0] exploiting a memory leak for years before it's fixed. Also [1] I'm really curious about the custom crypto used in Chinese apps. Oh and curious about the found [2] GPG vulnerabilities. I think some of the politics ones are actually also very interesting. Looking forward to the streams.

[0] https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/... [1] https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/... [2] https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/...
tmsbrg
·7 miesięcy temu·discuss
Oh, thanks. I learned something new. Never knew that different subdomains are considered the same "site", but MDN confirms this[0]. This shows just how complex these matters are imo, it's not surprising people make mistakes in configuring CSRF protection.

It's a pretty cool attack chain, if there's an XSS on marketing.example.com it can be used to execute a CSRF on app.example.com! It could also be used with dangling subdomain takeover or if there's open subdomain registration.

[0] https://developer.mozilla.org/en-US/docs/Glossary/Site
tmsbrg
·7 miesięcy temu·discuss
What do you mean with clientside Javascript CSRF?
tmsbrg
·7 miesięcy temu·discuss
What do you mean with same-site cross-origin requests?
tmsbrg
·7 miesięcy temu·discuss
I'm surprised there's no mention of the SameSite cookie attribute, I'd consider that to be the modern CSRF protection and it's easy, just a cookie flag:

https://scotthelme.co.uk/csrf-is-dead/

But I didn't know about the Sec-Fetch-Site header, good to know.
tmsbrg
·7 miesięcy temu·discuss
> Leaders generally don't rule for life in functioning countries, and the mortality of individual Kims has not helped the people of North Korea.

I guess you'd say most people in the world don't live in functioning countries then? China, Russia, much of the middle east and Africa are not democratic and sometimes the death of a dictator is the only way to move them forward. USA and many democracies in the west are also backsliding so maybe soon few people will live in a "functioning country".

Counterpoint on Kim: The death of Stalin or Mao Zedong released a death grip on their respective countries. You can't ignore that getting rid of natural death would make individual centralization of power a worse problem.

>How are these people currently oppressing you, and how would the existence of longevity treatments make that worse?

Just one example: Trump using sanctions to block the ICC from doing it's job (and thus letting people in Gaza die and blocking steps of justice against Israel). The fact is that the centralization of power in modern times into individual hands is already unprecedented. Old people are already ruling the world and they'd do everything to rule it forever.
tmsbrg
·7 miesięcy temu·discuss
As I said in another comment, I'm against immortality because old people need to make way for new generations. But this comment is cute. I like the idea that we'd be there and we're able to see how people are doing, but we're not influencing the world anymore. Though I could also imagine at some point it could become depressing in bad times when there's nothing you can do, or boring after tens of thousands of years of repetition. I can also imagine some bad spirits trying to break out and influence worldly affairs.
tmsbrg
·7 miesięcy temu·discuss
Not the argument I expected. I'm also against people living forever, but more because it's a way for society to go forward and get rid of old ways of thinking. There's a saying that science advances one death at a time. And can you imagine a world where current leaders are still in power 1000 years later? Or where the leaders of 1000 years ago were still in charge? Whenever I hear people talk about living forever I think of how it'd be something tech billionaires and autocrats would use to oppress us forever. No thanks.
tmsbrg
·7 miesięcy temu·discuss
Even experts create C/C++ code that is routinely exploited in the wild (see: pegasus malware, Zerodium, Windows zero days, Chrome zero days, etc.). No, please don't vibe code anything security critical, and please don't create unnecessary security risk by writing it in unsafe languages such as C/C++. The only advantage I can see is it creates some fun easy targets for beginning exploit developers. But that's not an advantage for you.
tmsbrg
·8 miesięcy temu·discuss
So the AI basically hallucinates a webapp?

I guess any user can just run something /api/getdatabase/dumppasswords and it will give any user the passwords?

or /webapp?html=<script>alert()</script> and run arbitrary JS?

I'm surprised nobody mentioned that security is a big reason not to do anything like this.