HackerTrans
TopNewTrendsCommentsPastAskShowJobs

arcwhite

76 karmajoined há 16 anos
Director of Software Engineering at Bugcrowd (also employee #1!). Infosec, Ruby, Kotlin, Flutter, Obj-C/Swift.

Sydney, Australia.

comments

arcwhite
·anteontem·discuss
Instant turn-off, couldn't finish it. The moment I sense this style, now, I have to close the tab
arcwhite
·há 2 meses·discuss
It doesn't do that though. Understand. That's not how LLMs work.
arcwhite
·há 2 meses·discuss
Mu.
arcwhite
·há 3 meses·discuss
She is indeed some sort of wizard
arcwhite
·há 5 meses·discuss
Huh? The bot can communicate with me freely as it sees fit. A "conversation" in telegram parlance is not time-limited, it's ongoing once established, so no it's not only inbound. It can awaken and ping me whenever it wants. This can also work if it's added to a group chat.

If you mean it's not outbound as in it can't message arbitrary random users out of nowhere, well yeah, and that's a very desirable trait.
arcwhite
·há 5 meses·discuss
Once a conversation with a user is established, telegram bots can bleep away at you. Mine pings me whenever it puts a PR up, and when it's done responding to code reviews etc.
arcwhite
·há 7 meses·discuss
Compared to what? What's your baseline for how much a user-interaction-required XSS vulnerability should be worth?
arcwhite
·há 7 meses·discuss
It's actually pretty on-par for most bug bounties. They used the same exploit on a few programs and got $11k total which ain't bad return on time.
arcwhite
·há 7 meses·discuss
There's generally no grey market for XSS vulns. The people buying operationalized exploits generally want things that they can aim very specifically to achieve an outcome against a particular target, without that target knowing about it, and operationalized XSS vulns seldom have that nature.

Your other potential buyers are malware distributors and scammers, who usually want a vuln that has some staying power (e.g. years of exploitability). This one is pretty clearly time-limited once it becomes apparent.
arcwhite
·há 7 meses·discuss
I've seen code persist a long time because it is unmaintainable gloop that takes forever to understand and nobody is brave enough to rebuild it.

So no, I don't think persistence-through-time is a good metric. Probably better to look at cyclomatic complexity, and maybe for a given code path or module or class hierarchy, how many calls it makes within itself vs to things outside the hierarchy - some measure of how many files you need to jump between to understand it
arcwhite
·há 9 meses·discuss
Or do people stop changing their minds because they're worn down, their brains no longer as capable of making space and joy for new ideas?

Which these stem cells, if they pan out, very specifically fix
arcwhite
·há 9 meses·discuss
Not really - that 1GB is the seed for a procedural generation mechanism that has been finely tuned to its unfolding in an environment over 4 billion years.

DNA is the ultimate demoscene exe
arcwhite
·há 10 meses·discuss
A bunch of us in the rest of the world are making great strides in reducing our greenhouse gas emissions without it tanking our economies. Australia is, per-capita, one of the worst offenders and we're on track to reach net zero by 2050.

I think your position is based on very cynical premises. There is no reason to assume with high confidence that humans will obliterate each other in that next 50 years (especially if we do something about one of the major stressors causing conflict)

There is also no reason to believe that reducing greenhouse gas emissions over 15-20 years will cause "more" damage than the worst impacts of climate change? Can you cite sources on this claim?

It is still possible to mitigate the worst effects of anthropogenic climate change.