HackerLangs
TopNewTrendsCommentsPastAskShowJobs

duozerk

no profile record

comments

duozerk
·há 10 dias·discuss
Wait patiently until their planet-sized computer gives them the answer they've been waiting for and then take their revenge
duozerk
·há 25 dias·discuss
The whole thing should ideally have a quick modal with hotkeys when you first open it (and a small button to bring it up again if needed).
duozerk
·mês passado·discuss
Non-profit Open Source distributions also and already package and verify open source packages (arguably often with a higher quality of analysis than Red Hat).

You pay red hat for compliance reasons (availability of a support you'll never call, mostly).
duozerk
·há 3 meses·discuss
In other words it's a great clickbait title, yet still a bad title.
duozerk
·há 4 meses·discuss
Thank you ! I imagined it was a cultural thing, good to know.
duozerk
·há 4 meses·discuss
> Anecdotally, of my two EU (massive legacy French) banks, neither requires a mobile app. SMS all the way.

My wording was bad, sorry; but try to install their app just once. After that, I'd bet you won't ever be able to go back to SMS validation (which is what I was talking about at the end of my comment).

If not, I'd be curious to know the banks you're talking about (to consider switching to them, for one thing). What I said above is true of Caisse d'Epargne, HSBC, CCF, among others.
duozerk
·há 4 meses·discuss
> Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.

Close to every bank in the EU requires their user to have an app, for MFA (both for logging in and for validating transactions - transfers, payments). They use the smartphone's TPM. I have yet to see one that allows you to use your own MFA app.

The few I've seen that don't require it will validate the same through text messages (not everyone has a smartphone); though if you associate their app even once, you're screwed - the app it is from now on.
duozerk
·há 4 meses·discuss
> I would only use it in a sauce if I needed to accommodate a vegan guest.

As an alternative, I've found methylcellulose to be pretty good for thickening my vegan homemade sauces (mainly tried it because I use it for other stuff, like fakemeat homemade protein sources). That's for homemade mayo or the like; for sauces in stews and similar, flour does the job - though US cooks seem obsessed by cornstarch instead for that use case.
duozerk
·há 5 meses·discuss
Maybe google is an exception (but then again, maybe that payout was part marketing to draw more researchers).
duozerk
·há 5 meses·discuss
I read this often, and I guess it could be true, but those kinds of transaction would presumably go through DNM / forums like BF and the like. Which means crypto, and full anonymity. So either the buyer trusts the seller to deliver, or the seller trusts the buyer to pay. And once you reveal the particulars of a flaw, nothing prevents the buyer from running away (this actually also occurs regularly on legal, genuine bug bounty programs - they'll patch the problem discreetly after reading the report but never follow up, never mind paying; with little recourse for the researcher).

Even revealing enough details, but not everything, about the flaw to convince a potential buyer would be detrimental to the seller, as the level of details required to convince would likely massively simplify the work of the buyer should they decide to try and find the flaw themselves instead of buying. And I imagine much of those potential buyers would be state actors or organized criminal groups, both of which do have researchers in house.

The way this trust issue is (mostly) solved in drugs DNM is through the platform itself acting as a escrow agent; but I suspect such a thing would not work as well with selling vulnerabilities, because the volume is much lower, for one thing (preventing a high enough volume for reputation building); the financial amounts generally higher, for another.

The real money to be made as a criminal alternative, I think, would be to exploit the flaw yourself on real life targets. For example to drop ransomware payloads; these days ransomware groups even offer franchises - they'll take, say, 15% of the ransom cut and provide assistance with laundering/exploiting the target/etc; and claim your infection in the name of their group.
duozerk
·há 5 meses·discuss
> That's pretty bad! I wonder what kind of bounty went to the researcher.

I'd be surprised if it's above 20K$.

Bug bounties rewards are usually criminally low; doubly so when you consider the efforts usually involved in not only finding serious vulns, but demonstrating a reliable way to exploit them.
duozerk
·há 5 meses·discuss
A more reasonable response than my admittedly slightly aggressive comment deserved.

Indeed, we'll see.
duozerk
·há 5 meses·discuss
So you did use LLMs to write at least part of the software. I imagine you feel no shame, but it would be nice to at least mention it on the github page. It's a security risk.

As for your question, I don't know about the person you're replying to, but for me any software where part of the source was provided by a LLM is a no-go.

They're credible text generators, without any understanding of, well, anything really. Using them to generate source code, and then using it, is sheer insanity.

One might suggest it means I soon won't be able to use any software; fortunately the entire fever dream that is the ongoing "AI" bubble will soon stop, so I'm hoping that won't be the case.
duozerk
·há 6 meses·discuss
> Something that goes beyond our daily vices of politics and religion

Religion maybe, and Wikipedia is indeed pretty awesome for many topics, but politics is THE bad example here.

Much of the political - especially geopolitical - content on Wikipedia has a tremendous atlanticist bias.