HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fullspectrumdev

no profile record

comments

fullspectrumdev
·há 2 anos·discuss
RFPolicy was well intentioned but in no way was ever a standard the community at large adhered to in my experience.
fullspectrumdev
·há 2 anos·discuss
> Standard practice is to inform the vendor early and work with them as you write the article

This isn’t even remotely standard practice.

A fair number of people and companies will give the vendor a chance by doing coordinated disclosures this way - but it’s in no way standard practice.

Also when a company has a history of being openly hostile to disclosure attempts and downplaying stuff, the only way to force improvement tends to be “short warning, or even full disclosure”.

I’ve done everything from coordinated to “no warning” disclosures in my career, and at this point I tend to lean more towards “no warning” in situations where a vendor has a history of dismissing concerns or openly being hostile to external researchers.
fullspectrumdev
·há 2 anos·discuss
I’d be genuinely interested in seeing what people are building on top of this.

Especially to see some concrete code examples, as I find those easier to learn from than the current state of the docs. Especially with regard to footguns mentioned!

I’ve had a few ideas, mostly porting older projects I built in Python using the Stem library. I feel like Arti is going to be much cleaner for embedding in applications than having to also bundle the correct Tor binary… manage running it as a subprocess… etc
fullspectrumdev
·há 3 anos·discuss
Bash is seriously underrated as a programming language these days.

About 80% of the code I now write is in bash, because usually the problem ones trying to solve has a trivial solution if you just use existing tooling in creative ways.