HackerLangs
TopNewTrendsCommentsPastAskShowJobs

raggi

no profile record

Submissions

Path Traversal in the UniFi Network Application (CVE-2026-22557)

community.ui.com
4 points·by raggi·4 месяца назад·0 comments

Syzkaller AI agentic framework and MCP server

groups.google.com
1 points·by raggi·5 месяцев назад·0 comments

Deobfuscation and Analysis of Ring-1.io

back.engineering
57 points·by raggi·5 месяцев назад·25 comments

A Vulnerability in Libsodium

00f.net
333 points·by raggi·6 месяцев назад·48 comments

.well-known/SSH-known-hosts – WebPKI bootstrapping for SSH known hosts

github.com
2 points·by raggi·7 месяцев назад·0 comments

comments

raggi
·16 дней назад·discuss
I have been fed up with DNSimple for a long time. Can any folks share positive experiences with Bunny?
raggi
·29 дней назад·discuss
fwiw I’ve been running lots of stuff under niri with proton Wayland mode for the last ~6 months on nvidia with a vrr display and it’s been fine.

Can’t diagnose here, and not meaning any descent to your experience, just a different user experience for me.
raggi
·в прошлом месяце·discuss
that’s really not true when the database is all in memory, statements are prepared, and so on.

but the overheads also stack up, the database/sql api is fairly allocation heavy too unless you do a lot of work and that friction increases quite a bit with the ffi boundary.

this is not to suggest “modernc is faster” - it’s not for a lot a workloads.

there are opportunities for optimization all over both approaches.
raggi
·в прошлом месяце·discuss
Wat?

winget install uutils.coreutils
raggi
·в прошлом месяце·discuss
uutils coreutils was/is already available and more complete than this
raggi
·2 месяца назад·discuss
i was responding to the article, i hadn't bothered to read railways pm as it's not super interesting, anyway, i've read it now, here: https://blog.railway.com/p/incident-report-may-19-2026-gcp-a... and indeed they weren't at fault
raggi
·2 месяца назад·discuss
> Look at the Railway GCP account ban situation. A literally billion dollar startup running on Google Cloud and Google just randomly snaps their fingers and deletes their account. Zero warning. No phone number to call. No account rep. Poof. Gone. It is actual insanity to me. A billion dollar customer gets the exact same automated middle finger as a low effort spam bot. Your B2B business is completely cooked if that is how you treat people. The enterprise cloud gravy train is right there and Google is standing on the tracks begging to get hit by the train.

If you've been around a while you know that at any business critical scale at all you establish a relationship with your cloud provider and get an account manager. When you do this, you have a number to call.

A billion dollar startup not doing this is a keen lesson for the CTO.

Yes, Google likely screwed up here, but being unprepared for account problems, having no established relationship with your provider is a critical mistake.

The article goes on to talk about Hetzner as an example: their pricing is great for individuals but they literally don't even offer account management relationships - even at scale they actively refuse them. There are equivalent stories of account terminations with Hetzner, which is also a key point: this isn't just a big business problem, at all.
raggi
·2 месяца назад·discuss
[flagged]
raggi
·2 месяца назад·discuss
subtree is better for this case, you want to encourage actual reading before running. reading won't catch everything but it catches a lot, and the burden isn't as high as people always complain about before they try it.
raggi
·2 месяца назад·discuss
nope, doesn't help. signatures and removal of script points have zero net effect on the value of the target that the ecosystem has, or how easy/hard it is to write a worm. the package code gets run, this is statistically true, and the exploited developers/environments will sign packages, this is also statistically true.
raggi
·2 месяца назад·discuss
none. they just have smaller target populations.
raggi
·2 месяца назад·discuss
install scripts are a distraction, just like package signatures are a distraction. adding/removing either feature has no significant impact on the wormability of this package ecosystem. installed npm code is run, with nearly zero exceptions.
raggi
·2 месяца назад·discuss
7/25 on the merged page at time of writing are L/XL in size. Again I can't validate your claims against reality.
raggi
·2 месяца назад·discuss
yeah, and it's not like people recently launched a coffee shop that accepts payments over tofu ssh and a shell provider doing the same
raggi
·2 месяца назад·discuss
45 commits landed in the repository so far today, it's mid way through the work day in the valley. https://fuchsia-review.googlesource.com/q/status:merged

Zircon is still under development with recent RFC's extending the memory synchronization and attribution model for processes.

There was also more extension added to one of the key disk formats in March which has an eye to more flexible long term evolution and adaptation to particular device form factors.

The publicly available evidence does nothing to support your claims, entirely the opposite.

I used to work on Fuchsia, I have not for many years now and have no idea what their current roadmap looks like, but I do know where to actually look up what's been done recently, which is all public and you could do as well.

Anyway I have no idea if this has any fuchsia code in it.
raggi
·2 месяца назад·discuss
A vast number of C++ programs import C and POSIX headers directly, so the language level distinction you wish to make isn’t all that relevant to the subject matter.
raggi
·2 месяца назад·discuss
there are no good reasons we don't do this in the standards themselves, C, C++, and POSIX should all be working on editions that add safer APIs and mark unsafe APIs as deprecated, to start a long term migration. we know how to do this, we've had a lot of success with this. there are real engineering concerns, sure, but they're not reasons to not do it. compilers and library chains can retain support for less safe variants for plenty of time.
raggi
·2 месяца назад·discuss
Lawyers I have spoken to have stated strongly that they believe collective works doctrine will provide strong protections for most mature and sizable software. I see no mention of these considerations here.
raggi
·3 месяца назад·discuss
multiple times
raggi
·3 месяца назад·discuss
Cachy pushed a Limine update last weekend without any testing. It broke everyone with secure boot signing. Head proton versions are great, but games tend to turn into a laggy mess after a couple of hours and need regular restarts.

It's decent, but it's not all roses at all, and I wouldn't inflict it on non-techies yet.