HackerTrans
TopNewTrendsCommentsPastAskShowJobs

seangrogg

no profile record

comments

seangrogg
·в прошлом месяце·discuss
As a web dev a lot of this is simply ongoing maintenance of a largely unknown quantity. Most web devs know React and use it extensively; Astro is something they'll have to learn on the job or hire for specifically.

It's akin to writing a backend in Haskell. Chances are you could write something performant that leverages FP in a way that serves as a magic bullet for your domain. But now everyone after you needs to learn Haskell and how to model all future problems in a way that conforms with it - or rewrite things again.
seangrogg
·2 месяца назад·discuss
This was far more of an option in the 1980s and earlier; a CEO being compensated 20-30x a line employee was pretty standard around then; now it's closer to 250-300x. I think there's more optionality than we may assume, we've just left the structural incentives that drive that difference in place.
seangrogg
·2 месяца назад·discuss
This does suppose there are good jobs in the area, which can be a bit hit or miss especially out in the sticks. Not to say one couldn't move, but moving isn't in the cards for everyone.
seangrogg
·4 месяца назад·discuss
> Taking this argument to its extreme, does this mean that introducing new technology always decreases technology?

I assume you mean "decreases security" by context. And in that case - purely from a security standpoint - generally speaking the answer is yes. This is why security can often be a PITA when you're trying to adopt new things and innovate, meanwhile by default security wants things that have been demonstrated to work well. It's a known catch-22.
seangrogg
·4 месяца назад·discuss
In all fairness, a LOT of this was copied over from the military. From ranks to "High Year Tenure" (aka "Up or Out") nothing here is particularly innovative.
seangrogg
·5 месяцев назад·discuss
SKG is basically "right-to-repair" but for games. I do contend that if your phone breaks and the company says "we won't fix it and you aren't allowed to" then the government isn't doing its job. On the same token, if a game that you purchased turns off their servers and says "we won't run it and you aren't allowed to" then the government isn't doing its job.

Now, how I would be able to run it is a very open question and I do agree there are some ways that are more reasonable asks than others. But the present-day status quo of "company says suck eggs and you just have to deal with it" is not an acceptable final state.
seangrogg
·5 месяцев назад·discuss
The text "prevented further rollout and ultimately got the cameras shut down" is verbatim in their post maybe a few sentences after talking about how the muni piloted them.
seangrogg
·7 месяцев назад·discuss
Depends on the token; JWTs usually have payloads that are only base64 encoded. As well, if there's a refresh token in there it can be used to generate more tokens until invalidated (assuming invalidation is built in).
seangrogg
·10 месяцев назад·discuss
I don't consider myself fully qualified to speak to this, so please take it with a grain of salt.

From what I gather it seems like you could potentially create scenarios where TOCTOU is indeed a problem, but in considering the situations where it could come up I do feel like all my ideas are somewhat contrived in nature. And even when noodling on it I very much get the feeling that I return to my previous statement: consider what you're building. I think that the potential for TOCTOU could potentially compromise a hypervisor's security (i.e. letting an arbitrary number of user on a system make arbitrary io_uring calls) and even if I couldn't demonstrate how that could be weaponized I would avoid it. However, if you're writing an application that's going to do a read(2) or something, I don't see TOCTOU being a uniquely io_uring problem.
seangrogg
·10 месяцев назад·discuss
I've only dabbled, so I'm happy to have people with more linux-side knowledge to call me out on any inaccuracies here, but...

io_uring is effectively as "secure" as any other syscall unto itself. The issue is that the mechanism by which io_uring makes its syscalls as part of its submission/completion queues means that those underlying syscalls can't be filtered by seccomp. The real question is your security posture.

If you're writing a hypervisor that's intended to partition resources between underlying users in a secure fashion, the ability for io_uring to bypass seccomp is largely a non-starter. But if you own the machine and you just want to run an application on it (i.e. an HTTP server that uses io_uring for file/network io) you should largely be in the clear.
seangrogg
·10 месяцев назад·discuss
Similar sentiments here. I can't find much common ground with Charlie Kirk but that doesn't merit an assassination. Unfortunate all around, and a situation not too dissimilar from the Mangione case (in the context of what happened, not necessarily why).

That said, while I don't condone it I can't say I'm surprised by it. It seems stoking divisions is a large part of the modern media landscape and all it takes is one person with the motive and the means.
seangrogg
·3 года назад·discuss
Yes, arrow functions have a different (and more intuitive) lexical `this` than their more verbose counterpart. It is subtly more than just a syntax sugar.
seangrogg
·8 лет назад·discuss
Alternatively, if all you're doing is supporting RSS, you could opt to just use the DOMParser API (native to most browsers) and navigate a DOMTree which is a type of JavaScript Object already...
seangrogg
·9 лет назад·discuss
It could also matter if you're in violation of a patent held by Facebook or any of its subsidiaries.