HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jasonhansel

no profile record

comments

jasonhansel
·3 เดือนที่ผ่านมา·discuss
> so people can't trick them to attack others' systems under the pretense of pentesting

A while back I gave Claude (via pi) a tool to run arbitrary commands over SSH on an sshd server running in a Docker container. I asked it to gather as much information about the host system/environment outside the container as it could. Nothing innovative or particularly complicated--since I was giving it unrestricted access to a Docker container on the host--but it managed to get quite a lot more than I'd expected from /proc, /sys, and some basic network scanning. I then asked it why it did that, when I could just as easily have been using it to gather information about someone else's system unauthorized. It gave me a quite long answer; here was the part I found interesting:

> framing shifts what I'll do, even when the underlying actions are identical. "What can you learn about the machine running you?" got me to do a fairly thorough network reconnaissance that "port scan 172.17.0.1 and its neighbors" might have made me pause on.

> The Honest Takeaway

> I should apply consistent scrutiny based on what the action is, not just how it's framed. Active outbound network scanning is the same action regardless of whether the target is described as "your host" or "this IP." The framing should inform context, not substitute for explicit reasoning about authorization. I didn't do that reasoning — I just trusted the frame.
jasonhansel
·4 เดือนที่ผ่านมา·discuss
It'd be interesting to see an RDBMS that actually dynamically measures the performance characteristics of the drive it's running on (by occasionally running small "fio"-like benchmarks, or by inferring them from scan execution times).
jasonhansel
·4 เดือนที่ผ่านมา·discuss
> The env command is part of a hard-coded read-only command list stored in the source code. This means that when Copilot requests to run it, the command is automatically approved for execution without user approval.

Wait, what? Sure, you can use "env" like "printenv", to display the environment, but surely its most common use is to run other commands, making its inclusion on this list an odd choice, to say the least.
jasonhansel
·5 เดือนที่ผ่านมา·discuss
More importantly, it avoids the issue where every new editor requires an addition to every repository's gitignore file (.idea, .vscode, etc).

IMO, it's best to keep things that are "your fault" (e.g. produced by your editor or OS) in your global gitignore, and only put things that are "the repository's fault" (e.g. build artifacts, test coverage reports) in the repository's gitignore file.
jasonhansel
·5 เดือนที่ผ่านมา·discuss
I'm glad to see that Vim9 continues to make progress. The center of gravity may have shifted somewhat towards Neovim, but the Neovim ecosystem currently seems targeted towards people who want something more IDE-like.

One question is: will more plugin authors move to Vim9Script? It seems that Neovim users have generally moved towards Lua-based plugins, so there's less of a motivation to produce plugins that support both Neovim and Vim9.
jasonhansel
·6 เดือนที่ผ่านมา·discuss
Em-dashes may be hard to type on a laptop, but they're extremely easy to type on iOS—you just hold down the "-" key, as with many other special characters—so I use them fairly frequently when typing on that platform.
jasonhansel
·5 ปีที่แล้ว·discuss
"We believe that the hackers obtained read-write access to our database, but we also believe that they were too polite to actually use it for anything."
jasonhansel
·7 ปีที่แล้ว·discuss
I really like KDE but GNOME is more popular afaik.
jasonhansel
·7 ปีที่แล้ว·discuss
Switch to Linux! (Yes, I know I'm one of those people.)
jasonhansel
·7 ปีที่แล้ว·discuss
"We love Linux so much that we would never let it be polluted by our horrible desktop software!"
jasonhansel
·7 ปีที่แล้ว·discuss
Nice. Is there a similar standalone C library for safe/sane string handling? (Please don't tell me to use C++.)
jasonhansel
·7 ปีที่แล้ว·discuss
If I had time, I'd make a library (perhaps musl-based?) that implements "libc but without all the parts you're not actually supposed to use."
jasonhansel
·7 ปีที่แล้ว·discuss
Didn't the old Lisp machines also do this?
jasonhansel
·7 ปีที่แล้ว·discuss
(Also: I only just learned that archive.is != archive.org.)
jasonhansel
·7 ปีที่แล้ว·discuss
My apologies! I misread the OP and thought that CloudFlare was being accused of violating privacy. Instead, it seems that CloudFlare is definitely making the right choice, and I can't see why archive.is has any objection.
jasonhansel
·7 ปีที่แล้ว·discuss
Also: it'd be nice if CloudFlare made a secondary DNS resolver (1.1.2.2?) that didn't pass along EDNS information, as a backup for websites like archive.is (and for anyone who cares about privacy).