HackerLangs
TopNewTrendsCommentsPastAskShowJobs

jwilk

9,113 karmajoined 11 ปีที่แล้ว


  ^__^
  (oo)\_______
  (__)\       )\/\
      ||----w |
      ||     ||

Submissions

AURpocalypse now: a look at the recent AUR attacks

lwn.net
134 points·by jwilk·22 วันที่ผ่านมา·101 comments

Moving beyond fork() + exec()

lwn.net
359 points·by jwilk·เดือนที่แล้ว·345 comments

LLM-driven security reports disrupt coordinated disclosure

lwn.net
3 points·by jwilk·2 เดือนที่ผ่านมา·0 comments

Debian decides not to decide on AI-generated contributions

lwn.net
376 points·by jwilk·4 เดือนที่ผ่านมา·289 comments

As ye clone(), so shall ye AUTOREAP

lwn.net
3 points·by jwilk·4 เดือนที่ผ่านมา·0 comments

Security incident on plone GitHub org with force pushes

openwall.com
1 points·by jwilk·5 เดือนที่ผ่านมา·0 comments

GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

openwall.com
5 points·by jwilk·6 เดือนที่ผ่านมา·0 comments

A free and open-source rootkit for Linux

lwn.net
218 points·by jwilk·6 เดือนที่ผ่านมา·40 comments

The difficulty of safe path traversal

lwn.net
2 points·by jwilk·6 เดือนที่ผ่านมา·0 comments

A “frozen” dictionary for Python

lwn.net
191 points·by jwilk·7 เดือนที่ผ่านมา·167 comments

Explicit Lazy Imports for Python

lwn.net
1 points·by jwilk·9 เดือนที่ผ่านมา·0 comments

comments

jwilk
·11 ชั่วโมงที่ผ่านมา·discuss
Subscriber link:

https://lwn.net/SubscriberLink/1080822/bfd11a50a0d41ad6/
jwilk
·15 วันที่ผ่านมา·discuss
https://news.ycombinator.com/item?id=48649785 was posted earlier with a subscriber link.
jwilk
·20 วันที่ผ่านมา·discuss
Search for "yen sign path separator".
jwilk
·22 วันที่ผ่านมา·discuss
Discussed ~2 weeks ago:

https://news.ycombinator.com/item?id=48425528 (over 300 comments)
jwilk
·เดือนที่แล้ว·discuss
Discussed also in 2021: https://news.ycombinator.com/item?id=29709802 (16 comments)
jwilk
·8 เดือนที่ผ่านมา·discuss
Yes, you can do "apt-get install --dry-run ./nyancat_1.5.2-0.2_i386.deb" these days.
jwilk
·8 เดือนที่ผ่านมา·discuss
> Their signed package formats (there are two) add extra sections to the `ar` archive for the signature

APT does not verify package-level signatures (and nobody uses them anyway), so this is irrelevant.
jwilk
·11 เดือนที่ผ่านมา·discuss
From the HN Guidelines <https://news.ycombinator.com/newsguidelines.html>:

> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
jwilk
·ปีที่แล้ว·discuss
Notes are copied to from the original to the rewritten commit by default. See https://git-scm.com/docs/git-notes#Documentation/git-notes.t... for details.

But I have this in my IRC logs:

  < _jwilk> TIL git-notes rewriting doesn't work properly when doing amend within rebase. :/
jwilk
·2 ปีที่แล้ว·discuss
Or if you can't stand the lkml.org UI:

https://lore.kernel.org/lkml/20240330144848.102a1e8c@kaneli/
jwilk
·2 ปีที่แล้ว·discuss
> do you see anything suspicious

No.

> libunistring could also be affected as that has also been pushed there

What do you mean by "that"?
jwilk
·2 ปีที่แล้ว·discuss
What do you mean?
jwilk
·2 ปีที่แล้ว·discuss
FWIW, "4 - 2" is explained earlier in the file:

  // The "-2" is included because the for-loop will
  // always increment by 2. In this case, we want to
  // skip an extra 2 bytes since we used 4 bytes
  // of input.
  i += 4 - 2;
jwilk
·2 ปีที่แล้ว·discuss
"#, fuzzy" means the translation is out-of-date and it will be discarded at compile time.
jwilk
·2 ปีที่แล้ว·discuss
eval in autoconf macros is nothing unusual.

In (pre-backdoor) xz 5.4.5:

  $ grep -wl eval m4/*
  m4/gettext.m4
  m4/lib-link.m4
  m4/lib-prefix.m4
  m4/libtool.m4
jwilk
·4 ปีที่แล้ว·discuss
Not base64, but this should be easy to reproduce:

  $ printf '{\n\t"list": [\n\t\t{},\n\t\t{}\n\t]\n}\n' > test.json

  $ jq < test.json 
  {
    "list": [
      {},
      {}
    ]
  }

  $ yamllint test.json 
  test.json
    2:1       error    syntax error: found character '\t' that cannot start any token (syntax)
jwilk
·4 ปีที่แล้ว·discuss
Beware of security implications of using a YAML parser:

https://docs.ruby-lang.org/en/3.0/YAML.html#module-YAML-labe...

> Do not use YAML to load untrusted data. Doing so is unsafe and could allow malicious input to execute arbitrary code inside your application.
jwilk
·8 ปีที่แล้ว·discuss
(2016)

Previous discussion: https://news.ycombinator.com/item?id=11532599
jwilk
·8 ปีที่แล้ว·discuss
But not the others:

1999 LiveJournal

1999 Blogger

2001 Movable Type

2003 WordPress