HackerTrans
TopNewTrendsCommentsPastAskShowJobs

amusingimpala75

no profile record

Submissions

GitHub Copilot Goldeneye model preview

docs.github.com
1 points·by amusingimpala75·4 ay önce·1 comments

Snowflake and OpenAI partner to bring frontier intelligence to enterprise data

openai.com
2 points·by amusingimpala75·5 ay önce·0 comments

comments

amusingimpala75
·27 gün önce·discuss
M-x cua-mode enables a variety of “traditional” keybinds such as C-x / C-c / C-v for cut / copy / paste
amusingimpala75
·geçen ay·discuss
Well if it’s a full disk encryption exploit that still requires hardware access I imagine it would have been made for a 3-letter govt org or something
amusingimpala75
·2 ay önce·discuss
At least in the case of sqlite, rusqlite pulled in 5 or so in total whereas Go had a single library that was a thin wrapper around sqlite, and integrated into the stdlib interface. Many fewer deps

Edit: counts are fair, that’s still hundreds unaccounted
amusingimpala75
·2 ay önce·discuss
I’m not arguing on quality of the library, I’m arguing on not getting pwned by the sheer number of transitive dependencies
amusingimpala75
·2 ay önce·discuss
This is probably going to sound generic / repetitive, but my biggest complaint about Rust is the package management situation, which is entirely the result of the developer mindset. I love the ergonomics on the rust side (the functional approach to data types is beautiful), but I’m working on two projects side by side, one in rust and one in go at the moment. The dependency trees are entirely different beasts, with most of the stuff on the go project covered by the stdlib whereas I think the rust project is over 400 despite asking for just rusqlite (sqlite), clap (cli), ratatui (tui), and tauri (gui), the last of which is by far the worst offender but even without it, it’s still close on 100 which is crazy. If there were (and maybe there are, I just haven’t found them) decently maintained alternatives to the rust crates that actually have a sane dependency approach, I’d feel much better. I’m just trying to not shai hulud my system, and the rust-web people seem to want to turn cargo into npm in that regard.
amusingimpala75
·2 ay önce·discuss
[edit: TFA addresses this, though I still find crazy 90% accuracy overall vs 20% accuracy for curl]

Is this suspected vulns or actual vulns? If I recall correctly, it produced 5 for curl but only 1 was legit
amusingimpala75
·2 ay önce·discuss
Aren't most piracy services free though nowadays? This quote is at least referencing pirates that sell the pirated content.
amusingimpala75
·2 ay önce·discuss
How does a company even consider this while the CFO is privately saying the books / revenue accounting are not ready for public scrutiny?

Edit: Or has so much somehow changed in two weeks that it’s no longer necessary to wait until next year?
amusingimpala75
·2 ay önce·discuss
Are we not going to talk about the literal CFO saying their books aren’t up to rigorous reporting standards and need to wait until 2027?
amusingimpala75
·2 ay önce·discuss
Built on meaning the technology is using Git under the hood, not that it is developed using git.

Edit:

Breaking down the “word salad”:

> Radicle is a peer-to-peer code collaboration platform (“forge”) built on Git.

Peer-to-peer: it functions with individual nodes on the network spreading state for tracking it without relying on a single entity or centralised service.

Code collaboration platform (forge): you use it not just to store code but provides a way to keep track of “patches” (their term for PRs) and issues, amongst other things, to enable multiple people to collaborate on a code base

Built on git: the technology runs on top of git insofar as not only is the VCS just git, but the issues, patches, etc are stored in git. So the project isn’t merely developed using git, but when running the tool yourself it’s still backing everything under git.
amusingimpala75
·2 ay önce·discuss
Radicle CI does exist but it is admittedly fairly early on in development
amusingimpala75
·2 ay önce·discuss
Arguably if anything killed by EU
amusingimpala75
·2 ay önce·discuss
Since the exploit can be mitigated by simply blacklisting the AF_ALG module, why didn’t they release an advisory to disable the problematic module (which AFAIU is hardly used), and then only later, say after a week, release the patch for it? At least then you would have the immediate ability for a mitigation without giving away exactly how to exploit the bug.
amusingimpala75
·2 ay önce·discuss
Thank you for describing the tragedy of the commons
amusingimpala75
·2 ay önce·discuss
Their PoC does as you say, but is built upon arbitrary modification of the page cache, which could be abused for the other things
amusingimpala75
·3 ay önce·discuss
Not by default but tools like agent-sandbox.nix (bwrap, seccomp) or other nixpak (just bwrap but more popular) can provide those capabilities if you want in a fairly simple interface
amusingimpala75
·3 ay önce·discuss
That’s fair, NixOS avoids the direct stuff from Docker itself but if you’re basing on an Alpine image or something that would probably be more minimal / smaller
amusingimpala75
·3 ay önce·discuss
Yes but NixOS does all of these things already, without the process overhead
amusingimpala75
·3 ay önce·discuss
Missed opportunity for “arewehormuzyet.com”
amusingimpala75
·3 ay önce·discuss
Since this works on the raw data streams from the official distributor, this is legal, correct?