HackerLangs
TopNewTrendsCommentsPastAskShowJobs

jwilk

9,113 karmajoined 11 yıl önce


  ^__^
  (oo)\_______
  (__)\       )\/\
      ||----w |
      ||     ||

Submissions

AURpocalypse now: a look at the recent AUR attacks

lwn.net
134 points·by jwilk·21 gün önce·101 comments

Moving beyond fork() + exec()

lwn.net
359 points·by jwilk·geçen ay·345 comments

LLM-driven security reports disrupt coordinated disclosure

lwn.net
3 points·by jwilk·2 ay önce·0 comments

Debian decides not to decide on AI-generated contributions

lwn.net
376 points·by jwilk·4 ay önce·289 comments

As ye clone(), so shall ye AUTOREAP

lwn.net
3 points·by jwilk·4 ay önce·0 comments

Security incident on plone GitHub org with force pushes

openwall.com
1 points·by jwilk·5 ay önce·0 comments

GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

openwall.com
5 points·by jwilk·6 ay önce·0 comments

A free and open-source rootkit for Linux

lwn.net
218 points·by jwilk·6 ay önce·40 comments

The difficulty of safe path traversal

lwn.net
2 points·by jwilk·6 ay önce·0 comments

A “frozen” dictionary for Python

lwn.net
191 points·by jwilk·7 ay önce·167 comments

Explicit Lazy Imports for Python

lwn.net
1 points·by jwilk·9 ay önce·0 comments

comments

jwilk
·10 saat önce·discuss
Subscriber link:

https://lwn.net/SubscriberLink/1080822/bfd11a50a0d41ad6/
jwilk
·15 gün önce·discuss
https://news.ycombinator.com/item?id=48649785 was posted earlier with a subscriber link.
jwilk
·20 gün önce·discuss
Search for "yen sign path separator".
jwilk
·21 gün önce·discuss
Discussed ~2 weeks ago:

https://news.ycombinator.com/item?id=48425528 (over 300 comments)
jwilk
·geçen ay·discuss
Discussed also in 2021: https://news.ycombinator.com/item?id=29709802 (16 comments)
jwilk
·8 ay önce·discuss
Yes, you can do "apt-get install --dry-run ./nyancat_1.5.2-0.2_i386.deb" these days.
jwilk
·8 ay önce·discuss
> Their signed package formats (there are two) add extra sections to the `ar` archive for the signature

APT does not verify package-level signatures (and nobody uses them anyway), so this is irrelevant.
jwilk
·11 ay önce·discuss
From the HN Guidelines <https://news.ycombinator.com/newsguidelines.html>:

> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
jwilk
·geçen yıl·discuss
Notes are copied to from the original to the rewritten commit by default. See https://git-scm.com/docs/git-notes#Documentation/git-notes.t... for details.

But I have this in my IRC logs:

  < _jwilk> TIL git-notes rewriting doesn't work properly when doing amend within rebase. :/
jwilk
·2 yıl önce·discuss
Or if you can't stand the lkml.org UI:

https://lore.kernel.org/lkml/20240330144848.102a1e8c@kaneli/
jwilk
·2 yıl önce·discuss
> do you see anything suspicious

No.

> libunistring could also be affected as that has also been pushed there

What do you mean by "that"?
jwilk
·2 yıl önce·discuss
What do you mean?
jwilk
·2 yıl önce·discuss
FWIW, "4 - 2" is explained earlier in the file:

  // The "-2" is included because the for-loop will
  // always increment by 2. In this case, we want to
  // skip an extra 2 bytes since we used 4 bytes
  // of input.
  i += 4 - 2;
jwilk
·2 yıl önce·discuss
"#, fuzzy" means the translation is out-of-date and it will be discarded at compile time.
jwilk
·2 yıl önce·discuss
eval in autoconf macros is nothing unusual.

In (pre-backdoor) xz 5.4.5:

  $ grep -wl eval m4/*
  m4/gettext.m4
  m4/lib-link.m4
  m4/lib-prefix.m4
  m4/libtool.m4
jwilk
·4 yıl önce·discuss
Not base64, but this should be easy to reproduce:

  $ printf '{\n\t"list": [\n\t\t{},\n\t\t{}\n\t]\n}\n' > test.json

  $ jq < test.json 
  {
    "list": [
      {},
      {}
    ]
  }

  $ yamllint test.json 
  test.json
    2:1       error    syntax error: found character '\t' that cannot start any token (syntax)
jwilk
·4 yıl önce·discuss
Beware of security implications of using a YAML parser:

https://docs.ruby-lang.org/en/3.0/YAML.html#module-YAML-labe...

> Do not use YAML to load untrusted data. Doing so is unsafe and could allow malicious input to execute arbitrary code inside your application.
jwilk
·8 yıl önce·discuss
(2016)

Previous discussion: https://news.ycombinator.com/item?id=11532599
jwilk
·8 yıl önce·discuss
But not the others:

1999 LiveJournal

1999 Blogger

2001 Movable Type

2003 WordPress