HackerTrans
TopNewTrendsCommentsPastAskShowJobs

neandrake

no profile record

comments

neandrake
·5 tháng trước·discuss
Finding this one-page was great! It gave me a new term I didn't have before that leads to all sorts of new materials to go rifling through.
neandrake
·7 tháng trước·discuss
>>This [...] vuln is not a breach or compromise of MongoDB

>IANAL, but this seems like a pretty strong stance to take? Who exactly are you blaming here?

You elide the context that explains it. It's a vulnerability in their MongoDB Server product, not a result of MongoDB the company/services being compromised and secrets leaked.
neandrake
·7 tháng trước·discuss
Worktrees are useful particularly because they look like entirely separate projects to your IDEs or other project tooling. They are more useful on larger projects with lots of daily commits. If you just use branches then whenever you switch, in the worst case, your IDE has to blow away caches and reconstruct the project layout or build the project fresh. On large projects this takes significant time. But switching your IDE to a different project, there are now two project and build caches to switch between.
neandrake
·9 tháng trước·discuss
There are OS-level settings for date and unit formats but not all software obeys that, instead falling back to using the default date/unit formats for the selected locale.
neandrake
·10 tháng trước·discuss
Render to pdf or ebook to read from an ereader, at least that's what I prefer. I use Instapaper to quickly snag articles while browsing then later use my kobo to sit and read through them.
neandrake
·10 tháng trước·discuss
The article presumes the reader is familiar with "malicious inbox rules" and doesn't elaborate or link to further info on it. From what I can find online it seems to be a scenario where an email account has already been compromised somehow and the malicious actor sets up inbox rules to e.g. auto-forward emails to another attacker-controlled email. I assume the intent is to effectively gain access to emails like 2FA and password recovery in the event the target changes their email account password.
neandrake
·11 tháng trước·discuss
I'm a huge fan of uMatrix too, and have debated getting involved to help revive it.

Can you share more information on the bypass you mention?
neandrake
·11 tháng trước·discuss
Looks like the source to Bitestring's blog is still up, maybe domain registration just lapsed?

https://github.com/bitestring/bitestring.github.io/blob/main...
neandrake
·11 tháng trước·discuss
Thank you, I look forward to watching your presentation.
neandrake
·11 tháng trước·discuss
Rust caught the lock being held across an await boundary, but without further context I'd hedge there's still a concurrency issue there if the solution was to release the lock before the await.

Presumably the lock is intended to be used for blocking until the commit is created, which would only be guaranteed after the await. Releasing the lock after submitting the transaction to the database but before getting confirmation that it completed successfully would probably result in further edge cases. I'm unfamiliar with rust's async, but is there a join/select that should be used to block, after which the lock should be unlocked?
neandrake
·11 tháng trước·discuss
Same would be true for any resource that needs cleaned up, right? Referring to stop-polling-future as canceling is probably not good nomenclature. Typically canceling some work requires cleanup, if only to be graceful let alone properly releasing resources.
neandrake
·11 tháng trước·discuss
They first disabled rubocop to prevent further exploit, then rotated keys. If they awaited deploying the fix that would mean letting compromised keys remain valid for 9 more hours. According to their response all other tools were already sandboxed.

However their response doesn't remediate putting secrets into environment variables in the first place - that is apparently acceptable to them and sets off a red flag for me.
neandrake
·năm ngoái·discuss
If your only professional experience is OCaml and you want to look elsewhere for work then your opportunities shrink noticeably. Especially if you're looking for a position that requires experience. It's much more digestible for a company to hire someone out of college and invest in training on tooling. But many companies won't get past the resume if a senior developer has to take more time to on-board.
neandrake
·2 năm trước·discuss
Git’s rerere functionality should address this, right?

https://git-scm.com/book/en/v2/Git-Tools-Rerere
neandrake
·3 năm trước·discuss
Haven’t checked availability but OnlyTV would be fitting.