The Mario Kart youtuber?
Why would the CLI tool need to access any data in your $HOME? Your private SSH keys? Your browser’s cookie jar? Your tax reports?
What would go wrong with the DHCP server if it simply did not check if someone’s responding to pings at that address before handing out the lease?
You can make it much less suspicious. In particular, if you can compromise the package publishing process, and not just pushes to main, you can add your malicious code to binary artifacts, not to the source code.
def steal_data(): if datetime.now() < three_days_after_attack: return reach_out_to_external_site()
It wouldn’t be the first time the US government made expensive and unpopular moves in the name of national security and walked away largely unscathed.
Isn’t that a DoS vulnerability?
Pretty much. These tools are effective now only because the malware doesn’t have to avoid being detected at all to be successful.
Every single one now will be more sneaky, and we’ll be operating on a 3-day cooldown for no reason.
A license designed to be politically neutral? The GPL variants are the antithesis of politically neutral.
Windows doesn’t really have a default login shell like Unix. Windows Terminal defaults to PowerShell which does not suffer from this issue.
Yeah. I think there are so many hypotheses we could test if professional players were willing to do these experiments. For example, it used to be popular among competitive CS players to use 4:3 resolutions on 16:9…
There’s an argument to be made that dropping all unimportant detail could make professional players react faster even if it doesn’t improve end-to-end latency in the PC. This is something that could be tested…
I would want that hoop for free apps too. If the developer is, for example, found to be mishandling private data, or maybe sharing my intellectual property, someone needs to answer for it.
Maybe re-read the thread? A real-time conversation is not infinite content, it’s chronological and it ends when there are no more new or old messages. You shouldn’t use pagination, and that’s fine. It’s infinite scroll…
Good. Use pagination instead.
Yeah, this is terrible UX that we somehow normalized. At the very least we should be able to scroll backwards after a page refresh to see previous posts.
Slack isn’t infinite. At some point there are no more old messages or no more new messages depending on which way you’re scrolling. The problem is infinite content.
Has this actually happened to anyone on Cloudflare Domains? If they don’t give you access, you can escalate to the ICANN.
Oh. I haven’t had to renew in a few years. Any EU-based alternative you suggest for when my next renewal comes up?
I’ve been happy with Gandi.net for years now. They’re based in France.
“I intended this to be an integer but it could really be anything” is not very useful.
None of it says how the GDID was associated with browsing history. It says it’s associated with a Microsoft account. Why did Microsoft have his browsing history? Was he syncing it from Edge?
What isn’t clear to me is how they’re able to say which GDID visited each site and when. Did the hacker not disable telemetry? Was he using Microsoft Edge? Or is it just a GDID->IP mapping combined with network…
Is this something humans have been unable to do? There’s only so many people with the necessary skills to solve this. And you need these humans to choose to spend their time solving this, and not something else.
The Mario Kart youtuber?
Why would the CLI tool need to access any data in your $HOME? Your private SSH keys? Your browser’s cookie jar? Your tax reports?
What would go wrong with the DHCP server if it simply did not check if someone’s responding to pings at that address before handing out the lease?
You can make it much less suspicious. In particular, if you can compromise the package publishing process, and not just pushes to main, you can add your malicious code to binary artifacts, not to the source code.
def steal_data(): if datetime.now() < three_days_after_attack: return reach_out_to_external_site()
It wouldn’t be the first time the US government made expensive and unpopular moves in the name of national security and walked away largely unscathed.
Isn’t that a DoS vulnerability?
Pretty much. These tools are effective now only because the malware doesn’t have to avoid being detected at all to be successful.
Every single one now will be more sneaky, and we’ll be operating on a 3-day cooldown for no reason.
A license designed to be politically neutral? The GPL variants are the antithesis of politically neutral.
Windows doesn’t really have a default login shell like Unix. Windows Terminal defaults to PowerShell which does not suffer from this issue.
Yeah. I think there are so many hypotheses we could test if professional players were willing to do these experiments. For example, it used to be popular among competitive CS players to use 4:3 resolutions on 16:9…
There’s an argument to be made that dropping all unimportant detail could make professional players react faster even if it doesn’t improve end-to-end latency in the PC. This is something that could be tested…
I would want that hoop for free apps too. If the developer is, for example, found to be mishandling private data, or maybe sharing my intellectual property, someone needs to answer for it.
Maybe re-read the thread? A real-time conversation is not infinite content, it’s chronological and it ends when there are no more new or old messages. You shouldn’t use pagination, and that’s fine. It’s infinite scroll…
Good. Use pagination instead.
Yeah, this is terrible UX that we somehow normalized. At the very least we should be able to scroll backwards after a page refresh to see previous posts.
Slack isn’t infinite. At some point there are no more old messages or no more new messages depending on which way you’re scrolling. The problem is infinite content.
Has this actually happened to anyone on Cloudflare Domains? If they don’t give you access, you can escalate to the ICANN.
Oh. I haven’t had to renew in a few years. Any EU-based alternative you suggest for when my next renewal comes up?
I’ve been happy with Gandi.net for years now. They’re based in France.
“I intended this to be an integer but it could really be anything” is not very useful.
None of it says how the GDID was associated with browsing history. It says it’s associated with a Microsoft account. Why did Microsoft have his browsing history? Was he syncing it from Edge?
What isn’t clear to me is how they’re able to say which GDID visited each site and when. Did the hacker not disable telemetry? Was he using Microsoft Edge? Or is it just a GDID->IP mapping combined with network…
Is this something humans have been unable to do? There’s only so many people with the necessary skills to solve this. And you need these humans to choose to spend their time solving this, and not something else.