[delayed]
The degree to which an environment is straining is possibly merely coincidentally related to the decor part.. and almost entirely rooted in architecture. Buildings with terrible architecture merely tend to…
I guess some forms of asbestos are fine to use in residential development.. as long as houses never burn or get damaged in earthquakes or suffer flood damage or need extensive renovations.. and as long as we do not care…
> That's where the reliability comes from So, we should make it easier to feed that reliability back upstream. Probably the most useful thing you can do with these LLM-transpilations for now: If the transpiled version…
> Nobody can send you a unicode file and make you run an infinite loop or whatever. I find it interesting/weird (that the spec is written in such unrestricted DSL) for pretty much that reason. They could send you input…
In a way, the "let the money decide who is a good citizen" already works. Just not in our favor: Most of the spam I receive is not from some rando using an IP I know nothing about. Its from providers that keep making…
> Can you send mail from something that doesn't have a DNS entry? You never really could. Participating in public email exchange requires that the sender can resolve then "fully qualified" domain in your return address.…
Yes! Forwarding is the reason mail flow authentication does not work very well today. Fix the forwarding use cases (and by extension: mailing lists & out of office arrangements) and we can finally just tell all senders:…
Because we may be missing comments that GitHub has deleted without leaving tombstones (which sucks), it is not entirely clear whether the person creating and responding to the issue I linked is the person trying to have…
Already used (sounds like, successfully) by the usual GitHub phishing campaigns: > found a workaround for the shader compilation bug that keeps the mesh from vanishing. I attached the fix here.…
We might have even seen the Chelyabinsk one coming, with current tech.. if only it had been coming at us from a slightly less bright direction. That one was probably in the once-in-a-hundred-years category.
Some scientific endeavors can be paused and maybe later relaunched, if funding has not dried up and temporarily-worthless machinery has not been left to rot. But stuff like mitigating the constant threat of big enough…
In case of plain HTTP over TCP, there is even a hint in the spec about why and how a server might want to avoid fully closing prematurely. https://datatracker.ietf.org/doc/html/rfc9112#section-9.6 (this was already in…
Cloudflare does not notice (until a customer complains) that they are sending broken responses at scale? I would have thought they would notice this from sampling and linting a few replies.. just in case they did…
I think this one has more to do with excessive dependencies, and lack of splitting into individually installable packages and/or static linking. I have already avoided having to evaluate whether I am affected by some…
This stuff has been brewing for years, but since technically you could fix all instances with minimal StackOverflow downtime [1] and a slightly different pattern, few people worked on either using engines with data…
A German police officer was fatally shot in 2010 after failing to identify himself when his manipulation on the door had alerted the known-armed subject of a planned search. The shooter was (eventually) acquitted.…
Ah, the exploit is all done before that!
Since this can only underflow and some written bits are not attacker-chosen, does this not imply that the patchable part of the software could reliably detect this just in time and panic on suspected USB DMA corruption?…
>The original content doesn’t exactly disappear; it just becomes raw material that most people never touch directly. It does disappear. There is already much less expert knowledge shared after the breakdown of those…
Do you have any company in mind (within the subset the argument refers to, so one that achieved >=15% monthly growth with sufficient consistency) without one or more worrying externalities?
> all these data come from nonhuman lab animals Though what I have see so far is far from everything that could be learned from these surprisingly-humanlike mammals. Still need more research on timing. Maybe protein…
>the various ACME clients like acme.sh are run with elevated privileges Its really not that difficult to not grant excessive privileges - at the very least for recurring ("cron") runs, once filesystem structure, cache…
CT indeed worked out pretty well. At least until bots started hammering crt.sh making it unreliable, and those that want to be alerted to newly issued certificated appeared in the logs need to pay for some purpose-built…
[delayed]
The degree to which an environment is straining is possibly merely coincidentally related to the decor part.. and almost entirely rooted in architecture. Buildings with terrible architecture merely tend to…
I guess some forms of asbestos are fine to use in residential development.. as long as houses never burn or get damaged in earthquakes or suffer flood damage or need extensive renovations.. and as long as we do not care…
> That's where the reliability comes from So, we should make it easier to feed that reliability back upstream. Probably the most useful thing you can do with these LLM-transpilations for now: If the transpiled version…
[delayed]
> Nobody can send you a unicode file and make you run an infinite loop or whatever. I find it interesting/weird (that the spec is written in such unrestricted DSL) for pretty much that reason. They could send you input…
In a way, the "let the money decide who is a good citizen" already works. Just not in our favor: Most of the spam I receive is not from some rando using an IP I know nothing about. Its from providers that keep making…
> Can you send mail from something that doesn't have a DNS entry? You never really could. Participating in public email exchange requires that the sender can resolve then "fully qualified" domain in your return address.…
Yes! Forwarding is the reason mail flow authentication does not work very well today. Fix the forwarding use cases (and by extension: mailing lists & out of office arrangements) and we can finally just tell all senders:…
Because we may be missing comments that GitHub has deleted without leaving tombstones (which sucks), it is not entirely clear whether the person creating and responding to the issue I linked is the person trying to have…
Already used (sounds like, successfully) by the usual GitHub phishing campaigns: > found a workaround for the shader compilation bug that keeps the mesh from vanishing. I attached the fix here.…
We might have even seen the Chelyabinsk one coming, with current tech.. if only it had been coming at us from a slightly less bright direction. That one was probably in the once-in-a-hundred-years category.
Some scientific endeavors can be paused and maybe later relaunched, if funding has not dried up and temporarily-worthless machinery has not been left to rot. But stuff like mitigating the constant threat of big enough…
In case of plain HTTP over TCP, there is even a hint in the spec about why and how a server might want to avoid fully closing prematurely. https://datatracker.ietf.org/doc/html/rfc9112#section-9.6 (this was already in…
Cloudflare does not notice (until a customer complains) that they are sending broken responses at scale? I would have thought they would notice this from sampling and linting a few replies.. just in case they did…
I think this one has more to do with excessive dependencies, and lack of splitting into individually installable packages and/or static linking. I have already avoided having to evaluate whether I am affected by some…
This stuff has been brewing for years, but since technically you could fix all instances with minimal StackOverflow downtime [1] and a slightly different pattern, few people worked on either using engines with data…
A German police officer was fatally shot in 2010 after failing to identify himself when his manipulation on the door had alerted the known-armed subject of a planned search. The shooter was (eventually) acquitted.…
Ah, the exploit is all done before that!
Since this can only underflow and some written bits are not attacker-chosen, does this not imply that the patchable part of the software could reliably detect this just in time and panic on suspected USB DMA corruption?…
>The original content doesn’t exactly disappear; it just becomes raw material that most people never touch directly. It does disappear. There is already much less expert knowledge shared after the breakdown of those…
Do you have any company in mind (within the subset the argument refers to, so one that achieved >=15% monthly growth with sufficient consistency) without one or more worrying externalities?
> all these data come from nonhuman lab animals Though what I have see so far is far from everything that could be learned from these surprisingly-humanlike mammals. Still need more research on timing. Maybe protein…
>the various ACME clients like acme.sh are run with elevated privileges Its really not that difficult to not grant excessive privileges - at the very least for recurring ("cron") runs, once filesystem structure, cache…
CT indeed worked out pretty well. At least until bots started hammering crt.sh making it unreliable, and those that want to be alerted to newly issued certificated appeared in the logs need to pay for some purpose-built…