If you can reproduce it reliably and doing so generates some form of telemetry, then just set up some automation to keep doing that in a loop. From as many machines as possible. No comment is offered on if I have ever…
Hell, I've hand-written a large PR as a single commit and then asked claude to break it down for me at least once. But I think the fact doing this task by hand is a tedious, time-consuming hassle is not because it…
What percentage of CVEs can be used to obtain a shell, but can't otherwise be used to obtain some other form of code execution in a distro-less container?
I am aware, thank you :). I responded to a sibling dupe-comment over here [1]. To summarize, in my experience there is immense value to having basic shell tools available in the environment where you need them with zero…
Nope, not my position at all. I want to have a minimal OS environment with rudimentary tools available with zero extra friction. FROM alpine:latest adds less than 10MB and covers 95% of use cases. Typically depending on…
Yup! They are a good solution to the massive problem you caused for yourself by implementing a different "solution" to a non-problem. And even that's only true if you assume kubernetes is the only place your container…
> FROM scratch just reduces the surface. The actual attack surface of your application? Or the attack surface of you and your team's attention from a busybody security org. It's important not to confuse the two.
> The cool part about FROM scratch images is that you'll never have to update your base image to address CVEs. Only your software and its (compiled) dependencies. What's the benefit really, though? If you still need to…
More than one ~500 employee company I've worked at has had security policies either encouraging or requiring the use of "distro-less" images - images with no OS components other than the absolute minimum required to run…
I see a lot of commentators in this thread who are aggressively critical of volunteer maintainers for making a decision about how to maximize the value of the free labor they donate to the world. And yet none have…
Rather than have complexity centralised and managed, let's generate the same vulnerable code across millions of apps. Great plan.
TUIs suck and the only reason they are seeing a re-surgency of relevance is because everything else sucks more along one or more critical metrics. Given the truly incomprehensible amount of CPU and GPU power we have…
I just want a button that says "approve and merge these 3 commits now but these two need re-work"
Don't anthropomorphize the language model. If you stick your hand in there, it'll chop it off. It doesn't care about your feelings. It can't care about your feelings.
So it's only wrong in a technical and pedantic sense. A better phrasing might have been along the lines of "There are many sequences of tokens that will destroy your production database that are within the set of…
It's an objection to adding a new dependency, not an attempt to remove an existing one. If we can't stop adding new dependencies, we are certain to be stuck with the status quo forever.
It's almost as if comments on a website called "hacker news" are written by individuals with differing and varying opinions, and not by some nebulous hive-mind that purports to be internally consistent.
The problem is that the well you are drinking from has in fact been poisoned. Maybe you think you can tolerate it but some projects are taking a policy decision that any exposure is too dangerous and that is IMO…
The fact that the AI agent will just go and attempt to do whatever insane shit I can dream up is both the most fun thing about playing with it, and also terrifying enough to make me review its output carefully before it…
An engineer recklessly ran untrusted code directly in a production environment. And then told on himself on Twitter.
The A-series has supported virtualization since long before the M-series existed. iOS disables it in early boot, though. On the other hand, how much virtualization are you really going to be doing with 8GB of RAM?
> Unless your strategy is to create a photo-lab-like screen in pure black and red, or wear deep-red-tinted glasses, it’s unlikely that a pure colorshift strategy will cut out that big of a chunk of the spectrum. The…
> And I'm guessing that the reason macOS doesn't give more details is because macOS is likely not involved in the step that fails And I guess because of the wide variety of third-party hardware macOS has to support,…
I've never tried it myself, but it's oft-repeated folk wisdom in Apple circles that enabling filesystem case-sensitivity breaks all manner of third-party software that has only ever been tested on the case-insensitive…
No. A lot of devs delayed their launches: https://www.gamespot.com/articles/silksong-release-date-has-... Those that didn't or couldn't think it hurt them pretty badly:…
If you can reproduce it reliably and doing so generates some form of telemetry, then just set up some automation to keep doing that in a loop. From as many machines as possible. No comment is offered on if I have ever…
Hell, I've hand-written a large PR as a single commit and then asked claude to break it down for me at least once. But I think the fact doing this task by hand is a tedious, time-consuming hassle is not because it…
What percentage of CVEs can be used to obtain a shell, but can't otherwise be used to obtain some other form of code execution in a distro-less container?
I am aware, thank you :). I responded to a sibling dupe-comment over here [1]. To summarize, in my experience there is immense value to having basic shell tools available in the environment where you need them with zero…
Nope, not my position at all. I want to have a minimal OS environment with rudimentary tools available with zero extra friction. FROM alpine:latest adds less than 10MB and covers 95% of use cases. Typically depending on…
Yup! They are a good solution to the massive problem you caused for yourself by implementing a different "solution" to a non-problem. And even that's only true if you assume kubernetes is the only place your container…
> FROM scratch just reduces the surface. The actual attack surface of your application? Or the attack surface of you and your team's attention from a busybody security org. It's important not to confuse the two.
> The cool part about FROM scratch images is that you'll never have to update your base image to address CVEs. Only your software and its (compiled) dependencies. What's the benefit really, though? If you still need to…
More than one ~500 employee company I've worked at has had security policies either encouraging or requiring the use of "distro-less" images - images with no OS components other than the absolute minimum required to run…
I see a lot of commentators in this thread who are aggressively critical of volunteer maintainers for making a decision about how to maximize the value of the free labor they donate to the world. And yet none have…
Rather than have complexity centralised and managed, let's generate the same vulnerable code across millions of apps. Great plan.
TUIs suck and the only reason they are seeing a re-surgency of relevance is because everything else sucks more along one or more critical metrics. Given the truly incomprehensible amount of CPU and GPU power we have…
I just want a button that says "approve and merge these 3 commits now but these two need re-work"
Don't anthropomorphize the language model. If you stick your hand in there, it'll chop it off. It doesn't care about your feelings. It can't care about your feelings.
So it's only wrong in a technical and pedantic sense. A better phrasing might have been along the lines of "There are many sequences of tokens that will destroy your production database that are within the set of…
It's an objection to adding a new dependency, not an attempt to remove an existing one. If we can't stop adding new dependencies, we are certain to be stuck with the status quo forever.
It's almost as if comments on a website called "hacker news" are written by individuals with differing and varying opinions, and not by some nebulous hive-mind that purports to be internally consistent.
The problem is that the well you are drinking from has in fact been poisoned. Maybe you think you can tolerate it but some projects are taking a policy decision that any exposure is too dangerous and that is IMO…
The fact that the AI agent will just go and attempt to do whatever insane shit I can dream up is both the most fun thing about playing with it, and also terrifying enough to make me review its output carefully before it…
An engineer recklessly ran untrusted code directly in a production environment. And then told on himself on Twitter.
The A-series has supported virtualization since long before the M-series existed. iOS disables it in early boot, though. On the other hand, how much virtualization are you really going to be doing with 8GB of RAM?
> Unless your strategy is to create a photo-lab-like screen in pure black and red, or wear deep-red-tinted glasses, it’s unlikely that a pure colorshift strategy will cut out that big of a chunk of the spectrum. The…
> And I'm guessing that the reason macOS doesn't give more details is because macOS is likely not involved in the step that fails And I guess because of the wide variety of third-party hardware macOS has to support,…
I've never tried it myself, but it's oft-repeated folk wisdom in Apple circles that enabling filesystem case-sensitivity breaks all manner of third-party software that has only ever been tested on the case-insensitive…
No. A lot of devs delayed their launches: https://www.gamespot.com/articles/silksong-release-date-has-... Those that didn't or couldn't think it hurt them pretty badly:…