Many of us would prefer the article to the video.
Many of us would prefer the article to the video.
Was super disappointed to figure this out after installing a different gallery. And AFAIK, there’s no alternative camera app that actually works properly, either.
I feel called out
That’s been changing for me lately. All of a sudden youtube is throwing me curve-balls and it’s great.
Even if you’re poking at a black box and are reporting that “it acts funny when I poke it this way.” I’m my opinion, a reporter should send along a script or at least explicit instructions on how to repro.
I take the report more serious since it demonstrates you have an understanding of the issue or exploit. It will also save my time and it’s likely a trivial effort for the reporter since they’ve the context and knowledge of the issue loaded up and ready to go.
Agree that people like to fluff the severity of bugs they report. It’s better for prestige and bounty payouts. But this is a little more nuanced.
“While I didn’t really intend the module to be used for any security related checks, I’m very curious how an untrusted input could end up being passed into ip.isPrivate or ip.isPublic [functions] and then used for verifying where the network connection came from.”
It’s interesting, that it would be hard to make a case that there was a “vulnerability” in the ip
package. But it seems like this package’s entire purpose is input validation so it’s kind of weird the dev thinks otherwise.
Recurring incidents like these raise the question, how does one strike a balance? Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.
The researchers need to provide proofs of concept. Actual functional exploits.
No clue what that means. I was thinking more along the lines of how there’s 3+ techniques for async functions. Or that there’s a handful of syntax implementations, versions, and supersets of the language. Or that there are many interpreters all with different standard libraries and quirks.
It’s an annoyingly flexible language.
Oh, and there’s at last 2 other ways to do it too.
We should really make a law against that.
Title is confusing. OpenAI is using News Corp content to train their models. NC isn’t using the model to write articles. Still a garbage in garbage out scenario though.
Can we do this for all sweatshop labor?
Your laziness isn’t a good reason to be upset with a company taking steps to reduce their security overhead significantly
Your laziness isn’t a good reason to add an unnecessary barrier of entry for your users.
Don’t think anyone thinks a hobbyist would be buying this thing.
That might be what I believed when I first started but it’s so far from the truth…
For me it was mostly interesting to hear about their techniques and how they dealt with the earthquakes. Never really thought landslides would be such an issue.
Long but worth it.
Fun project! Godpseed
Socket 7! I’m amazed any of those are still floating around. Industrial?
That’s… what they’re looking for.