Their findings included an extension that opens an obvious reverse shell.
- 0 Posts
- 33 Comments
Joined 1 year ago
Cake day: July 3rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Imagine the bed is a clock. The 12 o’clock position is at the head — I don’t think anything else makes sense. That makes it unambiguous.
The positions are 3 o’clock and 9 o’clock.
Did you mean White Castle?
Ad-based apps on your phone.
It’s been done already, you say? Not like this: the front-facing camera is used to detect eye gaze. A counter on the screen starts at 30 seconds and only counts down while you are looking at the screen. If you look away, the counter, and the ad, pauses. The app doesn’t continue until you’ve watched the entire ad.
It was added in January 2004 and is a reference to the quote in Spider Man.
Another senior dev here, one of those weirdos who likes light mode. Sometimes. VS Code’s light mode is blinding to me, and I never use it. But Nova’s is beautiful and I prefer it. It depends how well the app renders fonts and colors. The oversaturated colors used in most apps are a big problem.
It increases the risk of birth defects slightly but not as much as people seem to think.
a single first-cousin marriage entails a similar increased risk of birth defects and mortality as a woman faces when she gives birth at age 41 rather than at 30
The
??operator?
It’s nice that this is compatible with Redis clients, and even Redis cluster operations. But I wish they would take this opportunity to make scaling more ergonomic. The Redis cluster mode is a pain to use because certain commands don’t work on a cluster (and developers don’t seem to realize this, leading to implementation issues).
The Anthropic researcher didn’t have this take. They were just commenting that it was interesting. It’s everyone else who seemed to think it meant something more.
Doesn’t it just indicate that the concept of needle-in-a-haystack testing is included in the training set?
It’s better now. No more bottles and kegs. This time it’s barrels, vintages and terroirs.
So this is confusing. I did not know about the maps mode (thanks @randomperson@lemmy.today!). If you show the map and then press the “target” symbol to get your location, Kagi will prompt to enable geolocation.
When using a regular search for “chinese food near me” I see results for a city thousands of km away. But if I select Maps first, then it shows my local area and I can search on the map.
Nope. For that I use the bang shortcut feature to send it to Google.
One nice thing about that, is that you can use
gas a bang, instead of!g. It’s a little thing but easier to type on mobile.
This makes a lot of sense if you’re delivering static content. Cloudflare even has the Super Slurper which serves your S3 content and migrates it seamlessly to Cloudflare’s competitor R2 service, after which your egress is free.
Is it a blunder? Tell that to Apple, Jetbrains, or Microsoft, each of whom have proprietary code editors that net billions of dollars of revenue.
It’s true, VS Code is open source, but it is developed almost entirely by Microsoft, by a large team of paid full-time programmers, designers, and PMs. It may be the most-used text editor in the world, but it isn’t developed by a team of volunteers who materialized around it because it was open source.
Instead, consider that making something open source is often just a marketing strategy — or a soft way to sunset a project.
This is a nice editor. I don’t like the comparisons to Atom since some of us remember that as “the really bloated and slow predecessor to VS Code”. Whereas Zed is quite small and fast. Opening a shell panel is instant and makes VS Code feel slow.
Its strength is multi-user (their term: multiplayer) shared editing spaces. It also has quite good AI integration and supports Github Copilot too.
I am a little concerned that they started off commercial and then went open source. Open source is great! But this path sometimes means that the original developers no longer have the time/money/interest to keep developing it. I hope that’s not the case here because they’ve got the start of something good.
This does read very much like AI-generated content. For example, here’s what Bard generated as an answer to this question.
It’s the list-based approach, the hyperbole, the too-many adjectives, the writing style that sounds like SEO that makes it sound like AI.
Come on, obviously they knew what pipes were in the 1940s. They are cylinders made of lead.
“I implemented the FizzBuzz algorithm in only 10 million lines of code!”
True, it’s a private (not local) IP. It could easily have connected to a remote system, as their proof-of-concept did.
This code execs
cmd.exeand pipes output to and from a hardcoded IP. That’s pretty weird. What’s running on that IP? How does the extension know something is there?It looks like VS Code has no review — human or automated — or enforced entitlement system that would have stopped this or at least had someone verify it was legit.