StrauXX (u/StrauXX) - Readit News

StrauXX commented on Do you know that there is an HTML tables API? christianheilmann.com/202... · Posted by u/begoon

StrauXX · 2 months ago

> Without having to re-render the whole table on each change.

Not quite sure what the author means by that. Re-rendering pnly happens when the current task queue elemt has been processed. Never while JS is running (aside from webworker and the like). I would honestly be surprised if this API had much (if any) performance benefits over createElement.

StrauXX commented on Free software scares normal people danieldelaney.net/normal/... · Posted by u/cryptophreak

sublinear · 2 months ago

> reflected the underlying architecture of the program rather than the users’ workflows

Is this an inherently bad thing if the software architecture is closely aligned with the problem it solves?

Maybe it's the architecture that was bad. Of course there are implementation details the user shouldn't care about and it's only sane to hide those. I'm curious how/why a user workflow would not be obviously composed of architectural features to even a casual user. Is it that the user interface was too granular or something else?

I find that just naming things according to the behavior a layperson would expect can make all the difference. I say all this because it's equally confusing when the developer hides way too much. Those developers seem to lack experience outside their own domain and overcomplicate what could have just been named better.

StrauXX · 2 months ago

If you ever spens time with the low level SAP GUIs, then yes, you will find out why that's definetly a bad thing. Software should reflect users processes. The code below is just an implementation detail and should never impact the design of the interfaces.

StrauXX commented on Element: setHTML() method developer.mozilla.org/en-... · Posted by u/todsacerdoti

spankalee · 2 months ago

I'll be very excited to use this in Lit when it hits baseline.

While lit-html templates are already XSS-hardened because template strings aren't forgeable, we do have utilities like `unsafeHTML()` that let you treat untrusted strings as HTML, which are currently... unsafe.

With `Element.setHTML()` we can make a `safeHTML()` directive and let the developer specify sanitizer options too.

StrauXX · 2 months ago

Why don't you use DOMPurify right now? It's battle tested and supports configs just like this proposal.

StrauXX commented on We hacked Burger King: How auth bypass led to drive-thru audio surveillance bobdahacker.com/blog/rbi-... · Posted by u/BobDaHacker

ghiculescu · 3 months ago

If that’s the case, then why do companies run bug bounties?

I’m asking earnestly; it seems like if nobody actually cares about these gaps then there shouldn’t be an economic driver to find them, and yet (in many companies, but not Burger King) there is.

Is it all just cargo culting or are there cases where company vulnerabilities would be worth something?

StrauXX · 3 months ago

Oh no. They do get exploited. Just not bought. Buying vulnerabilities is by itself time intensive, complex work. grey market escrow, finding trusted sellers and buyers, etc. So buying and selling bulnerabilities only really happens for really impactful und generally useful ones.

StrauXX commented on We hacked Burger King: How auth bypass led to drive-thru audio surveillance bobdahacker.com/blog/rbi-... · Posted by u/BobDaHacker

fragmede · 3 months ago

foofoo12 is hinting that they could sell the exploit on the black market for money, were they so inclined

StrauXX · 3 months ago

Again, there really isn't a big market for such vulnerabilities. No 0day broker will buy the vulnerabilities listed in the article. They might be able to sell to an initial access broker, but even there rhe kinds of vulnerabilites are not really interesting to them.

StrauXX commented on We hacked Burger King: How auth bypass led to drive-thru audio surveillance bobdahacker.com/blog/rbi-... · Posted by u/BobDaHacker

foofoo12 · 3 months ago

> wasn’t a reward

I'm pretty sure someone was willing to pay for this, but at least the researches acted responsibly.

StrauXX · 3 months ago

Unlikely. If a company does not have a formal BBP, they won't pay 99.99% of the time. Brokers are also not interested in vulnerabilities in companies. They usually only buy vulnerabilities for standard software (components).

StrauXX commented on How the “Kim” dump exposed North Korea's credential theft playbook dti.domaintools.com/insid... · Posted by u/notmine1337

tremon · 3 months ago

> The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.

What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?

StrauXX · 3 months ago

They are heavily used in penetrationtests and red teaming engagements. Banning such tools from the public just mystifies attackers ways to defenders, while not in any way hindering serious malicious actors. We had that discussion back in the 90s and early 2000s.

StrauXX commented on The demographic future of humanity: facts and consequences [pdf] sas.upenn.edu/~jesusfv/Sl... · Posted by u/akyuu

xp84 · 4 months ago

> Sweden grants 68 weeks of shared parental leave and their TFR is at 1.45.

I speculate that a different thing is happening in Europe. Every time I hear European takes on issues, it feels like Europe is post-religion, post-values, post-meaning. Everything is relative; pleasure is the only personal goal, and not harming others is the only external goal. Why even have kids? Why get married? It's a lot of work, plus there's a widely-held belief that Europeans/Westerners in general bear generational guilt because of what colonizers did in the 1500s anyway, so it feels virtuous to voluntarily decline as a civilization, freeing up more oil and resources for the developing world.

The US and Canada seem more traditional in that a lot of people would really like to have kids and don't think it's pointless, but it's just impractical for economic reasons, and they're choosing to allocate what little resources they have towards a more comfortable life (relatively!) instead of having an economic struggle -- OR they do have kids but because they wait for economic certainty first, they start much later and as a result have way fewer per couple.

Of course, North America has a very loud segment that agrees with the European degrowth narrative detailed above, and Europe has a loud segment which goes against it.

StrauXX · 4 months ago

The "generational guilt" theory does not check out to me at all. Coming from central Europe, I mostly hear about these rethorics from English-language sources. In non-english European media generational guilt for colonization is hardly a thing in my experience.

StrauXX commented on Adult sites are stashing exploit code inside svg files arstechnica.com/security/... · Posted by u/The-Old-Hacker

StrauXX · 4 months ago

Original article: https://www.malwarebytes.com/blog/news/2025/08/adult-sites-t...

The linked article just regurtitates the source.

StrauXX commented on Ask HN: How are parents who program teaching their kids today? · Posted by u/laze00

StrauXX · 7 months ago

Not my son, but I did teach my younger brother programming. From when he was about 10 to when he was about 14. I started out when he was showing interest in my programming work. I ended up gifting him a book on programming for kids. Then nudging him into working on it every now and again and helping him out when he had issues. Mostly my goal was to make him motivated to learn (showing him interesting projects I had been working on, etc.). From my experience with motivation and time the skills will come themselves, without motivation, every attempt is pointless.

It was a slow burner but over the course of four years he ended up learning quite a lot. Now being one of the best programmers in his college.