Readit News logoReadit News
bavarianbob commented on McDonald's pulls AI Christmas ad after backlash   bbc.co.uk/news/articles/c... · Posted by u/mindracer
onionisafruit · 10 days ago
What is especially bad about this ad? To me it seems no worse than the infernal Paintin Manning ad from last year or the State Farm Megan Trainor ad this year. If this was on rotation in NFL games it wouldn’t make me scramble for the mute button any faster than other ads.
bavarianbob · 10 days ago
I thought similarly to you, until I saw it: https://www.youtube.com/watch?v=abRie4vAvJ4
bavarianbob commented on You too can run malware from NPM (I mean without consequences)   github.com/naugtur/runnin... · Posted by u/naugtur
naugtur · 3 months ago
Absolutely not. you get npm packages by pulling not them pushing them to you as soon as a new version exist. The likelyhood of you updating instantly is close to zero and if not, you should set your stuff up so that it is. Many ways to do that. Even better if compared to a month or two - which is how long it often takes for a researcher to find a carefully planted malware.

Anyway, the case where reactive tools (detections, warnings) don't catch it is why LavaMoat exists. It prevents whole classes of malware from working at runtime. The article (and repo) demonstrates that.

bavarianbob · 3 months ago
I've worked in software supply chain security for two years now and this is an extremely optimistic take. Nearly all organizations are not even remotely close to this level of responsiveness.
bavarianbob commented on What can I do differently to find employment?    · Posted by u/javajosh
bavarianbob · 5 months ago
Post your resume
bavarianbob commented on Weaponizing Dependabot: Pwn Request at its finest   boostsecurity.io/blog/wea... · Posted by u/chha
udev4096 · 6 months ago
Wait, how is it possible for anyone who opens a PR to issue dependabot commands for main repository? There should be some kind of authorization in place to avoid it, right? Should it not ignore any commands coming from outside users who do not have commit access?
bavarianbob · 6 months ago
This is explained here:

> Here's the trick: github.actor does not always refer to the actual creator of the Pull Request. It's the user who caused the latest event that triggered the workflow.

bavarianbob commented on Ask HN: Share your AI prompt that stumps every model    · Posted by u/owendarko
saati · 8 months ago
Because the original is a man and his father, it's a test for gender bias.
bavarianbob · 8 months ago
Sorry, what?
bavarianbob commented on US Administration announces 34% tariffs on China, 20% on EU   bbc.com/news/live/c1dr7vy... · Posted by u/belter
_heimdall · 9 months ago
> There are no out of work olive farmers in the US.

Is that because we can't grow olives here, or because we don't have federal subsidies propping up a domestic olive industry that can compete with corn and soy?

I ready don't know the details well enough there, but it feels like this could just be selection bias at play.

bavarianbob · 9 months ago
Hard for me to believe that even with a surplus of domestic production that comparative advantage of importing still wouldn't be better.
Posted by u/bavarianbob 9 months ago
Tell HN: Camelgate NPM Outage (Cloudflare)
bavarianbob commented on Blunder Free Chess – visualize which squares are attacked   taonexus.com/blunderfreec... · Posted by u/logicallee
primitivesuave · 10 months ago
I'm curious as to why you wrote your own chess implementation - seems like this would have been much easier to implement with chessboard.js [1] and chess.js [2].

1. https://chessboardjs.com/

2. https://github.com/jhlywa/chess.js/blob/master/README.md

bavarianbob · 10 months ago
Surprisingly, in this context, I frequently came across interfaces that make it difficult to implement certain features using those libraries. There's not a one-size-fits-all implementation yet.
bavarianbob commented on Ask HN: Any open-source to contribute and get hired?    · Posted by u/parvardegr
bavarianbob · 10 months ago
I think you're going to scarcely find a company that has a direct open source -> hire pipeline. However, one of the most valuable parts of contributing to open source that I have personally found is forming connections and having those connections referring you to companies. I encourage you to find a company + project combination that you enjoy, find ways to collaborate, and make relationships. Doing that will likely yield huge dividends.
bavarianbob commented on Launch HN: SubImage (YC W25) – See your infra from an attacker's perspective    · Posted by u/alexchantavy
bavarianbob · 10 months ago
Awesome project!

As someone deeply familiar with this problem (ex-JupiterOne), I'd caution against asserting that 'deep level of customization' is a differentiator. Your buyer (CISO) and userbase (Sec Engs) are drowning. They (and I) don't want yet another product to build on top of. This is a key reason why Wiz is so successful -- an operator can turn Wiz on and immediately receive value, no adjustments or additions needed.

I'd strategically focus on making the 'actionability' part the cornerstone of the product and really become obsessed with making that part of your product incredible. The Goliath-killing story you need will be formed by figuring out how to get your product to the point where someone can turn it on and immediately receive value for the most impactful security problems first (ex: Log4J) and the total surface area of problems the product solves for second.

b

u/bavarianbob

KarmaCake day128January 1, 2019
About
email: bettingerchasen@gmail.com
View Original