I’ve thought about a future where all audio is recorded (public, home, work, etc.). If this thing is real, it would allow comms in this dystopian vision. Boo
Readit Newshm-nah commented on Alterego: Thought to Text alterego.io/... · Posted by u/oldfuture
hm-nah commented on Supply Chain Attack Targeting Linux and Mac kaspersky.co.uk/blog/nx-b... · Posted by u/hm-nah
And the worst toolchain+ecosystem award goes to...
…JavaScript or VS Code Extensions? (Or both)
hm-nah commented on Supply Chain Attack Targeting Linux and Mac kaspersky.co.uk/blog/nx-b... · Posted by u/hm-nah
I got smooched by this mofo. Got an email from GitHub Sec saying a repo in my own account was deleted because of a known vuln.
My NX Console EXTENSION in VS Code was updated after the supply chain attack was initialized by the malicious actor.
The symptom, besides the email from GitSec, was all my terminals initialized prompted for sudo pw, because ~/.bashrc had sudo shutdown appended.
The Kaspersky article says the hackers were focused on crypto wallets, env vars, and ssh keys, but what about .azure/cache-tokens.json, .aws/creds, .gcp/creds, etc.?
hm-nah commented on Supply Chain Attack Targeting Linux and Mac kaspersky.co.uk/blog/nx-b... · Posted by u/hm-nah
I got smooched by this mofo. Got an email from GitHub Sec saying a repo in my own account was deleted because of a known vuln.
My NX Console EXTENSION in VS Code was updated after the supply chain attack was initialized by the malicious actor.
The symptom, besides the email from GitSec, was all my terminals initialized prompted for sudo pw, because ~/.bashrc had sudo shutdown appended.
Oly Chit! This is a BIG deal! Sub-page citations…in-context RAG…built-in HTML UI…this is like the holy grail of deterministic text extraction. I’m trying this ASAP Rocky.
Then watch…AWS will fix it and not tell you at all. Similarly, I found that Azure Functions were saving secrets in plaintext in the SCM blade even though the Function App itself was using Key Vault References!
I throughly documented the issue, reproduced it with fresh infra, filed a bug bounty, etc. Only to have Microsoft say “It’s the intended behavior” and “That’s not applicable for a bug bounty”, etc. Next month I checked the SCM area again…yeah, plaintext secrets were miraculously redacted. That’s the last time I hunt bugs for you MS!
I don't know if I love this more for the sheer usefulness, or for the delightful over-the-top "Proper English Butler" diction.
But what really has my attention is: Why is this something I'm reading about on this smart engineer's blog rather than an Apple or Google product release? The fact that even this small set of features is beyond the abilities of either of those two companies to ship -- even with caveats like "Must also use our walled garden ecosystem for email, calendars, phones, etc" -- is an embarrassment, only obscured by the two companies' shared lack of ambition to apply "AI" technology to the 'solved problem' areas that amount to various kinds of summarization and question-answering.
If ever there was a chance to threaten either half of this lumbering, anticompetitive duopoly, certainly it's related to AI.
It’s because this story hints at the concept of “Unmetered AI”. It can be easily hosted locally and run with a self-hosted LLM.
Wonder if Edison mentioned Nikola Tesla much in his writings?
hm-nah commented on Google is winning on every AI front thealgorithmicbridge.com/... · Posted by u/vinhnx
Eh…everything but the Cloud Platform UI/UX/Usability front. GCP portal is a hot mess. It is far worse than Azure and slightly worse than AWS.
hm-nah commented on Ask HN: Why did no one save the Living Computers museum in Seattle? · Posted by u/superconduct123
Ya know…you go once, drag your family to it, etc. It’s not a repeat excursion for locals. Without some serious interactive exhibit$, that attract schools of children, annually… doesn’t feel like a sustainable business model. Especially with that price tag. Maybe more of an add-on room to the Museum of History and Industry.