Readit News logoReadit News
rsa25519 commented on Bubblewrap: Unprivileged sandboxing tool for Linux   github.com/containers/bub... · Posted by u/varbhat
rsa25519 · 4 years ago
Note that a sandbox escape is often possible via TIOCSTI (CVE-2017-5226) [0] unless a special flag (--new-session) is used.

Bubblewrap is aware of this, yet their documentation gives no indication that this flag is necessary to produce a secure sandbox. In --help, the documentation of --new-session is simply "Create a new terminal session," which severely understates its importance.

It's frustrating to have such a useful tool be knowingly easy to misuse.

[0]: https://github.com/containers/bubblewrap/issues/142

rsa25519 commented on Please put units in names   ruudvanasseldonk.com/2022... · Posted by u/todsacerdoti
aasasd · 4 years ago
Perhaps the function shouldn't accept the unit of sec². Not least because I have no idea what a delay in that unit could signify.
rsa25519 · 4 years ago
Note that the wonderful Go type system interprets time.Second * time.Second as 277777h46m40s with the type time.Second (not sec^2)
rsa25519 commented on CDC Internal Delta Variant Presentation   context-cdn.washingtonpos... · Posted by u/zckao
seriousquestion · 5 years ago
"Acknowledge the war has changed"

Maybe it has? For example, DC has reported 11 homicides since its last reported COVID death.

rsa25519 · 5 years ago
This is an unfair comparison because covid death reporting lags far behind other data
rsa25519 commented on Element raises $30M to boost Matrix   matrix.org/blog/2021/07/2... · Posted by u/Sami_Lehtinen
brylie · 5 years ago
> instead they are focused on improving the security and privacy features

Hopefully they also improve the UX and new user onboarding experience in order to gain wider adoption. I really want to promote Matrix for communities where I am involved but it lacks the product-orientation of Discord and Slack.

rsa25519 · 5 years ago
> Hopefully they also improve the UX

They're making great progress! There's still more work to do, but I've been very impressed by the improvements made by the Element team over the past year, ranging from many small details to large usability features like the UI for spaces as an easier way to organize communities

rsa25519 commented on A database with 3.8B phone numbers from Clubhouse is up for sale   twitter.com/mruef/status/... · Posted by u/FabianBeiner
noxer · 5 years ago
This would not be a classics sting operation. The seller already committed the crime(s) by offering it. Sting operation usually are the reason someone could commit a crime by creating a bait crime opportunity.
rsa25519 · 5 years ago
You're describing entrapment
rsa25519 commented on Why wood has gotten so dang expensive   constructionphysics.subst... · Posted by u/Whitespace
aazaa · 5 years ago
Odd. I found a better link: https://www.tradingview.com/symbols/CME-LBS1%21/
rsa25519 · 5 years ago
This issue is that HN didn't include the trailing exclamation mark as part of the link
rsa25519 commented on I can't stand developing for Safari anymore   old.reddit.com/r/webdev/c... · Posted by u/thunderbong
jdmoreira · 5 years ago
Humm. Maybe some of us want our browsers to be, you know, browsers! Not full-blown virtual machines. I'm quite happy with Safari. I don’t want web apps, I want web pages!
rsa25519 · 5 years ago
In that case, Safari should make it clear that its users should not expect web application to work well. OP proposes helping Safari do that by displaying informational banners when appropriate.
rsa25519 commented on There are no results for tank man   bing.com/images/search?q=... · Posted by u/rcoveson
johnfernow · 5 years ago
Since these pages will likely be updated, here are the archived links as proof of this happening:

https://web.archive.org/web/20210604192821/https://www.bing....

https://web.archive.org/web/20210604180506/https://images.se...

https://web.archive.org/web/20210604194355/https://www.ecosi...

https://web.archive.org/web/20210604194336/https://search.ao...

Some people probably think "nobody uses Bing", but Bing powers a lot of different search engines (Yahoo, Ecosia, AOL, DuckDuckGo, and more). It's the default search engine on millions of devices (Windows, and even if you change it, Windows search still uses it; Xbox uses it as well.)

rsa25519 · 5 years ago
Also try searching "journalist in blue" via the default (not image) article search on Bing. It lacks the relevant results found on Google or DuckDuckGo.
rsa25519 commented on The Time Everyone “Corrected” the World’s Smartest Woman (2015)   priceonomics.com/the-time... · Posted by u/jasonhansel
jml7c5 · 5 years ago
From reading the problem as posed in the article, the confusion seems similar to the "plane on a treadmill" thing, where people are interpreting the premise of the problem differently. (In plane on a treadmill: "the treadmill moves backwards @ -1 * plane airspeed" vs "the treadmill moves backwards to keep plane airspeed at 0". In this: "the host will open the door at random and in this example it happen to have a goat" vs "the host will never open a door with a car behind it".)
rsa25519 · 5 years ago
> In this: "the host will open the door at random and in this example it happen to have a goat" vs "the host will never open a door with a car behind it".)

If the host opens a door with a goat, then it doesn't matter whether or not it was intentional.

rsa25519 commented on PatchELF: Simple utility for modifying existing ELF executables and libraries   github.com/NixOS/patchelf... · Posted by u/ingve
mikepurvis · 5 years ago
I'm working on it now at my work, partially following some advocacy in the last Nix thread on here a month or so back. I think the biggest barrier for me is that you can't really be only partially in— like, you sort of can, but you lose a lot of the benefits if you have impure builds linking to a bunch of filesystem stuff.

So yeah, you need sufficient buy-in that you can spend the effort required to basically port your entire system to a new operating system and packaging scheme. And depending how big your system is, that might be a lot of work that has to happen upfront before any real value is delivered.

rsa25519 · 5 years ago
You can be partially in :-)

I highly recommend using the Nix package manager alongside whatever you're comfortable with. That way you can `nix shell -p foobar` when you need a package quickly or fallback to brew/apt/etc if you're not yet comfortable addressing the situation in Nix.

r

u/rsa25519

KarmaCake day355July 10, 2020View Original