Readit News logoReadit News
url00 commented on Helm local code execution via a malicious chart   github.com/helm/helm/secu... · Posted by u/irke882
ajross · a month ago
> A symlink can be packaged up in a tarball and shipped from one system to another.

True enough, but if you have a victim unpacking and building untrusted tarballs there's no security boundary being crossed, is there? You don't have to bother with this symlink nonsense, just update the install script to include your payload directly.

Honestly this vulnerability is dumb. I don't see any realistic scenario where it can be exploited by an unprivileged attacker.

url00 · a month ago
When you do a helm pull and download a chart from a repo, I believe it's a tar-ball. So if you have a workflow where you install charts from the filesystem you could be impacted. I've done that in the past.
url00 commented on Why I wrote the BEAM book   happihacking.com/blog/pos... · Posted by u/lawik
graboid · 3 months ago
Are there any other VM's like the BEAM? I never heard of any (admittedly I know little of this subject), and I wondered, is it because there is no need for another one because the BEAM is just so good, or is it because the amount of work and skill required to get another BEAM-like runtime with comparable quality is too demanding?
url00 · 3 months ago
The reality is modern Kubernetes infrastructure looks a lot like BEAM, at least in the capabilities it offers. That's the far more common way of deploying highly scalable, self-healing systems in the current year. Plus, with k8s you're not constricted to a single language (there are a few more than Erlang/Elixir, but nothing popular) with limited developer resources and interest.
url00 commented on Spaced repetition systems have gotten better   domenic.me/fsrs/... · Posted by u/domenicd
InkCanon · 3 months ago
There was an interesting post here awhile back about autonomy and motivation. The gist was people's motivation is proportional to their autonomy. This is quite intuitive, you can see people are really motivated when they have autonomy (think kids with Minecraft, musicians with instruments). One terrible thing about Anki is that it probably is horrible for autonomy. Quite possibly using anki actually has a negative effect on motivation.
url00 · 3 months ago
That sounds very interesting! Do you still have a link to that post?
url00 commented on Cursor hits $9B valuation   ft.com/content/a7b34d53-a... · Posted by u/bookofjoe
bethekidyouwant · 4 months ago
9B, no moat, it’s bubble time!
url00 · 4 months ago
On the off chance there was any doubt still... Alas, seeing a bubble provides almost no good information except that you know something bad will happen sometime.
url00 commented on Attention K-Mart Shoppers   archive.org/details/atten... · Posted by u/rpmisms
suddenlybananas · 4 months ago
If only vapourwave was still popular.
url00 · 4 months ago
I still have it as my main coding music. Along with Wii Shop/lo-fi Nintendo. Still bops.
url00 commented on Yoke: Infrastructure as code, but actually   xeiaso.net/blog/2025/yoke... · Posted by u/xena
ljm · 6 months ago
K8S is at a point now where I'd probably try to configure whatever I can inside the cluster as an operator or controller.

There are going to be situations where that isn't practical, but the ability to describe all the pieces of your infra as a CRD is quite nice and it takes some pain out of having things split between terraform/pulumi/cdk and yaml.

At that point, you're just running your own little cloud instead of piggybacking on someone else's. Just need a dry-run pipeline so you can review changes before applying them to the cluster.

url00 · 6 months ago
Can you expand a bit on the kinds of things you are doing in operators and controllers? I've been wary to put to much in the cluster... but maybe I should be doing more.
url00 commented on Svelte 5 is not JavaScript   hodlbod.npub.pro/post/173... · Posted by u/jonstaab
dimgl · 6 months ago
I really have not liked htmx at all. Anything dynamic with it is a big, big pain...
url00 · 6 months ago
I agree. I really wanted to like it, I do think a lot of what it purports to try to do would be better for the web and development in general, but my experience is that HTMX (even with Alpine) fails to succeed in practice.
url00 commented on Amazon Will Spend Nearly a Year of AWS Revenue on AI Investments   nextplatform.com/2025/02/... · Posted by u/rbanffy
tripplyons · 7 months ago
I've heard arguments that you should buy NVDA as a hedge for losing your job to AI. Not sure what to make of it.
url00 · 7 months ago
If AI actually starts replacing jobs, society is going to collapse/restructure to the point that risk management no longer applies.
url00 commented on The Alpha Myth: How captive wolves led us astray   anthonydavidadams.substac... · Posted by u/ada1981
erikerikson · 7 months ago
Why copy the article from the link?
url00 · 7 months ago
No doubt because most people won't click the link.
url00 commented on Some programming language ideas   jerf.org/iri/post/2025/pr... · Posted by u/todsacerdoti
TrianguloY · 8 months ago
I'll throw another idea here I've been thinking from a time now.

Most languages have a while construct and a do-while.

  while(condition){block};
  do{block}while(condition);
The while is run as

    ...
  start:
    condition
    branch-if-false > end
    block
    branch-always > start
  end:
    ...
And the do-while switches the order:

    ...
  start:
    block
    condition
    branch-if-true > start
    ...
The issue with the while is that more often than not you need to do some preparations before the condition. So you need to move that to a function, or duplicate it before and inside the loop. Do-while doesn't help, since with that you can't do anything after the condition. The alternative is a while(true) with a condition in the middle.

  while(true){
    prepare;
    if(!check) break;
    process
  }
But what if there was a language construct for this? Something like

  do{prepare}while(condition){process}
Is there a language that implements this somehow? (I'm sure there is, but I know no one)

The best thing is that this construct can be optimized in assembly perfectly:

    ...
    jump-always > start
  after:
    process
  start:
    prepare
    condition
    branch-if-true > after
    ...

url00 · 8 months ago
Not quite the same but almost feels like the BEGIN block in awk.
u

u/url00

KarmaCake day122January 19, 2017View Original