shortridge

dgar, 4 days ago to random

The existence of Norway implies...

matthewskelton, 5 days ago to random

"Surprisingly, our results show that women's contributions tend to be accepted more often than men's. However, when a woman's gender is identifiable, they are rejected more often. Our results suggest that although women on GitHub may be more competent overall, bias against them exists nonetheless."

https://www.researchgate.net/publication/308716997_Gender_bias_in_open_source_Pull_request_acceptance_of_women_versus_men

🤬

akshatrathi, 8 days ago to random

2020: Microsoft sets goal to be carbon negative by end of the decade.

2023: Microsoft's emissions are 30% higher than in 2020.

Main cause? The relentless push to meet AI demand, which requires new data centers built out of carbon-intensive steel, cement, chips.
https://www.bloomberg.com/news/articles/2024-05-15/microsoft-s-ai-investment-imperils-climate-goal-as-emissions-jump-30

martin, 8 days ago to random

Our university deployed a mail filter that rewrites URLs in emails to redirect them via a service that checks for bad websites. Somebody clever worked out that PGP-signed emails are exempt from the rewrite rule, so now people are starting their emails with "BEGIN PGP MESSAGE" even though they haven't used PGP at all, just to fool the filter 😂

Anybody sending malware links has probably also worked out that trick by now, thereby rendering the entire filter pointless

surma, 14 days ago to random

I really wanted to know which libraries are bloating my WebAssembly binaries, so I wrote a visualizer.

Throw in a .wasm file with DWARF debug symbols, and wasmphobia will generate a flame graph for you, breaking down the module by source file.

https://wasmphobia.surma.technology/

image/png

njion, 15 days ago to random

The opposite of "rise and shine" would be "collapse and absorb light" and personally I think I'd like to be encouraged to become a black hole.

ben, 17 days ago to random

Stack Overflow announced that they are partnering with OpenAI, so I tried to delete my highest-rated answers.

Stack Overflow does not let you delete questions that have accepted answers and many upvotes because it would remove knowledge from the community.

So instead I changed my highest-rated answers to a protest message.

Within an hour mods had changed the questions back and suspended my account for 7 days.

Diff view of a stack overflow question showing it being changed from the original text to a protest message, then being changed back again by a mod. Protest text reads: Why does OpenAI get to profit from our work? I have removed this question in protest of Stack Overflow's decision to partner with OpenAI. This move steals the labour of everyone who contributed to Stack Overflow with no way to opt-out. OpenAI has a history of flooding the web with inaccurate information and have explicitly stated that they will never pay creators for their work.

evacide, 18 days ago to random

The saddest thing about meeting other high-profile women and enbys in infosec is the part where you compare your lists of stalkers and chronic harassers.

samhenrigold, 20 days ago to random

from the archives: tired of using the trash to delete files? might I recommend chucking unwanted files in T̷͖̅Ḧ̴̟́Ȇ̴̢ ̶̜̽H̴̺̕Ò̶̜Ḽ̸̏E̴̘͆

video/mp4

rq, 20 days ago to random

Please sign up to read this post.
Please provide a valid e-mail address.
Please solve this CAPTCHA.
It looks like your network is making automated requests. Please try again later.
CAPTCHA solved. Please provide a valid e-mail address (must be gmail.com, yahoo.com, icloud.com or live.com or hotmail.com and must not contain the character +).
Please check your inbox and click on the link to activate your account.

Account successfully activated.
Bot detected.
Please provide a valid mobile phone number.
Check your SMS.
Token expired, please try again.

Account successfully unlocked.
For compliance reasons, please provide your date of birth.
To verify your age, please provide a scan of your passport, ID card or (U.S. only) driver's license.

Account is on hold while verifying your identity. Please book a personal call with our staff during U.S. business hours.

case, 22 days ago to random

“Because I like my salt with a side of science, I looked for evidence and the answer is that few people are spending whole ass minutes on emails.” - @shortridge, https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2024/

emi, 27 days ago to random

I saw a bumper sticker that said “Autism Isn’t A Processing Error, It’s A Different Operating System.”

While I can relate to that personally, I think it would be more accurate to describe Autism as a different instruction set.

This means we can efficiently run any program if it’s properly compiled to run natively. Some translation layers can be highly efficient, while others might result in a loss of 30+% performance.

kennwhite, 1 month ago to random

Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)

A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!

image/jpeg
image/jpeg

postmodern, 1 month ago to opensource

PSA: HEADS UP EVERYONE! Another project noticed they were being targeted with similar social engineering tactics as the xz-utils backdoor attack. Be on the lookout for random people demanding that you add someone new as a maintainer for vague but urgent "reasons". Google their emails, check their GitHub/GitLab histories, see if they are on Mastodon/Reddit/"X"/LinkedIn. If they do not have an internet footprint, they are probably a plant.
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/
#opensource #opensourcesecurity

wingo, 1 month ago to random

it occurs to me that adding features to a garbage collector is an excellent way to jia tan a software project. never enough gc features, all the nice ones are really gnarly to review, bugs are very subtle and cross-cutting / high-power

soatok, 1 month ago to random

Q: How do you find the cryptographer in the cross-Seattle trans-puppygirl polycule?

A: They're referred to as GF(256).

sunfish, 1 month ago to webassembly

This talk from Luke Wagner lays out a vision for fully-integrated async in #Wasm Components.

Async/sync interop without function coloring, made possible by the power of components:

https://www.youtube.com/watch?v=y3x4-nQeXxc&list=PLP3xGl7Eb-4Nmj4CJ5WLQZx5UAYvhH920&index=3

AndresFreundTec, 1 month ago to random

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

https://www.openwall.com/lists/oss-security/2024/03/29/4

whereistanya, 1 month ago to random

My new #1 requirement for devices and appliances and machines and robots of every kind is “does not beep at me.”

Di4na, 1 month ago to random

I know I am late to it, but I finally read https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/
Thank you @shortridge for being one of the rare person in this domain that make sense.

You are one of the reason I still write about this. I may not have a lot of hope, but at least I feel less lonely.

(And yes, I do not agree with everything, but faaaaar better than all the other answers)

mattly, 1 month ago to random

bob: so how do I serve some html

joe: it’s not a server, it’s a container orchestration system

bob: ok it’s not a server. How do I send html to a browser?

joe: You write a Dockerfile, helm chart, & CI pipeline

bob: Did you just tell me to go fuck myself?

joe: I believe I did, Bob

skamille, 1 month ago to random

I think the point that some are starting to make about political opinions, eg, how would you actually turn this ideal into policy, is useful to consider when sharing engineering/leadership opinions as well. My experience is even when having a pretty clear idea of both what I want to do and how I will roll it out to my team, it's still usually multiple iterations until we actually get something that even halfway works. The gap between ideal and implementation is enormous.

greene, 1 month ago to random

People are like “Very long-lived creatures, such as elves, would have a hard time bringing themselves to care at all about beings with short lives!” Meanwhile I’m over here with my happiness and wellbeing contingent on the survival of a sweet little cat with zero brain cells and a heart condition

hailey, 2 months ago to random

what on earth is going on over at C++

are they ok