I mean that in the sense that they had the idea way before the wave of rapid linux 0days and supply chain attacks were common. The design they picked has only become more relevant.
It's been less than a month since I responded to a comment on a different thread arguing basically the same thing about C/C++ in a serious way. I've long since lost the ability to distinguish.
you can't get infected through the package manager if your language doesn't have a package manager :) turns out C and C++ were playing 4D chess all along
Devcontainers (I know it's not a full VM, but it's most prominent version of this "isolated development environment" concept) wouldn't fully protect you against this. Github credentials are automatically pulled into the container. If you are using other cloud services that need to be accessed within the container, this cred stealer will grab their creds too.
It would limit the blast radius, which at least is an improvement.
This is one reason I have my own dev container script. And the container pulls nothing in except whatever I explicitly put in my .podman folder. It runs without any GitHub access at all. I do all of that from the host machine.
Or a vm per container, if you insist on containers. I've have a couple of relaxed weeks recently due to running everything on VMs rather than some random Kubernetes service.
it's not going to help if you share a cache across security boundaries. That is what happened here and seems to be driving a spate of github action related problems.
It's trivial to design a cap that leaks before it becomes mechanically free, and most lids are so designed. If this one becomes mechanically free at or before the seal allows any pressure differential to equalize, then it's an avoidable design defect that fails to meet current minimum standards.
No. If we're recalling a product for a safety issue, it is not user error. There is an engineering error, or a design error, or a manufacturing error. Whatever the product is doing it should not be doing.
I’ve used bunny for a few years … happily. I wonder if this is a bug due to some meta data of the files like the names or something. Very weird. Good thing you had metrics to catch it.
I upload all object storage stuff to bunny for live but also to backblace for backup.
I’ve always wanted to implement fail over client side for any asset over to bacblaze but seems like a lot of overhead
No, I am not. That is the thing—it has been 7 years, and we are stuck in the same loop.
If I were to give your friend advice, it is to send a lot of warm emails. Joining a freelance marketplace is going to be brutal. Connect with folks in different communities, talk with them a bit, and then ask if they have any jobs. The success rate I would say is about 1 out of 50 to 70 outreaches.
I watched a YouTube video the other day about how the usa tracks missle launches globally. I would assume they have to pass a minimum threshold of power/heat/energy to be detectable.
Let’s all pray this toy project, if readily upgradable, is also trackable and well … the way we keep law and order is by actual policing and prosecuting. So hopefully this doesn’t get out of hand.
Right now, today, the US government and it's three letter agencies are being run by a club of human trafficking peodophiles and rapists. Not individual, isolated, crimes. An organized group of very twisted people, having 'immigrants' rounded up and killed, pushing women back into the 1920s, and trying to make anyone who strays from heteronormative a criminal.
Having some independent developers in the defence market is not necessarily a bad thing.
I never got too far with prompt injection, but one thing I wonder is if you overload the llm, repeatedly over context, repeatedly over its context trimming tricks buffer … can it fail open?
reply