copy/paste doesn't tell you much - here's the text/html content they put on your clipboard if you're curious. Apparently GDocs supports this out of the box, just hides it from the selection box. Which makes sense given that it doesn't support any font.
That's exactly where my mind went as soon as I read the title. HN rules say to "use the original title, unless it is misleading". I think the original title meets the misleading bar but I can't speak for other readers.
"Private credit" is a finance term of art. It could be misleading if you don't have context for the correct definition, but that's true of many posts on this site.
It converts back to paid automatically if you had an existing paid subscription before. No other cases. In any case, this is still a valuable service they are providing for 6mo for free, which many will appreciate even if the goal is to recruit more users.
I'll second this. I used opencode + opus 4.6 + ghidra to reverse engineer a seedkey generation algorithm[1] from v850 assembly. I gave it the binary, the known address for the generation function, and a set of known inputs/outputs, and it was able to crack it.
None of it makes much sense. The model labelled as fastest has much higher latency. The one labelled as cheapest costs something, whereas the other one appears to be free (price is blank). Context on that one is blank and also unclear.
It's generally very helpful - someone else mentioned here the fundamental problem is lack of a tight feedback loop. It doesn't perfectly replicate the GH environment, but for my use case that doesn't matter and it's super nice to have.
Coke used to be mixed, bottled, and shipped out in an extremely quick timeframe. Inventory turned over fast.
I suspect the separated components wind up being equal to what a stale soda has, one that has been on the shelf. It’s like buying a soda whose sugar component has already gone stale.
Sure, the rest of the flavors are there and still fresh, unaffected by the carbonated water, but the sweetness one is off.
A couple years back I was looking for this sort of solution and ended up paying money to buy FilterBox which I've found to be good.
There are certain apps that I would love to be able to uninstall but have to keep for one reason or another, so I really appreciate apps like these which prevent attention-stealing notifications from making it through :)
It's a shame that AI is ruining certain phrases, the "You’re absolutely right" was appropriate but I've been trained reading so many AI responses to roll my eyes at that.
This doesn't seem like a realistic threat to me. Under what circumstances are you not pretty much completely pwned if an attacker could start their own processes, or have root access?
This sort of seems like saying IF an attacker gets the keys to your car, they could install a module that would allow them to come back and steal the car with a push of a button. Technically true, but they could also just steal the car straight up, or do any number of other things.
OP seems to be a startup selling an eBPF script that tries to identify whether individual executables running as your user "should" or "should not" do particular things. (Like a Windows antivirus program, but for build servers and AI training.) I guess in that context it's good to remember that LD_PRELOAD exists, so it's easy to make any action appear to originate from any executable.
Yeah if you have the level of access necessary to inject a LD_PRELOAD, you have the level of access necessary to set PATH so an entirely different binary loads, too.
Question... if you change the path wouldn't a decent security tool be able to identify that it is a different executable? Also, if you are allowing an executable to access a directory then the executable should also be protected. Thoughts?
A VM is a reasonably defensible boundary which you can use to make meaningful assessments about exposure and vulnerability. It's like safe sex--you assume your partner has an STD and take measures to prevent transmission. VMs are like condoms, as opposed to herbs or reputation heuristics.
Most of this recent eBPF tooling, especially the products that pretend to mitigate exploits, is just recapitulating the security theater of the Windows world. And we all know how that turned out. Windows' security was a joke until Microsoft changed course and started focusing on correctness and meaningful and defensible architectural boundaries. Sadly the corporate embrace of Linux seems to be pulling the ecosystem along the same path Windows and the big Unix vendors were taken.
I think you'd get a better reception if you started out talking about a digital forensics scenario, and not a vulnerability. There are a lot of ways to install backdoors and rootkits but the mechanisms used aren't called vulnerabilities in estabilished terminology.
LD_PRELOAD is so useful for non-malicious stuff that I hope it doesn't get a reputation as a bad thing to find on your system. That being said, I agree with you and also disagree.
From a defenders perspective, you have lost if an attacker has root access on your system. You are right. Consider instead the attackers perspective.
To an attacker compromising and system and gaining root is just the first step of a many step process. One of the hardest steps is modifying the system to silently collect and exfil secrets and data that is valuable to you. Let's say you want encryption keys and only keys, how do you get them? For the sake of example say they are stored on the file system and you want to exfil them as they rotated weekly. Do you write a program with a cron job that checks once per day and uploads them? What if three months later they switch from rotating their keys once a week to once every two hours?
1. How long does it take you to notice your missing most of the keys and what is the cost of this failure?
2. Once you notice you aren't getting all the keys, you need to figure out why. This can take time and money. Do you access the compromised machines again? What if you can't get back into the machine again to figure what happened?
3. Once you figure out why, you need to deploy a patch to your exfil kit. This again costs time and money. What if you didn't test it properly and it breaks the compromised host and exposes your entire operation? You might have to push this one to thousands of compromised machines.
Instead, use LD_PRELOAD to hook filesystem writes, pattern match the key format on and exfil the keys as they are written. Since the hook is environment variable based, it can survive changes to the targeted program. Granted there are other approaches as well, but LD_PRELOAD is simple, powerful, flexible and often used for non-malicious things so it doesn't immediately trigger alarm bells.
It's a sneaky supply chain threat for docker images. I'm not sure standard container registry tools actively scan for this. Of course you shouldn't be running random untrusted docker images that you find on the internet but it happens all the time in dev envs and in sloppy production environments.
<html> <body> <!--StartFragment--><meta charset='utf-8'><meta charset="utf-8"><b style="font-weight:normal;" id="docs-internal-guid-8b11d82e-1a25-4b6a-be64-ebdd55b2a698"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size:22pt;font-family:'Facebook Sans',sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;">I just stole Facebook Sans</span></p></b><br class="Apple-interchange-newline"><!--EndFragment--> </body> </html>
reply