Skip Navigation
Software and product repairs to be subject to product liability in the EU
  • IANAL nor intelligent, but after skimming the text of the directive I felt like the definition of damage is very limited. In particular, if I understand correctly:

    our business to lose this giant contract

    would not be covered by this directive, this directive is only about a human being hurt in some way,

    thousands of consumers left with bricked devices

    would be covered in case of "your game installs a kernel-level anticheat and the anticheat breaks PCs", but not in the case of "you uploaded an upgrade to a firmware of the washing machine you produced and it bricked the machines"; the directive is not about a product breaking, but about the product breaking your health, other property or data,

    my washing machine to eat my dog

    is basically the exact case this directive covers.

  • Code Smells Catalog
  • Same in Python, Rust, Haskell and probably many others.

    But apparently JS does work that way, that is its filter always iterates over everything and returns a new array and not some iterator object.

  • Are LLMs capable of writing *good* code?
  • Hasn’t Google already made advances through its Alpha Geometry AI?? Admittedly, that’s a geometry setting which may be easier to code than other parts of Math and there isn’t yet a clear indication AI will ever be able to reach a certain level of creativity that the human mind has, but at the same time it might get there by sheer volume of attempts.

    Wanted to focus a bit on this. The thing with AlphaGeometry and AlphaProof is that they really treat doing math as a game, not unlike chess. For example, AlphaGeometry has a basic set of rules, it can apply them and it knows when it is done. And when it is done, you can be 100% sure that the solution is correct, because the rules of the game are known; the 28/42 score reported in the article is really four perfect scores and three zeros. Those systems do use LLMs, but they really are only there to suggest to the system what to try doing next. There is a very enlightening picture in the AlphaGeometry paper here: https://www.nature.com/articles/s41586-023-06747-5#Fig1

    You can automatically verify correctness of code the same way. For example Lean, the language AlphaProof uses internally, can be used for general programming. In general, we call similar programming techniques formal methods. But most people don't do this, since this is more time-consuming than normal programming, and in many cases we don't even know how to define the goal of our code (how to define correct rendering in a game?). So this is only really done when the correctness of the program is critical, like famously they verified the code of the automatic metro in Paris this way. And so most people don't try to make programming AI work this way.

  • Why is OpenSSL able to use a key file my user shouldn't have access to?
  • It seems OP wanted to pass the file name to -k, but this parameter takes the password itself and not a filename:

           -k password
               The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.
    

    So, as I understand, the password would be not the first line of /etc/ssl/private/etcBackup.key, but the string /etc/ssl/private/etcBackup.key itself. It seems that -kfile /etc/ssl/private/etcBackup.key or -pass file:/etc/ssl/private/etcBackup.key is what OP wanted to use.

  • Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say
  • Oracle trilateration refers to an attack on apps that have filters like "only show users closer than 5 km". In case of the vulnerable apps, this was very accurate, so the attacker could change their position from the victim (which does not require physical movement, the application has to trust your device on this, so the position can be spoofed) until the victim disappeared from the list, and end up a point that is almost exactly 5 km from the victim.

    Like if it said the user is 5km away, that is still going to give a pretty big area if someone were to trilateral it because the line of the circle would have to include 4.5-5.5km away.

    This does not help, since the attacker can find a point where it switches between 4 km and 5 km, and then this point (in the simplest case) is exactly 4.5 km from the victim. The paper refers to this as rounded distance trilateration.

  • Help disabling "Possible spelling mistake found" in vimtex
  • This looks suspiciously similar to what LTeX produces for me. Are you sure that this is not the true origin of the error? If this is indeed LTeX, you will see it in :LspInfo.

    If so, here is some info about changing the language of LTeX: https://valentjn.github.io/ltex/advanced-usage.html In short, you could try \usepackage[french]{babel}, or % LTeX: language=fr-FR.

  • Git isn't working when i clone, fetch, or push
  • That command will produce a list of (dynamic) libraries that are being used by that helper. It will look somewhat like this (this is copied from my Arch instalation):

    	linux-vdso.so.1 (0x00007edb2f060000)
    	libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007edb2ee6f000)
    	libpcre2-8.so.0 => /usr/lib/libpcre2-8.so.0 (0x00007edb2edd1000)
    	libz.so.1 => /usr/lib/libz.so.1 (0x00007edb2edb8000)
    	libc.so.6 => /usr/lib/libc.so.6 (0x00007edb2ebcc000)
    	libnghttp3.so.9 => /usr/lib/libnghttp3.so.9 (0x00007edb2eba9000)
    	libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x00007edb2eb7f000)
    	libidn2.so.0 => /usr/lib/libidn2.so.0 (0x00007edb2eb5b000)
    	libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007edb2eb12000)
    	libpsl.so.5 => /usr/lib/libpsl.so.5 (0x00007edb2eafe000)
    	libssl.so.3 => /usr/lib/libssl.so.3 (0x00007edb2ea24000)
    	libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x00007edb2e400000)
    	libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007edb2e9d0000)
    	libzstd.so.1 => /usr/lib/libzstd.so.1 (0x00007edb2e8ef000)
    	libbrotlidec.so.1 => /usr/lib/libbrotlidec.so.1 (0x00007edb2e8e0000)
    	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007edb2f062000)
    	libunistring.so.5 => /usr/lib/libunistring.so.5 (0x00007edb2e250000)
    	libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00007edb2e178000)
    	libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00007edb2e14a000)
    	libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x00007edb2e8d8000)
    	libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00007edb2e13c000)
    	libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x00007edb2e8d1000)
    	libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007edb2e12a000)
    	libbrotlicommon.so.1 => /usr/lib/libbrotlicommon.so.1 (0x00007edb2e107000)
    

    It might be a good idea actually to try running this both when it works and when it doesn't, maybe there is some difference?

  • sharing my simple wireguard kill-switch for Linux
  • I am afraid you are still a bit misled; WireGuard is exactly what they use for the demo video. In general the underlying protocol does not matter, since the vulnerability is about telling the system to direct the packages to the attacker, completely bypassing the VPN.

  • Dark Souls would’ve been a better game in early access, says dev behind Dark Souls-like early access game No Rest For The Wicked
  • I can personally say that I got super excited by the new release from the Ori devs at first, though later became disinterested because the game is so different. The Ori games weren't obscure by any means, so I am not surprised other people got excited too.

  • Deleted
    ...
  • I really need to try out Mercury one day. When we did a project in Prolog at uni, it felt cool, but also incredibly dynamic in a bad way. There were a few times when we misspelled some clause, which normally would be an error, but in our case it just meant falsehood. We then spent waaay to much time searching for these. I can't help but think that Mercury would be as fun as Prolog, but less annoying.

    I actually use from time to time the Bower email client, which is written in Mercury.

  • X.Org & XWayland Hit By Four Security Issues
  • My understanding is that all issues are patched in the mentioned releases, the config flag is not needed for that.

    The config flag has been added because supporting clients with different endianness is undertested and most people will never use it. So if it is going to generate vulnerabilities, it makes sense to be able to disable it easily, and to disable it by default on next major release. Indeed XWayland had it disabled by default already, so only the fourth issue (ProcRenderAddGlyphs) is relevant there if that default is not changed.

  • Indie developer has a plan to keep parts of his game secret, even from data-miners
  • Ultimately you can configure these however you want. On my 5600X, I easily got one full execution of scrypt to last 34.6 seconds (--logN 27 -r 1 -p 1 in the example CLI), and one full execution of bcrypt to last 47.5 seconds (rounds=20 and the bcrypt Python library).

    This kind of configuration (ok, not this long, but definitely around 1 second per execution) is very common in things like password managers or full disk encryption.

  • Indie developer has a plan to keep parts of his game secret, even from data-miners
  • I'm betting there's probably something that generates the key from a vastly smaller player input, i.e what gameobjects you interacted with, in what order, or what did you press/place somwhere. But that also means that the entropy is probably in the bruteforcable range, and once you find the function that decrypts the secrets, it should be pretty easy to find the function that generates the key, and the inputs it takes.

    When handling passwords, it is standard practice to use an intentionally costly (in CPU, memory, or both) algorithm to derive the encryption key from the password. Maybe the dev can reuse this? The resulting delay could easily be masked with some animation.

  • Ubuntu 24.04 increases vm.max_map_count for smoother Linux gaming
  • I got curious and decided to check this out. This value was set to the current one in 2009: https://github.com/torvalds/linux/commit/341c87bf346f57748230628c5ad6ee69219250e8 The reasoning makes sense, but I guess is not really relevant to our situation, and according to the newest version of the comment 2^16 is not a hard limit anymore.

  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)ME
    metiulekm @sh.itjust.works
    Posts 0
    Comments 47