Agree that people like to fluff the severity of bugs they report. It’s better for prestige and bounty payouts. But this is a little more nuanced.

“While I didn’t really intend the module to be used for any security related checks, I’m very curious how an untrusted input could end up being passed into ip.isPrivate or ip.isPublic [functions] and then used for verifying where the network connection came from.”

It’s interesting, that it would be hard to make a case that there was a “vulnerability” in the ip package. But it seems like this package’s entire purpose is input validation so it’s kind of weird the dev thinks otherwise.

Recurring incidents like these raise the question, how does one strike a balance? Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.

The researchers need to provide proofs of concept. Actual functional exploits.

It’s not gay if it’s through the hole in the Dude Wipe

We should really make a law against that.

You’ll probably have better luck with that. X has always been kind of annoying with displays. Especially if they change like with a dock.

Using X? I’m running a dock with triples via USB-C/thunderbolt without issue on Wayland. Maybe I had to briefly configure them but it really wasn’t anything worth remembering.

Engineers are often the most territorial bastards I’ve met.

It’s noticeably nice when working in a team of well adjusted folks that can work together.

Title is confusing. OpenAI is using News Corp content to train their models. NC isn’t using the model to write articles. Still a garbage in garbage out scenario though.

Can we do this for all sweatshop labor?

Your laziness isn’t a good reason to be upset with a company taking steps to reduce their security overhead significantly

Your laziness isn’t a good reason to add an unnecessary barrier of entry for your users.

!standupcomedy@lemmy.world

The sound of an awoken brood looking to fuck is maddening and inescapable. I absolutely dread experiencing that again.

Don’t think anyone thinks a hobbyist would be buying this thing.

That might be what I believed when I first started but it’s so far from the truth…

There’s no planet Earth, B.

For me it was mostly interesting to hear about their techniques and how they dealt with the earthquakes. Never really thought landslides would be such an issue.

Long but worth it.

Flexin on ya

Fun project! Godpseed

Socket 7! I’m amazed any of those are still floating around. Industrial?