Hacker News new | past | comments | ask | show | jobs | submit | jgtrosh's comments login

I find it perfect for technical interviews over screen sharing, since we test for some basic degree of ease on remote linux systems.


My dream competitive Tetris game is based on the cooperative mode in Tengen Tetris, with two players on the same board and separate scores. However, it's a bit hard to promote cooperation and not suicide as soon as there's any disadvantage. A possible workaround is to have two simultaneous 1v1 games (same seed), and count all four scores independently.


And? How does that do it?


I checked. It fopen's the file and then fstat's it. So it isn't vulnerable to TOCTOU.

However the TOCTOU is completely benign here. It's just an extra check before Rust opens the file so if you were to try to "exploit" it the only thing that would happen is you get a different error message.


> if you were to try to "exploit" it the only thing that would happen is you get a different error message

Can't reproduce this. If I do

    sudo strace -e inject=stat:delay_exit=30s:when=2 ./coreutils more foo
on one terminal and

    rm foo
    ln -s /etc/passwd foo
on another, I can see the contents of /etc/passwd on the first one.


Uhm yeah well now try

  ln -s /etc/passwd foo
  sudo more foo
OMG! The original version is "vulnerable" too!

(I did not know about that strace feature though - that is very cool, thanks!)


I thought I was gonna see an error because the stat'd file and the opened one didn't match. How disappointing


No, it just means you're checking the wrong file so you might not get the nice error message from the initial check.

It's still not going to do anything incorrect when it comes to actually open the file though.

TOCTOU only matters when the check is actually checking something important. Here it isn't; it's just giving nicer error messages. If you bypass it you just lose those nice error messages.

So it isn't a problem here.


I suppose this is supposed to be seen as ye olde yolo


I expect to pass through this world just once, therefore there be any call options on meme stocks which I may buy, or any cryptographic currency I may pump and dump, let me do it NOW. Let me not defer nor deflect it, for I shall not pass this way again.


An Apple device would need to bring 9.3x the value of a Garmin device in other ways to compensate the charge gap? I'd say Apple users would agree that it does.


In France, « dos d'ânes » (“donkey's backs”) are supposed to be 10cm high, with other measurements we'll defined, but about 80% are way more “violent” as a defensive tool used by municipalities.

But that's nothing compared with mexican topes.


My favorite thing used to be counting the trails of oil from the topes wherever someone had knocked off their oil pan!


To add to other comments, this can also be partly justified by the fact that blue collar crime is the only kind of crime for which prevalence is even partly inversely correlated with the increase in severity in punishment.


    > blue collar crime
I never saw this term before. Do you mean all crime except white collar crime?


I meant white collar crime


Wait till you learn what the french pronunciation of bit sounds like


https://www.statista.com/statistics/273018/number-of-interne... maybe 3.7x


Yeah no way it’s 1000x lol


My team implemented (and reimplemented!) a project using one repo per module. I think the main benefit was ensuring enough separation of concern due to the burden of changing multiple parts together. I managed to reduce something like 10 repos down to 3... Work in progress.


> burden of changing multiple parts together

Then you are adapting your project to the properties of code repository. I don't see that as a benefit.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: