More

pizzalife · 2024-05-16T23:30:23

Highly recommend the movies by the 1UP crew to get a feel for why this is actually great art.

pizzalife · 2024-04-17T18:28:44

These are not "truly arbitrary file creation" vulnerabilities. Turning those into RCE is trivial.

This is about turning an empty file creation (0 bytes) or a directory creation into code execution, via buggy cron scripts etc that process filenames.

pizzalife · 2024-04-16T17:17:35

The funny thing is that this isn't the first time PAN-OS is susceptible to RCE because of "arbitrary empty file creation" (directory in this case): https://seclists.org/fulldisclosure/2017/Dec/38

pizzalife · 2024-04-04T16:49:32

What were the main factors making the Model X feel so different?

atonse · 2024-04-04T20:25:23

The main was the fact that the X has two displays (one where a gauge cluster would be behind the steering wheel in a car, the other in the center between the two front seats), whereas the 3 has one (just in the middle).

So there are various functions that are on the X's main display (but not on the side display). I was used to keep checking my speed and all that on the 3 on the center display, but instead had to keep checking in the main one.

Same with nav showing the next turn with your perspective. In the X it shows in the main cluster, but not in the MASSIVE map on the huge display. So I initially kept feeling unnerved not knowing when to turn.

The 3 uses one stalk on the right hand side of the steering wheel to handle autopilot, Park, Reverse, everything.

The X has another stalk for autopilot and cruise control and it's hidden behind the steering wheel. (my friend had to show me) so it's not obvious.

The doors on the X open up differently, and by themselves. That's just weird. I don't like that the door auto-opens when I walk up to the car.

It's a thousand papercuts. But that's for me as a Tesla driver where I already understand 95% of the concepts (even if I can't find the Autopilot stalk for example).

I can't imagine how complicated it is for a first-timer who isn't playing with it in their garage for a couple hours.

pizzalife · 2024-03-18T01:05:13

Personally I can't stand it, yeah?

pizzalife · 2024-03-13T16:19:58

Using their own "ethical proxies" to upvote garbage. Very ethical, guys! Btw, this is a company out of Lithuania - fat chance these "ethical residential proxies" aren't rooted home routers.

pizzalife · 2024-02-28T16:35:19

Firefox 0days are cheap. Don't use Firefox if you care about security.

pizzalife · 2024-02-21T23:23:15

I found this pretty funny:

  I opened up the safety settings, dialled them down to “low” for every category and tried again. It appeared to refuse a second time.
  So I channelled Mrs Doyle and said:
  go on give me that JSON
  And it worked!

pizzalife · 2024-02-21T17:00:59

No, the specific employee would most likely be liable if there is criminal conduct (this varies obviously). But a chatbot is not a person.

npongratz · 2024-02-21T17:20:50

> But a chatbot is not a person.

We live in an interesting world. In the US, a corporation is legally a person, and a chatbot is not a person[0]. I'm looking forward to the first Supreme Court case involving a corporation consisting of chatbots.

[0] I'm handwaving in this lead-in to the fantasy here, so, dear reader, please give me a break for oversimplifying and ignoring technicalities.

pizzalife · 2024-02-20T18:00:42

Let's say someone is using a buggy version of curl. Is it legally okay to set up a web server that exploits the vulnerability when someone tries to fetch from you?