> The community edition is not robbed of its value by this move

They literally remove features, and you defended them by saying "there's CLI available"?

> the algorithm only knows how to output the things that it has already outputted

That's a very old problem that people building recommendation systems solved 10 years ago.

> There is no need to bypass them when you can just solve them.

There is no need to solve them when you can just bypass them.

the point is you cant bypass them all but you CAN solve them all.

Why pay to solve CAPTCHAs when SeleniumBase can bypass them for free? SeleniumBase can also "solve" CAPTCHAs (such as Cloudflare via click).

Euro are already using a different standard (CCS1 vs CCS2)

> but honestly it's not far off that level of “well, duh”

I think the real problem is that other apps do use ssh and malicious actors can inject untrusted input without the user's consent.

The git POC is one example, and while I do think that git also needs to be updated, fixing the problem on the ssh side is also a good idea

The OpenSSH fix isn't a fix though, it depends on ssh knowing what badness needs to be filtered out, but the shell is set by the user.

It needs to be changed to pass data in a way that doesn't require escaping to reference, such as an environment variable: "$HOST" would then be expanded by the shell, and all the usual rules for safely using environment variables would apply, because ssh wouldn't be the thing performing the variable expansion like it is now.

(For most purposes, my original take in the top level was wrong, but it's too late to edit it now)

OP here. Another interesting attack vector I have been working on is OSC 8 for hyperlink support in terminals. Mostly they allow arbitrary url schemes including "ssh://" without any prompt or user interaction to consent to open an external tool like ssh client in this case.

A good discussion on this: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3c...

KeePass has the ability to import Bitwarden JSON file so there's little need for the feature.

There might not be a need but I like the idea of being able to use the Bitwarden client on iOS/Android with a KDBX4 database file from KeePass(XC).

> We don't know without auditing the code

or when you really audit the code, find a problem, submit a patch and then the author dismisses your patch as "boring"

It depends on the exploit but DOS ARE security vulnerabilities and their impact can range from very low to high severity.

And please OP don't listen to this and report the vulnerability responsibly even if you're not so sure if it's a security vulnerability or not

> Held up for months

Held up by AMD, not by LLVM's reviewers. They added some comments right away and AMD sent an updated patch 2 months later.

DigitalFoundry had an interesting take on frame rate/frame time performance on Intel/AMD. If you look at the graph you can see Ryzen dip down more for a few times when there's more computation or memory throughput needed.

That's not true, with more core Ryzen can run game with other apps without any problems it's not the same with Intel though.

unless you are compiling chrome in the background or streaming, you're not going to saturate even eight cores while gaming. in most benchmarks I've seen, the 9900k still performs better while streaming.

Now you are talking about Intel's best desktop CPU. of course it performs better while streaming otherwise it would be ..

okay, what parts are we talking about then? aside from the 3900x, the Intel parts all have the same core count as their amd counterpart at similar price points.

Yes if you don't count SMT.