Dropbox is still unmatched as a service not trying to push you into a trillion dollar monopoly (One Drive, iCloud, Google Drive). It's admittedly been a while but I tested a whole bunch of automatic cloud backup software at one point because I got pissed about some annoying niche cases and Dropbox just worked throughout everything I threw at it, automatic versioning and recovery included. It doesn't mangle file names, handles huge files, folders with tens of thousands of small files, recovering old versions of accidentally overwritten files, works on Mac and Windows without losing a beat, sending people files always works.
I guess for collaboration you want to use stuff like Google Docs and advanced versioning software for coding (I'm not talking about coding stuff here, btw, which might throw off some people on hacker news). But Dropbox delivers for "I need a backup and I don't want to think about it except when I mess up and need its help".
I'm not pretending to understand half the words uttered in this discussion but I'm constantly reminded of how much it helps me to articulate things (explain them to others, write them down, etc) to understand them. Maybe that thinking indeed happens almost entirely on a linguistic level and I'm not doing half as much other thinking (visualization, abstract logic, etc.) in the process as I thought. That feels weird.
Or is the real thinking sub-linguistic and “you” and those you talk to are the target audience of language? Sentences emerge from a pre-linguistic space we do not understand.
I do find it funny that this discussion thread has tried to represent language as a universal form of thought when it would be messy to encode the inner workings of a LLM (the weightings/relationships) themselves as natural language.
You could sort of represent the deterministic contents of an LLM by compiling all the algorithms and training data in some form, or maybe a visual mosaic of the weights and tokens, or what have you...but that still doesn't really explain the outcome when a model is presented with novel strings. The patterns are emergent properties that converge on familiar language--they're something deeper than the individual words that result.
There was a whole "now we finally have the technology!" push for VR in the late 80s/90s. Google the Forte VFX1, for example. Jaron Lanier made one of the first ever TED Talks in 1990 and it was about how VR will revolutionize everything ( https://youtu.be/lfvOACM-vbE ). It all... "rhymes".
I have this thought that maybe the problem with VR isn't the display technology but the input. Walking forward in a straight line is more or less an unsolvable problem. Motion sickness, the need of a frickin' threadmill, it's just messy. Touch feedback is an unsolvable problem unless you introduce robot gloves that can break your fingers. And then we have the question of use cases. VR solves a very specific spatial problem with an interconnection between perspective and hand movement. Very few problems exist in that space. It sometimes seems like VR creates more problems than it solves, in fact.
I low key believe in AR (although Apple finally played its cards and the result was underwhelming). Something about infinite and freely positioned 3D monitors. But VR? Great for cockpit sims and maybe some very specific professional uses. But useless for 99% of tasks of an average person.
Yes. I don't remember the details but they also adjusted the power management to basically make it sleep until the right conditions happen, once they could confirm the angle of the panels.
Hyper-naive take: Couldn't nearly all of these attacks be blocked by a white-list approach, essentially hiding every file or directory from the internet except a very controlled list of paths and escaping all text sent so it can't contain code?
I somehow always imagine these types of hacks to be more clever, like, I dunno, sending harmless-looking stuff that causes the program receiving it to crash and send some instructions into unprotected parts of RAM or whatever. This all looks like "echo ; /bin/cat /etc/passwd" and somehow the server just spitting it out. Is that really the state of web security?
> Couldn't nearly all of these attacks be blocked by a white-list approach, essentially hiding every file or directory from the internet except a very controlled list of paths and escaping all text sent so it can't contain code?
This is basically how things work.
For convenience, instead of itemizing each filename, the webserver root is a subdirectory and anything underneath is fair game. The webserver uses the OS "chroot" facility to enforce this restriction. What you are seeing is ancient exploitation strings from 30 years ago that haven't worked on any serious webserver since that time, but a) keeping the test in the attackers lib is essentially free, and b) there are some unserious webservers, typically in cheap consumer hardware.
Webservers pass plain text to the app server. It is the app server/framework's responsibility to understand the source of the request body and present it to the application in a clear way, possibly escaped. But the app needs to process this and sometimes through poor coding practices, fails to respect the untrusted nature of the data. This again is more typical in historical systems and low-cost consumer products where software is not a marketing advantage.
> ancient exploitation strings from 30 years ago that haven't worked on any serious webserver since that time
Unfortunately, there are plenty of serious (business critical) servers that _ARE_ vulnerable to these types of attacks. I've found and remediated things like this all the time. One very common example I've seen of the `.env` issue is Django servers that are exposed to the internet in with debug=True. There's probably thousands if not tens of thousands of servers leaking credentials this way on the internet now.
Beyond that, companies often have internal systems that do not meet the same security standards that external systems require, and sometimes those systems get shifted around, maybe it's moved to a new subnet, maybe a third-party needs access and the CIDR range gets fat fingered in the firewall. Regardless - now that "internal system" is exposed to the internet with all the dangerous configuration.
There are different types of web security vulnerabilities and the attacks you see from automated scanners are likely to be far less sophisticated than targeted web attacks. Specifically these scanners are going to spam out widespread and common CVE's that might grant privileged access to the server or dump credentials in some fashion.
The more sophisticated attack you described is essentially an overflow, and most modern web servers are usually written in memory-safe languages making it very unlikely to see that type of attack on the web. More often it's the underlying OS, servers, or communication stacks (bluetooth, TCP, nginx, etc) that have these types of vulnerabilities since they are often written in low level non memory safe languages like C and C++.
Attacks that exploit the HTTP and HTTPS protocol are a little more interesting. Request smuggling lets you trick certain load balancers and webservers by sending an HTTP request "smuggled" inside of another HTTP request.
There's really a lifetime's worth of knowledge on web security and the type of stuff you see in scans is just trying to hit the low hanging fruit.
Portswigger has loads of free challenges and information about different web security topics.
Security through obscurity is like a ninja tiptoeing in a room full of laser beams; make one loud move and you'll reveal that your entire protocol hinges on no one sneezing!
I know Nintendo will never allow it to exist in the open but is this a way to archive the actual levels or just a list of names/codes? I'm genuinely sad thinking about the (very real) possibility of them vanishing forever.
Most likely Nintendo (being an extensive AWS user) will just ship the levels to some S3 bucket; never to see the light of day. Even if each level were just 2 MB, that would cost them only $46/mo. to keep 1 million levels.
Genuinely surprised to hear all the love for PayPal, recently. I don't use it much these days (did, years ago but found the experience fairly neutral) but remember a period of everyone seemingly hating PayPal because... I actually don't know? Maybe something about niche cases where it was harder to get them sorted out via PayPal vs other services (which I can imagine to be annoying)?
Consumers love Paypal. Its easy and fast no hassle. Business owners hate Paypal. Too much commission, random account suspensions, locked accounts, too much consumer protection and more.
None of this should matter as long as the algorithm determining randomness is deterministic.
The bottleneck is player input which is the most overestimated bandwidth stat in gaming. It's mouse movements and a couple of keys strokes per second. Top Starcraft players are in the 300 actions per minute range, that's still just 5 per second.
I guess for collaboration you want to use stuff like Google Docs and advanced versioning software for coding (I'm not talking about coding stuff here, btw, which might throw off some people on hacker news). But Dropbox delivers for "I need a backup and I don't want to think about it except when I mess up and need its help".