If they had developed a technique to get a modern C++ compiler and rustc to generate exactly the same output for any program (even a trivial one) I think that would be huge news and I would love to see all the linker hacking that would involve.
Last time I used them - Ghidra, and to some extent IDA, had UXes that were very difficult for new users to pick up and frequently deviate from standard expectations for modern desktop apps because they have two decades of baggage. In contrast binary ninja is very easy to explore and has many fewer surprises.
I explicitly stopped this habit so that I don't accidentally do it with sensitive data I don't want to go to my search engine provider's auto complete API.
Disabling remote search autocomplete is one of the first things I do when I setup a new browser instance. It's a privacy and security nightmare I don't want.
Same here. And I just noticed yesterday that Firefox had added and enabled a "Suggestions from sponsors" feature. Which I've now disabled, but presumably it's been sending anything I type into the address bar to Mozilla since 2021. I am tired of Mozilla but Chrome is very much worse.
ETA: I only noticed yesterday because a "sponsored suggestion" popped up when I was typing, which I've not seen before. So either they actually enabled it recently, or advertisers don't bid on the kinds of things I usually type.
At most I want the address box to do is look up a dns name. Which can still be a risk if I were to hit "enter" with sensitive information which could in some cases get pushed out to my DNS provider (which is me, but then it's possible the address would be pushed out to another resolver, and will also be logged in an unexpected place)
I've never really understood why it's a thing to use a telnet client for transmitting text on a socket for purposes other than telnet. My understanding is that telnet is a proper protocol with escape sequences/etc, and even that HTTP/SMTP/etc require things like \r\n for line breaks. Are these protocols just... close enough that it's not a problem in practice for text data?
Because for a long time, on most computers, the telnet client was the closest thing to an "open a tcp socket to this ip/port and connect the i/o from it to stdin/stdout" application you can get without installing something or coding it up yourself.
These days we have netcat/socat and others, but they're not reliably installed, while telnet used to be generally available because telnetting to another machine was more common.
These days, the answer would be to use a netcat variant. In the past, telnet was the best we could be confident would be there.
In corporate environments, netcat was often banned as it was seen as a "hacking" tool. Having it installed would sometimes get the attention of the security folks, depending how tightly they controlled things.
The telnet protocol with escapes, etc. is only used by the telnet client if you’re connecting to the telnet port. If you’re connecting to HTTP, SMTP or something else, the telnet protocol is not enabled.
The point is not that this particular binary is huge, the point is that we tend to strip images of anything that is not useful for the actual application shipped. So we strip everything. Also: small things adds up. On AI prompt can be handled reasonably by a single machine, millions of concurrent ones involve huge datacenters and whole energy plants being restarted/built.
The point of reducing the amount of binaries shipped with the image is also to reduce the amount of CVEs/vulns in your reports that wouldn't be relevant for your app but woulld still be raised by their presence.
Thanks, sounds like a recent development. I don't use macOS, but on other peoples macOS computer it was always there, even when they are not developers. But it could very well be that these computers are ten years old.
I mean technically MS Windows 10 is ten years old, but the big upgrade wave to 10 only happened like 4 years ago, which is quite recently. Maybe that is similar to macOS users, I don't know that.
You are right that the computer asks you. But people click yes because they are used to ignoring warning signs. The software relies on people making perfect choices every time and that never happens.
It should tell me what should I look before I trust it. Not trusting the workspace means I might as well use Notepad to open it. I wouldn't think that tasks.json include autorun tasks in addition to build actions.
I'm big on user first, if that dialog had sirens blaring, a gif and ten arrows pointing that "THIS MAY EXECUTE CODE" and people still didn't get the idea, I'd say it needs fixing. It can't be said that they didn't try or that they hid it though.
So at the end of the day its still unclear whether it executes code or not? Just say "this WILL execute code" and specify exactly which code it tries to execute by default.
I don't know about you people, but I always read this as "it may execute code if you run a build step".
Not "I will execute autorun.inf like an idiot."
And NO. I do not want my IDE to execute code when i open files for editing. I want it to execute code only as part of an explicit step that I initiate.
It's not a false choice - "Trust" and "don't trust" are both perfectly viable options. The editor works fine in restricted mode, you just won't have all your extensions enabled.
If they had developed a technique to get a modern C++ compiler and rustc to generate exactly the same output for any program (even a trivial one) I think that would be huge news and I would love to see all the linker hacking that would involve.
reply