undefined | Better HN

0 pointsTacticalCoder2mo ago0 comments

The part of TFA that does it for me: "Every bash command runs through 23 numbered security checks in bashSecurity.ts, including 18 blocked Zsh builtins, defense against Zsh equals expansion (=curl bypassing permission checks for curl), unicode zero-width space injection, IFS null-byte injection, and a malformed token bypass found during HackerOne review.".

AGI is definitely around the corner. Or not.

0 comments

1 comments · 1 top-level

karim792mo ago

I love it when "magic" like this gets unmasked, and under the hood it's just business as usual, i.e. dumb shit implementations to please the product owner(s) and hopefully the customers as well. Normal stuff in the tech world I suppose but still absolutely hilarious!

j / k navigate · click thread line to collapse