How does the API know that it's a secret, though? That's what's not clear to me from the blog post. Can I e.g. create a customer named PLACEHOLDER and get a customer actually named SECRET?
The point is that without semantic knowledge, there's no way of knowing whether the API actually considers it a secret. If you're using the Github API and have it listed as an approved host but the sandbox doesn't predefine which fields are valid or not to include the token, a malicious application could put the placeholder in the body of an API request making a public gist or something, which then gets replaced with the actual secret. In order to avoid this, the sandbox would need some way of enforcing which fields in the API itself are safe. For a widely used API like Github, this might be something built-in, but to support arbitrary APIs people might want to use, there would probably have to be some way of configuring the list of fields that are considered safe manually.
From various other comments in this thread though, it sounds like this is already well-established territory that past tools have explored. It's not super clear to me how much of this is actually implemented for Deno Sandboxes or not though, but I'd hope they took into account the prior art that seems to have already come up with techniques for handling very similar issues.
Say, an endpoint tries to be helpful and responds with “no such user: foo” instead of “no such user”. Or, as a sibling comment suggests, any create-with-properties or set-property endpoint paired with a get-propety one also means game over.
Relatedly, a common exploitation target for black-hat SEO and even XSS is search pages that echo back the user’s search request.
I've used Postgres for more than a decade and everytime I wade into the docs I feel the same way, I'm barely scratching the surface. It's so immensely powerful.
I love what LLMs are doing for me in PG's SQL. I discovered many features by having LLMs write them for me, often spot-on 100% on first prompt.
Since I know conceptually how RDBMSes work, I can ask vey specifically what I want. Also asking for feedback on schemas/queries really helped me. I use a lot more of PGs features now!
This was not the case for a long time. Actually it seems like it's fairly recently you get native AOT and trimming to actually reduce build sizes and build time. Otherwise all the binaries come with a giant library
Even back in .NET Core 3.1 days C# had more than competitive performance profile with Go, and _much_ better multi-core scaling at allocation-heavy workloads.
It is disingenuous to say that whatever it ships with is huge also.
The common misconception by the industry that AOT is optimal and desired in server workloads is unfortunate. The deployment model (single slim binary vs many files vs host-dependent) is completely unrelated to whether the application utilizes JIT or AOT. Even with carefully gathered profile, Go produces much worse compiler output for something as trivial as hashmap lookup in comparison to .NET (or JVM for that matter).
This comment makes even less sense than jotras’ comment.
Pension funds buy shares in businesses such as Microsoft. The money going into the pension fund is not typically a function of the tax paid by companies such as Microsoft, but rather from a combination of actuaries’ recommendations, payroll tax receipts, and politicians’ priorities.
Therefore a pension funds’ equity holdings, such as Microsoft, doing well means taxes can be lower.
Most countries' broadest defined benefit pensions are just simple wealth redistribution schemes from workers to non workers as opposed to being paid from funds that were previously invested.
In the USA, Social Security defined benefit pensions are cash from workers today going to non workers today, same as Germany's national scheme (gesetzliche Rentenversicherung?).
The other defined benefit benefit pension schemes are what are usually invested in equities, and the investment restrictions section in this document indicate Germany's "occupational pensions" can also invest in equities. (page 12)
I think this is such an important point. I know all about Bellard's main works. I actually have no idea what he looks like, I've also never seen an interview with him, and I've never read about his specific philosophies when it comes to different software engineering topics. In a world of never-ending bloviations from "influencers" and "thought leaders" it's so awesome to see a real example of true excellence.
Being an engineer and coding at this stage/level is just remarkable- sadly this trade craft is missing in most (big?) companies as you get promoted away into oblivion.
The Turing Award is given for breakthroughs in computer science, not for "most productive programmer of all time", and it wouldn't be appropriate for Ballard.
If there were some form of "developed contributions to computing" award, his name is definitely up there. I think there could be a need for such an award - for people who reliably have created the foundations of modern computing. Otherwise it's almost always things from an academic context, which can be a little too abstract.
Between ffmpeg and qemu, I always think of https://xkcd.com/2347/ when I see Fabrice's work. Especially since ffmpeg provides the backbone of almost all video streaming systems today.
That depends on what you mean by "operating". This very website, Hacker News, is not blocked in Russia - does that mean Y Combinator is "operating" there?
Not necessarily. Roblox does not directly receive money from users - nobody sends them a paper check or bank wire from Russia. Technically they get money from payment providers, who are supposedly compliant with all sanctions. I'm pretty sure that any provider that can support Roblox scale is big enough to worry about risks of being non-compliant.
Not all sanctions only require you to validate that the bank isn’t from that country. Usually disbursing money (which Roblox does as a two-sided marketplace) requires actual KYC.
This is an interesting question I wish I knew. Because I play war thunder and it is free to play but once a year I pay about $50 for the annual premium membership because I enjoy the game and worth it to me. But ultimately it is supposedly a Russian game. I know they have offices in other parts of the world but I have really wondered if the money is going back to Russia or if all the developed have just left and get it elsewhere in a different county.
There's a big difference -- when EU/US bans Russians from using Roblox and other things and seeing other culture, (or someone bans Russians or Iranians by IP), it's rightful and thoughtful decision to protect democracy. When Russia does the same, it's dictatorial censorship.
They’re referring to sanctions - persons/businesses residing in Russia, certain specific individuals and those working for specific Russian entities are locked out of much of the Western economy. I think it’s reasonable personally, but I can understand how a Russian 1000km from the Ukrainian frontline who used to sell jewelry on Etsy would be pissed.
The most affected were not those inside, but the emigrants. MasterCard and Visa blocked Russian banks, and the emigrees couldn't pay with their savings anymore. Some people got shadow banned by banks, their accounts closed, or money transfers rejected.
These people were on the Europe's side politically, yet they were targeted by just the passport.
None of the Russian expats I’ve met had this problem: after 2014 they all saw the writing on the wall and moved their money to western banks. I have sympathy for those that didn’t - normal people shouldn’t have to make this kind of calculus - but there’s no alternative to this while having useful sanctions. It’s not the causeless brutality of breaking someone’s window because of their accent.
Well, every expat I know, including me, had this problem and spent days working around. And the sanctions were very poorly designed, because the drones landing in Ukraine still have fresh American and German parts.
I'm not saying they should be lifted, but they punished the most exactly the pro-European Russians, inside our outside.
reply