What do you mean and? The implications are implicit; any vulnerability will be unpatched, so bad actor (tm) has to know only ONE vulnerability after XP support was ceased. If he has means of talking to the machine through TCP/IP or UDP he will have 100% guaranteed access.
You wouldn't believe how much traffic is hammering IP ranges with known vulnerabilities. Forward port 22 to your Linux box or similar, check the logs for number of "connection attempts", it's going to be glorious log. A-HOLES of this planet are doing this just to get control of devices connected to the internet, if for no other reason than use them in DDoS-for-hire service. If there is a quick buck to be made.. they'll be all over it. Human parasites.
You normally wouldn't forward open ports on your VM straight through your host and also through your LAN (or at least, I wouldn't), so that's not really a huge attack vector.
The main threat would be connecting to a malicious server that attacks some hypothetical hole in the TCP/TLS stack when you connect, but such servers aren't really omnipresent, and you can apply the usual measures of 'making regular backups' and 'not keeping extraordinarily sensitive data on a VM' to mitigate any impacts.
(Looking at actual historical holes, I find things like CVE-2005-0048, which requirs a malformed IP packet a modern router wouldn't pass through, and CVE-2007-0069 and CVE-2019-0708, which require a malicious incoming connection to a particular port. There's also stuff like https://www.forcepoint.com/sites/default/files/resources/fil..., but that's not really specific to XP services, and requires many stars to align unless you're running a vulnerable HTTP service.)
> By default searchcode prioritizes system survival (hey its a free service!), and as such might do some load shedding, which can mean you don't see results you expect. You can do some things to help with this.
I don’t know whether that explains the results. Some similar queries, e.g., searching for `math.ceiling`, do return many results.
It doesn't list Go types from several k8s projects on github that I contribute to. Feel something is buggy about the filtering as well. I guess he will take some time to iron out all issues - suspect not all his data got migrated into the new db and the DB size should be far greater than 6TB. That feels rather low for github.
But I liked his tip about SQLite driver scalability to avoid that stupid locked error that I too have faced regularly. numCPUS for readers and single writer - will try that out.
I searched for several Skia classes and it never found the actual Skia repo, just forks and references from unrelated repos. It also failed to find several classes entirely. Skia exists in GitHub as well as in Chromium CodeSearch so it should have come up at least twice.
As a sanity check, "fwrite" only has 8 references in the entire database.
Yeah, agreed, I think the migration didn't actually work.
Yeah, I just searched for “driver_register”, a call that would show upin a large number of Linux drivers in the open source Linux kernel, not to mention other public-facing repos, and it only returned two results, neither from the mainline Linux kernel repo.
Also, the 'apple.com' IP address in the screenshot (221.194.154.187) belongs to a Chinese company.
The developer seems to be located in China. You are seeing the Great Firewall in action:
> The GFW does not have a unique technique of censorship. One of its strengths is to combine several techniques. One of them is the generation, by the network itself (and not by a lying resolver), of bogus DNS responses. You ask for a censored name and as a result you get an answer giving an IP address that has nothing to do with the question asked. [...] But if you ask him about a censored name, then the network generates a false answer. Even if the input is the same, the response varies from a request to another: [...]. The IP address 157.240.17.14 belongs to Facebook (normally scratch.mit.edu is at Fastly), a prime example of the lies generated by the GFW.
Hello, I'm the developer of Nping, I'm glad you're interested in Nping, forgive me for using translation software to write this content, usually a domain name itself will be resolved to more than one ip address, Nping uses the output of the system command Ping
Oh gosh, I'm so sorry. My comment wasn't meant as criticism of you or Nping; I had just never seen a DNS server intentionally return obviously incorrect results before.
They usually resolve to either other blocked websites to trigger a "dangerous website phishing" warning from the browser, or the ISP's own website pretending to be a captive portal.
I hadn't heard of Baseten before (it seems to be in a hot niche along with Together.ai, OpenRouter, etc.) but I'm glad I did because I was actually noodling on something similar and now I don't have to do that anymore (though it did teach me a lot about Fly.io!). Yay economies of scale!
Did they even try? 3.6 Sonnet, R1, 4o, and o3-mini-high all correctly diagnosed the issue given the same basic prompt, albeit with varying levels of utility.
Heck, even pasting the "prompt" into non-AI Google and Bing worked.
> Did they even try? 3.6 Sonnet, R1, 4o, and o3-mini-high all correctly diagnosed the issue given the same basic prompt, albeit with varying levels of utility.
Not everyone has the time or the inclination to keep a stable of local llms (and update them regularly, for example). Some people have other hobbies.
> Heck, even pasting the "prompt" into non-AI Google and Bing worked.
What? It's been years since a regular search got you anything but spam from the usual tutorial farms.
Wait really? Are you saying this Google search[0] returns no useful results at all?
The prompt I used isn't a particularly good search query, and I got:
* A Stack Overflow question about this issue with a proposed solution;
* A Reddit thread offering a workaround to non-technical users;
* This thread on HN (which OP of course couldn't have seen, but anyway);
* OP's article;
* A blog post about OP's article;
* A blog post with an elegant solution using pyftsubset
I think you're moving the goalposts. I didn't know this problem existed until OP's article taught me about it, but it seems pointless to continue this discussion.
The number of skills one has to master for a project like this is just mind-boggling, and the part about the tortilla press made me laugh out loud. A labor of love in the most literal sense!
That said, I would feel pretty nervous about actually selling these, as I wouldn't be surprised if it is legally considered a medical device.
(See, e.g., here: https://github.com/BlueFalconHD/apple_generative_model_safet...)