Well that is an interesting idea and proof of concept. I agree that the post is not the best I have seen from Cloudflare, and it shouldn't suggest that the code is production ready, but it is an interesting use-case.
There’s already a flow to download an app from a link or QR code, apps can be configured so they’re not added to the home screen, and apps are automatically deleted (“offloaded”) on low storage.
Download and open OmniDiskSweeper. THEN (important) go to Settings/Preferences > Privacy & Security > Full Disk Access, and enable it for OmniDiskSweeper. Then reopen OmniDiskSweeper and it should reveal the missing data.
Using an LLM to lookup syntax, common APIs, and conventions, seems to me like using a calculator to do basic arithmetic. It’s useful to memorize these things because it’s faster.
Moreover, if I know a key term or phrase (which is most cases) I can lookup those things in Google or IDE search, which is also faster than an LLM.
EDIT: to be clear, I’m still writing code. I can do many small tasks and fixes by hand faster than I can describe them to an LLM and check or fix its output. I also figure out how to structure a project partly by writing code. Many small fixes and structure by experimentation probably aren’t ideal software development, and maybe soon I’ll figure out LLMs (or they’ll improve) such that I end up writing better code faster with them. But right now I believe LLMs struggle with good APIs and especially modularity; because the only largely-LLM projects I’ve seen are small, and get abandoned and/or fall apart when the developer tries to extend them.
The victim has to paste the command to trigger the XSS, it doesn’t happen if they connect to the server.
From the linked issue:
> if their code includes any console.log statement that references any game object someone else has any control over, such as logging the name of someone else's creep, that's all an attacker needs to gain access.
So the user can be tricked in a less obvious way than “here, run `console.log(“<script>hackMe()</script>”)` to make your creeps move faster”, but they still must be tricked. In response to this post, the developers added `logUnsafe`, which doesn’t prevent the trick but makes it more obvious.
Personally, I side with the developers here. I liked that the article mentioned Screeps and even the RCE, but I don’t like the ranty tone; I’d rather read (with details) “here’s Screeps, here’s how you can be tricked to run an RCE if you’re not careful, the developers made it harder but still possible, never run untrusted code even in a video game”.
the issue isn't that a user can be convinced into running `console.log(“<script>hackMe()</script>”)` but that `console.log(creep.name)` may execute hackMe() without you expecting it.
`Fn`, `FnMut`, and `FnOnce` can also implement and not implement `Sync` (also `Send`, `Clone`, `Copy`, lifetime bounds, and I think `use<...>` applies to `impl Fn...` return types).
Ha, yes, I see what you mean now. That's not really the closure's fault but monomorphization of the foo function. The specific thing you want to do would require boxing the value, or do more involved typing.
> In fact, I think the lack of debate is really hurting today's left.
Moderate left voices are not featured in the current media landscape. The Democrat party is, at best, centrist, if not currently undergoing a conservative transformation parallel to the Republican party’s reactionary transformation. And for that reason:
> And he doesn’t seem to be going after employers, which would be more effective.
this is a complete nonstarter.
In any case, there are plenty of calls for reform from the left. “Abolish ICE” (like “Defund the police”) is not equivalent to “end immigration enforcement” (or likewise “end law enforcement”), even though the histrionics across the media landscape would have you believe that. It’s a core leftwing tenet (imho) that organizations that are rotten must be eliminated, and if appropriate, their leadership and members punished. New organizations can then step in to fulfill the role of the previous organization, sans rot.
In that sense, “Many people want deportations but don’t like how Trump is doing them.” see more eye-to-eye with the “Abolish ICE” people than the media wants them to believe.
> Moderate left voices are not featured in the current media landscape
The point still stands. Parallel to vying for mainstream news attention, leftists have podcasts like rightists; more should start these, and in them hold debates with centrists and rightists.
> “Many people want deportations but don’t like how Trump is doing them.” see more eye-to-eye with the “Abolish ICE” people than the media wants them to believe.
Don't blame the media for that. "Abolish ICE" sounds like "end immigration enforcement". Although the left has a credibility problem on immigration, because they downplayed Biden's lax immigration policy (there's a lot that mainstream news hasn't covered), so I suspect changing the message would hurt more than help them. Most outsiders will assume the left supports mass immigration, but they can be moved to the left by other policies (like lowering grocery prices) and Trump wrecking the US.
reply