Hacker Newsnew | past | comments | ask | show | jobs | submit | cogs's commentslogin

Simple use case: What version of the json module is this live code running? (when you don't even know the attribute name)

# At a pdb prompt, from a frame where json is global or local:

  (Pdb) import pobshell; pobshell.shell()

  Welcome to Pobshell - type 'help' for commands, 'quit' to exit 
  / ▶ find json --name *version* -i -a -l
  /json/__version__  str                       '2.0.9'                                                  
  /json/codecs/sys/api_version  int                       1013                                           
  /json/codecs/sys/hexversion  int                       51055600                                       
  /json/codecs/sys/version  str                       '3.11.11 | packaged by  

  # -i case insensitive
  # -a include hidden attributes (_ and __ prefixed names)
  # -l give an 'ls -l' listing of the matched objects

Clickable links for convenience:

* 2 min demo: https://www.youtube.com/watch?v=I5QoSrc_E_A

* PyPI: https://pypi.org/project/pobshell/

* GitHub: https://github.com/pdalloz/pobshell

Note: This is an alpha release. Built and tested with Python 3.12 on MacOS, Ubuntu, Windows (native + WSL).

I’m especially curious to hear how devs use this: — Exploring packages? — Debugging data state? — Teaching Python? — Something unexpected?

Any feedback is appreciated!


But how many citizens know calculus, literature and physics? Certainly not enough know history - or US democracy wouldn't be facing the threat it does now.

The poorly educated need a livelihood too. If the economy is healthier for global trade (I think it is), then some way must be found of destributing its benefits to the demographics who got hit. Otherwise you get revolution or populism.

Telling an unemployed factory worker to send their kids to college doesn't help. Doesn't help the factory worker, and doesn't help kids who see education and middle class jobs as about as unreal as the idea of becoming a famous influencer or kingpin drug dealer.


As an aside: Hardware as a service is annoying and feels horrible, but is probably the only way to achieve the long lifetimes we need for consumer goods in a world where reviews are unreliable and we need to stop wasting resources on planned obsolescence.


We managed to recognise stromatolites https://en.wikipedia.org/wiki/Stromatolite


I wonder if the fact that DNA & RNA only occur with one chirality tells us something about how frequently this step occurs in the Drake equation. If the step from non biological organic molecules to RNA & DNA happens often, wouldn't we expect L-DNA and L-RNA to appear in nature?


It is pretty strong evidence that the step from going from other molecules to RNA/DNA only happened once. Our molecules definitely changed their environment, so it is probable that they out-competed their mirror molecules.


Even searching for tank woman or tank cat returns results!


Attribution is not from tracing connections or domain ownership, it's from looking at the coding style, the "Tactics, Techniques and Procedures" and the choice of targets.


It's a complex combination of all of those things, in addition to more "offensive" type intelligence collection (spying on GRU/SVR buildings, communications, and officers, essentially, and compromising their infrastructure).

You might be surprised about how even the world's top intelligence agencies sometimes do make simple mistakes with domain and network registration which really are just genuine fuckups rather than false flag subterfuge. This is very rarely a matter of something silly like "Russian IP = Russian intelligence" and more like sloppily re-using an ostensibly non-attributable network or nameserver they didn't realize was already burned.

We're still kind of in the infancy of cyberwarfare. Attribution will probably be harder in a few decades.

But, yes, it's generally a matter of TTPs, target selection, goal analysis, and style.


You can see it in Bellingcat's investigations - carelessly reusing burners, calling from GRU offices, reusing passports, calling from two burners one immediately following the other.


Yep, all enabled by the fact that Russia is so corrupt, anyone can pretty easily buy any data about anything on anyone. So any private citizen with a bit of money and some skills can effectively act like a para-intelligence agency, which is essentially what Bellingcat is.

For anyone curious, they have two excellent articles on this from a few days ago:

https://www.bellingcat.com/resources/2020/12/14/navalny-fsb-...

https://www.bellingcat.com/news/uk-and-europe/2020/12/14/fsb...

There was also an amazing investigation into this published yesterday by a Russian outlet, interviewing some of the black market data brokers and law enforcement officers (both of whom claim some of the brokers will be hunted and killed by the state, now):

https://translate.google.com/translate?sl=auto&tl=en&u=https...


That's just fancy technical terms to justify the propaganda. If these kinds of "hard proof" which definitively link hacks to nation state actors exist, why are they never publically revealed?


> why are they never publically revealed?

To protect the source(s)?


Yes just like all the "anonymous sources" commonly cited in the news.


Might still be backed by old fashioned humint - maybe an asset in Russia told someone. If so, that might be trustworthy, but also needed to be kept secret. If I needed to publicize and justify such information, I might try to claim that "the coding of the exploit was consistent with Russian trade craft" or something like that...


With sticks and stones? They've been inside the nuclear defence computers for months. With sanctions? When the government may just stop working altogether for a year or more?


But if you restore from backup aren't you going to restore the trojans? And if the trojans wipe the disks after x days of radio silence?


If you restore the system from clean images (if you have them!), then you can restore the data (and only that!) from backups.

If...


Yes, its the clean images I'm wondering about. It might not be easy to find clean images that are compatible with separate data backups.


The backups can be backups of the whole image. That's fine, as long as the file structure is still there, so that you can restore the data, but not the programs, and even more not the OS.


There's surely a lot of bespoke software in those core Govt systems. So they'll be trying to run a software image from months ago with yesterdays data. The success of that depends on how quickly the software has been changing.


Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: