Hacker News new | past | comments | ask | show | jobs | submit | jmitcheson's comments login

tl;dr "inadvertent exposure to endocrine disruptors in utero"


There is a newsletter called 'The Rundown' but it's more on the consumer side of gen AI; rather than hard academic research

https://www.therundown.ai/


It could still be quite buggy with Oculus and Vive hardware. They have only enabled WebVR in "Cardboard" mode on mobile which has a much smaller surface area.


TL;DR is for people who forget "statement, explanation, example". Usually, they write some poorly formed paragraph and put a "TL;DR" at the end. Often, that TL;DR is simply the "statement" part of the paragraph that should have been at the very beginning anyway.

TL;DR: most people can't English anymore.


If anyone's interested in how the exploit works, here is my humble interpretation of the pastebin link:

jsaxton86's comment sets the scene nicely so I'll just copy it here:

"This family of JRE attacks is far too common. Basically, when an unsigned applet runs, the JRE tries really hard to prevent it from creating a ClassLoader object. However, if you manage to create a ClassLoader object, it's game over -- you can break out of the sandbox and do whatever you please."

The exploit is very clever, it never actually creates an instance of the ClassLoader object, but rather it uses Java reflection to call a particular method on a ClassLoader object, which was tricked into creation inside a separate exploit involving the JMX (Java Management Extensions) framework.

JMX has its own methods to instantiate classes, and a subclass of ClassLoader ("sun.org.mozilla.javascript.internal.GeneratedClassLoader") is passed in as a String; then the method defineClass is called via reflection in a way that deceives all the ClassLoader protection. Once this method is allowed to be invoked via reflection, it's "game over" as explained at the start.

http://pastebin.com/raw.php?i=cUG2ayjh http://www.oracle.com/technetwork/java/javase/tech/javamanag... http://www.cs.rit.edu/usr/local/pub/swm/jdoc6/com/sun/jmx/mb...


When I first saw this post, it was greyed-out from down voting. Now, it's at the top of the thread. This place is strange.


"Dr." is a title; "doctor" is noun which only ever refers to an MD.


Or a D.O.! But in general, physicians prefer the noun "physician" to "doctor".


only in the United States


When I'm doing front-end development, I love having a back-end guy who can flip the switch and turn it on.


It's probably related to a recent change in policy - http://www.kickstarter.com/blog/kickstarter-is-not-a-store

"-Product simulations are prohibited. Projects cannot simulate events to demonstrate what a product might do in the future. Products can only be shown performing actions that they’re able to perform in their current state of development.

-Product renderings are prohibited. Product images must be photos of the prototype as it currently exists."


Those guidelines only apply to hardware and product design projects, not games.


I considered that briefly but they made sure to clarify that it only applied to certain categories:

>The new guideline prohibiting renderings applies only to projects categorized as Product Design or Hardware. Other categories, including Games, are not affected.

Besides, that wouldn't at all explain why there is a complete lack of pitch videos or artwork (even like reward tier artwork).


At that point, you were way past the idea stage.


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: