hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

mbbx6spp

Building Docker images from Dockerfiles using conventional package management systems can lead to unpredictable results due to several factors:

1. Version inconsistencies: Package managers often default to installing the latest versions of packages. If the Dockerfile doesn't specify exact versions, different builds at different times may pull in newer package versions, potentially introducing incompatibilities or unexpected behavior.

2. Repository changes: Package repositories can change over time. Packages may be updated, removed, or have their dependencies modified. This can lead to build failures or different package versions being installed in subsequent builds.

3. Caching issues: Docker uses a layer caching system to speed up builds. If a package is updated in the repository but the Docker cache still holds the old version, it may not pull the latest version unless forced to do so.

4. Network-dependent results: The build process relies on network access to download packages. Network issues or tempor

m-ou-se

Mara's statement on the retraction of ThePhd's RustConf keynote

I was one of the people who didn't vote for ThePhd's keynote; originally because I simply preferred another promising candidate. Later, after hearing technical concerns from an expert that I mostly agreed with, also because of the topic, although I must admit I am no expert on the topic.

The candidate I voted for originally got a few approving comments at first, but ended up being mostly ignored later, mostly because of our lack of process and proper voting.

When it was brought up in the leadership chat that 'there are concerns', I focused on the talk itself rather than focusing on the process failure. That was a mistake, for which I apologize. I am not an expert on this topic, and should not have rushed myself into talking about things outside my expertise, even under pressure.

In another situation this could have been a minor mistake with no consequences, just one of several opinions in a discussion, but in this situation it became part

mehd-io

#!/bin/bash
# You can put this in your .bashrc or .zshrc
function csv_to_parquet() {
    file_path="$1"
    duckdb -c "COPY (SELECT * FROM read_csv_auto('$file_path')) TO '${file_path%.*}.parquet' (FORMAT PARQUET);"
}

Gabriella439

{-# LANGUAGE ApplicativeDo               #-}
{-# LANGUAGE BlockArguments             #-}
{-# LANGUAGE DeriveFunctor              #-}
{-# LANGUAGE DerivingStrategies         #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-# LANGUAGE UndecidableInstances       #-}

module HasCal where

import Control.Applicative (Alternative(..), liftA2)

Gabriella439

Lightweight Functional Programming specification

The purpose of this document is to specify a baseline set of functional programming features that users can request and that programming languages can advertise support for. This feature set strives to be "JSON-like" and "purely functional".

The goals of this specification are (in descending order of importance):

• Cultivate a portable functional programming style

Gabriella439

let
  nixpkgs = builtins.fetchTarball {
    url    = "https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz";
    sha256 = "0q7rnlp1djxc9ikj89c0ifzihl4wfvri3q1bvi75d2wrz844b4lq";
  };

  config = {
    allowUnfree = true;
  };

Gabriella439

let
  nixpkgs = builtins.fetchTarball {
    url    = "https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz";
    sha256 = "0q7rnlp1djxc9ikj89c0ifzihl4wfvri3q1bvi75d2wrz844b4lq";
  };

  compiler = "ghc921";

  overlay = pkgsNew: pkgsOld: {
    ghcid = pkgsNew.haskell.packages."${compiler}".ghcid;

nomeata

Every now and then someone asks whether Motoko canisters can use certified variables, or whether they can serve HTTP requests with certification, and I always responded that yes, Motoko can do that, all that’s missing are a few libraries. But I figured I should put my hand where my mouth is, and actually demonstrate that it’s possible.

So here we go. If you go to https://ce7vw-haaaa-aaaai-aanva-cai.ic0.app/ you will see that

• the URL has no raw in it, so it is certified,
• that the response is actually dynamic; you can leave a message at the bottom of https://ic.rocks/principal/ce7vw-haaaa-aaaai-aanva-cai and see it show up
• this claims it’s written in Motoko.

To prove the latter claim, here is the commented code; you can also browse the full repository.

main.mo

natefaubion

module Main where

import Prelude

import Data.Symbol (class IsSymbol)
import Prim.Row as Row
import Prim.RowList as RowList
import Record as Record
import Type.Proxy