Unless you are worried about something like a gzip bomb, I don't see why this is an issue. A lot of formats are effectively just zips. The xlsx, odf, etc for example. It's a pretty common format style.
It helps to have a well defined expected structure in the archive.
A curious search reveals that vulnerabilities that do exist are of 2 flavors.
1. Standard C memory vulnerabilities
2. Unsafe file traversal while unzipping
The entire second class is avoided in a fixed file format. The first class of vulnerabilities plague everything. A quick look at libxml2 CVEs shows that.
Can you elaborate? As one tool among many it seems to me to be a perfectly serviceable tool in the toolbox, with a sufficiently high rate limit to account for shared IPs.
While I agree with you in principle give Claude 4 a try on something like: https://open.kattis.com/problems/low .
I would expect this to have been included in the training material as well as solutions found on Github. I've tried providing the problem description and asking Claude Sonnet 4 to solve it and so far it hasn't been successful.
In addition to what Will posted, published reports for blockchain projects tend to be skewed compared to our other groups.
Blockchain clients tend to want to publish the report, but that isn't true for our business lines/projects/clients that are more interesting to HN's audience.
the exact details of the attack were still evolving when we pushed the blog post out, so we kept it to what we did know and what could be extrapolated from it
had the same thing coincide with covid, but much harder to fall asleep once disrupted. Melatonin only seems to last for an hour or so, so I would take one to go back to sleep after a disruption
The one I like to take at night is Life Extension 300mcg (.3mg) 6 hour timed release (they make a bunch of different ones), which is the closest to natural melatonin release of any supplemental melatonin I've seen, although it sounds like there is massive variation between people in how much makes it to the blood from a given dose. There are a couple of ways to use melatonin and for circadian use a small non-delayed dose earlier may be better (or use both):
I have had issues waking up more frequently when taking melatonin. It sounds like while not common this side effect is not that rare either. Based on my severe sleep issues (primarly circadian) I suspect that one part of "sleep issues" for many people is actualy waking up issues and that the detailed process around waking up has a bigger influence than is currently appreciated. I suspect one reason that melatonin is helpful is that it sets the stage for a better wake up, however if something causes this wake up procedure to start after not enough sleep it can be more difficult to get back to sleep. The delayed release seems to help quite a bit to limit the chance of this happening for me, although it does still happen at times. I'm not sure if melatonin is a particularly good option for staying asleep.
Unfortunately, there aren't particulary good options. Magnesium is the easiest and as effective as anything for me but unfortunately a high enough dose to be effective will also make me tired the next day. However, if your diet is low on magnesium then just increasing that some might help or possibly you won't have the issue with tiredness the next day. baclofen helps me but has issues and I certainly would not recommend it for your case.
A short (few minutes) nap mid day helps the circadian rhythm but longer naps can make it harder to stay asleep at night. If you nap for longer periods, multiple times, or later in the day that is the first thing I would suggest changing. I'm not sure what length causes more trouble but I think getting to sleep but staying asleep as briefly as you easily can is the ideal (though if you will naturally wake up after a bit longer that might be better than an alarm).
I also noticed covid made my already bad sleep worse when I had it (most likely covid, not confirmed by test; cold or flu usually give me better sleep for a day or two). However, I didn't notice any lasting issues (I still have severe sleep issues but it was just that first week of covid that they seemed to be different from usual). I wonder if it could be just your memory of how you sleep that changed after you noticed it due to the disruption. As long as you can easily get back to sleep and aren't staying awake for long it should not cause trouble and is not uncommon. If you feel rested there is nothing to fix while worrying about it or trying to change it could case worse trouble.
These are my thoughts anyway, hopefully something in there is helpful :).
Could be, yeah. I'm a bit skeptical though. This took place months ago, and the conversation ended in a pretty reasonable place, something like "nice to meet you, take care" from me. I would have expected a few more engagement attempts from her if she wanted to scam me.
Well that's part of the romance scam game, you don't want to seem too needy. The best romance scammers will play a little bit of "hard to get" and a little bit of "good cop bad cop" if you know what I mean. The aloofness that you describe here was not an accident.
No, the legal definition has a purpose. If the only thing stopping you from doing a crime is easy access, and a cop provides you that access, and you commit the crime, you were in the wrong.
If you don't want to go to jail or be fined, don't commit the crime, no matter how convenient or easy it seems to be.
I am not denying the existence of the legal definition. I am saying that the contrast with the public expectation is because the legal definition is a sort of regulatory capture. You are debating with an irrelevant point that only you brought up.
> If you don't want to go to jail or be fined, don't commit the crime, no matter how convenient or easy it seems to be.
This in particular
> If the only thing stopping you from doing a crime is easy access, and a cop provides you that access, and you commit the crime, you were in the wrong.
If you don't see how this is different from the example above, then I can see you are bringing up irrelevant points.
At my previous job we used GCP and went through so much effort/tooling to try to fix IAM. We definitely would have given this tool a spin. Ignore the HN flashmob.
Another use case you might run in to as you talk with more clients is figuring out what developer IAM roles need to be. This was the far bigger problem for us as we had a ToS that restricted employees from viewing/accessing user data.
