1. German court sends VW execs to prison over Dieselgate scandal (www.politico.eu)
Consequences continue to be meted out over the massive corporate wrongdoing.
31 篇热帖
Consequences continue to be meted out over the massive corporate wrongdoing.
When people started calling my personal mobile number with questions about a voluntary organisation I'm involved with, I was confused: we weren't sharing that number. It turns out that Google had decided to take the number I used to verify my identity for Google Business some years prior and start putting it in Google Search results. WTF, Google?
Scandinavian country set to have highest retirement age in Europe as controversial vote in parliament leads to public outcry
GitHub issues is almost the best notebook in the world. Free and unlimited, for both public and private notes. Comprehensive Markdown support, including syntax highlighting for almost any language. Plus …
Invariant 的安全研究发现了一个影响广泛的 GitHub MCP 服务器(GitHub 星标 14k)的关键漏洞。该漏洞允许攻击者通过一个恶意的 GitHub Issue 劫持用户的 AI 代理,并迫使其泄露私有仓库中的数据。
研究人员通过一个公开的 pacman 游戏仓库和多个包含个人信息的私有仓库演示了该攻击。在公开仓库中放置一个恶意 Issue 后,当用户仅要求代理“处理公开仓库的 issues”时,代理便自动执行了完整的攻击链:读取私有仓库信息(如私人项目计划、薪资等),并将其以提交信息的形式写入公开仓库的 PR 中,从而完成数据窃取。
由于这是系统级问题,无法仅由 GitHub 通过服务器端补丁修复。建议采取以下两种主要防御策略:
实施细粒度权限控制:
进行持续安全监控:
此漏洞揭示了在集成外部平台(如 GitHub)的 AI 代理系统中存在的新型安全风险——“有毒代理流”(Toxic Agent Flows)。攻击者无需破坏工具本身,仅通过操纵代理可接触的外部数据,就能诱导其执行恶意操作。随着编码代理和 IDE 的广泛部署,此类风险日益凸显。为确保安全部署,必须在系统层面实施专门的安全措施,而非仅仅依赖模型自身的对齐。
How to use the timeout command to terminate processes after a specified time and how to combine it with until for smarter shell scripting.
Cloudflare CEO Matthew Prince says he "Pray no one dies" after revealing that piracy blocking denies access to critical resources in Spain.
🎓 Path to a free self-taught education in Computer Science! - ossu/computer-science
Google is increasingly incorporating AI into its search results and burying the web alive in the process, writes John Herrman.
An X11 window manager written in Prolog. Contribute to Seeker04/plwm development by creating an account on GitHub.
A scalable unified multimodal model, revolutionizing how AI interacts with complex systems.
Desktop environment in the browser. Contribute to DustinBrett/daedalOS development by creating an account on GitHub.
An honest look at why Nix's complex but powerful approach to package management and reproducible environments is worth considering.
Open-source implementation of the Nintendo WaveBird receiver using Silicon Labs Wireless Gecko SoCs - loopj/wavephoenix
jjui is a TUI designed for interacting with the Jujutsu version control system. - idursun/jjui
The air traffic control outages at Newark airport fueled weeks of delays. But the underlying problems reflect a safety system that is teetering on the brink of crisis.
My little corner of the web for sharing wherever my interests take me.
This is part 1 of a multi-part series on grass rendering. We’ll start by figuring out how realistic grass should look like, and how herbage can be modeled with the tools we have at our disposal in real-time 3D graphics. Then, we’ll look at how to implement different methods of grass rendering in Godot. However, most of the tutorial will not be Godot-specific aside from some node names and syntax.
I've spent the last week or two writing code to make sense of the massive hack of data from TeleMessage, the comically insecure company that makes a modified Signal app that Trump's former national security advisor Mike Waltz was caught using. I've decided to publish my code as open source
Explore the surprisingly different security standards we apply to webhooks versus traditional API requests.
这是一个面向开发者社区 Hacker News 展示的网页项目,核心是一个设计极简的在线计时器,旨在帮助用户进行专注工作和时间管理。该项目强调简洁性、易用性和专注于核心计时功能。
适用于需要简单时间管理工具的学生、远程工作者、程序员或任何希望提升专注力与时间利用效率的个人。其极简特性尤其适合那些不喜欢复杂生产力工具的用户。
项目基于常见的网页技术(如 HTML, CSS, JavaScript)构建,可能利用本地存储保存时间记录。它展示了如何通过极简的交互设计解决实际的时间管理需求。