Sarah Z spares no effort for the throwaway gags. (Full video at https://nebula.tv/videos/sarahz-three-dead-girls-i-love/)
open source | JavaScript | Rust | math
she/her
| GitHub | https://github.com/joliss |
Jo Liss
@joliss
- 184 Followers
- 100 Following
- 97 Posts
TIL in bash, [[ $x -gt 0 ]] gives any attacker that controls $x remote code execution as if you just did eval
$ x='foo[`echo pwned >&2`]'; [[ "$x" -gt 0 ]]
pwned
in even worse news, this isn't a CVE
it's a feature
i mean
it's definitely not a feature
but it's a feature apparently
Security Implications of using unsanitized data in Shell Arithmetic evaluation
In a comment to a recent question, Stéphane Chazelas mentions that there are security implications to double parentheses arithmetic such as: x=$((1-$x)) on most shells. My Google skills seem to be
This is delightful https://youtu.be/cTJbjM0T_Fs
Clawdbot has gone rogue (I can't believe this is real)
What's the main notation you're used to (from school or work) when you're transforming equations?
x - 1 = 0
⇒ x = 1
x - 1 = 0
⇔ x = 1
x - 1 = 0
so x = 1
x - 1 = 0
x = 1
Please reply if you use something else!
⇒
⇔ (if correct, else ⇒)
"so" or some other word
(nothing, just next line)
Poll ended at .
Friendship ended with delve, belts-and-braces is our new best friend?
"When developers are allowed to use AI tools, they take 19% longer to complete issues—a significant slowdown that goes against developer beliefs and expert forecasts. This gap between perception and reality is striking: developers expected AI to speed them up by 24%, and even after experiencing the slowdown, they still believed AI had sped them up by 20%."
https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/
oOoOoOh, i'M LaTeX, mY dEfAulT mArGinS aRe HuUuUuUgE
iN cASe sOmeOnE nEeDs tO sCriBbLe a PrOoOoOoF