| .editor-group-watermark > .letterpress{ | |
| background-image: url(https://raw.githubusercontent.com/Aikoyori/ProgrammingVTuberLogos/main/VSCode/VSCode-Thick.png) !important; | |
| opacity: .75; | |
| } |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| // 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks. | |
| // You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/) | |
| (() => { | |
| const SHOW_SIDES = false; // color sides of DOM nodes? | |
| const COLOR_SURFACE = true; // color tops of DOM nodes? | |
| const COLOR_RANDOM = false; // randomise color? | |
| const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com) | |
| const MAX_ROTATION = 180; // set to 360 to rotate all the way round | |
| const THICKNESS = 20; // thickness of layers | |
| const DISTANCE = 10000; // ¯\\_(ツ)_/¯ |
Challenge by: realansgar
Writeup by: rebane2001
The challenge consists of a simple Flask webapp that lets you eval arbitrary Python code in a jail in order to evaluate your solution to a leetcode-style programming challenge. The flag can be retrieved by running the /readflag setuid program. The source code was provided.
#!/usr/bin/env sed -re s|^|\x20\x20\x20\x20| -e s|^\x20{4}\x23\x23{(.*)$|<details><summary>\1</summary>\n| -e s|^\x20{4}\x23\x23}$|\n</details>| -e s|^\x20{4}\x23\x23\x20?|| -e s|\x0c|\x20|
# Yannakakis.py by Paul Khuong
#
# To the extent possible under law, the person who associated CC0 with
# Yannakakis.py has waived all copyright and related or neighboring rights
# to Yannakakis.py.
Executive summary: If you use AutoGPT, you need to be aware of prompt injection. This is a serious problem that can cause your AutoGPT agent to perform unexpected and unwanted tasks. Unfortunately, there isn't a perfect solution to this problem available yet.
If you set up an AutoGPT agent to perform task A, a prompt injection could 'derail' it into performing task B instead. Task B could be anything. Even something unwanted like deleting your personal files or sending all your bitcoins to some crooks wallet.
Docker helps limit the file system access that agents have. Measures like this are extremely useful. It's important to note that the agent can still be derailed.
| type term = | |
| | Lam of (term -> term) | |
| | Pi of term * (term -> term) | |
| | Appl of term * term | |
| | Ann of term * term | |
| | FreeVar of int | |
| | Star | |
| | Box | |
| let unfurl lvl f = f (FreeVar lvl) |
| <?php | |
| // half-hearted CSS minification | |
| $css = preg_replace( | |
| array('/\s*(\w)\s*{\s*/','/\s*(\S*:)(\s*)([^;]*)(\s|\n)*;(\n|\s)*/','/\n/','/\s*}\s*/'), | |
| array('$1{ ','$1$3;',"",'} '), | |
| file_get_contents('linked.css') | |
| ); | |
| // embed as a data: uri | |
| $base64css = rtrim(strtr(base64_encode($css), '+/', '-_'), '='); |
tl;dr 5M sat bounty to make https://github.com/fiatjaf/no-fed work.
ActivityPub communication is between servers. A server talks to another server, pushing and pulling data. Identities live on servers. Nostr communication is between clients and servers.
For fun, I had ChatGPT take the free response section of the 2022 AP Computer Science A exam. (The exam also has a multiple-choice section, but the College Board doesn't publish this.) It scored 32/36.
