The demo is very impressive!

disclaimer: I've known the founder for a while, as legitimate as it gets in deep tech, real years of research and engineering behind this, not vaporware

It doesn't seem very well known, but I've been a happy user. Most of the others have become over-bloated with a shitty UI.

To write a proof-of-concept C compiler, not a production-grade one...

Hard to take the article seriously after this

This non-determinism would not and did not cause replays to diverge (the PRNG seed was most likely stored and would reproduce exactly the same results).

and I've never seen any confirmation elsewhere

Looks like CyberNews have edited the article with more info since first I saw it, it used to look quite suspicious and untrustworthy, it now has more info. Still doesn't say exactly what a record is, or how many uniques there are.

It is specifically about cleaning up the data by removing these 3 and showing a clearer picture of acceleration without these 3 factors.

https://git.ffmpeg.org/gitweb/ffmpeg.git?a=search&h=HEAD&st=...

The core bug seems to be that support for `date -r ` wasn't implemented at the time ubuntu integrated it [1, 2].

And the command silently accepted -r before and did nothing (!)

0: https://lwn.net/Articles/1043123/

1: https://github.com/uutils/coreutils/issues/8621

2: https://github.com/uutils/coreutils/pull/8630

These and Sysinternals (bought by Microsoft around 2006) were must have when I was still using Windows.

https://learn.microsoft.com/en-us/sysinternals/

should practice it for ENTER your password, ENTER your 2FA ;)

> Still, I don’t understand how npmjs.help doesn’t immediately trigger red flags

1. it probably did for quite a few recipients, but that's never going to be 100% 2. not helped by the current practices of the industry in general, many domains in use, hard sometimes to know if it's legit or not (some actors are worse in this regard than others)

Either way, someone somewhere won't pay enough attention because they're tired, or stressed out, or they are just going through 100 emails, etc.

At least the crowd here should _know_ that TOTP doesn't do anything against phishing, and most of the critical infrastructure for code and other things support U2F so people should use it.

https://karla.io/files/ichthyology-wp.pdf

> At Stripe, rather than focusing on mitigating more basic attacks with phishing training, we decided to invest our time in preventing credential phishing entirely. We did this using a combination of Single Sign On (SSO), SSL client certificates, and Universal Second Factor (U2F)

That's exactly why I said all the other "helpful" recommendations and warning signs people are using are never foolproof, and thus mostly useless given the scale at which phishing campaigns operate.

Great if it helps you in the general case, terrible if it lulls you into a sense of confidence when it's actually a phishing email using the right email address.

The answer is simple: use your bookmarks/password manager/... to login yourself with a URL you control in another tab and come back to the email to click it

(and if it still asks for a login then, of course still don't do it)

1. You just requested it, I'm not saying to never click link on transactional emails you requested. You still need to click on those verify email links

2. It replaces entering your password, so you're not entering your password on a link from an email, which is the very wrong thing.