Hacker News: grepknfss

New comment by grepknfss in "Pijul is a free and open source (GPL2) distributed version control system"

grepknfss — Wed, 21 Feb 2024 17:39:14 +0000

I think giving a patch its own identity is a pretty neat concept and clearly different than the git approach, so thanks for this example!

New comment by grepknfss in "Disputed, Not Rejected"

grepknfss — Wed, 21 Feb 2024 16:27:06 +0000

> I'm technically aware, but do I really have the expertise and bandwidth to tell the difference between an actual CVE and one that isn't, for the whole database?

I sure don’t. But who does? Who gets paid by whom to make this all work? Apparently whatever is happening now ain’t it.

New comment by grepknfss in "Disputed, Not Rejected"

grepknfss — Wed, 21 Feb 2024 14:17:58 +0000

On the one hand it seems like, if you are reporting a security issue, you should presumably have some kind of PoC. On the other hand we’ve seen plenty of exploits that required chaining a half dozen not-obviously-exploitable issues to achieve a successful exploit. If someone at MITRE has to adjudicate these issues for every CVE in all possible programming languages for all possible exploits for all possible software… well that seems like a tough job anyway.

I think the people using the CVE database as some kind of official source of actual security issues, as opposed to reported potential issues, is the problem.

New comment by grepknfss in "Show HN: PRQL in PostgreSQL"

grepknfss — Mon, 19 Feb 2024 16:00:24 +0000

You should make the first instance of “PQRL” in your readme a link to that project.