https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/
Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.
You can just ask it for things.
It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent can read/reply against user permissions.
Does anyone have recommendations on encouraging an eleven year old to take on small achievable projects? He’s endlessly lamenting he can’t do things that are either huge, or actually impossible, but I can’t for the life of me get him to try smaller things to build up to bigger ones and get a sense of achievement.
@chrismarquardt @pascoda it’s an arms race. It starts with cars getting a bit bigger than a VW Golf, and feeling a bit intimidated by all these larger vehicles, so you get something a bit bigger. A decade or two later here we are, with everyone needing a tank to not be immediately crushed when someone stops paying attention.
We got this "HIGH security problem" reported for #curl earlier today:
"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In automated or privileged environments (CI/CD, root containers), this leads to Remote Code Execution (RCE), privilege escalation, and supply chain risk."
Never a dull moment.
While I appreciate the anti-competitive nature of Apple’s insistence on all transactions going through them, I fear this is going to lead to a rapid downhill spiral in app trustworthiness on iOS. I really like that when I hit the subscribe button on iOS I’ll be able to unsubscribe easily in a known location, and that I’ll keep access until the period I paid for is up.
https://techhub.social/users/rayckeith/statuses/114434488431229246
@strcpy @saraislet plot twist, one of the payloads is a prompt injection which tells any LLM being asked about it to generate an image of a catgirl instead.
As Liverpool win the Premier League for the second time, they complete the opening of a quite remarkable sequence, 33 years in the making.
That’s credits on Blue Prince. I’ll be back, because I have Theories on what that ending cutscene was about. For now though I need a break, and to play a game that doesn’t hate its players quite so much,
I’m so split on Blue Prince. Without the roguelike element it would be a stone cold 10/10 for me. As it is, I spend as much time resenting how little it cares about my time as I do in awe of the good bits. My latest run had me on the cusp of getting to Room 46, but I was cursed by poor RNG to god knows how many more runs.
I nearly rage quit Blue Prince earlier and then it threw a whole new room at me and I spent half an hour writing Python to try and solve a puzzle. (It didn’t work, there are too many potential options to brute force it)
It seems I replaced smoking with Blue Prince. So far this is going quite well, except for the intense withdrawal I feel when I’m not playing Blue Prince. Not entirely sure how I’m going to cope when I run out of game to play but I reckon I’m at least a week off that being a problem that needs solving.
We’re hiring at Demand Logic for various flavours of engineer, cloud infrastructure, web front end, and IoT. IoT is clearly my favourite because you get to plug boxes into huge buildings and pretend you’re in Hackers, but they’re all good. 4 day work week at full pay, remote friendly (probably within the UK because of employment law), and we make money by reducing big companies CO2 emissions.
Where would you buy shoelaces for a pair of walking boots from that isn’t Amazon? I keep looking in shops for some and coming up blank.
In an attempt to give up vaping I’ve switched to nicotine spray. So far it’s working through of virtue tasting like I’ve sprayed deodorant directly into my mouth, really makes me consider whether I want nicotine that badly.
Remember, when the internet gets disbanded, don't blame Hasbro Interactive. They had nothing to do with it.
From the back of my Master of Orion II disc.
Excuse me, I'd like to return this dire wolf, it's just a dog in a costume.
Finished The Last of Us Part 1 this evening, which I’d been putting off until I had a decent chunk of time because I knew I was near the end, only to find I had 15 minutes of it left. Anyway, what a game that is, genuinely moving in places, gorgeous to look at, and the sound design is some of the best I’ve heard in a game.
I was homeless when the Cat Distribution System recruited me. Camped under a bridge alongside the old canal, I shared my food and blanket with some homeless kittens.
“You’re a good person” a voice said.
I jumped and clutched my blanket, backing up against the concrete. “Leave me alone! I don’t have anything to steal.”
“Sorry to startle you. I’m here to offer you a job”
“You don’t know anything about me.”
The stranger indicated the kitten nose-down in a nearly empty tuna can. “I’ve seen what i need to see.”
“What’s the job? I won’t do evil.”
“Kitten smuggling. We get them to a safe country, find them homes. Subsidised accommodation but a lot of travel.”
That was six months ago. If you’re on a train, plane or suborbital and you see a kitten poking its nose out of a human or augmented human’s jacket, no you didn’t.
@jasongorman the but being unsaid here is “incentive to work in crappy jobs”. UBI means having to pay an actual wage for cleaners and shelf stackers, rather than redirecting that money to shareholders.
"Universal Basic Income would remove the incentive to work", say people with enough money to never have to work again but who mysteriously carry on.
@gwagner the company’s statement on this is quite astonishing corporate weaseling as well, acting all surprised that people would think a product labelled “a paper bottle” might believe it was in fact a paper bottle. https://www.bbc.com/news/world-asia-56687585