Hacker News new | past | comments | ask | show | jobs | submit | 3ch0's comments login

There is also a similar technoligy in Rob Reids After On book. The AI has the ability in thet book to "refocus" the person so that they are looking into the camera.

I believe this is huge and would create higher engagement if everybody was acutally looking into the camera instead of to the side or up all the time. Creating a more human an emotional relation with the people you are talking to.


Kind of like this?

https://techxplore.com/news/2019-06-intel-eye-contact-video-...


Found this, looks like a more detailed writeup of whats going on. https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-loc...


Probably a stupid question, but are the version #'s mentioned here ( "From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call." ) the only ones affected, or is it possible earlier versions are affected as well?

Also, I just want to throw out there that the name of this one is great:

"Why the name ? CARPE: stands for CVE-2019-0211 Apache Root Privilege Escalation DIEM: the exploit triggers once a day

I had to."


> but are the version #'s mentioned here ... the only ones affected

Usually when a range like that is given, yes.

> From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019)

This case implies that they know the bug was introduced in a particular change, which went public with version 2.4.17 and was either fixed or otherwise mitigated in 2.4.38.

The only earlier or other versions that I would expect to see affected are dev/alpha/beta branches.


This part is concerning:

> Apache's team has been prompt to respond and patch, and nice as hell. Really good experience. PHP never answered regarding the UAF.


FWIW I reported it to PHPs bugtracker: https://bugs.php.net/bug.php?id=77843

I expect that it'll be fixed, not not handled as a security issue, as it doesn't fit within PHPs model of security vulns.


> This looks like it requires specially crafted code, therefore not a security issue.

I'm not sure how I feel about such a response. Many exploits require odd, but valid code, and more often than not it exists out there.

Also, it feels weird for this to be tagged as a JSON issue?


Basically they don't consider the engineer exploiting the interpreter to be a security vulnerability. That seems a bit dubious, but I can see where they are coming from in treating the script author as a trusted party.


That’s been my experience reporting any kind of bug with the PHP core team. It really is a pain in the neck.


I do believe this is a general restaurant booking system. By looking at the URL in the image you can see that this is a online based restaurant booking system.

Usually these smaller swedish restaurants doesn't have any management and the owner is usually the headwaiter.


More invites if needed.

  ebP963yNKtKhTBG5
  cDu6ytmRASJDgAgC
  fC3f3uVgBd2RV9pN
  bsh35de4nBwwFw2e
  bYsL8AdCK5fFV5qU
  ckJCHBBNUpETh9gz


Thanks! I was able to use cDu6ytmRASJDgAgC.


Used ebP963yNKtKhTBG5, thanks!


And dont forget the refeerer header that will contain any GET data. I've spoted several sites with this flaw by just looking at the data in my visit log.


Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: