Man, your issue is not that you do not have enough external validation, it's that you crave it so badly. I guarantee you achieving your concrete goals would not make you happy -- you would just move the goalposts.
I would really recommend therapy as a way to understand and reframe the desire for external validation.
Definitely agree! That's why the author has explicitly filtered out patternwork by excluding "circles" that are particularly close to an airport. It doesn't mean anything is sinister, but this project is definitely aware of and disinterested in just finding student pilots beating up the pattern.
I do a bit of reverse engineering both professionally and for fun, and the two bits of “proper” education that have helped the most were my Hardware/Software Interface and Intro to Operating Systems classes in undergrad.
Learning how this stuff works in the forward direction makes spotting patterns a whole lot easier. It’s a lot easier to start RE when you’re already familiar with stuff like calling conventions or memory layout (for example).
From there, there isn’t a ton of formal education as far as I’ve seen. I am really fond of Smash the Stack’s IO wargame if you’re interested in CTF-style challenges. I also spent a good bit of time compiling my own small programs and then using them to learn the tools. When you’re starting off, RE is a lot easier when you know what you’re looking for.
I'm not sure I agree. If you can affect the state of the runtime in ways that are not intended to be possible by the WASM API, this breaks sandboxing requirements. Even if you can't break out of the current process (due to isolation provided by the kernel), you can still cause arbitrary code execution within the process.
> you can still cause arbitrary code execution within the process
You start with the ability to do arbitrary code execution, you don't have to find an exploit to do that. And since your WASM code is the only thing in the process, what is an exploit going to let you do that you couldn't already do anyway?
You seem to be confused. Arbitrary code execution is just the ability to run code. It is a security attack when a user that wasn't supposed to be able to run code can now run code. But WASM and JS runtimes would be literally useless if you didn't start with the ability to run arbitrary code. Their sole purpose is to run code. You feed them code, they run it. You were supposed to have the ability to run code, therefore arbitrary code execution is not an exploit here.
Maybe you're confusing it with privilege escalation, though? Or a sandbox escape? But FYI those aren't the same thing. At all.
Alternatively if the worst you've seen on HN is one person seemingly confusing arbitrary code execution with privilege escalation you must not be on HN very much.
It's not about intention. Nobody believes that the words "master" and "slave" are intended to cause racial stress in a technical context -- but that's not the point. The point is that these words do not exist in a vacuum, and for many people words like "master" and "slave" do in fact evoke historically-grounded feelings of discomfort, even when that isn't the intent.
When someone says "hey, I feel hurt when you use that term", the correct response (imo) is to do your best to stop using the term. It's a small sacrifice to make other people feel safer, and that's absolutely worth it.
>>for many people words like "master" and "slave" do in fact evoke historically-grounded feelings of discomfort, even when that isn't the intent
So what? Most peoples (all?) in history have been enslaved at one time or another. Some people are right now!
I understand that it is easier to protest against word usage in freaking source files/documentation, in a field where most people are very agreeable and soft and want to accomodate everyone, even to their own detriment, than to protest against real existing problems, but come on ...
Sure. My ancestors were enslaved by the British. The difference is that I do not face discrimination today as a result of that. For black people in the US today, that's not the case -- the effects of slavery are still systemic issues.
I mean, yeah, if you truly feel hurt when I use that word, I won't use it around you. Absolutely. It's more important to me that the people around me feel heard and seen than for me to get to use a particular word.
If a whole group of people say "hey this word makes me feel uncomfortable of hurt," then I try to modify my vocabulary accordingly and eliminate it.
Read again. I said most of it subconscius. Whenever I have evaluated applications, I certainly have made the effort to be explicit about every criteria I've used.
It's not a farfetched idea that the person sending a job application from the web client of a Gmail account is probably a different type than the one with a personal domain and running Thunderbird/Linux.
I would really recommend therapy as a way to understand and reframe the desire for external validation.