Kapil Singaria 🐊
1.8K posts
Kapil Singaria 🐊
@KapilSingaria
Programmer ☘️
The Spice Kingdom Katılım Ekim 2013
363 Takip Edilen58 Takipçiler
@complex_iota @deepakmnadiger This sabotage strategy is known as incompetence.
English
@deepakmnadiger But why won't someone give a quote or a sample?
What kind of sabotage strategy is this?
English
Let me tell you a story - for 6 months we chased the 2 biggest toothbrush manufacturers in india for a quote & sample. We didn't get a response - the chinese vendor who produces 1 bn sticks a month, sent a quote in 3 days, sample in 7 and key line in 15. 14k moq - we buy monthly
Shubham Mishra@brahma_4u
China supplies ~90% of India's toothbrush imports, but wait there's more: - 70% of toys. - 45%+ of consumer electronics components. - 90%+ of Diwali lights & decorations. - 70% of Active Pharmaceutical Ingredients (APIs). - 100% of lithium batteries. From our morning routine to festival nights it's China, quietly running the show. No wonder why India's import bill from China was $101 billion (2023-24). While the trade deficit was $85 billion. The dependency isn't a coincidence. It's structural. India is not lacking capabilities, but intent and vision at scale. Phased manufacturing is not the only playbook we can have.
English
@OdiSriUS @SaffronProphett You really think they will compete? They will most likely "collaborate".
English
@SaffronProphett I understand.
Give stalls to 10 vendors, not 2. Let them compete to get your business.
Or get rid of them, run through Govt stalls only.
English
Yes, you fucktards first auction off to get 1 Crore deposit and 1.7 lakh per month rent for 10x10 stall and then you open your stall with a 80% loss to the taxpayers. What a brilliant way to fuck your taxpayers.
Raghav Chadha@raghav_chadha
Visited the Udaan Yatri café at Mumbai Airport and had chai for just ₹10. Was flying to Delhi and wanted chai before the flight. Spoke to several travellers while I was there. All of them happy, all of them saying the same thing: Easy on the pocket, good service, value for money. Affordable airport food is possible. And this is proof☕ ✈️
English
@offgridmate @crazyiIIusions The size of the box is a single unit. The size of the larger box is measured in terms of the smaller box's unit length.
English
@crazyiIIusions impossible to verify without knowing the dimensions of the boxes or the larger box - so this is a fairly pointless post.
English
@narashin59 @I_am_Vedvrat @fella_patriot Technical is a broad term. Those who know tech deeply are generally not like that. The other ones who know few things about tech are as bad as non tech ones.
English
@I_am_Vedvrat @fella_patriot Technical managers also behave that way or its only with People managers ?
English
@kancyouph @inu_grapher There's many public urinal near that bank. One is not farther than 50m from that place. He could have asked anyone.
English
@inu_grapher 年齢的に我慢できなかった可能性はありますね。海外だと、トイレを見つけるのに一苦労でしょうし。
日本語
やっぱり放尿が原因だったんだね。私が見た複数の関連ツイートでは、インドの人と思われる人たちが「サンタ帽は問題ではない。私たちはそんなことでは怒らない。ガンジス川に放尿をしたことが問題だ」というようなことを書き込んでいるのを見たよ。どうしてそんなことをしたんだろう。
今日ヤバイ奴に会った / 坪和の世界ローカル屋台めし@tubotubowa
【説明とお詫び】 インド・バラナシのガンジス川での出来事について、 当日現地に同行していた立場として、 説明とお詫びをまとめました。 不快な思いをされた方々に、心よりお詫び申し上げます。
日本語
@happydreamc1ub @inu_grapher There's one public urinal every 100m on that bank. He could have asked anyone.
English
@inu_grapher トイレがどこか分からない、入りたくないレベルで汚い
↓
道端でするよか川に流せば衛生的やろw
↓
相談もせず突如放尿、まさか川に野ションするとは夢にも思わないであろうローカル屋台飯さんも止められず
って流れかな?
せっかくインドに詳しい人がいるなら相談すべきだった
日本語
@joshmanders You don't even need express. You can do it in plain nginx or Apache server
English
Ryan... Express has existed for like a decade now..
Ryan Florence@ryanflorence
I'm in love. A JavaScript server that serves static files out of a public directory and routes everything else to an index.html SPA style
English
@iamkylebalmer @levelsio I find zoho to be pretty smooth and stable. What is terrible about it?
English
@levelsio i can only think of zoho which is terrible (unfortunately - it has promise but all of the elements are substandard)
pabbly. like zapier but much cheaper
struggling to think of many others
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal Further -
Your way: Possible zero day and RCE because the dev forgot to catch one Zero day
My way: Potentially reject the request on false positive and not ban the user.
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal OK, let's compare the parameters of my & your way.
My way: you scan source, experts review potential bugs, fix them, and those potential problems are fixed forever before production.
Your way: spend to scan trillions of requests and automatically ban users with false positives.
English
Google has announced the 1.0 release of Magika - an "AI-powered file type detection system"
And everything about it makes my eye twitch.
Now, you may be saying to yourself... "File type detection? Isn't that... what... file extensions are for? I know it's a JPEG image... because it has .jpg at the end."
Well Google Magika uses complex, heavy AI systems instead of... you know... file extensions.
Seriously. Check out the screenshot. It's using an AI system to tell us that a .BMP file is a bitmap image.
But, never fear! They decided to re-write Magika (which has only just now hit 1.0) in Rust. Because... Rust!
opensource.googleblog.com/2025/11/announ…
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal Naah, I know it's not the only way but one more way. You can scan all you want proactively for buffer overflows and there might still be zero days present. This new method gives one more way to prevent side effects.
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal Look, you presented me with a problem. I gave you multiple solutions, including scanning legacy C/C++ code with AI for buffer overflow bugs, which you *can* do. You insist the only way is scanning input for scripts. How the f**k am I supposed to react calmly to this? 😂
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal You can't scan for buffer overflow and I didn't mean to scan for buffer overflow here. You misunderstood me. I meant to scan for hidden scripts embedded in files here. Which can be executed if there is somehow a buffer overflow while parsing the file.
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal I'm not sure if you read everything I write but I literally addressed that exact point. In multiple ways.
Also, 😂 you can't "pro-actively scan" input for a buffer overflow that you don't know is there. And if you knew it's there, you'd fix it so you don't have to scan for it.
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal Safe languages will prevent that, yes. But for programs (say ffmpeg) which aren't feasible to convert to safe languages, isn't proactive scanning better?
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal ...we have managed runtimes.
And if it's about legacy code, and you want to use AI intelligently, you can use AI to find buffer overflow bugs in your codebase. That's a GOOD USE OF AI. Not checking literally every HTTP request in production.
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal Ok. Again one of my previous question. Let's say I have a malicious script embedded in a different file that can trigger and exploit buffer overflow. This mechanism still lacks protection against unintended side-effects. What about this?
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal ...are no inconsistencies, there's nothing to exploit. Either the file is the wrong type from the start and will be rejected, or it's an image & it'll be read as image until the end
"Magic bytes" has 3 major problems:
1. Not nominal.
2. Not authoritative.
3. Not mandatory.
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal Structured interface file access seems good but isn't feasible now. All the OSes throws a stream of bytes when you access a file. It's the abstractions over it that give it useful meaning. If you mean to create it for new systems, I kinda get it.
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal ...structured interface, so the file type is a class, the file is an instance of it. But there are more intermediate steps there, we don't even need to go there.
Just. Have the type. Be from the system.
English
@unit_accord @i_am_uvw @vxunderground @LundukeJournal Ok I kinda understand what you mean. Still I am not sure how you system file type classifier would be different (read better) than other tools and their mechanisms. Why can't it also be fooled? Will this system classifier do anything additional than magic bytes analysis?
English
@KapilSingaria @i_am_uvw @vxunderground @LundukeJournal Programs don't have to be restricted, but they can say "I'm opening this JPEG file" and if it's not a JPEG file, which the SYSTEM determines, the system will just throw an error, rather than give you the content. But that's just step 1.
Step 2 is encapsulating a file in a...
English