pCloud has been leaking files between users

https://www.reddit.com/r/pcloud/comments/1qhpr4k/vault_got_a...

https://www.reddit.com/r/pcloud/comments/1qhibbe/pcloud_sudd...

https://www.reddit.com/r/pcloud/comments/1qhxuco/followup_to...

https://www.reddit.com/r/pcloud/comments/1qhibbe/comment/o18...

Maybe AWS ParallelCluster which is a managed SLURM on AWS.

It's not that simple to safely parse HTTP request form. Just look at Go security releases related to form parsing (a new fix released just today).

https://groups.google.com/g/golang-announce/search?q=form

5 fixes in 2 years related to HTTP form (url-encoded and multipart).

- Go 1.20.1 / 1.19.6: Multipart form parsing could consume excessive memory and disk (unbounded memory accounting and unlimited temp files)

- Go 1.20.3 / 1.19.8: Multipart form parsing could cause CPU and memory DoS due to undercounted memory usage and excessive allocations

- Go 1.20.3 / 1.19.8: HTTP and MIME header parsing could allocate far more memory than required from small inputs

- Go 1.22.1 / 1.21.8: Request.ParseMultipartForm did not properly limit memory usage when reading very long form lines, enabling memory exhaustion.

- Go 1.25.6 / 1.24.12: Request.ParseForm (URL-encoded forms) could allocate excessive memory when given very large numbers of key-value pairs.

Probably every HTTP server implementation in every language has similar vulnerabilities. And these are logic errors, not even memory safety bugs.

I consider it a small win that those are _only_ 'resource exhaustion' attacks. Denial of service potential to be sure. Something nice to avoid / have limits on also for sure.

However I'd rather have that than a more dire consequence.

You can buy a totaled car for cheap and use its VIN.

Are VINs not tied to the make, model, and year?

Ultimately they are tied to an individual vehicle in its original configuration in every way.

But thieves don't really really care about what it technically represents, they are more interested in what they can get away with. That would be solely dependent on how stringent the inspection is to get a rebuilt title.

Sure, but that's not that hard to find a match of. And if you cover all your bases, you can probably get away with a year or two plus or minus in most cases.

I guess there's a lot of pressure from Cursor and Google's Antigravity. Also with Zed you can bring your own API key which VS Code didn't support for a long time.

Eventually they will need to come up with their own editor and plugins.

I don't expect traditional Microsoft to let this going on for much longer, this is the first sign of it.

17 years ago I went to a summer vacation with my family (still a teenager). That meant 10 days without any internet connectivity. I just got my first laptop and I was allowed to take it with me. I was reverse engineering MSN Messenger's user to user and profile picture exchange protocol from TCP dumps. MSN Messenger did not use any encryption. Before I went to the vacation I recorded a bunch of sessions with Wireshark (maybe it was still Ethereal back then). Then for 10 days I was just trying to figure out from the dumps how the binary protocol worked and was writing the code without any way to test it. When I came back I just had to fix some minor bugs and it worked. Fun times.

I've done business logic sharing where the engine was written in Rust, WASM for web with React for UI, uniffi-rs for Android and iOS with Kotlin Compose for Android and SwiftUI for iOS, Tauri for desktop.

There were no good examples for how to do this but once it was set up it worked extremely well.

It uses tokio for Android/iOS/desktop and even embeds a web server for fake API for end to end testing (even on mobile)

https://github.com/koofr/vault

They made this transport agnostic so it's compatible with A2A and AG-UI.

Google is doing that with A2UI. LLM will be able to decide how to present info to the user.

Will it also remove the whole D:\?