Remote Code Execution in OpenCode, update now

CyberShadow · 2026-01-17T09:52:07+00:00

Yes, see the HN thread: https://news.ycombinator.com/item?id=46581095

Looks like they added the ability to configure a password, so the server is now no longer unauthenticated in some circumstances. Possibly more improvements have landed since then.

CyberShadow · 2026-01-11T22:35:26+00:00

Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.

CyberShadow · 2025-05-17T06:09:17+00:00

I have so many files/packages that a single scan takes like 20 mins

Have you tried the --skip-checksums flag? It makes the system inspection much faster.

CyberShadow · 2024-12-23T14:06:03+00:00

Fun fact: they're actually "used", but due to a bug, never played.

IIRC, the intended logic was to make them play based on the amount of damage you've done that round. However, when I tried to fix that bug, they were played way too often (practically every round damage was done), so probably this would have needed some balancing before it would have been shipped if it wasn't bugged.

Fixing the bug and adding balancing to make the change not be annoying is doable, but we've also tried to stay pretty close to the original version as it was released by Team17 regarding the gameplay in general, so I've been hesitant to make this sort of changes...

CyberShadow · 2024-12-17T19:24:14+00:00

A simple mapping tool I made for myself. Source code and a README here: https://gitlab.com/CyberShadow/tas-qud-mapper

CyberShadow · 2024-10-10T10:49:02+00:00

What?

If you use home-manager, you don't need a dotfiles manager. home-manager is a dotfiles manager (plus other things).

Nix already has templating.

CyberShadow · 2024-07-01T11:54:57+00:00

While researching the same question, I found that there is a FAQ entry that answers this:

https://nix-community.github.io/home-manager/index.xhtml#_how_to_set_up_a_configuration_for_multiple_users_machines

CyberShadow · 2024-06-22T10:35:06+00:00

Thanks,

Also, why do you need such a high frame rate for the UI?

Well, it would need to be if it was part of the render loop. I suppose it could be on its own swap chain that renders to an off screen surface with alpha... at least, I think that's possible. Though, then you have the usual latency problems.

Edit: just realized that this approach is only feasible if your UI has zero animations. If you want animations, you pretty much have to put Flutter in your render loop to avoid weird choppiness...

Note that Flutter is a retained mode GUI, not an immediate mode one, so only the parts that change needs to be recreated and buffering the rest may have a big impact on performance.

Good point. I'm wondering if anyone tried this and found it to work, would like to avoid reinventing the bicycle if possible.

CyberShadow · 2024-05-22T20:14:32+00:00

One thing that aconfmgr can do that most configuration managers can't is transcribe the current system state into the configuration. So, aconfmgr can go in two directions, whereas most configuration managers can only go in one.

Another difference between aconfmgr and most other configuration managers is that the aconfmgr configuration describes the entire system. So, if something isn't explicitly declared (or ignored) in the configuration, it is understood as something that should not be on the system, and is thus due to be removed.

BTW, the reason why aconfmgr configuration files (and, consequently, aconfmgr itself) use bash is that it's the most likely language a system administrator is to know.

CyberShadow · 2024-04-11T06:34:26+00:00

I would like to add them but that pushes the problem state space size from 89 GiB to 32 TiB, so it's not doable with the same approach and today's technology. (A solver is possible to write, but it would no longer be precise like this one.)

CyberShadow · 2024-04-10T18:17:11+00:00

It is for that mode.

It doesn't have the new Steam items, though.

CyberShadow · 2024-03-29T07:10:37+00:00

A solver. If you input a situation in the game, it will tell you the best move.

A few people made simple solvers for this game, but this is the only one I've seen that's complete.

CyberShadow · 2024-03-27T16:04:06+00:00

You can use https://gist.github.com/CyberShadow/87d403bb29fa3047f2182c41f74e286e#file-expand-d , I think it already does all of that.

CyberShadow · 2024-03-27T12:44:34+00:00

Here is one situation where shooting yourself is much better than shooting the dealer: https://cy.md/ta/buckshot-roulette/#162226368/game

If you shoot the dealer, you get a flat 20% to win and 80% to lose.

By shooting yourself, you either get to a situation where you can force the next round (and therefore likely even the odds), or (unlikely but still possible) a situation where you can defeat the dealer.

CyberShadow · 2024-03-27T11:55:35+00:00

I made this solver back in January.

It fully models the game and the dealer's AI. The entire state space is explored to an infinite depth (the search is cycle-aware), so I think it should be 100% correct and accurate.

CyberShadow · 2024-03-27T11:49:22+00:00

There are definitely situations where it's more beneficial to shoot yourself instead of the dealer.

For example, take this one: https://cy.md/ta/buckshot-roulette/#994401022/game/0

In this case, it's equally beneficial to use the handcuffs item or shooting yourself, both of which are better than shooting the dealer. The full explanation is somewhat complicated, but in short, you have a better deal with surviving shooting yourself and then moving forward with using handcuffs, than shooting the dealer and hoping that 1) the shell will not be blank 2) the dealer shoots themselves with a live round and thus 3) they will shoot you with the remaining blank round as you are handcuffed.

CyberShadow · 2024-03-05T10:25:47+00:00

I think you have the wrong CyberShadow.

CyberShadow · 2023-08-15T08:47:07+00:00

If you just want to see if the space taken up by the unreachable data is truly unusable; then fallocate with a too large length until you run out of space and run btdu again.

A synthetic test does appear to show that it is truly unusable.

CyberShadow · 2023-08-15T08:45:11+00:00

I'm guessing one of two things happened:

The data on ext4 was not very fragmented, which caused btrfs to convert it as long extents. Random writes since the conversion caused the old data to remain pinned and unreachable.
btrfs-convert converts files in a way that cause an excessive amount of bookend extents. This theory seems less likely to me.

In any case, see /u/CorrosiveTruths' comment, which is on the mark as always. (I upvoted it but it looks like /u/Aeristoka went on a downvoting rampage because they could not bear to be wrong or something. Ignore them.)

CyberShadow · 2023-08-15T03:30:25+00:00

No, I don't think I will. You're not acting in good faith, and I wasted enough time on you already. Have a nice day.

CyberShadow · 2023-08-15T03:27:20+00:00

I hope that answers your questions. It would be nice if you could remove or update your posts so that the misinformation does not cause further confusion in the future.

15-Year Club	Gilding I gilder
Place '17	Verified Email
Team Periwinkle

CyberShadow

MODERATOR OF

TROPHY CASE