More

gberger · 2025-12-30T00:53:12 1767055992

Why did it take them 4 days between publishing a CVE for the vulnerability (Dec 19th) and posting a public patch (Dec 23rd)?

joecool1029 · 2025-12-30T01:48:48 1767059328

Had their hands full getting sued the same day: https://news.ycombinator.com/item?id=46403128

theteapot · 2025-12-30T03:42:25 1767066145

Might not be how it appears. The CVE number can be reserved by the org and then "published" with only minimal info, then later update with full details. Looking at the meta data that's probably what happened here (not entirely sure what the update was though):

    {
    "cveId": "CVE-2025-14847",
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "state": "PUBLISHED",
    "assignerShortName": "mongodb",
    "dateReserved": "2025-12-17T18:56:21.301Z",
    "datePublished": "2025-12-19T11:00:22.465Z",
    "dateUpdated": "2025-12-29T23:20:23.813Z"
    }

cebert · 2025-12-30T01:07:58 1767056878

In the US, the last two weeks of December can be slow due to the holiday season. I wouldn’t be surprised if Mongo wasn’t as staffed as usual.

tanduv · 2025-12-30T04:42:09 1767069729

should've spun up a few more AI agents

computerfan494 · 2025-12-30T01:02:58 1767056578

That's a good question. I suppose that posting the commit makes it incredibly obvious how to exploit the issue, so maybe they wanted to wait a little bit longer for their on-prem users who were slow to patch?

philipwhiuk · 2025-12-30T02:06:47 1767060407

Posting the CVE and then the patch is the reverse of this.

computerfan494 · 2025-12-30T02:13:17 1767060797

By "patch" I am talking about the public commit. Updated binaries were made available when the CVE was published.

philipwhiuk · 2026-01-05T13:58:42 1767621522

That's not what the blog post implies given they only told people how to update aftwards.

gberger · 2025-09-29T11:54:15 1759146855

You want to do evals, yeah.

gberger · 2025-08-04T17:15:18 1754327718

If I place a grain of rice on the first square of a chess board and double the amount on each step, I'd have 18 quintillion grains of rice.

mg · 2025-08-04T17:30:29 1754328629

It happens.

Life started with self-replicating molecules. And ramped up all the way to structures like the human body which consists not just of quintillions of molecules but of billions of quintillions of molecules.

javcasas · 2025-08-04T18:34:44 1754332484

18 quintillion grains of rice? That is not going to happen.

Just for reference, 18 quintillion grains of rice is roughly 500 times the global production of rice in 2022.

gberger · 2025-02-04T17:19:09 1738689549

We can, though? A sugar tax.

gberger · 2025-02-04T14:02:53 1738677773

I have the same browser and versions as you and it plays on my phone. Pixel 7 Pro, if that matters.

PyWoody · 2025-02-04T14:38:38 1738679918

Wild. I've checked all of my settings and I have video allowed to auto-play, I tried loading it in Destkop Mode, restarting, etc., and I still get nothing.

OP, great site, btw! I'd be glad test any settings on my phone and report back, if that'd help.

gberger · on Nov 30, 2024

27 is just the EU. The whole of Europe is more like 50, which is even wilder!

gberger · on Nov 25, 2024

Paywall

gberger · on Nov 11, 2024

Interesting project! The kid is only mentioned at the beginning, I wonder if they participated further in the project, or if they enjoyed playing the game?

TheTank · on Nov 12, 2024

They did continue participating but it's true that this became a sort of electric train where daddy buys it for the children and ends up playing the most with it.

The trading game did not capture their interest further than watching colourful flashes for a few minutes. It's probably too complicated for their age and hard to understand without knowing some basic financial markets knowledge.

However I used the same device to make other more appropriate games and keep them involved. I could ask them what game they would want, and I would make most of it but involve them in the parts of the code that can be meaningful to them. I found that while they like understanding how it works when I walk them through some small bits of code, writing code (even heavily assisted) is still daunting at their age so they prefer tools like MIT scratch.

gberger · on Nov 6, 2024

Canadian citizens can still be brainwashed even if their data is stored within Canada.

paxys · on Nov 6, 2024

So then why aren't they banning the app?

hmmokidk · on Nov 6, 2024

If any app is brainwashing people it's the zombie of twitter. Not tik tok.

wyldberry · on Nov 7, 2024

If a picture is a thousand words, then surely video is several orders of magnitude more powerful for brainwashing, especially in short form.

TeaBrain · on Nov 7, 2024

The point is that from a disinformation dissemination perspective, it doesn't matter where the data was stored, but the government could have possibly had more control if the data was stored in Canada. Forcing the data to be removed from Canada doesn't seem to be accomplishing anything positive for the Canadian government or people.

russli1993 · on Nov 9, 2024

Brainwashed with what. All I can see is people are brainwashed to believe Chinese ppl bad, Chinese ppl are spies, a tiktok office is an evil spy outpost. The evil commmies from China are going to spread the red scare everywhere. We need to drop the iron curtain now!

CrispyKerosene · on Nov 7, 2024

Oh give it a rest with the nationalist fear mongering. This isn't about 'national security concerns'. That's the smoke and mirrors to get the populist support necessary to ban it. Meta and Google are feeling threatened that their dominance on North America is being tested and they are flexing their lobbying muscles.

gberger · on Oct 20, 2024

Sometimes you have to kill orphans too!