|
moore's law may be dead, but them flops are still growing at an accelerating rate thanks to gpu compute and ever bigger+cheaper chips.
|
# ? Feb 24, 2017 17:49 |
|
|
# ? May 17, 2024 18:05 |
didn't see this in the last few pages, probably because sha and cloudflare really managed to outclass it but: it took Google over a year to discover that one of their self-driving car research managers downloaded 10GB of design files and blueprints to an SD card after searching for information on how to access the document repository and installing a program to allow him to do so, all on a google-provided company laptop which he then reformatted. that didn't set off any alarms. they also didn't think to check the logs when he started telling other employees in the department that he intended to start his own company to replicate the technology. or when he resigned with zero notice. or when he stared his own self-driving car company. only after after Uber bought the company in August for $600M, citing the company's LIDAR technology did they check. but they didn't do anything until one of their suppliers hosed up and cc-ed google a copy of a render of Uber's LIDAR board (which also means Uber is exchanging confidential documents back and forth via email) which was very close to google's extremely customized design and only then they started to investigate here's the lawsuit filing: https://drive.google.com/file/d/0B7dzPLynxaXuQjY3dkllZ2ZKb0k/view Shifty Pony fucked around with this message at 18:02 on Feb 24, 2017 |
|
# ? Feb 24, 2017 17:55 |
|
Shifty Pony posted:didn't see this in the last few pages, probably because sha and cloudflare really managed to outclass it but: is that really surprising though? i read about how MS gives you access to everything once you join their brotherhood. and they had enough snoopware installed that they can figure it all out in the end
|
# ? Feb 24, 2017 18:01 |
|
spankmeister posted:u can still do tls between buttflare and the servers, i think it's what they recommend still requires cloudflare to end up with plaintext forms of the html to do their magic which would be unexceptable for password manager data zen death robot posted:actually we use the strict https implementation so it's using tls the whole way through i unconsciously clicked the NICE! button under your post, am liking having you around
|
# ? Feb 24, 2017 18:04 |
hifi posted:is that really surprising though? i read about how MS gives you access to everything once you join their brotherhood. and they had enough snoopware installed that they can figure it all out in the end it is a hell of a lot easier to keep the barn door closed in the first place than have to do forensic work to track the horse down. I can understand missing the laptop reformatting but a manager at a highly confidential R&D lab quitting with zero notice probably should have triggered some sort of review.
|
|
# ? Feb 24, 2017 18:06 |
|
hifi posted:is that really surprising though? i read about how MS gives you access to everything once you join their brotherhood. and they had enough snoopware installed that they can figure it all out in the end just goes to show these places might actually be a nice place to work at tbh. when i last changed workplaces, my now-ex boss was super salty about me going to work at another web agency, mentioning poo poo like trade secrets, competition, and whatnot (we ended up taking a few of their clients a couple years down the road cause their shop was such a shitshow lmao)
|
# ? Feb 24, 2017 18:06 |
|
the filing says they had suspicions when he left and checked the logs when the company got bought by uber they presumably didn't check as soon as he started talking to those other employees because those employees aren't little shits who rat out every coworker who's thinking of leaving
|
# ? Feb 24, 2017 18:09 |
|
Shifty Pony posted:it is a hell of a lot easier to keep the barn door closed in the first place than have to do forensic work to track the horse down. well here's the thing: it's a relatively minor project to google as a whole, and google only had reason to start caring once the guy's startup actually started to get a bunch of money and bought out by a juicy target with even more money. he could just have easily not really attracted any interest and his company slowly die off, and there'd be nothing in it for google to get after him.
|
# ? Feb 24, 2017 18:11 |
|
hifi posted:is that really surprising though? i read about how MS gives you access to everything once you join their brotherhood. and they had enough snoopware installed that they can figure it all out in the end Truga posted:just goes to show these places might actually be a nice place to work at tbh. agreed with both of these don't work anywhere that doesn't trust you enough to let you know whats going on across the company also don't work anywhere that trusts you enough to not keep an eye on what you do with that access
|
# ? Feb 24, 2017 18:11 |
|
apple ditched supermicro over servers with compromised firmware
|
# ? Feb 24, 2017 18:20 |
pr0zac posted:agreed with both of these that just means that if someone compromises a login or (more likely) a person jumps on a workstation someone forgot to lock they can get everything and frame someone else for it.
|
|
# ? Feb 24, 2017 18:31 |
|
weird how no longer manufacturing your own servers means your vendor might be lovely.
|
# ? Feb 24, 2017 18:31 |
|
quote:Leng told The Information that Apple was the only company to report the firmware issue, and he said the servers are used by thousands of customers. He asserted that when his company asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information. i have a feeling someone was spying on apple specifically and also found a bug in supermicro firmware to exploit. also i guess this means i can't buy supermicro anymore, which is a drat shame
|
# ? Feb 24, 2017 18:33 |
|
Shifty Pony posted:that just means that if someone compromises a login or (more likely) a person jumps on a workstation someone forgot to lock they can get everything and frame someone else for it. and yet people keep doing it no matter how many times i tell them not to and/or no matter how many people get in giant poo poo when someone emails something ignorant to the jerk's entire contact list
|
# ? Feb 24, 2017 18:35 |
|
Truga posted:i have a feeling someone was spying on apple specifically and also found a bug in supermicro firmware to exploit. also i guess this means i can't buy supermicro anymore, which is a drat shame supermicros security has never been great. their ipmi has been real bad in the past.
|
# ? Feb 24, 2017 18:36 |
|
yeah but I just leave ipmi on a separate vlan and that takes care of that
|
# ? Feb 24, 2017 18:38 |
|
rjmccall posted:the filing says they had suspicions when he left and checked the logs when the company got bought by uber
|
# ? Feb 24, 2017 18:43 |
|
i mean, that too but i guess it shouldn't surprise me that the yospos labor solidarity brigade would actually be first in line to report their coworkers for un-corporate activity
|
# ? Feb 24, 2017 19:05 |
|
Where's that security poster who always shills for cloudflare lmao
|
# ? Feb 24, 2017 19:07 |
|
rjmccall posted:i mean, that too information security is job security
|
# ? Feb 24, 2017 19:08 |
|
rjmccall posted:i mean, that too i'd feel different if uber stole the cure for cancer
|
# ? Feb 24, 2017 19:21 |
|
emoji posted:Where's that security poster who always shills for cloudflare lmao Probably still busy changing passwords all over the place.
|
# ? Feb 24, 2017 19:25 |
|
BiohazrD posted:lomarf Yeah, I was coming here to post that. WE HAVE KNOWN BETTER FOR loving DECADES. Does Cloudflare have code review? Is it entirely done by drunks?
|
# ? Feb 24, 2017 19:32 |
|
emoji posted:Where's that security poster who always shills for cloudflare lmao has there ever been one? i can't remember
|
# ? Feb 24, 2017 19:34 |
|
lol
|
# ? Feb 24, 2017 19:36 |
|
lol why would anyone ever buy supermicro? they are universally trash
|
# ? Feb 24, 2017 19:38 |
|
infernal machines posted:information security is job security hifi posted:i'd feel different if uber stole the cure for cancer lol, look at all this post-hoc rationalization for running to management whenever a co-worker mentions they're unhappy but they might be stealing our secrets, you don't know google will probably literally make money from this dipshit stealing their ip
|
# ? Feb 24, 2017 19:41 |
|
Truga posted:technically, git isn't vulnerable to shattered thing because it salts its commits or somesuch and that issue is due to them using git-svn, but it should move off sha1 anyway, today shattered works, in 5 years plain old brute force will Sorry I'm security ignorant. AgileBits is saying I don't need to change my master password. What's wrong with their explanation stating that my master password is safe
|
# ? Feb 24, 2017 19:52 |
|
i guess the self driving car project must have been its very own little silo because this probably wouldn't have happened if it was developed on core google infra google has their own homebrew vcs called piper built on top of all their in house distributed computing poo poo and it has all sorts of features to prevent stuff like this from happening. it presents to the developer machine's os as a fuse filesystem, administrators can tag certain subsections of the repository as super duper trade secret confidential and flag anybody who even attempts to access it, they can also purge stuff out of the history and find out who even looked at the stuff that got purged sounds like somebody hosed up (n.b. i have never worked for google, this is all stuff they've crowed about in publications about their infrastructure)
|
# ? Feb 24, 2017 19:55 |
|
wouldn't it be awful if i changed my passwords for nothing
|
# ? Feb 24, 2017 19:56 |
|
ate all the Oreos posted:christ you have a lot of plugins why you got so many plugins plugin man
|
# ? Feb 24, 2017 20:01 |
|
Fergus Mac Roich posted:Sorry I'm security ignorant. AgileBits is saying I don't need to change my master password. What's wrong with their explanation stating that my master password is safe is master password the thing you need to unlock your safe and also different from your 1password login and can't be recovered if you forget it? if so, then yes, it's 100% safe.
|
# ? Feb 24, 2017 20:01 |
|
Sapozhnik posted:i guess the self driving car project must have been its very own little silo because this probably wouldn't have happened if it was developed on core google infra did they switch to Piper because of China?
|
# ? Feb 24, 2017 20:09 |
|
Truga posted:i have a feeling someone was spying on apple specifically and also found a bug in supermicro firmware to exploit. also i guess this means i can't buy supermicro anymore, which is a drat shame
|
# ? Feb 24, 2017 20:09 |
|
Truga posted:is master password the thing you need to unlock your safe and also different from your 1password login and can't be recovered if you forget it? if so, then yes, it's 100% safe. the thing you can't recover is the secret account code. I guess I'll reset my password when I get home anyway(you know, why not) but it does seem like they're saying even that isn't necessary.
|
# ? Feb 24, 2017 20:15 |
|
Sapozhnik posted:google has their own homebrew vcs called piper built on top of all their in house distributed computing poo poo and it has all sorts of features to prevent stuff like this from happening. he was a manager in the lidar group, not some rando. why would you think he wouldn't have legit access to everything he stole people walk out of companies with confidential materials all the time, there's no practical way to completely eliminate that possibility short of military-level precautions that civilian employees won't put up with, and proactively suing every suspect ex-employee is a good way of ensuring you don't have current employees. it's just that most ex-employees don't immediately turn around around and openly sell their exfiltrated trade secrets for half a billion dollars to the closest major competitor
|
# ? Feb 24, 2017 20:25 |
|
pseudorandom name posted:did they switch to Piper because of China? I'm just going to drop this right over here. http://cacm.acm.org/magazines/2016/7/204032-why-google-stores-billions-of-lines-of-code-in-a-single-repository/fulltext
|
# ? Feb 24, 2017 20:29 |
|
pseudorandom name posted:did they switch to Piper because of China? nah it was for perf. google had the largest perforce deployment anywhere and the load was eventually too high for a centralized system. china never got in to the high ip sections afaik.
|
# ? Feb 24, 2017 20:30 |
|
Fuzzy Mammal posted:nah it was for perf. google had the largest perforce deployment anywhere and the load was eventually too high for a centralized system. china never got in to the high ip sections afaik.
|
# ? Feb 24, 2017 20:40 |
|
|
# ? May 17, 2024 18:05 |
|
zen death robot posted:actually we use the strict https implementation so it's using tls the whole way through as mentioned this doesn't matter at all in this case. the bug dumped data in memory from after it was decrypted for inspection and such. but yeah the option to do the cloudflare to origin half of the connection unencrypted is v stupid. sadly people want it because they want that special green lock to inspire customer trust or some bullshit and use a service that can't get its poo poo together and provide TLS in tyool 2017
|
# ? Feb 24, 2017 21:15 |