|
Methanar posted:This would get you burned at the stake in Christianity Not usually
|
#
?
Jan 23, 2018 23:25
|
|
|
|
| # ? May 30, 2024 10:20 |
|
|
Potato Salad posted:Security loving Megathread - Hello, is this a religion thread? Secularity Fuckup Megathread v6.1.6 - Hello, is this a divinity order?
|
|
#
?
Jan 23, 2018 23:47
|
|
|
Agile Vector posted:Secularity Fuckup Megathread v6.1.6 - Hello, is this a divinity order? god drat
|
|
#
?
Jan 24, 2018 00:18
|
|
|
Zamujasa posted:god drat
|
|
#
?
Jan 24, 2018 01:17
|
|
|
Unexpected privilege escalation using specially crafted input to check_kosher()
|
|
#
?
Jan 24, 2018 01:24
|
|
|
mrmcd posted:Unexpected privilege escalation using specially crafted input to check_kosher() CLOSED: Works as intended
|
|
#
?
Jan 24, 2018 01:28
|
|
|
oh dear https://twitter.com/Jayniehaka/status/955727847850524672
|
|
#
?
Jan 24, 2018 01:55
|
|
|
Ciaphas posted:that's why judaism rules and christianity drools And Atheism is better then both.
|
|
#
?
Jan 24, 2018 02:58
|
|
|
mrmcd posted:Unexpected privilege escalation using specially crafted input to check_kosher() should have used the proper salt
|
|
#
?
Jan 24, 2018 03:02
|
|
|
haveblue posted:should have used the proper salt oy vey
|
|
#
?
Jan 24, 2018 03:02
|
|
|
Ciaphas posted:jewish God approves of people rules-lawyering the poo poo out of Him it's a joke though nearly all of the "rules" come from rabbinical efforts to take whatever is written in holy texts and go at least two steps further than is necessary. like jewish men wearing a hat over a yarmulke. so the rules-lawyering is not working around core items in the torah but rather slicing and dicing centuries of rabbinical thought i imagine it to be a fine sport
|
|
#
?
Jan 24, 2018 03:06
|
|
|
ate poo poo on live tv posted:And Atheism is better then both. nah
|
|
#
?
Jan 24, 2018 03:11
|
|
|
how are people so bad at this in tyool 2018
|
|
#
?
Jan 24, 2018 04:23
|
|
|
Chris Knight posted:how are people so bad at this in tyool 2018 they dont pay enough to get people who care
|
|
#
?
Jan 24, 2018 04:29
|
|
|
haveblue posted:should have used the proper salt
|
|
#
?
Jan 24, 2018 06:48
|
|
|
ate poo poo on live tv posted:And Atheism is better then both.
|
|
#
?
Jan 24, 2018 13:10
|
|
|
haveblue posted:should have used the proper salt excellent
|
|
#
?
Jan 24, 2018 13:38
|
|
|
duz posted:they dont pay enough to get people who care
|
|
#
?
Jan 24, 2018 13:43
|
|
|
https://twitter.com/matix_wolf/status/949026227037368321
|
|
#
?
Jan 24, 2018 16:59
|
|
|
We had a system that would automatically generate new account passwords by grabbing two random words from a dictionary file and slapping some numbers on the end and that worked great until someone got the password infectedtesticles69 or whatever and they replaced the dictionary with a censored one
|
|
#
?
Jan 24, 2018 17:05
|
|
|
BangersInMyKnickers posted:We had a system that would automatically generate new account passwords by grabbing two random words from a dictionary file and slapping some numbers on the end and that worked great until someone got the password infectedtesticles69 or whatever and they replaced the dictionary with a censored one did it happen because it was offensive or because it created an inadvertent HIPAA violation?
|
|
#
?
Jan 24, 2018 17:12
|
|
|
BangersInMyKnickers posted:We had a system that would automatically generate new account passwords by grabbing two random words from a dictionary file and slapping some numbers on the end and that worked great until someone got the password infectedtesticles69 or whatever and they replaced the dictionary with a censored one Your new password is: *************
|
|
#
?
Jan 24, 2018 17:17
|
|
|
long ago i put a decent amount of effort into reducing the english alphabet into a version that could not encode any common profanity, i think with 0-9 and a subset of A-Z i ended up with 29 characters, to map integer database PKs to short strings and make sure that "gently caress" would not be one of them oh also doing some redundancy/error correction, like not using B because it oculd be mistaken for a 8, S with 5, etc e: maybe 29 before error correction, definitely 25 after
|
|
#
?
Jan 24, 2018 17:28
|
|
|
https://twitter.com/xoreaxeaxeax/status/951052854881636353 https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom "A branchless DOOM This directory provides a branchless, mov-only version of the classic DOOM video game. This is thought to be entirely secure against the Meltdown and Spectre CPU vulnerabilities, which require speculative execution on branch instructions. The mov-only DOOM renders approximately one frame every 7 hours, so playing this version requires somewhat increased patience."
|
|
#
?
Jan 24, 2018 17:28
|
|
|
Lysidas posted:long ago i put a decent amount of effort into reducing the english alphabet into a version that could not encode any common profanity, i think with 0-9 and a subset of A-Z i ended up with 29 characters, to map integer database PKs to short strings and make sure that "gently caress" would not be one of them why didnt you just string literal hex or whatever?
|
|
#
?
Jan 24, 2018 17:42
|
|
|
CommieGIR posted:Linus is still saying Intel is half adding it on microcosm patches and are not taking this seriously i like this autocorrect
|
|
#
?
Jan 24, 2018 18:41
|
|
|
coffeetable posted:fyi, this schtick will get you a lot of eye-rolling for the same reason that anti-trump chat will get you a lot of eye-rolling. you're preaching to the choir. you're saying something that almost everyone itt is already gonna agree with, and you're expecting some kind of applause for it I mean that's true. I probably should have put a  after the statement. I wasn't honestly looking for theological engagement. Because lol at that, but also this is the security thread.
|
|
#
?
Jan 24, 2018 19:27
|
|
|
fishmech posted:https://twitter.com/xoreaxeaxeax/status/951052854881636353
|
|
#
?
Jan 24, 2018 19:49
|
|
|
anthonypants posted:thought all these posts were about blizzard v. tavis quote:I plan to look at other games with very high install bases (100M+) in the coming weeks. godspeed, there must be so much trivial crap there and that was just protocol level stuff, he didn't even look at any of the hastily written c++ networking code
|
|
#
?
Jan 24, 2018 21:18
|
|
|
You just know pubg or one of its clones is broken as gently caress
|
|
#
?
Jan 24, 2018 21:19
|
|
|
duz posted:they dont pay enough to get people who care this and management screaming WHY THE gently caress IS THIS TAKING YOU SO LONG???? and people just ceasing to give a poo poo after enough iterations of that e: you might as well ask why food safety and fire safety were poo poo before there were laws on this matter backed by severe and aggressively-enforced penalties imposed by the government Sapozhnik fucked around with this message at 21:25 on Jan 24, 2018 |
|
#
?
Jan 24, 2018 21:23
|
|
|
Sapozhnik posted:e: you might as well ask why food safety and fire safety were poo poo before there were laws on this matter backed by severe and aggressively-enforced penalties imposed by the government Question time! Would it be feasible to write laws around having to make programs secure, similar to food/fire safety laws? The biggest hurdle obviously would be the speed that technology moves vs. the speed of government. But I'd like some discussion on how it could be/could not be done, and what could it look like? Please no "I don't want the government to do that," or "they'd just gently caress it up and make poo poo worse"
|
|
#
?
Jan 24, 2018 21:30
|
|
|
Avenging_Mikon posted:Would it be feasible to write laws around having to make programs secure, similar to food/fire safety laws?
|
|
#
?
Jan 24, 2018 21:33
|
|
|
Avenging_Mikon posted:Question time! you'd need govt sponsored pentesters that continuously hack your poo poo, because that's what they had to do to get food/fire safety laws to work (inspectors showing up at random and closing down your buildings if they don't conform)
|
|
#
?
Jan 24, 2018 21:35
|
|
|
Avenging_Mikon posted:Question time! just like finance, health, and law, make it so that if your company is handling PII the only people allowed to engage it are licensed software engineers.
|
|
#
?
Jan 24, 2018 21:36
|
|
|
Any law that they'd come up with would either be overly broad or too specific and would need to be changed eventually I seem to remember some goofy online payment system mandated by the government in South Korea that only ran on Windows 95 or XP or something else incredibly out of date also, Truga posted:you'd need govt sponsored pentesters that continuously hack your poo poo, because that's what they had to do to get food/fire safety laws to work (inspectors showing up at random and closing down your buildings if they don't conform) if that were the case it'd mean that the NSA gets all the 0days ever the privacy aspect that necc0 brings up is a good idea though, i like it a lot
|
|
#
?
Jan 24, 2018 21:37
|
|
|
Avenging_Mikon posted:Question time! I love regulation but software moves way too fast. reminder that docker is less than 4 years old.
|
|
#
?
Jan 24, 2018 21:41
|
|
|
Truga posted:you'd need govt sponsored pentesters that continuously hack your poo poo, because that's what they had to do to get food/fire safety laws to work (inspectors showing up at random and closing down your buildings if they don't conform) jail time for ceos/executives in cases where data breaches are deemed sufficiently negligent by an appropriate regulatory body could maybe work except lol that will never ever happen because rich people never face consequences for anything
|
|
#
?
Jan 24, 2018 21:46
|
|
|
FAT32 SHAMER posted:if that were the case it'd mean that the NSA gets all the 0days ever yeah, i'm not saying it's a good and i don't think it's even a feasible idea, but i think it'd take no less than that. if it's just penalties after breaches that's too late, and also big corps can just shrug off almost anything Arcsech posted:jail time for ceos/executives in cases where data breaches are deemed sufficiently negligent by an appropriate regulatory body could maybe work yeah, exactly
|
|
#
?
Jan 24, 2018 21:49
|
|
|
|
| # ? May 30, 2024 10:20 |
|
|
the smart way would be to empower a regulator and fund them so they can update the rules as tech changes, it would most be process regulation anyway id assume we'd implement some sort of mandatory programmer's liability insurance instead
|
|
#
?
Jan 24, 2018 21:49
|
|
