|
Shy posted:hows the linux version? still bad but also just as expensive
|
# ? Jul 17, 2018 07:27 |
|
|
# ? Jun 12, 2024 15:58 |
|
Suspicious Dish posted:the guy got their username/password pwned by a random virus and the same thing would have happened if it was a gpg key. the rogue release was made by someone that stole the username/password off the dev's machine. a hardware keystore would require user interaction or a much more sophisticated MITM attack of the next release done by that person
|
# ? Jul 17, 2018 07:47 |
|
b0lt posted:a hardware keystore would require user interaction or a much more sophisticated MITM attack of the next release done by that person Cool! They should use this for their username/password and/or npm token.
|
# ? Jul 17, 2018 07:55 |
|
can gpg keys be passworded? then it'd at least be what you have + what you know (assuming lack of keylogger i guess)
|
# ? Jul 17, 2018 08:01 |
|
Suspicious Dish posted:Cool! They should use this for their username/password and/or npm token. that's fundamentally worse?
|
# ? Jul 17, 2018 08:05 |
|
b0lt posted:that's fundamentally worse? Why?
|
# ? Jul 17, 2018 08:06 |
|
because npm's 2fa is much worse? because an MITM attack that replaces the contents of a package on upload is much easier to perform undetected than one that replaces it on signature? because you can't move the authentication onto a device that you know to be uncompromised?
|
# ? Jul 17, 2018 08:19 |
|
Suspicious Dish posted:the guy got their username/password pwned by a random virus and the same thing would have happened if it was a gpg key. the rogue release was made by someone that stole the username/password off the dev's machine. The official post-mortem says that the developer reused email+password on a different site that got breached though.
|
# ? Jul 17, 2018 08:34 |
|
Xarn posted:The official post-mortem says that the developer reused email+password on a different site that got breached though. lol, that's not what I read at first. huh.
|
# ? Jul 17, 2018 09:53 |
|
Xarn posted:The official post-mortem says that the developer reused email+password on a different site that got breached though. welp that’s a hard one to counter
|
# ? Jul 17, 2018 10:05 |
|
Boiled Water posted:still bad but also just as expensive look at mr ellison over here
|
# ? Jul 17, 2018 10:47 |
|
redleader posted:look at mr ellison over here what i dont' get this joke or reference
|
# ? Jul 17, 2018 10:50 |
Boiled Water posted:what ellison is the oracle head who makes a database more expensive and more bad
|
|
# ? Jul 17, 2018 10:59 |
|
Databad
|
# ? Jul 17, 2018 11:27 |
floatman posted:Databad data quality startup?
|
|
# ? Jul 17, 2018 11:38 |
|
Suspicious Dish posted:the guy got their username/password pwned by a random virus and the same thing would have happened if it was a gpg key. the rogue release was made by someone that stole the username/password off the dev's machine.
|
# ? Jul 17, 2018 13:16 |
|
Fiedler posted:golang? people actually use that poo poo?
|
# ? Jul 17, 2018 17:17 |
|
this is funny because golang has programming concepts most grandpas would be familiar with
|
# ? Jul 17, 2018 17:38 |
|
|
# ? Jul 17, 2018 18:15 |
|
Fiedler posted:golang? people actually use that poo poo? not outside of "hacker" "news", no
|
# ? Jul 17, 2018 23:33 |
|
actually, go is good
|
# ? Jul 18, 2018 02:24 |
|
Shy posted:hows the linux version? the linux version of ms sql is built from the same code as regular ms sql unfortunately all the surrounding components are missing -- no integration services / dts packages and so on
|
# ? Jul 18, 2018 05:11 |
|
Notorious b.s.d. posted:the linux version of ms sql is built from the same code as regular ms sql "built from the same code" is massive understatement. it's drat near exactly the same database engine with the same windows dependencies. they just ship the windows bits along with the rdbms.
|
# ? Jul 18, 2018 05:35 |
|
ozymandOS posted:actually, go is good
|
# ? Jul 18, 2018 08:45 |
|
ozymandOS posted:actually, go is good wish you would
|
# ? Jul 18, 2018 09:02 |
|
what's with every Java application ever written feeling like absolute hot trash to use even extremely widely used things like Jenkins just have this feel about it like any wrong click is going to send the whole thing into a death spiral, and, sometimes, it does what's up with that?
|
# ? Jul 18, 2018 12:03 |
|
redleader posted:mssql owns though and you should have no regret for choosing it PostgreSQL exists, as such, there is no reason to choose MsSQL.
|
# ? Jul 18, 2018 12:30 |
|
ratbert90 posted:PostgreSQL exists, as such, there is no reason to choose MsSQL. what if i want my database budget to explode?
|
# ? Jul 18, 2018 12:31 |
|
Boiled Water posted:what if i want my database budget to explode? Depends if you want it to explode or go nuclear
|
# ? Jul 18, 2018 12:38 |
|
ratbert90 posted:Depends if you want it to explode or go nuclear imagine the person who pays for this and everything has microsoft written on the inside of his eyelids
|
# ? Jul 18, 2018 12:42 |
ratbert90 posted:Depends if you want it to explode or go nuclear this is or*cle free zone
|
|
# ? Jul 18, 2018 12:45 |
|
cinci zoo sniper posted:this is or*cle free zone I’ve maintained a “PostgreSQL and SQLite are good for 99% of all projects, and for very different reasons” for quite a while, and haven’t found a situation yet where this hasn’t held up as true.
|
# ? Jul 18, 2018 12:50 |
|
Suspicious Dish posted:i had a reply to that post about how shaggar was wrong but the thread moved on by that point so i just left it be, but if someone wants i can post it your core failure to understand signing means you didn't but ok.
|
# ? Jul 18, 2018 12:56 |
|
Suspicious Dish posted:the guy got their username/password pwned by a random virus and the same thing would have happened if it was a gpg key. the rogue release was made by someone that stole the username/password off the dev's machine. you still don't understand. he didn't get his key pwned he got his npm creds pwned because npm is an untrustworthy host that doesn't enforce mfa. package signing would have protected everyone from this attack since his key was never stolen.
|
# ? Jul 18, 2018 12:58 |
ratbert90 posted:I’ve maintained a “PostgreSQL and SQLite are good for 99% of all projects, and for very different reasons” for quite a while, and haven’t found a situation yet where this hasn’t held up as true. postgres is fine in most cases yeah
|
|
# ? Jul 18, 2018 13:00 |
|
How do people verify the signatures of npm packages? Do you keep a local database of which author/public key you trust to publish each of your dependencies?
|
# ? Jul 18, 2018 14:08 |
|
pgp is a bad way to do it for that reason, but yeah that's how it would work. you'd gather public keys either from the source or from some key distribution network. a better solution would be to use traditional x509 infrastructure so you can use your computer's trust store.
|
# ? Jul 18, 2018 14:16 |
|
abigserve posted:what's with every application ever written feeling like absolute hot trash to use
|
# ? Jul 18, 2018 14:18 |
|
I have to design and implement a package system for my plang soon. It's liberating to know it will be poo poo no matter what. Since I'm just one dude, I think I will copy a lot from the new vgo thing, since it seems really barebones and easy to implement. It's unclear why that's the design you'd pick for a huge enterprisy language, though.
|
# ? Jul 18, 2018 14:29 |
|
|
# ? Jun 12, 2024 15:58 |
|
Vanadium posted:How do people verify the signatures of npm packages? Do you keep a local database of which author/public key you trust to publish each of your dependencies? lol
|
# ? Jul 18, 2018 14:38 |