|
welp php
|
#
?
Jan 22, 2019 00:13
|
|
|
|
| # ? May 20, 2024 02:21 |
|
|
is PEAR uh, the main package repository for PHP? 
|
|
#
?
Jan 22, 2019 00:46
|
|
|
Lutha Mahtin posted:is PEAR uh, the main package repository for PHP? it's the big one yes, though generally the package repository for php is "whatever your system package manager is"
|
|
#
?
Jan 22, 2019 00:59
|
|
|
i think composer has all but replaced pear these days. i havent touched php in years and im not going to check now.
|
|
#
?
Jan 22, 2019 01:04
|
|
|
necrotic posted:i think composer has all but replaced pear these days. i havent touched php in years and im not going to check now. doesn't composer do the gentoo thing of recompiling everything all the time? that's what it did the one time i had to use it...
|
|
#
?
Jan 22, 2019 01:05
|
|
|
it's not anymore, everyone wants the latest and greatest now. i get real bad looks at work when i insist on using only distro packages for php, and trying to avoid composer at all costs, but it's got us safely past a couple of these idiocies entirely unaffected so i guess it's not the worst idea Truga fucked around with this message at 01:08 on Jan 22, 2019 |
|
#
?
Jan 22, 2019 01:06
|
|
|
Truga posted:it's not anymore, everyone wants the latest and greatest now. i've never encountered someone who uses loving php who wants the "latest and greatest" of anything
|
|
#
?
Jan 22, 2019 01:07
|
|
|
i have, and they're the worst. everyone wants php 7.4 or whatever's newest now and they all want to work with loving composer, which is basically npm for php and it's terrible
|
|
#
?
Jan 22, 2019 01:08
|
|
|
Shame Boy posted:doesn't composer do the gentoo thing of recompiling everything all the time? that's what it did the one time i had to use it... didnt pear also do that for c extensions? php is trash, no surprise the packaging systems are also trash.
|
|
#
?
Jan 22, 2019 01:10
|
|
|
pear is for php, pecl is for c extensions i have no idea why pear was replaced by composer either, i guess it was too stable for php
|
|
#
?
Jan 22, 2019 01:12
|
|
|
Truga posted:pear is for php, pecl is for c extensions oh right
|
|
#
?
Jan 22, 2019 01:18
|
|
|
looks like everything's going pear shaped
|
|
#
?
Jan 22, 2019 01:57
|
|
|
Raere posted:looks like everything's going pear shaped 
|
|
#
?
Jan 22, 2019 02:39
|
|
|
I didn’t understand any of the sponsor interview from the most recent Risky Business. And not for the usual reason ( ). Like it was all about math and modeling selectric typewriters in a can of La Croix in Second Life?
|
|
#
?
Jan 22, 2019 03:08
|
|
|
Wiggly Wayne DDS posted:a more thorough analysis: http://watt-logic.com/2018/06/13/smets2/ i'm really not following this, especially as the main "problem" seems to be that they make it inconvenient to use the pointless ~free market~ electricity bit as much as you like? there appear to be fairly identical security issues between the two standards based on that article also it seems like the new standard wasn't available until very recently while the old one was being installed from 2012? and surely there was some manner of smart meters in use in the uk since well before that too, as other countries had their programs start in the 90s and early 2000s generally seems like a case of "the old version isn't as good" which is the way things usually tend to go
|
|
#
?
Jan 22, 2019 03:16
|
|
|
Truga posted:pear is for php, pecl is for c extensions probably cause it doesnt download straight from github and run it blindly, well maybe with this breach it has been
|
|
#
?
Jan 22, 2019 04:16
|
|
|
Shame Boy posted:it's the big one yes, though generally the package repository for php is… …the comment section of snack overflow
|
|
#
?
Jan 22, 2019 04:19
|
|
|
Schadenboner posted:I didn’t understand any of the sponsor interview from the most recent Risky Business. And not for the usual reason ( Funny because the trail of bits guy CTF one was one of the very few sponsor interviews that I listened to and actively enjoyed. I usually skip them after a couple of minutes. This one was absolutely great. It's because I like to play CTF's and it's cool to hear from someone who designs these absolutely insane challenges. It's also nice that they used their sponsor spot to just tell a story about a cool CTF challenge, instead of actively trying to push some product.
|
|
#
?
Jan 22, 2019 07:51
|
|
|
spankmeister posted:Funny because the trail of bits guy CTF one was one of the very few sponsor interviews that I listened to and actively enjoyed. I usually skip them after a couple of minutes. He never said what flavor it was though. I’m going to be so loving mad if it turns out not to have been Pamplemousse.
|
|
#
?
Jan 22, 2019 08:19
|
|
|
huh, our nation-wide bank 2fa app system has github https://github.com/SK-EID/smart-id-documentation
|
|
#
?
Jan 22, 2019 09:14
|
|
|
cinci zoo sniper posted:huh, our nation-wide bank 2fa app system has github https://github.com/SK-EID/smart-id-documentation Estonia is pretty good at the cybers imo
|
|
#
?
Jan 22, 2019 09:28
|
|
|
spankmeister posted:Estonia is pretty good at the cybers imo yeah i like that we figured out one system for baltics, since looking at websites and apps of authentically latvian banks is painful
|
|
#
?
Jan 22, 2019 09:33
|
|
|
“internet banking is only available between 0600 and 2200 please log in between these times”
|
|
#
?
Jan 22, 2019 09:41
|
|
|
spankmeister posted:Estonia is pretty good at the cybers imo let's wait a couple of months with this statement, as e-voting for the current parliamentary elections started yesterday 
|
|
#
?
Jan 22, 2019 09:44
|
|
|
BangersInMyKnickers posted:It's a plenty good idea and why I'm trying to enable it, I'm just worried that it will poo poo itself when I have 20k clients all jabbering it at once. If they were less-poo poo this would have a secure out of box config with some kinda of cert validation of the server instead of blind-tls and some kind of rpc endpoint mapper to handle the socket limits that are loving obvious for any large-scale deployment. I have to assume that most products have something similar for optimization, though probably doing some kind of cloud lookup to the vendors servers by deferring the actual scan of the file until it get can a verdict back on the file from the cloud or it times out and fails back to a local scan. Wiggly Wayne DDS posted:well ya but your smartmeter data shouldn't go to your landlord
|
|
#
?
Jan 22, 2019 10:44
|
|
|
evil_bunnY posted:lol it DDoSing itself in test would be enough to call it garbage and tell symantec to go gently caress itself. You don't want to tie more engineering resources into that shitheap. its literally my job right now to throw good engineering hours after bad product because that how we spend our money I guess. it at least gets me some good laughs even though all of them end in depressing sighs
|
|
#
?
Jan 22, 2019 14:13
|
|
|
Package : apt CVE ID : CVE-2019-3462 Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicous content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine. Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using: apt -o Acquire::http::AllowRedirect=false update apt -o Acquire::http::AllowRedirect=false upgrade This is known to break some proxies when used against security.debian.org. If that happens, people can switch their security APT source to use: deb http://cdn-fastly.deb.debian.org/debian-security stable/updates main For the stable distribution (stretch), this problem has been fixed in version 1.4.9.
|
|
#
?
Jan 22, 2019 14:50
|
|
|
spankmeister posted:It's also nice that they used their sponsor spot to just tell a story about a cool CTF challenge, instead of actively trying to push some product. trail of bits is a contractor doing fairly intensive research; what they're pushing is that it's cool to let them reap the difference between the fruits of your labor and your paycheck (by all reports they're a nice place to work)
|
|
#
?
Jan 22, 2019 15:03
|
|
|
Schadenboner posted:He never said what flavor it was though. I’m going to be so loving mad if it turns out not to have been Pamplemousse. he thought vaguely of it before the interview started, which is an explosion of flavour naming by la croix standards Also, doesn't epo let you set up distributed av scans & reports? I seem to remember that from the course but ofc the book is uh, elsewhere
|
|
#
?
Jan 22, 2019 15:06
|
|
|
https://twitter.com/jinnysims/status/1087763839469277184 jesus christ
|
|
#
?
Jan 22, 2019 18:34
|
|
|
Cocoa Crispies posted:trail of bits is a contractor doing fairly intensive research; what they're pushing is that it's cool to let them reap the difference between the fruits of your labor and your paycheck Of course, it's pretty obvious that it's a recruiting bit but they do it in a very chill way.
|
|
#
?
Jan 22, 2019 18:46
|
|
|
wrong ministry
|
|
#
?
Jan 22, 2019 19:09
|
|
|
a dude I know has been FOIAing for the astroturfed FCC comments about net neutrality in 2017, and here are the first fruits of his labor: https://link.medium.com/mrLavhhIGT
|
|
#
?
Jan 22, 2019 19:14
|
|
|
Midjack posted:wrong ministry soon i discovered that this block chain was true
|
|
#
?
Jan 22, 2019 19:15
|
|
|
flakeloaf posted:soon i discovered terry a davis was the devil, and rms was an architect previous to his career as a prophet
|
|
#
?
Jan 22, 2019 19:31
|
|
|
Maybe someone should delete the ladder of her pool 
|
|
#
?
Jan 22, 2019 19:35
|
|
|
https://twitter.com/gregotto/status/1087800274511634434
|
|
#
?
Jan 22, 2019 22:30
|
|
|
seeing some hints of conspiracy theories around that but not sure what nefarious and diabolical plans would come of it
|
|
#
?
Jan 22, 2019 22:33
|
|
|
More on the DNS hijacking stuff that's been going on since last year https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html quote:Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it's clear that this adversary spent time understanding the victims' network infrastructure in order to remain under the radar and act as inconspicuous as possible during their attacks.
|
|
#
?
Jan 22, 2019 23:32
|
|
|
|
| # ? May 20, 2024 02:21 |
|
|
oh no, there's more and it's worse https://twitter.com/jinnysims https://news.gov.bc.ca/releases/2019CITZ0002-000062 of all the entities that would possibly be lured by "trustless" "immutable" ledgers, i can't for the life of me understand why that would be of interest to a government. it doesn't matter if loonies don't trust you, you're the law!
|
|
#
?
Jan 23, 2019 02:14
|
|
