|
mystes posted:You might be the only person who has ever said this. Also there might be libraries for using it that don't require windows and don't completely suck now, but that wasn't the case when the format was first created. there have been decent libs for xlsx for ages now. then again there were already decent libs for xls. don’t ask me how I know I’ve nearly stopped having flashbacks
|
#
?
Feb 14, 2019 20:22
|
|
|
|
| # ? May 19, 2024 22:02 |
|
|
https://nvd.nist.gov/vuln/detail/CVE-2019-5736 posted:runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
|
|
#
?
Feb 14, 2019 20:35
|
|
|
Soricidus posted:there have been decent libs for xlsx for ages now. then again there were already decent libs for xls. don’t ask me how I know I’ve nearly stopped having flashbacks doing doc/xls thru com automation sucks balls but docx/xlsx is gr8 cause its just xml.
|
|
#
?
Feb 14, 2019 20:36
|
|
|
my last company managed documents for companies that were very upset if everything wasn't pixel-perfect so we found all the fun ways that powerpoint and word implement microsoft's own loving standard wrong or different from how everyone else (including the microsoft-supplied .NET libraries) does. the way the system worked for customers that needed that precision was basically to hook into office itself on an imaginary desktop running on a pool of VM's (with the right printer settings, because what printer you have set as your default changes how the thing renders!!!) and then use a combination of code and macros to do the thing we needed. pdf has a lot of problems too but at least it doesn't magically render wrong because the person who sent you the file had a different printer
|
|
#
?
Feb 14, 2019 21:33
|
|
|
Printers are what daemons become if they are very good at their job.
|
|
#
?
Feb 14, 2019 21:38
|
|
|
Jenny Agutter posted:I used a raspi for a wireless printer server and since windows 10 dropped samba1 support everything gets printed from my iphone. airprint is so good in the mid 2000s my linux laptop may not have had a usable 3D graphics driver or the ability to play more than one sound file at a time, but it sure as hell could talk over CUPS to my school's network printers. it also allowed me to prank my friends who lived in the dorms and had inadvertently turned on printer sharing
|
|
#
?
Feb 14, 2019 21:39
|
|
|
https://www.euronews.com/2019/02/13/switzerland-offers-cash-to-hackers-who-can-crack-its-e-voting-system this is pretty cool
|
|
#
?
Feb 14, 2019 21:57
|
|
|
Lutha Mahtin posted:in the mid 2000s my linux laptop may not have had a usable 3D graphics driver or the ability to play more than one sound file at a time, but it sure as hell could talk over CUPS to my school's network printers. it also allowed me to prank my friends who lived in the dorms and had inadvertently turned on printer sharing depending on who made the 3d chip it had it might now support 3d graphics so that's some good news for you
|
|
#
?
Feb 14, 2019 23:19
|
|
|
Shame Boy posted:hook into office itself on an imaginary desktop running on a pool of VM's ooxml was ostensibly released to stop people from doing that, which has never been an officially supported way to use office [of course I, too, have driven word through its ole api to programmatically generate documents. for fun. from windows scripting host]
|
|
#
?
Feb 14, 2019 23:53
|
|
|
Shame Boy posted:my last company managed documents for companies that were very upset if everything wasn't pixel-perfect so we found all the fun ways that powerpoint and word implement microsoft's own loving standard wrong or different from how everyone else (including the microsoft-supplied .NET libraries) does. the way the system worked for customers that needed that precision was basically to hook into office itself on an imaginary desktop running on a pool of VM's (with the right printer settings, because what printer you have set as your default changes how the thing renders!!!) and then use a combination of code and macros to do the thing we needed.
|
|
#
?
Feb 14, 2019 23:57
|
|
|
Soricidus posted:there have been decent libs for xlsx for ages now. then again there were already decent libs for xls. don’t ask me how I know I’ve nearly stopped having flashbacks wouldn't say they're decent you can create a spreadsheet and insert cell values, but good luck doing anything complicated better than COM though.
|
|
#
?
Feb 15, 2019 02:43
|
|
|
The NetOffice library was ok a few years ago to handle all the COM stuff, but we weren't doing anything super precise
|
|
#
?
Feb 15, 2019 03:08
|
|
|
~Coxy posted:wouldn't say they're decent if you want to do something complicated then you should be doing it in the real programming language you’re clearly already using. excel libraries are for input and output where customers really want to use excel, or where you really just want csv but you know it will only ever be loaded into excel and you want to avoid all the pitfalls of csv imports for these purposes, the existing libraries are surprisingly good
|
|
#
?
Feb 15, 2019 13:37
|
|
|
just do it in a macro, duh
|
|
#
?
Feb 15, 2019 14:41
|
|
|
Soricidus posted:if you want to do something complicated then you should be doing it in the real programming language you’re clearly already using. either way *outputting* working xslx for your exact purposes is not very difficult (in fact just putting the skeleton of the thing together in excel, saving, and then generalizing from that is straightforward enough), the issue with the format being complicated only really shows up if you want to interpret arbitrary files, but there's really only like two projects that need to do this (openoffice and office itself)
|
|
#
?
Feb 15, 2019 14:57
|
|
|
hackbunny posted:ooxml was ostensibly released to stop people from doing that, which has never been an officially supported way to use office [of course I, too, have driven word through its ole api to programmatically generate documents. for fun. from windows scripting host] hackbunny.txt
|
|
#
?
Feb 15, 2019 15:14
|
|
|
not sure if posted before but holy wow https://www.cnet.com/news/chinese-facial-recognition-company-left-database-of-peoples-location-exposed/ https://twitter.com/0xDUDE/status/1095702540463820800 (thread) https://twitter.com/0xDUDE/status/1096099456922148864
|
|
#
?
Feb 15, 2019 15:50
|
|
|
https://twitter.com/andreasdotorg/status/1096368790407917568
|
|
#
?
Feb 15, 2019 19:34
|
|
|
... why is that thing translating javascript into C++ 
|
|
#
?
Feb 15, 2019 20:16
|
|
|
Shame Boy posted:... why is that thing translating javascript into C++ welcome to Nu Earth
|
|
#
?
Feb 15, 2019 20:38
|
|
|
Shame Boy posted:... why is that thing translating javascript into C++ it's a joke, op. they mean adobe looked at what the javascript poc did, and developed a fix for that one specific poc and not the root issue, as if they machine-translated the javascript to c++
|
|
#
?
Feb 15, 2019 21:57
|
|
|
the C++ is decompiled
|
|
#
?
Feb 15, 2019 22:36
|
|
|
we've got a genius in the sec help threadCarbon dioxide posted:I think it's nonsense to assume all VPN providers are unsafe. 
Lain Iwakura fucked around with this message at 16:13 on Feb 16, 2019 |
|
#
?
Feb 16, 2019 16:07
|
|
|
he's probably not even doing anything prosecuteable, just downloading
|
|
#
?
Feb 16, 2019 16:23
|
|
|
no, logs
|
|
#
?
Feb 16, 2019 16:29
|
|
|
ymgve posted:he's probably not even doing anything prosecuteable, just downloading Actually one of the uses of my VPN is to visit American news sites that have started to block me because they don't agree with EU privacy laws. If you can tell me how I can access those without a VPN please let me know. Like, half of the news links that're posted here on SA are unavailable to me without use of a VPN, and I like to keep informed. Another important one is to give the ad companies - even if they managed to get through my tracking blocker - a harder time. I know the effect is minimal but every bit is better than nothing.
|
|
#
?
Feb 16, 2019 16:33
|
|
|
Carbon dioxide posted:Actually one of the uses of my VPN is to visit American news sites that have started to block me because they don't agree with EU privacy laws. If you can tell me how I can access those without a VPN please let me know. using vpns to get around region blocks that don't care about vpns is fine and great it's just not on its own going to protect you from the law or an oppressive government; people who expect it will are being secfucks
|
|
#
?
Feb 16, 2019 16:46
|
|
|
fisting by many posted:using vpns to get around region blocks that don't care about vpns is fine and great Fully agreed.
|
|
#
?
Feb 16, 2019 16:47
|
|
|
i'm glad you're happy with your threat model, but understand that it isn't everyone else's threat model. that you've accepted the known flaws if you're plan doesn't mean you've handled every flaw, and certainly doesn't make a single thing you've said productive to everyone else. it's actively harmful to other people's security if you're going around pushing solutions with zero understanding of their situation. as a general rule you're just shifting your endpoint, that changes nothing on your use of the network with all the identifiers that comes along with that. it also changes very little on what gov/companies can get on you - depending on your locale it actually increases it as your local protections vanish.
|
|
#
?
Feb 16, 2019 16:58
|
|
|
If you're just trying to get around sites that block European IPs because of GPRD or trying to protect your data over public wifi hotspots, you're probably better off just using algo to setup your own VPN on a VM on digitalocean or something. Theoretically these dubious vpn services provide additional privacy by sharing IPs, but for normal uses normal uses this isn't going to matter unless you are extremely careful about clearing your cookies and never log into anything (and even then it won't be effectively against anything except the most casual attempts to collect data for advertising because there are so many techniques for browser fingerprinting), which I guess leaves people who hope that it will protect them when they download  or something (which it probably won't).
|
|
#
?
Feb 16, 2019 17:00
|
|
|
for context in your example there goes all data protections GDPR offer you, for the low low cost of you paying for it
|
|
#
?
Feb 16, 2019 17:01
|
|
|
Carbon dioxide posted:Actually one of the uses of my VPN is to visit American news sites that have started to block me because they don't agree with EU privacy laws. If you can tell me how I can access those without a VPN please let me know. Is it NPR where they say "Sorry, due to EU privacy laws you can't view our regular site" and then... offer you a link to the same article on their text-only site instead, which loads instantaneously and has no content on it other than the text of the article and is a hundred times better than any other current news site?
|
|
#
?
Feb 16, 2019 17:01
|
|
|
Wiggly Wayne DDS posted:for context in your example there goes all data protections GDPR offer you, for the low low cost of you paying for it
|
|
#
?
Feb 16, 2019 17:04
|
|
|
Doom Mathematic posted:Is it NPR where they say "Sorry, due to EU privacy laws you can't view our regular site" and then... offer you a link to the same article on their text-only site instead, which loads instantaneously and has no content on it other than the text of the article and is a hundred times better than any other current news site? Wiggly Wayne DDS posted:i'm glad you're happy with your threat model, but understand that it isn't everyone else's threat model. On the other hand, Lain Iwakura just posting a couple times "VPN services are trash don't use them" without any sort of context isn't helpful to that thread at all and has only raised more questions. I would appreciate it if you or anyone else who can explain it well would make a seriouspost in that thread explaining WHY they are bad for many usecases. mystes posted:If you're just trying to get around sites that block European IPs because of GPRD or trying to protect your data over public wifi hotspots, you're probably better off just using algo to setup your own VPN on a VM on digitalocean or something. Hmm, that's an idea worth considering.
|
|
#
?
Feb 16, 2019 17:08
|
|
|
I use a VPN to make websites serve me their GDPR version and for my torrents even though companies are too tight pursed to pay $7 to serve me a copyright notice.
|
|
#
?
Feb 16, 2019 17:45
|
|
|
Doom Mathematic posted:Is it NPR where they say "Sorry, due to EU privacy laws you can't view our regular site" and then... offer you a link to the same article on their text-only site instead, which loads instantaneously and has no content on it other than the text of the article and is a hundred times better than any other current news site? the sad thing about https://text.npr.org/ is that they could've spent slightly more effort and used the appropriate HTML tags instead of <p> everywhere and gotten so much more structure and formatting for free
|
|
#
?
Feb 16, 2019 17:50
|
|
|
pseudorandom name posted:the sad thing about https://text.npr.org/ is that they could've spent slightly more effort and used the appropriate HTML tags instead of <p> everywhere and gotten so much more structure and formatting for free v<p>n
|
|
#
?
Feb 16, 2019 17:52
|
|
|
mystes posted:If you're just trying to get around sites that block European IPs because of GPRD or trying to protect your data over public wifi hotspots, you're probably better off just using algo to setup your own VPN on a VM on digitalocean or something. these vpn services are cheaper and easier than setting up your own vpn on some hosting provider. wrt filez, the reporting to isps is 100% automated now so its scrape tracker, send ip to isp, isp blocks you. theres no real human intervention beyond maybe finding the torrent in the first place. content owners aren't gonna bother with trying to sue you anymore, but they'll use your isp against you. of course a vpn isn't gonna protect you from the government, but nothing will.
|
|
#
?
Feb 16, 2019 17:56
|
|
|
Wiggly Wayne DDS posted:for context in your example there goes all data protections GDPR offer you, for the low low cost of you paying for it this is nonsense a European citizen can still sue over their real data being misused, and it's not like not using the VPN would make them be all "wow we're going to give you extra protection"
|
|
#
?
Feb 16, 2019 18:15
|
|
|
|
| # ? May 19, 2024 22:02 |
|
|
good luck trying to get someone to argue with you over implicit vs explicit protections
|
|
#
?
Feb 16, 2019 18:23
|
|