|
Supply chain attacks are the future, not sure just saying "well I won't use the supply chain then!!!" is inherently a viable strategy vs just adopting better practices for dependencies.
|
# ? Jul 30, 2021 22:06 |
|
|
# ? Jun 8, 2024 08:28 |
|
shoeberto posted:Supply chain attacks are the future, not sure just saying "well I won't use the supply chain then!!!" is inherently a viable strategy vs just adopting better practices for dependencies. hell yeah security by obscurity but unironically
|
# ? Jul 30, 2021 22:19 |
|
supply chain attacks is one of those things where its confusing to me because thats what i legitimately thought all the infosec people were doing for the past 10 years but apparently they were just configuring splunk and doing nothing else for 2 figgies
|
# ? Jul 30, 2021 22:28 |
|
12 rats tied together posted:supply chain attacks is one of those things where its confusing to me because thats what i legitimately thought all the infosec people were doing for the past 10 years but apparently they were just configuring splunk and doing nothing else for 2 figgies thts simple: metrics are meaningless but "tangible", infosec is important but intangible (until poo poo happens) bosses budget for the former
|
# ? Jul 30, 2021 22:35 |
|
I think you can configure sonatype Nexus as a proxy for NuGet, npm etc. With the idea that this somehow makes it secure but gently caress knows what difference it makes. My guess would be they just quarantine versions for X days and wait for someone else to find the supply chain attack, which is probably good enough tbh. thousands of npm dependencies for "concat string" or whatever will never not be funny though. "nodejs is so lightweight! *Imports 1000 dependent libraries to do hello world*"
|
# ? Jul 30, 2021 22:50 |
|
Be nice if there was a Nexus equivalent without spyware built into it "Boo hoo so what", I don't want to normalize that bullshit that's what. Most major OSS projects don't have malware in them because generally it immediately gets forked and removed if an ISV is foolish enough to try (see the whole Audacity mess) but Nexus is something that only corporate dev teams use and for the most part they don't give a poo poo.
|
# ? Jul 30, 2021 23:22 |
|
Carthag Tuek posted:thts simple: metrics are meaningless but "tangible", infosec is important but intangible (until poo poo happens) “egress control what you want a bird”
|
# ? Jul 31, 2021 05:04 |
|
Powerful Two-Hander posted:me pushing artefacts to the repository: wow this code is garbage but it works so push it who cares
|
# ? Jul 31, 2021 07:59 |
|
champagne posting posted:“egress control what you want a bird” tell them if they want a bird they can wait im in a hamstere cage
|
# ? Jul 31, 2021 08:20 |
|
Carthag Tuek posted:also, loving one function packages Well if you're so smart, write your own code to see if a number is odd.
|
# ? Jul 31, 2021 09:11 |
|
Presto posted:Well if you're so smart, write your own code to see if a number is odd. code:
|
# ? Jul 31, 2021 09:49 |
|
Soricidus posted:
|
# ? Jul 31, 2021 09:56 |
|
Soricidus posted:
is not working on negative numbers a feature or a bug?
|
# ? Jul 31, 2021 10:26 |
|
there weren’t any negative numbers in the user stories. I’m gonna say it’s fine tho, the whole concept of negative numbers is pretty odd if you think about it
|
# ? Jul 31, 2021 10:33 |
|
Soricidus posted:there weren’t any negative numbers in the user stories. I’m gonna say it’s fine tho, the whole concept of negative numbers is pretty odd if you think about it wow i'd never thought of that before
|
# ? Jul 31, 2021 10:34 |
|
it works just fine on half of the negative numbers
|
# ? Jul 31, 2021 11:56 |
|
reminder that at least one darknet drug market let you buy things for a negative price then cash out, bankrupting the whole thing
|
# ? Jul 31, 2021 11:58 |
|
even still
|
# ? Jul 31, 2021 12:02 |
|
Jabor posted:it works just fine on half of the negative numbers it probably works on more negative than positive numbers, unless the tail call gets eliminated
|
# ? Jul 31, 2021 12:09 |
|
JavaScript code:
|
# ? Jul 31, 2021 13:35 |
|
Doom Mathematic posted:
youre fired, clean out your office by october 1st or else
|
# ? Jul 31, 2021 16:18 |
|
Carthag Tuek posted:youre fired, clean out your office by october 1st or else you didn’t set anything to happen in the else so I’m off scot three
|
# ? Jul 31, 2021 21:32 |
|
Yesterday, the main project just got my Parasoft checks merged in. Any new warnings or rule violations are a hard error. I marked all pending pull requests as needs work to force all the developers to rebase against the development branch. So far there are 14 failed Jenkins builds and counting.
|
# ? Aug 3, 2021 17:17 |
|
godspeed op
|
# ? Aug 3, 2021 17:39 |
|
vaya con dios
|
# ? Aug 3, 2021 18:01 |
|
pokeyman posted:godspeed op Today I am flipping the switch on code coverage.
|
# ? Aug 3, 2021 18:01 |
|
Web developers are a delight, this code has been littering the logs for years and years:
|
# ? Aug 3, 2021 20:33 |
|
MrMoo posted:Web developers are a delight, this code has been littering the logs for years and years: Python 2 in a web-facing application in TYOOL 2021
|
# ? Aug 3, 2021 23:12 |
|
CarForumPoster posted:Python 2 in a web-facing application in TYOOL 2021 I basically have a 2014 set of apps running Python 2 and never updated. Also, all developed by junior engineers. Somehow I have to transform this into new supported code, and have full CI/CD pipeline. As an understatement, this is challenging. Oh, and running on Ubuntu 14 everywhere, and wish of moving to Ubuntu Core with "Snaps". All the major features used by anything have been deprecated and replaced by other things. Obviously any testing has disappeared, a New Relic account exists but is actually empty. Most enjoyable was seeing reference to a third party SMTP relay service, logging in with credentials shows a "how to send your first email" message. Obviously, the SMTP relay service blocked by SPF/DKIM settings.
|
# ? Aug 4, 2021 16:59 |
|
MrMoo posted:I basically have a 2014 set of apps running Python 2 and never updated. Also, all developed by junior engineers. Somehow I have to transform this into new supported code, and have full CI/CD pipeline. As an understatement, this is challenging. Oh, and running on Ubuntu 14 everywhere, and wish of moving to Ubuntu Core with "Snaps". I'm almost there. Tell me about the anomalous IP addresses in your admin logs.
|
# ? Aug 4, 2021 17:52 |
|
Logs, The main app itself has absolutely no logging, the only thing I see are random exceptions raised up through a rather old version of Apache, crashing is the norm for the majority of the code.
|
# ? Aug 4, 2021 18:03 |
|
CarForumPoster posted:Python 2 in a web-facing application in TYOOL 2021 it’s more likely than you think!
|
# ? Aug 4, 2021 18:59 |
|
lmao gonna save that post at work so every time I think I don't know what I'm doing I can refer to it and go "yeah but I know more than that"
|
# ? Aug 4, 2021 19:15 |
|
MrMoo posted:absolutely no logging, the only thing I see are random exceptions raised up through a rather old version of Apache, crashing is the norm for the majority of the code. i came thank you Powerful Two-Hander posted:lmao gonna save that post at work so every time I think I don't know what I'm doing I can refer to it and go "yeah but I know more than that" yea this
|
# ? Aug 5, 2021 01:32 |
|
at least it crashes rather than silently swallowing exceptions?
|
# ? Aug 5, 2021 04:06 |
|
Plorkyeran posted:at least it crashes rather than silently swallowing exceptions? It catches the exception and generally prints something unrelated, like 'HTTP_ACCEPT'. Many exceptions catches try to do the operation a slightly different way, then after 2 or 3 different options, it just continues processing with invalid data.
|
# ? Aug 5, 2021 04:40 |
|
some recent lols: engineer's pr got denied and said engineer commited the changes into another pr that got approved and it hosed everything up while they were on pto lmao ci/cd service has been dead as hell for a month preventing critical updates from being delivered I barely code any more and it kicks rear end
|
# ? Aug 5, 2021 05:32 |
|
elite_garbage_man posted:some recent lols: your ci/cd doesn't sound very c! we also don't revoke PR approvals if more commits happen so as soon as you got an approval you're golden to push whatever the hell you want. i don't think it's ever caused any problems tbh.
|
# ? Aug 5, 2021 06:43 |
|
cool av posted:your ci/cd doesn't sound very c! It's useful as long as we only have people on the team who are competent, or at least realize when they shouldn't merge stuff. But oh boy can you do some damage.
|
# ? Aug 5, 2021 07:11 |
|
|
# ? Jun 8, 2024 08:28 |
|
we're getting a session token validation error with no obvious cause, that validation is a hidden field on the form and a cookie that's validated against the session and you get a very specific set of errors on failure in .net MVC: either you didn't send the token or you sent the wrong one. The error is very specificlly the latter: the token provided didn't match the expected one. That points to a session reset issue. so of course the offshore dev solution is "this html form is created manually so we should change it to use Ajax"
|
# ? Aug 5, 2021 11:59 |