|
HELLOMYNAMEIS___ posted:https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-zero-click-account-hijacking-vulnerability/ oh i was wondering why i got a big "UPDATE RIGHT loving NOW" warning, as well as a "mail returned to sender" message that someone was trying to recover my admin password with an email that didn't exist somehow
|
#
?
Jan 12, 2024 22:30
|
|
|
|
| # ? Jun 7, 2024 18:00 |
|
|
Mr. Crow posted:thankfully nobody in their right mind uses gitlab haha yeah
|
|
#
?
Jan 12, 2024 22:31
|
|
|
Mr. Crow posted:thankfully nobody in their right mind uses gitlab *tugging on collar* guuhhhh
|
|
#
?
Jan 12, 2024 23:19
|
|
|
Quoting from the manual of a very expensive instrument:quote:The TCP / IP stack is intended to be basically RFC 1122 compliant intended to be basically compliant
|
|
#
?
Jan 15, 2024 08:54
|
|
|
My posts are intended to be basically good most of the time to the extent practicable
|
|
#
?
Jan 15, 2024 14:44
|
|
|
my posts MAY provide good and funny content
|
|
#
?
Jan 15, 2024 18:02
|
|
|
Antigravitas posted:Quoting from the manual of a very expensive instrument: my first ever Linux kernel work was auditing the TCP/IP stack against the RFCs and putting in relevant comments, and I don’t think any stack was actually completely compliant. IIRC there were parts you needed to violate in order to interoperate with some widely-deployed equipment now that was…almost thirty years ago, so maybe everything is compliant now but, you know, maybe not
|
|
#
?
Jan 15, 2024 18:08
|
|
|
we're about due for someone to re-re-re-rediscover sequence number packet injection
|
|
#
?
Jan 15, 2024 18:20
|
|
|
the call for papers of the wild
|
|
#
?
Jan 15, 2024 19:09
|
|
|
this is what I got free with an SSD for god knows what reason don't want my gamertag on the dark web!!! I don't even know what the game optimiser is supposed to be doing
|
|
#
?
Jan 16, 2024 16:07
|
|
|
Powerful Two-Hander posted:this is what I got free with an SSD for god knows what reason sounds like it just limits what its doing to one or two CPU's which like, sure I guess
|
|
#
?
Jan 16, 2024 16:48
|
|
|
Shame Boy posted:sounds like it just limits what its doing to one or two CPU's which like, sure I guess that was my only thought. "hey we've got a gamer mode where we won't consume three entire cores to protect your gamer tag from the darkweb" e: god there's some wallet inspector energy from "we'll scan the internet for your personal information to check it's secure!"
|
|
#
?
Jan 16, 2024 19:52
|
|
|
quote:NOTIFICATION OPTIMIZATION Absolutely love the chutzpah in this one. Why stop trying to upsell people or give them scare notifications about how "your 'protection' is at risk" because you haven't paid for their "protection?" Much easier to just say that you've Optimized their Notifications.
|
|
#
?
Jan 16, 2024 20:02
|
|
|
Volmarias posted:Absolutely love the chutzpah in this one. Why stop trying to upsell people or give them scare notifications about how "your 'protection' is at risk" because you haven't paid for their "protection?" Much easier to just say that you've Optimized their Notifications. you're entitled to it
|
|
#
?
Jan 16, 2024 20:24
|
|
|
Chris Knight posted:the call for papers of the wild
|
|
#
?
Jan 16, 2024 21:05
|
|
|
Nice notifications you have there. Would be a shame if someone were to optimise them. All notifications gently caress off.
|
|
#
?
Jan 17, 2024 10:02
|
|
|
Powerful Two-Hander posted:this is what I got free with an SSD for god knows what reason getting swatted? use a vpn ya dummy! for your health
|
|
#
?
Jan 17, 2024 10:13
|
|
|
I just noticed that their password manager is online, just lol if you trust Norton to manage that. lol if you even store passwords online anyway and don't use synched keepass db files
|
|
#
?
Jan 17, 2024 10:34
|
|
|
well-read undead posted:getting swatted? use a vpn ya dummy! lol i didn't catch that one at first
|
|
#
?
Jan 17, 2024 10:39
|
|
|
Powerful Two-Hander posted:I just noticed that their password manager is online, just lol if you trust Norton to manage that. when the vault pw stopped working for whatever reason I tried searching for how to recover it. the answer was of course to login to your online backup that you definitely created years ago when you first installed the product! 
|
|
#
?
Jan 17, 2024 14:18
|
|
|
Wasn't Norton password manager the one that created "randomly generated passwords" that weren't actually randomly generated and we're the same for every user at a specific time?
|
|
#
?
Jan 17, 2024 14:32
|
|
|
Powerful Two-Hander posted:I just noticed that their password manager is online, just lol if you trust Norton to manage that. quote:lol if you even store passwords online anyway and don't use synched keepass db files bad take
|
|
#
?
Jan 17, 2024 14:56
|
|
|
The Fool posted:bad take for what reasons?
|
|
#
?
Jan 17, 2024 15:05
|
|
|
Powerful Two-Hander posted:for what reasons? didn't keepass just get comprimised or something
|
|
#
?
Jan 17, 2024 15:14
|
|
|
Powerful Two-Hander posted:for what reasons? for most people convenient password management makes them way more likely to use good passwords (and generally manage them). some online sync is an important part of convenience for most people. i'd guess that's the reasoning at least.
|
|
#
?
Jan 17, 2024 15:16
|
|
|
Cybernetic Vermin posted:for most people convenient password management makes them way more likely to use good passwords (and generally manage them). some online sync is an important part of convenience for most people. keepass db synced via something like dropbox is effectively online sync and has been working fine for me over multiple devices for 10+ years, but is definitely not user friendly enough that i would encourage my parents to do it the same way.
|
|
#
?
Jan 17, 2024 15:24
|
|
|
Neito posted:didn't keepass just get comprimised or something , I guess if there is/was a weakness in the encryption then maybe, but I don't remember seeing anything Cybernetic Vermin posted:for most people convenient password management makes them way more likely to use good passwords (and generally manage them). some online sync is an important part of convenience for most people. DJ Burette posted:keepass db synced via something like dropbox is effectively online sync and has been working fine for me over multiple devices for 10+ years, but is definitely not user friendly enough that i would encourage my parents to do it the same way. agreed on both, and I use OneDrive seeing as I get it free or whatever, but that doesn't mean I think that having a commercial 3rd party controlling the vault is a good idea - MS has no sight of the contents or ability to do encryption/decryption. and how many times has last pass (or the other one?) been popped now because they manage both? The UX is a barrier to entry though you're right, or on Android anyway. Windows clients are a bit better but still a bit overwhelming I expect.
|
|
#
?
Jan 17, 2024 15:30
|
|
|
Cybernetic Vermin posted:for most people convenient password management makes them way more likely to use good passwords (and generally manage them). some online sync is an important part of convenience for most people. yeah, it's this bitwarden, 1password, or apple keychain for most use cases is just fine and have a 1000x better ux than keepass
|
|
#
?
Jan 17, 2024 15:49
|
|
|
don't shame people for their password manager choices unless its norton or lastpass
|
|
#
?
Jan 17, 2024 15:49
|
|
|
i use the microsoft edge pasword manager which syncs to microsoft authenticator so i can use them in ios
|
|
#
?
Jan 17, 2024 16:34
|
|
|
Shaggar posted:i use the microsoft edge pasword manager which syncs to microsoft authenticator so i can use them in ios ban this sick filth
|
|
#
?
Jan 17, 2024 17:29
|
|
|
yeah, I can't bring myself to defend that
|
|
#
?
Jan 17, 2024 17:31
|
|
|
https://lock.cmpxchg8b.com/passmgrs.html best password manager is the one built into your browser second best is a pile of post-it notes
|
|
#
?
Jan 17, 2024 17:32
|
|
|
Shaggar posted:i use the microsoft edge pasword manager which syncs to microsoft authenticator so i can use them in ios i take no pleasure in announcing that shaggar is right it has like 10% of the features of a normal password manager and sometimes takes forever to sync passwords but it is needs suiting and free.
|
|
#
?
Jan 17, 2024 17:48
|
|
|
dpkg chopra posted:free.
|
|
#
?
Jan 17, 2024 17:56
|
|
|
shackleford posted:https://lock.cmpxchg8b.com/passmgrs.html
|
|
#
?
Jan 17, 2024 18:14
|
|
|
dpkg chopra posted:i take no pleasure in announcing that shaggar is right i keep submitting requests for them to add secure notes and they havent done it. also it would be great if windows added password managers as a system feature so credentials could be pulled from the manager into standard username/password controls. even if it means apps have to opt in to the feature it would be nice.. its the one feature that ios has added in the last 10 years thats really good.
|
|
#
?
Jan 17, 2024 18:32
|
|
|
would someone repost the study showing reliance on llms causing less secure code? in a meeting now where it is relevant
|
|
#
?
Jan 17, 2024 18:38
|
|
|
was it conclusive at all? I don’t remember what N was or what LLM they were using in behind, but grouping all LLM-based code assistants together is not likely to lead to a very useful analysis IMO like ChatGPT 3 vs 4 vs copilot vs various copilot betas tuned on our repositories produce very different results in my non-exhaustive experience
|
|
#
?
Jan 17, 2024 18:40
|
|
|
|
| # ? Jun 7, 2024 18:00 |
|
|
The Fool posted:would someone repost the study showing reliance on llms causing less secure code? https://arxiv.org/abs/2211.03622 > We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI's codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants' language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future.
|
|
#
?
Jan 17, 2024 18:41
|
|
