|
Lorenzo Franceschi-Bicchierai posted:After I reached out to a few members of illmob asking about their comments, and Genovese, the admins kicked me out of the group. What a bunch of children. It's hilarious how they accuse everyone else of being thin-skinned and butthurt, but can't take any questioning themselves. Can't have any dissent in their Dammit, I want more women in IT, you assholes.
|
#
?
Jan 24, 2019 23:27
|
|
|
|
| # ? Jun 9, 2024 17:28 |
|
|
CLAM DOWN posted:A lot of stuff is coming out lately about this toxic misogynistic hateful dumpster fire of an industry Hail Satan everybody.
|
|
#
?
Jan 24, 2019 23:40
|
|
|
Darchangel posted:What a bunch of children. It's hilarious how they accuse everyone else of being thin-skinned and butthurt, but can't take any questioning themselves. Can't have any dissent in their  I work on a fairly diverse team and we’re extremely lucky to have several women and people originally from places like Ethiopia, and they are hands down some of the smartest and nicest people on the team. Entitled, misogynistic, and racist behavior like that is extremely discouraging. If people are that closed minded about society, I would absolutely expect them to be similarly bereft of the capability to keep up with the changes in technology.
|
|
#
?
Jan 25, 2019 00:05
|
|
|
One of the most talented devs I work with is a mid-60s lesbian, and she has dealt with some poo poo over the course of ~40 years
|
|
#
?
Jan 25, 2019 00:08
|
|
|
Hahaha eat poo poo assholes. He’s also posting the DMs of people begging him to take them down.
|
|
#
?
Jan 25, 2019 09:11
|
|
|
Paul ReiserFS posted:One of the most talented devs I work with is a mid-60s lesbian, and she has dealt with some poo poo over the course of ~40 years Yeah, I've run into a few people like that in my career and I instantly give them my respect. If you've put up with the immense amount of bullshit that you've no doubt been exposed to, you clearly have a passion for what you do or you'd be out the door.
|
|
#
?
Jan 25, 2019 19:13
|
|
|
And here I am about to start a lovely fake-degree program the local community college offers in infosec. What a wonderful time to be alive. E: whoops, the masters program that wasn’t supposed to accept me did. I guess I get to do that? Schadenboner fucked around with this message at 02:00 on Jan 29, 2019 |
|
#
?
Jan 25, 2019 20:57
|
|
|
Schadenboner posted:And here I am about to start a lovely fake-degree program the local community college offers in infosec. I’d say it’s still worth it for the experience alone. If you get a degree in IT or comp sci, having experience with security is a great bonus on your résumé.
|
|
#
?
Jan 25, 2019 21:37
|
|
|
poo poo, experience (also poo poo experience) is all I do have. That and a worthless-rear end BA in Economics.
|
|
#
?
Jan 25, 2019 21:52
|
|
|
Volmarias posted:Sounds like they have some kind of compromised machine, better suspend the account until you can verify everything LOL, I'd love to, but the user is across the country, and if I can't get the management suite to touch the box, I can't kill it. Not about to gently caress with his AD account. I am just gonna escalate it to my director and let him deal with it.
|
|
#
?
Jan 26, 2019 02:03
|
|
|
In "You're Not Helping" news, the New York Times spreads a bunch of FUD about 2FA in their famously terrible editorial section. While it is true SMS/phone call codes are garbage, and codes in general can be phished, this kind of doubt casting is not what we need when we're struggling to get most websites to implement any kind of 2FA at all, and even a tenth of users to even turn it on where it is a available.
|
|
#
?
Jan 28, 2019 10:27
|
|
|
Kerning Chameleon posted:In "You're Not Helping" news, the New York Times spreads a bunch of FUD about 2FA in their famously terrible editorial section. While it is true SMS/phone call codes are garbage, and codes in general can be phished, this kind of doubt casting is not what we need when we're struggling to get most websites to implement any kind of 2FA at all, and even a tenth of users to even turn it on where it is a available.
|
|
#
?
Jan 28, 2019 11:45
|
|
|
But.... phishable 2-factor is still >>>>>>>> single factor??
|
|
#
?
Jan 28, 2019 21:33
|
|
|
That's not what factor means. Your password is a factor Holding a device is a factor Your biometrics are a factor A generated key is a factor Two of those are easily phishable.
|
|
#
?
Jan 28, 2019 21:49
|
|
|
The Fool posted:That's not what factor means. The "thing you have" factor can be either phishable or not phishable depending on how it's implemented.
|
|
#
?
Jan 28, 2019 21:57
|
|
|
Not necessarily. I have a bunch of keys printed for various services.
|
|
#
?
Jan 28, 2019 21:59
|
|
|
Dylan16807 posted:Isn't "generated key" another way of describing "holding a device"? No, because there are many ways to get a generated key that are device independent. E-mail and SMS being two. And there are also other ways to ensure that someone has a device that don't require generating a code. Push notifications, device white-listing being two.
|
|
#
?
Jan 28, 2019 21:59
|
|
|
The Fool posted:No, because there are many ways to get a generated key that are device independent. E-mail and SMS being two. Thing You Have: Covers having a device, whether it communicates directly or gives you a key to type. Also includes printouts with many keys. Someone Else's Authentication: This covers email and SMS codes. It also covers Oauth.
|
|
#
?
Jan 28, 2019 22:13
|
|
|
OAuth is an authentication standard, and would never be considered a factor in a multi-factor setup. And the traditional high level authentication factor categories are: Thing you know Thing you have Thing you are
|
|
#
?
Jan 29, 2019 00:25
|
|
|
Why not mix if up with - Things you won't openly admit to - Things you fear - Things that know YOU
|
|
#
?
Jan 29, 2019 00:50
|
|
|
- things you’ve forgotten - things you will never understand - things you forgot at home this morning
|
|
#
?
Jan 29, 2019 00:57
|
|
|
The Fool posted:OAuth is an authentication standard, and would never be considered a factor in a multi-factor setup. What I'm saying is that "generated key", depending on how you interpret it, either falls under "thing you have" or letting someone else do the authentication for you. "Generated key" shouldn't be on a list of factors.
|
|
#
?
Jan 29, 2019 01:00
|
|
|
Subjunctive posted:- things you forgot at home this morning Look you can't just make the set of all things one of the factors, it doesn't work very well
|
|
#
?
Jan 29, 2019 01:01
|
|
|
Volmarias posted:Look you can't just make the set of all things one of the factors, it doesn't work very well Have you even tried?
|
|
#
?
Jan 29, 2019 01:09
|
|
|
Dylan16807 posted:Someone Else's Authentication: This covers email and SMS codes. It also covers Oauth. It most absolutely does not. You are a misinformed crazy person.
|
|
#
?
Jan 29, 2019 02:18
|
|
|
CLAM DOWN posted:It most absolutely does not. You are a misinformed crazy person. The point is that clicking that "log in with X" button is pretty close to being emailed a code, as far as security is concerned. I'm proving that I already authenticated with someone else. I'm not directly proving knowledge, device, or biometric. Is that acceptable?
|
|
#
?
Jan 29, 2019 03:21
|
|
|
i think it helps to distinguish how you authenticate to a particular security domain (login creds, key pair, totp token, sms otp etc) and how successful auth is stored or communicated between different systems in the domain (session cookie, jwt string, kerberos ticket, oauth tokens) having something of the second type gets you the same access as having successfully gone through the first, but theyre not "factors" in the sense of things the end user is asked for at the point of auth
|
|
#
?
Jan 29, 2019 03:43
|
|
|
Dylan16807 posted:So, twenty minutes of research later, pretend I said "OpenID Connect", which is a specific use of OAuth. I didn't realize it was so complicated. No, because OpenID Connect just adds an identity layer to OAuth, and is even further away from being an authentication factor than OAuth is.
|
|
#
?
Jan 29, 2019 03:49
|
|
|
The Fool posted:No, because OpenID Connect just adds an identity layer to OAuth, and is even further away from being an authentication factor than OAuth is. I'm willing to agree that neither one counts as a factor, if you want.
|
|
#
?
Jan 29, 2019 04:02
|
|
|
two factors? how about two and a half factors! one and a half factors? would you trade your factor for what's behind the third door?
|
|
#
?
Jan 29, 2019 04:07
|
|
|
Dylan16807 posted:I would say that OpenID counts as a factor if and only if an emailed code counts as a factor. You seem to have a fundamental misunderstanding of how OAuth and openid work, and I don't have the energy right now to make the effort post.
|
|
#
?
Jan 29, 2019 04:15
|
|
|
Two factors: Something I have (my e-mail address) and something I know (my password).
|
|
#
?
Jan 29, 2019 04:23
|
|
|
And now it just sounds funny. Factor factor factor.
|
|
#
?
Jan 29, 2019 04:28
|
|
|
Something that I am (a motherfucker), something that I have (your Mom), something that I know (your Mom, Biblically).
|
|
#
?
Jan 29, 2019 04:30
|
|
|
Dylan16807 posted:I would say that OpenID counts as a factor if and only if an emailed code counts as a factor. Please stop. You're hurting me. Also let's talk about this lmao https://9to5mac.com/2019/01/28/facetime-bug-hear-audio
|
|
#
?
Jan 29, 2019 04:35
|
|
|
I wonder if uninstalling facetime actually removes the fuckin' thing or just hides the icon.
|
|
#
?
Jan 29, 2019 04:56
|
|
|
doctorfrog posted:I wonder if uninstalling facetime actually removes the fuckin' thing or just hides the icon. Just turn it off in settings for now. (on your Mac and iPad, as well) Also, Apple is supposed to be releasing a hot fix to address it this week. I’m not saying it’s not bad, because it is. But it’s also easy to mitigate until an official fix is released.
|
|
#
?
Jan 29, 2019 06:01
|
|
|
Apple turned off Group FaceTime at a server level, guess it wasn’t quite ready to leave beta
|
|
#
?
Jan 29, 2019 09:17
|
|
|
Maneki Neko posted:Apple turned off Group FaceTime at a server level, guess it wasn’t quite ready to leave beta TBH I like the response. Like that's a good zing and everything but respect to whoever created the "what happens if FaceTime gets super hosed" document.
|
|
#
?
Jan 29, 2019 17:10
|
|
|
|
| # ? Jun 9, 2024 17:28 |
|
