|
BIGFOOT EROTICA posted:to be fair I don't think the button on any smoke detector ive ever owned actually silences the loving thing the button is for testing, at least is on the one i have
|
# ? Jun 13, 2019 09:10 |
|
|
# ? Apr 26, 2024 03:32 |
|
Applebees posted:Is this default behaviour of cat useful for anything other than tricking people? it’s kind of what cat is supposed to do, yes? like its primary purpose is to read a series of bytes from a series of files, and output them as a single series of bytes (hence the name, from concatenate). it doesn’t modify those bytes by default because it doesn’t know what you’re using them for and it prefers not to guess. and there are certain to be people who take advantage of terminal escape sequences to insert colors etc into text files.
|
# ? Jun 13, 2019 11:04 |
|
duz posted:probably, i know i have to keep acknowledging that it is insecure for it to display anything We're supposed to use the most insecure settings possible, to minimize the inconvenience of using Java 7 on IE 11 on Windows 10. And the internal Kronos team refuses to update it, and C-suite won't make them, even after having one of my supers present a list of 70+ critical CVEs for JRE 1.7.0u9 at the last security meeting!
|
# ? Jun 13, 2019 13:53 |
|
Krankenstyle posted:the button is for testing, at least is on the one i have I've been buying these for my rental, seem to work well enough for a cheapo that dipshit college kids will tamper with and they silence when you press the button. https://www.amazon.com/gp/product/B0725519PH/ref=ppx_yo_dt_b_asin_title_o01_s00?ie=UTF8&psc=1
|
# ? Jun 13, 2019 14:07 |
|
cybrancyborg posted:We're supposed to use the most insecure settings possible, to minimize the inconvenience of using Java 7 on IE 11 on Windows 10. If you want to mitigate on the client side, push settings that crank up the JRE default security level to Highest (defaults to either high or medium) which should put it in a mode where it will only invoke jars with user consent or auto-launch if they're in the trusted url list
|
# ? Jun 13, 2019 14:10 |
|
BIGFOOT EROTICA posted:to be fair I don't think the button on any smoke detector ive ever owned actually silences the loving thing my Nest Protect's button silences, which is good because by the time the app realizes that it's part of a universe containing my smoke detector the time between warning and bleating has long elapsed. love the "you're too far to silence" when I am literally in physical contact with the smoke detector Soricidus posted:its kind of what cat is supposed to do, yes? like its primary purpose is to read a series of bytes from a series of files, and output them as a single series of bytes (hence the name, from concatenate). you are philosophically right, but it's named after catenate, which is the reason that I even know that that word exists cybrancyborg posted:We're supposed to use the most insecure settings possible, to minimize the inconvenience of using Java 7 on IE 11 on Windows 10. we had this problem at FB after we banned Java in the wake of a targeted Java zero-day (which I assume cost $0.83 including tax). finance got some VMs issued that were extremely restricted in terms of what they could talk to, and Java was put on there. they got reimaged after every use and so forth. unrelatedly, a lot of people used Windows VMs just to run the Windows version of Outlook, because the Mac one was so incredibly, bogglingly awful
|
# ? Jun 13, 2019 14:13 |
|
BangersInMyKnickers posted:If you want to mitigate on the client side, push settings that crank up the JRE default security level to Highest (defaults to either high or medium) which should put it in a mode where it will only invoke jars with user consent or auto-launch if they're in the trusted url list I had to do this for ADP etime cause their poo poo is garbage. last year they finally built an html version of everything so we're totally off of client side java, but it was just so dumb. adp didn't even sign their jars
|
# ? Jun 13, 2019 14:49 |
|
Krankenstyle posted:the button is for testing, at least is on the one i have on the ones in my apartment, if you hit the button when it's not going off it tests it, if you hit it when it is going off it silences it except for a periodic chirp to let you know it's still worried... ... for like, 2-3 minutes, and then it resets and if you haven't cleared sufficient amounts of the smoke it starts going again, which is real fun
|
# ? Jun 13, 2019 14:54 |
|
BangersInMyKnickers posted:I've been buying these for my rental, seem to work well enough for a cheapo that dipshit college kids will tamper with and they silence when you press the button. looks like we got ourselves a slum lord fellas *rolls out guillotine*
|
# ? Jun 13, 2019 15:04 |
|
BangersInMyKnickers posted:I've been buying these for my rental, seem to work well enough for a cheapo that dipshit college kids will tamper with and they silence when you press the button. guillotine etc but also amazon posted:Environment friendly, without smell, radiation or harm are smoke detectors known for their bad smell?
|
# ? Jun 13, 2019 15:19 |
|
"it smells bad" is a common complaint when ordering plastic things from china but i gotta admit that's the first time i've heard it about a smoke detector
|
# ? Jun 13, 2019 15:29 |
|
Subjunctive posted:my Nest Protect's button silences, which is good because by the time the app realizes that it's part of a universe containing my smoke detector the time between warning and bleating has long elapsed. love the "you're too far to silence" when I am literally in physical contact with the smoke detector if your main job includes outlook, word and/or excel you really just should use a windows machine
|
# ? Jun 13, 2019 15:33 |
|
so any job, basically.
|
# ? Jun 13, 2019 15:34 |
|
Truga posted:https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md I tried this the day it came out, I'll see if I can get this working in the lab today.
|
# ? Jun 13, 2019 16:14 |
|
BangersInMyKnickers posted:If you want to mitigate on the client side, push settings that crank up the JRE default security level to Highest (defaults to either high or medium) which should put it in a mode where it will only invoke jars with user consent or auto-launch if they're in the trusted url list Users complained or or declined at the prompt (and then complained the site wouldn't load), so our official procedure is to specifically select all the least secure settings! As for using trusted URLs, not sure, the decisions were made long before I got here.
|
# ? Jun 13, 2019 16:58 |
|
cybrancyborg posted:Users complained or or declined at the prompt (and then complained the site wouldn't load), so our official procedure is to specifically select all the least secure settings! lol rip
|
# ? Jun 13, 2019 17:22 |
|
BangersInMyKnickers posted:lol rip My only hope is that MS will someday break compatibility w/ Java 7 on Win10, but since they seem pretty okay with Windows being a sort of Katamari for bugs, it's a very faint hope.
|
# ? Jun 13, 2019 17:30 |
|
there was just a show on the radio talking about how companies and organizations are afraid to come forward and say in public that they got ransomware'd because there's lots of "victim blaming" and people will jump to point out stuff they could have done but didn't, as an example they were talking about baltimore and how they were hit with something that had been patched for over two loving years but also they just couldn't "afford security" so something something won't someone please think of the innocent corporations and city governments whose feelings are hurt when you mean old security researchers do stuff like "point out that this was trivially preventable" or "demand even basic levels of competence when dealing with something critically important"? you're all monsters
|
# ? Jun 13, 2019 17:43 |
|
weeeell, i don't doubt that local government does indeed struggle with security for reasons not entirely in their control, and in fact agree that the culture around the ongoing security catastrophy we all inhabit is part of the problem.
|
# ? Jun 13, 2019 17:55 |
|
cybrancyborg posted:My only hope is that MS will someday break compatibility w/ Java 7 on Win10, but since they seem pretty okay with Windows being a sort of Katamari for bugs, it's a very faint hope. edge was sorta that but lol whoops
|
# ? Jun 13, 2019 18:31 |
|
Cybernetic Vermin posted:weeeell, i don't doubt that local government does indeed struggle with security for reasons not entirely in their control, and in fact agree that the culture around the ongoing security catastrophy we all inhabit is part of the problem. its purely a cost issue quote:Baltimore's information security manager warned of the need for such a policy during budget hearings last year. But the final budget did not include funds for that policy, nor did it include funding for expanded security training for city employees, or other strategic investments that were part of the mayor's strategic plan for the city's information technology infrastructure.
|
# ? Jun 13, 2019 18:49 |
|
duz posted:its purely a cost issue well, that is one read, but there may need to be a larger shift in approach, it might not be reasonable to expect that "security expertise" should be a funded line item in every budget, while e.g. the local school children go hungry not to lay the blame at the feet of security professionals, but the framing of the problem is not good.
|
# ? Jun 13, 2019 18:57 |
|
Cybernetic Vermin posted:weeeell, i don't doubt that local government does indeed struggle with security for reasons not entirely in their control, and in fact agree that the culture around the ongoing security catastrophy we all inhabit is part of the problem. yeah but the actual "victim" usually isn't the company or government or w/e, it's the people who use their services, who now have their information stolen or in baltimore's case can't pay water bills or finalize real estate deals or anything else that requires computer systems. like yeah if it was just some dude who lost all their poo poo then showing up and being all "well you should have known better " would be a huge dick move, but I think it's totally fair to criticize companies and governments. frankly if you don't have the budget to [hire a dude that can tell you to] update your 2+ year out of date windows installs that should be auto-updating anyway then you also don't have the budget to offer the online services in the first place. security really needs to be viewed as a non-negotiable part of the cost - you're either paying for the security stuff to be done right or you're paying (in baltimore's case) $20 million to unfuck everything once ransomware hits, but you're paying either way.
|
# ? Jun 13, 2019 19:08 |
|
Cybernetic Vermin posted:well, that is one read, but there may need to be a larger shift in approach, it might not be reasonable to expect that "security expertise" should be a funded line item in every budget, while e.g. the local school children go hungry if it comes down to that then you need to shut down the entire system and use the money to feed the kids
|
# ? Jun 13, 2019 19:27 |
|
there are plenty of other parts in the budget you can take from before taking from kids.
|
# ? Jun 13, 2019 19:31 |
|
also in plenty of cases its not even cost, but cold hard incompetence that causes this stuff to happen.
|
# ? Jun 13, 2019 19:32 |
|
Shaggar posted:there are plenty of other parts in the budget you can take from before taking from kids. Seriously, we’re talking about Baltimore here. The hundreds of thousands that were getting diverted to purchasing copies of the mayor’s children’s book probably would have covered it.
|
# ? Jun 13, 2019 19:36 |
|
Shame Boy posted:if it comes down to that then you need to shut down the entire system and use the money to feed the kids it might not be exactly what you're looking for, but have your heard of A Song of Wire and Omar, by David R R Simon??
|
# ? Jun 13, 2019 20:17 |
|
the gods will not save you
|
# ? Jun 13, 2019 20:21 |
|
Lutha Mahtin posted:it might not be exactly what you're looking for, but have your heard of A Song of Wire and Omar, by David R R Simon??
|
# ? Jun 13, 2019 21:02 |
|
https://twitter.com/bad_packets/status/1135282810938224642?s=21 hackers have taken over instant gram by blue screening google BGP routers with RDP or some bullshit e: :eyeroll: Partycat fucked around with this message at 23:22 on Jun 13, 2019 |
# ? Jun 13, 2019 23:19 |
|
got a phishing mail with a weird reply-to field
|
# ? Jun 14, 2019 04:34 |
|
im the admin@mudwhole.com
|
# ? Jun 14, 2019 06:12 |
|
|
# ? Jun 14, 2019 06:40 |
|
Krankenstyle posted:got a phishing mail with a weird reply-to field Hey, I got that too. The message body is empty (or stripped by gmail somehow?) and the subject says gently caress YOU!! I HATE YOU.... Oh, I got another one that does have phishing content and doesn't swear.
|
# ? Jun 14, 2019 07:18 |
|
Krankenstyle posted:got a phishing mail with a weird reply-to field late 90s grunge band webring member spotted
|
# ? Jun 14, 2019 08:29 |
|
Lutha Mahtin posted:it might not be exactly what you're looking for, but have your heard of A Song of Wire and Omar, by David R R Simon??
|
# ? Jun 14, 2019 09:53 |
|
Krankenstyle posted:got a phishing mail with a weird reply-to field that looks like the kind of thing I’d see back when “no-delivery report” dos’ were a thing using smtp servers
|
# ? Jun 14, 2019 11:36 |
|
duz posted:its purely a cost issue duz posted:Baltimore's information security manager warned of the need for such a policy during budget hearings last year. But the final budget did not include funds for that policy, nor did it include funding for expanded security training for city employees, or other strategic investments that were part of the mayor's strategic plan for the city's information technology infrastructure. That's 100% a management/politics issue, not a cost issue.
|
# ? Jun 14, 2019 13:59 |
|
|
# ? Apr 26, 2024 03:32 |
|
carcetti
|
# ? Jun 14, 2019 15:59 |