|
Nomnom Cookie posted:you talked about wireguard features and repeated some marketing copy Ignoring that wireguard has been mentioned: do you understand the fact that "no runtime allocation" is in fact a technical specification that means something and that it does, in fact, eliminate an entire class of bugs
|
# ? Sep 4, 2019 18:41 |
|
|
# ? Apr 28, 2024 10:38 |
|
Captain Foo posted:Ignoring that wireguard has been mentioned: it's a security feature. it doesn't substitute for experience
|
# ? Sep 4, 2019 18:46 |
|
Nomnom Cookie posted:it's a security feature. it doesn't substitute for experience
|
# ? Sep 4, 2019 19:20 |
|
Xarn posted:I wanted to note that I read this effortpost and appreciate it, but Oslo airport ate my notebook, killing my will to respond rn. tell us where gardermoen touched you
|
# ? Sep 4, 2019 19:24 |
|
Nomnom Cookie posted:it's a security feature. it doesn't substitute for experience so, no
|
# ? Sep 4, 2019 19:34 |
|
i think you’ll find that if youre like > ipredator > tor > s3 on all this poo poo then you’re fully protected.
|
# ? Sep 4, 2019 19:43 |
|
Midjack posted:i think you’ll find that if youre like > ipredator > tor > s3 on all this poo poo then you’re fully protected. just don't post it to your personal github afterward
|
# ? Sep 4, 2019 19:57 |
|
akadajet posted:ya, you really don't want to use software with the words "open" or "libre" in the name openssh is ok isn’t it? it’s probably the least bad of the common sshs at least after the libssh vulns (and just lol at drop”let’s roll our own crypto”bear) openjdk is also good, it’s the only java anyone should touch now (it is taken as axiomatic for the purposes of this post that java is good)
|
# ? Sep 4, 2019 20:08 |
|
Lain Iwakura posted:avoid being near arguments by couples in libraries while using ssh if you do implement that I'm dumb and don't get this, please help.
|
# ? Sep 4, 2019 20:20 |
|
Raere posted:I'm dumb and don't get this, please help. that's how they got ross ulbricht, the silk road guy. they watched him until he unlocked his laptop, then two agents distracted him by pretended to be an arguing couple until someone got close enough to physically stop him relocking it
|
# ? Sep 4, 2019 20:23 |
|
Didn't Ross also have a USB dead man's switch that they prevented him from pulling out?
|
# ? Sep 4, 2019 20:29 |
|
CommieGIR posted:Didn't Ross also have a USB dead man's switch that they prevented him from pulling out? https://www.wired.com/2015/05/silk-road-2/ doesn't mention one: quote:What unfolded next was a piece of improvisational theater. At 3:14 pm, DPR was typing away, writing to Cirrus. Just then, a middle-aged woman and man came toward Ross, ambling along in the kind of semihomeless shuffle you might often see in a San Francisco library. “gently caress you!” the woman yelled when they were directly behind Ross’ chair. As if they were a deranged couple about to fight, the man grabbed the woman by the collar and raised his fist.
|
# ? Sep 4, 2019 20:37 |
|
I'm hoping they all got their library cards revoked after this.
|
# ? Sep 4, 2019 20:39 |
|
nah usbkill was created as a response to his arrest but it's really poorly thought out https://github.com/hephaest0s/usbkill based on what i know about its design, it still doesn't thwart usb jigglers if you can find one that mimics a usb mouse the user would use and it wouldn't be hard to find usb drives that match what you're using with some effort
|
# ? Sep 4, 2019 20:42 |
|
https://twitter.com/TwitterSupport/status/1169334340393689088 how long can y'all hold your breath for?
|
# ? Sep 4, 2019 20:45 |
|
Isn't SMS like Caller ID levels of secure?
|
# ? Sep 4, 2019 20:46 |
|
Schadenboner posted:Isn't SMS like Caller ID levels of secure? like i said, how long can you hold your breath?
|
# ? Sep 4, 2019 20:48 |
|
Lain Iwakura posted:https://twitter.com/TwitterSupport/status/1169334340393689088 my buddy has @courage and has had his verizon account stolen three times even with giant flags on it saying "do not change anything over the phone." it's ridiculous.
|
# ? Sep 4, 2019 20:50 |
|
Lain Iwakura posted:nah usbkill was created as a response to his arrest but it's really poorly thought out Ah. that must've been where I remembered it from.
|
# ? Sep 4, 2019 21:02 |
|
i would pay good money to see a live show where it's just sarah jeong on stage talking about being a reporter who covered the DPR trial. that story had so many insane angles to it
|
# ? Sep 4, 2019 22:02 |
|
Lol @ Exim, true successor of Sendmail. (CVE-2019-15846: local or remote attacker can execute programs with root privileges) Good thing I've been using postfix forever - is exim still the default in Debian and variants?
|
# ? Sep 4, 2019 22:57 |
|
Lutha Mahtin posted:i would pay good money to see a live show where it's just sarah jeong on stage talking about being a reporter who covered the DPR trial. that story had so many insane angles to it CARL MARK FORCE IV
|
# ? Sep 4, 2019 22:58 |
|
Lutha Mahtin posted:i would pay good money to see a live show where it's just sarah jeong on stage talking about being a reporter who covered the DPR trial. that story had so many insane angles to it i imagine that some day i may have a story written about my life, and it would be good to have a detailed account of it
|
# ? Sep 4, 2019 23:00 |
|
Captain Foo posted:so, no in theory, something being impossible prevents it from happening. in practice... it doesn't matter at all what features it has. are you confused by the way I'm using the word feature? should I have said selling point instead? I won't be surprised if wireguard turns out to be good, and some aspects of its design contribute to that expectation, but whether or not it's good won't be based on how often it calls malloc (or would that be kmalloc lol lets do important things in the kernel). yes marketing to techies is a thing, duh, you got marketed to. the implementation details of a product have no bearing on its quality
|
# ? Sep 4, 2019 23:30 |
|
Implementation details are absolutely a contributing factor to a products overall quality
|
# ? Sep 4, 2019 23:33 |
|
Nomnom Cookie posted:the implementation details of a product have no bearing on its quality
|
# ? Sep 4, 2019 23:41 |
|
there sure are some takes itt lately stay tuned, next on the secfuck thread: a poster tries to defend rolling their own crypto
|
# ? Sep 5, 2019 00:12 |
|
Nomnom Cookie posted:the implementation details of a product have no bearing on its quality what do you really mean here? I’m sure it’s not the obvious meaning of the words
|
# ? Sep 5, 2019 00:17 |
|
i don't even understand the math behind some types of encryption
|
# ? Sep 5, 2019 00:19 |
|
Soricidus posted:there sure are some takes itt lately i think many threads back we had this happen
|
# ? Sep 5, 2019 00:19 |
|
Subjunctive posted:what do you really mean here? I’m sure it’s not the obvious meaning of the words yhbt. yhl. hand.
|
# ? Sep 5, 2019 00:26 |
|
Soricidus posted:there sure are some takes itt lately if you roll your own crypto then the NSA can’t backdoor it. nice try narc
|
# ? Sep 5, 2019 00:44 |
|
and before you ask, yes it's a machine learning crypto algorithm
|
# ? Sep 5, 2019 00:48 |
|
Subjunctive posted:what do you really mean here? I’m sure it’s not the obvious meaning of the words you're right, i pushed that post halfway out then broke it off to run to dinner what i care about are performance, stability, security, functionality, probably other poo poo im not gonna bother to think of. that what makes up product quality. as a user, how those are achieved doesn't make a poo poo. none at all. implementation details absolutely do matter a fuckload for the people building the thing but i'm not doing that. i'm deciding what helm chart to install. avoiding malloc or proving race-freedom or whatever are powerful techniques that are interesting to read about and will never, ever be considered by me when i have to evaluate competing options, unless doing in-house patches is on the table. usually it's not
|
# ? Sep 5, 2019 02:28 |
|
if you were in the business of buying bridges (maintenance of them isn't your job), and had the choice of one made of dog poo poo, or one where the architects proudly avoided using any dog poo poo at all, which would you pick
|
# ? Sep 5, 2019 02:54 |
|
Look, you might say that making bridges out of dog poo poo is an absolutely terrible idea, there's a ton of recent cases of bridges falling down due to being made out of dog poo poo, and these folks making a point of the fact that they don't make their bridges out of dog poo poo is a direct response to it being inexplicably common in the bridge-making industry. But I will keep looking around for a dog poo poo bridge manufacturer that doesn't have any bridges currently in the process of falling down, because this new-fangled "don't build bridges out of dog poo poo" idea is just totally unproven, you know?
|
# ? Sep 5, 2019 03:05 |
|
that is probably the worst analogy for this situation
|
# ? Sep 5, 2019 03:06 |
|
Hi everyone; I recently came across a device that has a web interface, defaulting to plaintext port 80. It has an option to enable TLS but it makes you upload your own certificate before it enables TLS. I made a certificate with a 1 day expiration and turned on TLS exclusively (no port 80). I tested it, it works. I waited one day, and after the certificate expired it disabled TLS and only allowed port 80. This is a device that controls small scale (200 amp) remote power plants (think LTE and 5G equipment). I feel like I should talk to the manufacturer about this before it gets deployed. first post in yospos, sorry
|
# ? Sep 5, 2019 03:25 |
|
Nomnom Cookie posted:you're right, i pushed that post halfway out then broke it off to run to dinner lol if u expect to get all of those in one product. pick 2. you'll only get 1 at best.
|
# ? Sep 5, 2019 03:26 |
|
|
# ? Apr 28, 2024 10:38 |
|
Jabor posted:Look, you might say that making bridges out of dog poo poo is an absolutely terrible idea, there's a ton of recent cases of bridges falling down due to being made out of dog poo poo, and these folks making a point of the fact that they don't make their bridges out of dog poo poo is a direct response to it being inexplicably common in the bridge-making industry. lol a wireguard stan. I honestly hadn’t thought that could happen
|
# ? Sep 5, 2019 03:26 |