|
jre posted:Your browser is a piece of poo poo op and you're right they both suck
|
#
?
Oct 27, 2019 13:10
|
|
|
|
| # ? Apr 28, 2024 12:55 |
|
|
Soricidus posted:more like brendan yikes
|
|
#
?
Oct 27, 2019 16:46
|
|
|
Soricidus posted:more like brendan yikes
|
|
#
?
Oct 27, 2019 17:09
|
|
|
bah, let's post php 0-days to hn https://github.com/neex/phuip-fpizdam update your php's, especially if running nextcloud not exactly responsible disclosure
|
|
#
?
Oct 27, 2019 19:23
|
|
|
On the other hand, irresponsible disclosure is extremely entertaining for those who can claim not to be involved.
|
|
#
?
Oct 27, 2019 19:27
|
|
|
Tankakern posted:bah, let's post php 0-days to hn looks like that's the date the php devs told them it was ok to go public, it was reported to php a month before https://bugs.php.net/bug.php?id=78599 quote:[2019-09-28 08:26 UTC] neex dot emil+phpeb at gmail dot com this seems pretty responsible disclosure to me..... Trabisnikof fucked around with this message at 19:34 on Oct 27, 2019 |
|
#
?
Oct 27, 2019 19:32
|
|
|
heh https://twitter.com/sleavely/status/1188537321223798786
|
|
#
?
Oct 27, 2019 21:28
|
|
|
On the other hand, unicode is a loving nightmare where pretty much every character has multiple representations, so it is probably not a bad idea to stay away for anything that isn't displaying information to an end-user. For example, did he type the letter å or the letter a with a ring diacritic?
|
|
#
?
Oct 27, 2019 21:45
|
|
|
klafbang posted:On the other hand, unicode is a loving nightmare where pretty much every character has multiple representations, so it is probably not a bad idea to stay away for anything that isn't displaying information to an end-user. Does it matter as long as they're able to repeat the character sequence consistently?
|
|
#
?
Oct 27, 2019 22:01
|
|
|
ah crap I forgot whether my password is 19 or 20 eggplant emoji the site didnt allow 69 eggplant emoji
|
|
#
?
Oct 27, 2019 22:08
|
|
|
Chalks posted:Does it matter as long as they're able to repeat the character sequence consistently? but what if they aren't like they get a new phone and suddenly it uses another representation of national characters/smiles (yes I know they should be done in canon unicode but you know, software)
|
|
#
?
Oct 27, 2019 22:12
|
|
|
Chalks posted:Does it matter as long as they're able to repeat the character sequence consistently? it makes it harder for the customer support agent on the phone when you read it out to them
|
|
#
?
Oct 27, 2019 22:13
|
|
|
Chalks posted:Does it matter as long as they're able to repeat the character sequence consistently? Nah, probably not. I can still see why somebody would rule them out just to avoid potential problems (will browsers/apps send the sequence correctly? will the universe breed even more advanced idiots misunderstanding the difference between é/ê/è or æ/?) at very little advantage.
|
|
#
?
Oct 27, 2019 22:14
|
|
|
klafbang posted:Nah, probably not. I can still see why somebody would rule them out just to avoid potential problems (will browsers/apps send the sequence correctly? will the universe breed even more advanced idiots misunderstanding the difference between é/ê/è or æ/?) at very little advantage. I'd always assumed that non english speakers regularly have non ascii characters in their passwords but I guess not if they're normally prevented
|
|
#
?
Oct 27, 2019 22:23
|
|
|
Only American characters can be common
|
|
#
?
Oct 27, 2019 22:35
|
|
|
klafbang posted:On the other hand, unicode is a loving nightmare where pretty much every character has multiple representations, so it is probably not a bad idea to stay away for anything that isn't displaying information to an end-user. it seems like it should be possible to fix this with a suitable form of normalisation emphasis on should obviously, I know its never that simple
|
|
#
?
Oct 27, 2019 22:43
|
|
|
Soricidus posted:it seems like it should be possible to fix this with a suitable form of normalisation Anything not a 7 bit ASCII character is a shitshow and always has been. Danish has 3 bonus letters, like most Scandinavian languages. IBM forgot one (ø) in their original Scandinavian code page, 865 (IIRC), so there was two variants of that one with 2 extra Danish letters and one with all three. And also a European CP, 850, which placed at least ø in a different place. Also, they were placed so regular alphabetic sorting would not work. The windows CP puts them in a new exciting place. I believe the Scandinavian characters are in the low parts of Unicode, something latin1y, so they have their own codepoints. Unicode also has support for adding all kinds of accents above/below/on top of characters, so yo can make o as a separate character or by placing a / on top of an o. HTML can refer to it as ø as the character itself using several interesting encodings, or using the Unicode entities. This is all different from an American zero with a dot in it, btw. å is even worse because you have the character, the character with a diacritic, and 4 or 5 other basically rings you can also use that look identical (a degree symbol, a superscript o, a superscript zero, probably more). You learn very quickly to stay away from dumb characters. klafbang fucked around with this message at 23:00 on Oct 27, 2019 |
|
#
?
Oct 27, 2019 22:57
|
|
|
duz posted:customer support agent for google? ahahahahahahaha you are a funny poster
|
|
#
?
Oct 27, 2019 22:58
|
|
|
klafbang posted:Anything not a 7 bit ASCII character is a shitshow and always has been. Danish has 3 bonus letters, like most Scandinavian languages. IBM forgot one (ø) in their original Scandinavian code page, 865 (IIRC), so there was two variants of that one with 2 extra Danish letters and one with all three. And also a European CP, 850, which placed at least ø in a different place. Also, they were placed so regular alphabetic sorting would not work. The windows CP puts them in a new exciting place. hello I am the Cyrillic alphabet and me and my 33 children would like a word with all of you
|
|
#
?
Oct 27, 2019 23:02
|
|
|
Boiled Water posted:hello I am the Cyrillic alphabet and me and my 33 children would like a word with all of you wait cyrillic i thought you spoke chinese what's a gungan
|
|
#
?
Oct 27, 2019 23:05
|
|
|
Boiled Water posted:hello I am the Cyrillic alphabet and me and my 33 children would like a word with all of you Do letters that look the same as Latin letters but arent (В, С, Р, Н) have separate CPs? The lowercase variants must, but I guess the answer for the uppercase is the dumbest possible?
|
|
#
?
Oct 27, 2019 23:06
|
|
|
Please take general Unicode chat elsewhere
|
|
#
?
Oct 27, 2019 23:24
|
|
|
klafbang posted:Do letters that look the same as Latin letters but arent (В, С, Р, Н) have separate CPs? The lowercase variants must, but I guess the answer for the uppercase is the dumbest possible? yeah homographs (well, not Han unified homographs) have different code points and browsers of course have complex rules about how to display them in the address bar
|
|
#
?
Oct 27, 2019 23:26
|
|
|
CMYK BLYAT! posted:for google? ahahahahahahaha you are a funny poster do you normally give your password out over the phone?
|
|
#
?
Oct 28, 2019 01:13
|
|
|
duz posted:do you normally give your password out over the phone? Basically no customer support either takes or receives passwords over the phone in the last 5-10 years. If the company isn't storing your password in plain text there's not going to be any way for the agent to see what it is anyways, and after the years of phishing attacks everyone has stopped asking customers for a PW over the phone.
|
|
#
?
Oct 28, 2019 01:37
|
|
|
LanceHunter posted:Basically no customer support either takes or receives passwords over the phone in the last 5-10 years. If the company isn't storing your password in plain text there's not going to be any way for the agent to see what it is anyways, and after the years of phishing attacks everyone has stopped asking customers for a PW over the phone. well...no one competent does... https://twitter.com/UncleZebraCakes/status/1186110338934231041 https://twitter.com/simX/status/1186371667825528833 https://twitter.com/suzie_shooter/status/1187017063497437184 https://twitter.com/AkaneTachi19/status/1188092888745463814
|
|
#
?
Oct 28, 2019 01:58
|
|
|
Having the passwords translated as phone numbers does not necessarily require to have it cleartext; you could essentially run the transform from all accepted characters to a phone number keyboard on it when the user first chooses it, hash that and store the hash. When logging in from a phone, you then check against the phone hash only. However you've now got two hashes, one of which is off a weak as gently caress digit-only password and is probably enough to replace the safer/complete one anyway.
|
|
#
?
Oct 28, 2019 02:24
|
|
|
didn't rbc do this alongside a mandatory six-character limit on password length
|
|
#
?
Oct 28, 2019 02:36
|
|
|
Chrome is fine with the right add-ons and settings, firefox left a bad taste when it kept getting exploited at the end of last decade for me. I might try it more if you could create shortcuts for websites in firefox that open in their window with no address bar and can have it on the taskbar.
|
|
#
?
Oct 28, 2019 02:38
|
|
|
Celexi posted:Chrome is fine with the right add-ons and settings, firefox left a bad taste when it kept getting exploited at the end of last decade for me. Firefox got a major overhaul about a year ago and is significantly better now. chrome is fine if you are ok being the product. quote:I might try it more if you could create shortcuts for websites in firefox that open in their window with no address bar and can have it on the taskbar. have you heard of our lord and savior electron
|
|
#
?
Oct 28, 2019 02:45
|
|
|
flakeloaf posted:didn't rbc do this alongside a mandatory six-character limit on password length BMO. (BMO might still do this, but possibly they changed it finally in the last couple years.)
|
|
#
?
Oct 28, 2019 02:49
|
|
|
James Baud posted:BMO. (BMO might still do this, but possibly they changed it finally in the last couple years.) https://www.youtube.com/watch?v=w9kbAG2bfeY&t=24s
|
|
#
?
Oct 28, 2019 06:24
|
|
|
Tankakern posted:bah, let's post php 0-days to hn Pretty sure I read about it before these flurry of releases now also, probably in some nginx or php-fpm advisory. this publication is fine
|
|
#
?
Oct 28, 2019 12:17
|
|
|
MononcQc posted:Having the passwords translated as phone numbers does not necessarily require to have it cleartext; you could essentially run the transform from all accepted characters to a phone number keyboard on it when the user first chooses it, hash that and store the hash. When logging in from a phone, you then check against the phone hash only. The issue with this, if it is the case, is that I could take my usual list and rules, map them to the phone numbers, then filter out the uniques, which is faster than testing each against the text hash. Applying those to the phone hash would get me a list of associated text hashes that have a higher probability of being hit by the original list/rules, so you'd just search against that set first. But let's not kid ourselves they're in clear text 🙃 dougdrums fucked around with this message at 13:56 on Oct 28, 2019 |
|
#
?
Oct 28, 2019 13:33
|
|
|
Boiled Water posted:are you my coworker who tried implementing BigInt but managed to break greater than? are you the company that reimplemented BigInt in this software we have to integrate? because if so gently caress yoooooouuuuuuuuuuuuuuuuuauuahghhghhhh
|
|
#
?
Oct 28, 2019 14:57
|
|
|
power botton posted:Symantec has OEMed us and what you are all saying is very hurtful. counterpoint: it is a sinking garbage barge that has caused me nothing but misery in the last 5 years and they can go to hell
|
|
#
?
Oct 28, 2019 16:11
|
|
|
The Fool posted:Check out this still open issue from 2017: https://github.com/electron/asar/issues/123 lmbo
|
|
#
?
Oct 28, 2019 16:13
|
|
|
Cocoa Crispies posted:are electrons hiding their poo poo in /Library or ~/Library or something? In the case of teams, the updater deflates the new binary in to somewhere in /private/var and then that gets moved over to swap out the application in its current directory. If that's in /Applications then it it will need to elevate, if its in ~/Applications then it can just fire. It dumps a bunch of poo poo in ~/Library/Application Support but it seems to all be cache files and I can't see anything in there that looks executable thankfully. Seems to effectively be the signed jar encapsulation method so at least something sane is possible here since mac is much better about at least warning if you're trying to run unsigned stuff ewiley posted:Digital signatures are just one way binaries can be whitelisted. Windows has built-in whitelisting with AppLocker but it only covers windows 'executable' files. [/url] applocker handles executable, installers, dll's, and scripting including .js (powershell, command scripts, vbs as well). You could absolutely use it to this end if the vendor correctly signs their content correctly
|
|
#
?
Oct 28, 2019 16:38
|
|
|
the problem is that javascript/electron devs are incompetent and they can't be trusted to do anything right
|
|
#
?
Oct 28, 2019 17:08
|
|
|
|
| # ? Apr 28, 2024 12:55 |
|
|
re: Brave browser: Why does a browser also need a bittorent client?
|
|
#
?
Oct 28, 2019 17:19
|
|