Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Shaggar
Apr 26, 2006

carry on then posted:

he's actively comparing himself lol. also this seems really dirty on github's part

https://twitter.com/marak/status/1479200803948830724

thats hosed up i dont care what his reason was, but deleting code used by a bunch of idiots rules and its lovely that github undid it. dont use github

Adbot
ADBOT LOVES YOU

Shame Boy
Mar 2, 2010

Kazinsal posted:

for real lol

*licenses software under a permissive license* what do you mean corporations are abiding by the terms of the license my software is under? this is so unfair

if you're gonna be ok with that then you also gotta be okay with the other side of "i am a big corp and want to use this permissively-licensed software for free, oh no what is that man doing to his anus"

Shame Boy
Mar 2, 2010

Shaggar posted:

thats hosed up i dont care what his reason was, but deleting code used by a bunch of idiots rules and its lovely that github undid it. dont use github

but microsoft owns github shaggar, won't this cause a rip in spacetime if you don't like it or something

Shaggar
Apr 26, 2006
devops is better

Kazinsal
Dec 13, 2011



shaggar only approves of properly licensed installations of visual sourcesafe

Plorkyeran
Mar 22, 2007

To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed

cinci zoo sniper posted:

any language where it’s not common to import an external dependencies called e.g. “isequal” or “reverse_string”

faker.js wasn't the most exciting of packages, but it did do something useful that you won't find in any language's standard library rather than being just a stupid js thing

Kazinsal
Dec 13, 2011



Plorkyeran posted:

faker.js wasn't the most exciting of packages, but it did do something useful that you won't find in any language's standard library rather than being just a stupid js thing

and now it's a new and unique type of stupid js thing



lol. lmao.

Progressive JPEG
Feb 19, 2003

i like sourcehut in case anyone was wondering

almost as much as how

haveblue
Aug 15, 2005



Toilet Rascal
what do colors and faker actually do?

Wild EEPROM
Jul 29, 2011


oh, my, god. Becky, look at her bitrate.
probably extremely basic things that anyone who knows any amount of javascript could do without relying on yet another package

Kazinsal
Dec 13, 2011



haveblue posted:

what do colors and faker actually do?

colors gives you symbolic names for different colours. faker generates bogus data for testing your poo poo with

The_Franz
Aug 8, 2003

Kazinsal posted:

for real lol

*licenses software under a permissive license* what do you mean corporations are abiding by the terms of the license my software is under? this is so unfair

we live in a world where billion dollar companies increasingly ask for free tech support, sometimes from people struggling to pay their bills. yes, it's permissively licensed, but don't act surprised if something is changed that breaks whatever your use case is or the project is abandoned as the author owes you nothing

Xarn
Jun 26, 2015

Kazinsal posted:

for real lol

*licenses software under a permissive license* what do you mean corporations are abiding by the terms of the license my software is under? this is so unfair

I see poo poo like this surprisingly often in oss community. Someone does a permissively licenced project, spends x years on it, it takes off, he burns out on supporting users all the time and then goes "wtf, I spent years and have no money from it wtf, why aren't corporations paying me".

Turns out people be stupid.

Phone
Jul 30, 2005

親子丼をほしい。
people conflate foss and oss, much to oss’ benefit.

the foss crowd’s hail mary was the GPL3, to which everyone was like “lmao no”. still good PR to have the hippie “it’s free and open source mannnnn” image floating around when the reality is that whoops 98% of all traffic that’s encrypted is using openssl, a project by Some Dude in their spare time.

The_Franz
Aug 8, 2003

Phone posted:

people conflate foss and oss, much to oss’ benefit.

the foss crowd’s hail mary was the GPL3, to which everyone was like “lmao no”. still good PR to have the hippie “it’s free and open source mannnnn” image floating around when the reality is that whoops 98% of all traffic that’s encrypted is using openssl, a project by Some Dude in their spare time.

and every time there's something like heartbleed, shellshock or the log4j exploits, everyone freaks out while yelling "HOW IS THIS POSSIBLE!? THESE PROJECTS ARE CRITICAL INFRASTRUCTURE AND NEED SUPPORT!!"

then two weeks later all is forgotten and it's back to business as usual

Main Paineframe
Oct 27, 2010

the timing is beautiful

he started complaining about not getting paid for his open source code a couple months after bombmaking materials were found in his apartment

I guess he couldn't find a defense lawyer who'd take bitcoin

edit: lmao

https://twitter.com/t3dotgg/status/1480359483758895105

cinci zoo sniper
Mar 15, 2013




Blinkz0rz posted:

that's just more exposure. beyond self-hosted as hobbesmaster mentioned, any package manager where the uploaded packages aren't audited would suffer from this exact same issue. it's literally a feature of package managers that a new version can be distributed by the package owner.

doesn't help idiots who don't pin or vendor their dependencies but that's an issue across every public package manager

yeah, i meant “owning half a galaxy via package that allows you to print red text to terminal” under “where this can’t happen”. supply chain attacks are obviously possible in principle in any software distribution environment where authors may change theirs as they please

cinci zoo sniper
Mar 15, 2013




Plorkyeran posted:

faker.js wasn't the most exciting of packages, but it did do something useful that you won't find in any language's standard library rather than being just a stupid js thing

the other one, however, was a comedy-tier library

Cybernetic Vermin
Apr 18, 2005

Xarn posted:

I see poo poo like this surprisingly often in oss community. Someone does a permissively licenced project, spends x years on it, it takes off, he burns out on supporting users all the time and then goes "wtf, I spent years and have no money from it wtf, why aren't corporations paying me".

caused by idiotic open source mysticism implying there are rewards for and inherent goodness in this kind of work, plus of course moron users thinking they are owed anything at all. perfectly valid to intentionally break the thing, the dev owes the users nothing.

haveblue
Aug 15, 2005



Toilet Rascal

Main Paineframe posted:

the timing is beautiful

he started complaining about not getting paid for his open source code a couple months after bombmaking materials were found in his apartment

I guess he couldn't find a defense lawyer who'd take bitcoin

edit: lmao

https://twitter.com/t3dotgg/status/1480359483758895105

everyone loves open source project sabotage duck

Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki

Cybernetic Vermin posted:

caused by idiotic open source mysticism implying there are rewards for and inherent goodness in this kind of work, plus of course moron users thinking they are owed anything at all. perfectly valid to intentionally break the thing, the dev owes the users nothing.

the rewards are endless idiots slam-pasting useless logs and config data into your issue queue with only "thing broken" as further description of the problem

Clark Nova
Jul 18, 2004

Clark Nova posted:

I hope he gets his six figgie contract :kiddo:

https://twitter.com/dril/status/831805955402776576?s=20

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat

Hed posted:

I got some Yubikeys to gently caress around with. Does anyone actually use these widespread at their work? Or smartcards at all?

FIDO2 is cool but you can also do PKI with them without leaving private certs around--but I'll admit I very rarely hear people talking about s/mime and client certs these days.

we use them for ssh keys for everyone at my office

mystes
May 31, 2006

The built in support for u2f/fido in openssh is really nice now.

Hopefully more dumb web stuff will have built in support for it in the future too.

cinci zoo sniper
Mar 15, 2013




y’all remember the bespoke german contact tracing app that got mentioned itt recently? guess where cops turned in for some location data

https://www.washingtonpost.com/world/2022/01/13/german-covid-contact-tracing-app-luca/

infernal machines
Oct 11, 2012

we have sealed ourselves away behind our money, growing inward, generating a seamless universe of self.
lol. that's a great way to ensure no one uses your app

Jenny Agutter
Mar 18, 2009

cinci zoo sniper posted:

y’all remember the bespoke german contact tracing app that got mentioned itt recently? guess where cops turned in for some location data

https://www.washingtonpost.com/world/2022/01/13/german-covid-contact-tracing-app-luca/

lol

quote:

There has been public resistance in Europe against the use of such apps, especially in Germany and Austria, where memories of authoritarian-government excesses from the past century linger.

yeah those governments were just a bit excessive id say

cinci zoo sniper
Mar 15, 2013




yeah it’s a bit low quality conflation

HELLOMYNAMEIS___
Dec 30, 2007

https://twitter.com/0xdabbad00/status/1481655942303281154

cinci zoo sniper
Mar 15, 2013





this is uhm…. ehrm, sorry, lemme check what the guidebook says for this situation. hmm, it’s apparently “ungood”

haveblue
Aug 15, 2005



Toilet Rascal
now torrenting aws_leak_complete.zip (1/572657853287)

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

hmm. seems bad.

Achmed Jones
Oct 16, 2004



does this mean that things are lookin up for GCP???

my rsus are curious!

(lol no the stock market absolutely does not care about infosec)

Grace Baiting
Jul 20, 2012

Audi famam illius;
Cucurrit quaeque
Tetigit destruens.



aws now has much more decentralized availability, number go up

Wiggly Wayne DDS
Sep 11, 2010



haveblue posted:

now torrenting aws_leak_complete.zip (1/572657853287)

Doom Mathematic
Sep 2, 2008

duz posted:

maybe people will learn to not just blindly update dependencies, i say about what might be the worst package manager

Yeah. We actually use faker at development time. When the new, weird version came out, we looked at it, thought "Hmm, this looks like something weird is going on" and did not upgrade.

spankmeister
Jun 15, 2008






what's faker do anyway

Jenny Agutter
Mar 18, 2009

wonder what this white house open source security meeting is going to be like. I would love to hear Oracle's suggestions

mystes
May 31, 2006

Jenny Agutter posted:

wonder what this white house open source security meeting is going to be like. I would love to hear Oracle's suggestions
Got to recoup the cost of buying redhat somehow I guess

Adbot
ADBOT LOVES YOU

flakeloaf
Feb 26, 2003

Still better than android clock

spankmeister posted:

what's faker do anyway

lorem checksum

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply