|
yeah i checked the URL too and like, i could kind of understand (though not agree with, but understand) if it were a list of poo poo that changed all the time and you wanted to make sure you always had the latest list, but why the hell wouldn't you just set something like this up once, does he think the list is going to be constantly updated??
|
#
?
Jun 16, 2022 13:48
|
|
|
|
| # ? May 4, 2024 14:44 |
|
|
it's speex!!!
|
|
#
?
Jun 16, 2022 13:51
|
|
|
Dr_0ctag0n posted:There was a really fun HackTheBox machine named "Player" where one of the exploits involved creating/uploading a malicious avi file that had ffmpeg HLS vulnerability where it would output specified file contents within the playback of the video in VLC. i remember one ffmpeg vuln a while ago that was in one of the libraries that played videogame console chip music, which turned out was more or less just a full emulator of various game processors so you had to use like motorola 68000 assembly as part of the exploit or something. that's prolly my favorite one
|
|
#
?
Jun 16, 2022 13:54
|
|
|
Subjunctive posted:another approach to secure format parsing, from the Windows kernel. terrible name though farts-lang
|
|
#
?
Jun 16, 2022 14:01
|
|
|
Shame Boy posted:yeah i checked the URL too and like, i could kind of understand (though not agree with, but understand) if it were a list of poo poo that changed all the time and you wanted to make sure you always had the latest list, but why the hell wouldn't you just set something like this up once, does he think the list is going to be constantly updated?? well, start with making a terrible decision for arbitrary and likely poorly understood reasons and work from there
|
|
#
?
Jun 16, 2022 14:17
|
|
|
BattleMaster posted:farts-lang that too
|
|
#
?
Jun 16, 2022 14:21
|
|
|
infernal machines posted:well, start with making a terrible decision for arbitrary and likely poorly understood reasons and work from there always do, buddy. always do
|
|
#
?
Jun 16, 2022 14:21
|
|
|
Shame Boy posted:i remember one ffmpeg vuln a while ago that was in one of the libraries that played videogame console chip music, which turned out was more or less just a full emulator of various game processors so you had to use like motorola 68000 assembly as part of the exploit or something. that's prolly my favorite one yeah libavcodec/format has a fuckton of dependencies and a lot of them are super old, it kinda sucks because it's so drat useful
|
|
#
?
Jun 16, 2022 14:22
|
|
|
Subjunctive posted:always do, buddy. always do it's good to have a process
|
|
#
?
Jun 16, 2022 14:28
|
|
|
hello again yossec! if you have an interest in elliptic curve cryptography, or just like watching dots and lines move on your screen, then you might enjoy a thing I made: https://curves.ulfheim.net
|
|
#
?
Jun 16, 2022 15:52
|
|
|
Ulf posted:hello again yossec! Neat animations!
|
|
#
?
Jun 16, 2022 15:56
|
|
|
Ulf posted:hello again yossec! i know absolutely nothing about cryptography. i ran the alice/bob key exchange example and it displayed a big infinity symbol at some point and stopped. does that mean that you can just fail at some point? or do you just try again with a new starting number.
|
|
#
?
Jun 16, 2022 16:48
|
|
|
nudgenudgetilt posted:my experience is the reality is that the law dictates a drug free workplace, but the only parties interested in enforcing the law are those who are in the business of constantly having to ask for new work (contractors). aside from defense or cleared positions, the agencies themselves don't really seem to give a gently caress. i imagine the majority of compliance from contractors comes from the fact other contractors could use a lack of compliance as leverage. they drug test for security clearances, and it's hard to get a federal toucher job without one of those
|
|
#
?
Jun 16, 2022 16:53
|
|
|
Eeyo posted:i know absolutely nothing about cryptography. I tested it a bunch but you know what they say about code making contact with the enemy. so what happened is that as you multiply points on the curve you’ll eventually land on the point with the same x-value as the base point, but a different y-value. if you draw a line through that point from P it’s vertical and that line can never intersect another point. we call that result the “infinity” point, and in EC math (infinity + P) = P. the number of point additions it takes to reach this is called the “order” of the base point, and the cycle resets and all the points repeat in the same way after that. so in my toy curve, which I picked to be small and visible, infinity is the result 1/73 of the time. in a real curve like Curve25519, infinity is the result one out of 2^252 times which is trillions of trillions of trillions … repeat the word “trillions” three more times. the curve scheme might also have mitigation against hitting hit by masking certain bits, I’d have to check the paper again. they might also reserve a special value like all-zeros to represent infinity. in practice what would probably happen is your key exchange fails, your endpoints get confused, and they attempt a new connection. the user might be annoyed if they’re not distracted by the whole heat death of the universe thing.
|
|
#
?
Jun 16, 2022 17:26
|
|
|
that probably breaks the page because of a hanging await though, I’ll fix it when I get home. thanks for letting me know!
|
|
#
?
Jun 16, 2022 17:27
|
|
|
Ulf posted:hello again yossec! wooo, lookit those bits fly 
|
|
#
?
Jun 16, 2022 17:29
|
|
|
DELETE CASCADE posted:they drug test for security clearances, and it's hard to get a federal toucher job without one of those I feel like I covered that: nudgenudgetilt posted:aside from defense or cleared positions the federal government has a *lot* of positions that are neither. i know plenty of potheads working in unclassified dept of energy, noaa, and nsf roles. personal experience with these three organizations makes me think it isn't a stretch that other chunks of the federal government are the same.
|
|
#
?
Jun 16, 2022 17:32
|
|
|
Ulf posted:that probably breaks the page because of a hanging await though, I’ll fix it when I get home. thanks for letting me know! it didn't seem to break the page very much. i had it do another random number and it worked fine after that. fwiw apparently 201 was one of the "magic" numbers (for lack of a better word) if you need to try that one. it does look like it keeps you from hitting some of the magic numbers, if i put in 73 it will do 74 instead. but it will happily try to do 201 and fail. edit: again i don't know anything about this, but in this case it wasn't failing when adding to the base point, it's failing when doing an intermediate summation, so it's adding 64P + 9P (9+64+128 getting you to 201). Eeyo fucked around with this message at 18:01 on Jun 16, 2022 |
|
#
?
Jun 16, 2022 17:58
|
|
|
Eeyo posted:it's failing when doing an intermediate summation, so it's adding 64P + 9P (9+64+128 getting you to 201). aha that makes perfect sense. maybe I’ll fix it so the animation continues, or maybe just add the 2^n points in a different order so I don’t have to explain the weirdness. thanks again!
|
|
#
?
Jun 16, 2022 18:12
|
|
|
Ulf posted:dang, I thought I guarded again that by fudging^W adjusting the numbers if you put in any multiple of the base point’s order. i warned you about rollin' your own bro!!!! i told you dog! (this is incredibly neat, thanks for making these pages)
|
|
#
?
Jun 16, 2022 18:52
|
|
|
FlapYoJacks posted:I can’t get a government job because I smoke a huge amount of weed. Also the pay is poo poo compared to the private sector. 
|
|
#
?
Jun 16, 2022 19:44
|
|
|
i wonder if canada has recruited hackers rejected by the nsa for weed if you hack for us we'll pay you in weed
|
|
#
?
Jun 16, 2022 19:57
|
|
|
I’m told that there was a major recruiting push along those lines after legalization, but I don’t know how successful it was.
|
|
#
?
Jun 16, 2022 19:58
|
|
|
Ulf posted:hello again yossec! this is cool
|
|
#
?
Jun 16, 2022 20:09
|
|
|
nudgenudgetilt posted:I feel like I covered that: Sure, but if you're filling out the form for public trust or security clearance you have to answer about drug use, and lying on that is a felony. That would give most people pause whether or not a test is involved. Lots of jobs may not require the form, but lots do, even if there's no sensitive stuff at all involved.
|
|
#
?
Jun 16, 2022 21:01
|
|
|
Albinator posted:Sure, but if you're filling out the form for public trust or security clearance you have to answer about drug use, and lying on that is a felony. That would give most people pause whether or not a test is involved. Lots of jobs may not require the form, but lots do, even if there's no sensitive stuff at all involved. public trust forms are for jobs that require clearance. i don't understand what y'all aren't getting about the concept that there are plenty of roles that require no clearance. the only thing you sign related to drug use is acknowledging receipt of the agency's policy surrounding a drug free workplace implementation you're certainly open to being fired for failure to comply with the organization's policy, but there are no attestations that you don't do drugs, only an attestation that you received the policy that forbids drug use.
|
|
#
?
Jun 16, 2022 21:08
|
|
|
there's some middle-ground as well. the two doe workplaces i've had contact with (federal contractors, not actual doe employees) required drug tests at the start and random drug screenings, even if you don't touch classified work. drug use is occasionally just forgiven for clearance work too. i've heard of at least one person who smoked weed in college and said "yeah i used to smoke weed" and they gave him one anyway. of course continued use is a no-no, so you've got to use the hard drugs that leave your system within a few days so you can't get popped.
|
|
#
?
Jun 16, 2022 21:35
|
|
|
Eeyo posted:there's some middle-ground as well. the two doe workplaces i've had contact with (federal contractors, not actual doe employees) required drug tests at the start and random drug screenings, even if you don't touch classified work. this is the current state of weed and highsec fedgov as i understand it, they are currently somewhat more willing to overlook it if you stop when you apply and they will probably check up on you at some point after you start working. i think fbi and other federal law enforcement are still "lolnope" with any use at all. additionally "public trust" is a level below fedgov security clearance but above low level workers. become senior enough in any agency and you will likely get the background check and interview. and of course contractors may have their own policies that interact with insurance and other business things and will have a spectrum of attitudes toward weed.
|
|
#
?
Jun 17, 2022 01:21
|
|
|
My dad's worked for the IRS for over a decade. I don't recall if he had a drug test as part of his extensive background checks before being hired, but I know he's definitely never had one since and it'd have to be a strongly documented for-cause screening Maybe contractors are subjected to it but regular non clearance federal employees, even in positions of trust, aren't.
|
|
#
?
Jun 17, 2022 02:12
|
|
|
We were subject to random drug tests in the DOD, and I know some DOD contractors have to get tested once in a blue moon and tested at start of employment.
|
|
#
?
Jun 17, 2022 02:59
|
|
|
As a government employee who's had a variety of background checks, including ones where they call your friends and interview them too. I can tell you that most of the feds don't care. I've always disclosed that I smoke when asked. If you happen into a role where they do care then you've gotten lucky because it's an early screen that you can use to know if your employer is a shithead or not.
|
|
#
?
Jun 17, 2022 03:47
|
|
|
El Mero Mero posted:including ones where they call your friends and interview them too. i had a friend go through one of these while i was working at a doe national lab (he was dod). despite being non-classified, there was still a dance you had to do to register visitors. opm calls me to schedule an interview and tells me i don't need to worry about it when i start giving them access instructions. sure enough, date/time for the interview comes up and they just roll into my office, several badge swipes and a security gate deep in the lab. still creeps me out a little
|
|
#
?
Jun 17, 2022 04:20
|
|
|
the specific OPM guys probably were probably assigned to the lab if it was a bigger one still, yeah that’s be weird
|
|
#
?
Jun 17, 2022 05:41
|
|
|
the only time i've ever been into a secure area was when i took a tour of the maintenance shop for the trident missiles out at cape canaveral but it was a scheduled thing so they put all the secret cool stuff away and the only security stuff i had to do was leave my phone with a bored-looking guy sitting at a desk by an imposing-looking door with a radioactivity symbol on it
|
|
#
?
Jun 17, 2022 07:28
|
|
|
they had to put all the 8" floppies away? sad
|
|
#
?
Jun 17, 2022 07:40
|
|
|
spankmeister posted:they had to put all the 8" floppies away? sad it was a maintenance hangar for the missile not a launcher lol though i did get to see a copy of windows XP for submarines in person, running on a computer hooked up to the third stage presumably for diagnostics
|
|
#
?
Jun 17, 2022 07:42
|
|
|
i was a snarky rear end in a top hat teenager so i asked the dude giving the tour what the payload was, in front of a bunch of small children cuz it was take your kid to work day (i was there to give a presentation originally and they were like 'wanna come visit the trident basin?' and i'm like sure) he awkwardly laughed and went "oh that's the part we don't like to talk about... the trident II is a nuclear deterrent missile, and that's all i can say about it"
|
|
#
?
Jun 17, 2022 07:46
|
|
|
Are there design differences between a first-strike weapon and a second strike/deterrent weapon, or is it purely in how they're housed and deployed?
|
|
#
?
Jun 17, 2022 07:53
|
|
|
The Lone Badger posted:Are there design differences between a first-strike weapon and a second strike/deterrent weapon, or is it purely in how they're housed and deployed? probably. second-strike weapons need to be as survivable as possible, first strike needs to be as sneaky as possible. i kinda doubt there'd ever be any kind of public release of "here's why our missile is real good at first strikes" though since that would be diplomatic suicide
|
|
#
?
Jun 17, 2022 08:08
|
|
|
|
| # ? May 4, 2024 14:44 |
|
|
more importantly, retaliatory weapons need to cause as much genocide as possible individually under the assumption that most of the arsenal was destroyed in the first strike
|
|
#
?
Jun 17, 2022 08:23
|
|
