|
Beeftweeter posted:i was gonna post almost exactly this for inherently dense stuff like this that kind of classic ui is so good yeah. have to basically know what you're doing anyway, so just pack it all in with little ceremony. (though it could if course still be improved in a myriad of ways)
|
#
?
Jun 15, 2022 16:23
|
|
|
|
| # ? Jun 2, 2024 03:39 |
|
|
pki is a mess openssl is a mess at least the complexity helps pay the bills
|
|
#
?
Jun 15, 2022 16:24
|
|
|
I once had trouble getting a SIPS client to talk to my server and it turns out that I think the client actually checks to make sure something like the web tls server bit on the x509 extended attributes in the server certificate is turned on. And I think key encipherment on key usage. It was pretty maddening when I figured it out. To top it all off, the code was open source. I dunno how fast I would have quit if the code was closed source.
|
|
#
?
Jun 15, 2022 16:28
|
|
|
i use openssl once or twice a month, because dummies don't want letsencrypt and send certs in stupid formats instead of just requesting a CSR, so i've come to the conclusion that it's perfect as a CLI, because i now have a couple bash "scripts" that are just one openssl line that takes a file and spits out pem formatted certs i can throw into a web server or what have you
|
|
#
?
Jun 15, 2022 16:37
|
|
|
idk i just generate my certs correctly and its not a problem. im also using windows so its much easier to do correctly
|
|
#
?
Jun 15, 2022 16:41
|
|
|
some kinda jackal posted:
lol
|
|
#
?
Jun 15, 2022 16:50
|
|
|
Shaggar posted:idk i just generate my certs correctly and its not a problem. yeah, it's always windows users who don't understand what a csr is and send private keys over the internet, thanks shaggar
|
|
#
?
Jun 15, 2022 16:51
|
|
|
if its an internal CA you and your users should never have to deal with CSRs
|
|
#
?
Jun 15, 2022 16:52
|
|
|
also theres no way a windows user who doesnt know what a csr is could possibly find the private key to send it
|
|
#
?
Jun 15, 2022 16:53
|
|
|
my internal CA that's supported by all the major OSes and browsers of random internet users 
|
|
#
?
Jun 15, 2022 16:53
|
|
|
Truga posted:i use openssl once or twice a month, because dummies don't want letsencrypt and send certs in stupid formats instead of just requesting a CSR, so i've come to the conclusion that it's perfect as a CLI, because i now have a couple bash "scripts" that are just one openssl line that takes a file and spits out pem formatted certs i can throw into a web server or what have you One of my CA systems is based on a makefile and, to be honest, it's very needs suiting
|
|
#
?
Jun 15, 2022 17:01
|
|
|
 I don't think the problem here is disabling fixes for CPU bugs
|
|
#
?
Jun 15, 2022 17:12
|
|
|
world's first WAN-based bootloader attack
|
|
#
?
Jun 15, 2022 18:06
|
|
|
BattleMaster posted:
looooooool
|
|
#
?
Jun 15, 2022 18:30
|
|
|
BattleMaster posted:
what the gently caress
|
|
#
?
Jun 15, 2022 20:06
|
|
|
i mean, i guess that's sort of what you'd expect from someone going out of their way to disable any and all security mitigation on their system in the name of performance, but still lmao
|
|
#
?
Jun 15, 2022 20:07
|
|
|
sb hermit posted:One of my CA systems is based on a makefile and, to be honest, it's very needs suiting team makefile ca checking in. makefile/git/git-secret is amazing for a personal use ca
|
|
#
?
Jun 15, 2022 21:16
|
|
|
BattleMaster posted:
|
|
#
?
Jun 15, 2022 21:18
|
|
|
i too benchmark in emacs
|
|
#
?
Jun 15, 2022 21:24
|
|
|
BattleMaster posted:
|
|
#
?
Jun 15, 2022 21:38
|
|
|
Wiggly Wayne DDS posted:i too benchmark in emacs edit makefile and collect speed
|
|
#
?
Jun 15, 2022 21:42
|
|
|
BattleMaster posted:
it's got the *s* in https right in there, do you even know what the acronym means scrub?
|
|
#
?
Jun 15, 2022 21:53
|
|
|
making my kernel secure via exposure therapy
|
|
#
?
Jun 15, 2022 21:57
|
|
|
excellent
|
|
#
?
Jun 15, 2022 21:59
|
|
|
what does #include do? posted:noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off
|
|
#
?
Jun 15, 2022 22:07
|
|
|
isn't tsx bad because it has a rare chance of unintended memory corruption? even without malware, natch
|
|
#
?
Jun 15, 2022 22:10
|
|
|
|
|
#
?
Jun 15, 2022 22:40
|
|
|
oh ho
|
|
#
?
Jun 15, 2022 22:41
|
|
|
this is not particularly contemporary, but a friend of mine (forums poster Malathion) just told me about this guy that he encountered: https://www.commandlinefu.com/commands/view/13858/run-vlc-as-root It's from 2014 but the stubborn rear end in a top hat computer toucher vibe is amusing and embarrassingly relatable to positions I've personally taken in past lives quote:I always (15+ years) use my system as root. I never had any issues. from all the apps I use, vlc is the only app that insist on running under normal user privileges. I do not see how can a movie or a music file can compromise my system. Can you give a real example? After each upgrade of vlc I run the above command to enable vlc to run as root. (It works on the vlc binary) hope some people find it useful :-) secfuck thread 18.14: I do not see how can a movie or a music file can compromise my system
|
|
#
?
Jun 15, 2022 22:53
|
|
|
lol is that gillian anderson in a palo alto networks ad
|
|
#
?
Jun 15, 2022 22:58
|
|
|
burning swine posted:this is not particularly contemporary, but a friend of mine (forums poster Malathion) just told me about this guy that he encountered: https://www.commandlinefu.com/commands/view/13858/run-vlc-as-root iirc you could embed at least scripts and possibly executable code in wmv
|
|
#
?
Jun 15, 2022 23:00
|
|
|
post hole digger posted:lol is that gillian anderson in a palo alto networks ad it's actually an ad for her new show "rwx education"
|
|
#
?
Jun 15, 2022 23:05
|
|
|
infernal machines posted:iirc you could embed at least scripts and possibly executable code in wmv There was a really fun HackTheBox machine named "Player" where one of the exploits involved creating/uploading a malicious avi file that had ffmpeg HLS vulnerability where it would output specified file contents within the playback of the video in VLC.
|
|
#
?
Jun 15, 2022 23:06
|
|
|
writing parsers is hard and they tend to have a lot of bugs. saying "I don't see how a video can hurt my system  " just demonstrates a shocking lack of understanding Like, I took a few binary exploitation trainings and invariably they all had some media player app as an exercise. also remember stagefright lol
|
|
#
?
Jun 15, 2022 23:07
|
|
|
are you suggesting that the person who insists on running everything as root does not have a fulsome understanding of exploit methods?
|
|
#
?
Jun 15, 2022 23:14
|
|
|
quote:sed -i 's/geteuid/getppid/g' /usr/bin/vlc meh, if you look at the post, it seems like a pretty obvious trolling attempt
|
|
#
?
Jun 15, 2022 23:36
|
|
|
i wonder if you could use a subtitle track as a vector and pipe it into the shell lol
|
|
#
?
Jun 15, 2022 23:40
|
|
|
spankmeister posted:writing parsers is hard and they tend to have a lot of bugs. saying "I don't see how a video can hurt my system
|
|
#
?
Jun 15, 2022 23:41
|
|
|
it’s a reasonable not-a-programmer mental approach where you insist on thinking in terms of human intent instead of seeing through the illusion and following the mad logic of the god of tortured sand. when i ta’d intro cs we had to savagely beat it out of our students, and it was probably the single biggest (academic) reason people washed out
|
|
#
?
Jun 15, 2022 23:43
|
|
|
|
| # ? Jun 2, 2024 03:39 |
|
|
post hole digger posted:lol is that gillian anderson in a palo alto networks ad well if anything could make me consider pans to not suck...
|
|
#
?
Jun 15, 2022 23:44
|
|
