Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Carthag Tuek
Oct 15, 2005

Tider skal komme,
tider skal henrulle,
slægt skal følge slægters gang




"An angry email ghost? From MY crotch?"

                      𝖨𝗍'𝗌 𝗆𝗈𝗋𝖾 𝗅𝗂𝗄𝖾𝗅𝗒 𝗍𝗁𝖺𝗇 𝗒𝗈𝗎 𝗍𝗁𝗂𝗇𝗄.

Adbot
ADBOT LOVES YOU

Agile Vector
May 21, 2007

scrum bored




College Slice

teledildoOoOonics

Splicer
Oct 16, 2006

from hell's heart I stab at thee

Acer Pilot posted:

The network traffic is going into my butt
Check for logs

filthy regex
Oct 1, 2010

s/ (. Y .) / 8==D~~ /g


something something packet sniffer

Agile Vector
May 21, 2007

scrum bored




College Slice

filthy regex posted:

something something packet sniffer

deep packet inspection

Jonny 290
May 5, 2005




[ASK] me about OS/2 Warp


ring network

Carthag Tuek
Oct 15, 2005

Tider skal komme,
tider skal henrulle,
slægt skal følge slægters gang




Jonny 290 posted:

ring network

musta bounced off the moon or somethin

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


transmission control prostate

ZeusCannon
Nov 5, 2009

BLAAAAAARGH PLEASE KILL ME BLAAAAAAAARGH

Grimey Drawer

flakeloaf posted:

your crotch is broadcasting an angry email ghost

SlowBloke
Aug 14, 2017


Hed posted:

I got some Yubikeys to gently caress around with. Does anyone actually use these widespread at their work? Or smartcards at all?

FIDO2 is cool but you can also do PKI with them without leaving private certs around--but I'll admit I very rarely hear people talking about s/mime and client certs these days.

If your firm is a windows shop on hybrid or azure ad join, they are the quickest and simplest way to go passwordless. Microsoft authenticator will work only on web sessions and not windows logins. The main component of a yubikey for current tech is the fido2/webauthn part, the rest is only to make it work with legacy tech.

BlankSystemDaemon
Mar 13, 2009

System Access Node
Not Found:ins:




Captain Foo posted:

transmission control prostate

Fart Sandwiches
Apr 3, 2006



Splicer posted:

Check for logs

lmao

Quackles
Aug 11, 2018

Pixels of Light.




Captain Foo posted:

transmission control prostate

tee cee pee?

HELLOMYNAMEIS___
Dec 29, 2007



https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


lol. more impressive is that norton now owns avast and avira. they should grab avg to round out the a-group of free av vendors

spankmeister
Jun 15, 2008








Microsoft is the only relevant A-list AV vendor tbh

Quackles
Aug 11, 2018

Pixels of Light.




Well, we know Norton will never buy Kaspersky... :v:

infernal machines
Oct 11, 2012

ask your pharmacist if tarsier-ashpool is right for you


spankmeister posted:

Microsoft is the only relevant A-list AV vendor tbh

when i wrote "a-group" i was referring to names that start with the letter "a", not a comment on the quality of the product (they're all poo poo)

akadajet
Sep 14, 2003



spankmeister posted:

Microsoft is the only relevant A-list AV vendor tbh

it’s as useless as everything else and slows down builds

cinci zoo sniper
Mar 14, 2013



has been at least two weeks since an npm post

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

quote:

The developer behind popular open-source NPM libraries 'colors' (aka colors.js on GitHub) and 'faker' (aka 'faker.js' on GitHub) intentionally introduced mischievous commits in them that are impacting thousands of applications relying on these libraries.




The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.

"Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it.

evil_bunnY
Apr 2, 2003



Amazing and entirely predictable.

duz
Jul 11, 2005

Come on Ilhan, lets go bag us a shitpost




mischievous commits? he deleted the source code because he didn't want to support it anymore
its not like it no longer exists anywhere else

Flagrama
Jun 19, 2010



Lipstick Apathy

Originally he implemented an infinite loop in the main javascript file.

duz
Jul 11, 2005

Come on Ilhan, lets go bag us a shitpost




maybe people will learn to not just blindly update dependencies, i say about what might be the worst package manager

Blinkz0rz
May 27, 2001

MY CONTEMPT FOR MY OWN EMPLOYEES IS ONLY MATCHED BY MY LOVE FOR TOM BRADY'S SWEATY MAGA BALLS


duz posted:

maybe people will learn to not just blindly update dependencies, i say about what might be the worst package manager

but like name any other package manager where this couldn't have happened

hobbesmaster
Jan 28, 2008



Blinkz0rz posted:

but like name any other package manager where this couldn't have happened

uh, any that you host and sign yourself?

cinci zoo sniper
Mar 14, 2013



Blinkz0rz posted:

but like name any other package manager where this couldn't have happened

any language where it’s not common to import an external dependencies called e.g. “isequal” or “reverse_string”

Clark Nova
Jul 17, 2004



I hope he gets his six figgie contract :kiddo:

Blinkz0rz
May 27, 2001

MY CONTEMPT FOR MY OWN EMPLOYEES IS ONLY MATCHED BY MY LOVE FOR TOM BRADY'S SWEATY MAGA BALLS


cinci zoo sniper posted:

any language where it’s not common to import an external dependencies called e.g. “isequal” or “reverse_string”

that's just more exposure. beyond self-hosted as hobbesmaster mentioned, any package manager where the uploaded packages aren't audited would suffer from this exact same issue. it's literally a feature of package managers that a new version can be distributed by the package owner.

doesn't help idiots who don't pin or vendor their dependencies but that's an issue across every public package manager

Blinkz0rz
May 27, 2001

MY CONTEMPT FOR MY OWN EMPLOYEES IS ONLY MATCHED BY MY LOVE FOR TOM BRADY'S SWEATY MAGA BALLS


Clark Nova posted:

I hope he gets his six figgie contract :kiddo:

lol maybe not

https://twitter.com/zkat__/status/1480207003867877379

A Man With A Plan
Mar 29, 2010


Fallen Rib

My main feeling is that if you want to be paid for your coding you probably shouldn't license it under the licenses that allow someone else to profit off it without paying you

Kazinsal
Dec 13, 2011




A Man With A Plan posted:

My main feeling is that if you want to be paid for your coding you probably shouldn't license it under the licenses that allow someone else to profit off it without paying you

for real lol

*licenses software under a permissive license* what do you mean corporations are abiding by the terms of the license my software is under? this is so unfair

Kitfox88
Aug 20, 2007






:yikes:

carry on then
Jul 10, 2010



he's actively comparing himself lol. also this seems really dirty on github's part

https://twitter.com/marak/status/1479200803948830724

Subjunctive
Sep 12, 2006

sparkle and shine



he got really pissed off a while ago because there was a company (maybe 2?) who were selling what was basically his library behind a trivial API and wouldn’t give him a contract for support (but would file bugs and requests, I believe). a company I was previously associated with looked into “acquiring” him and his library, but, uh, it didn’t work out

I’m not too sad, because my sense is that a) he would have been a real handful and b) he would have reported to me so no thanks

Subjunctive
Sep 12, 2006

sparkle and shine



that’s bullshit by GitHub, I agree

Kazinsal
Dec 13, 2011




lol the rabbit hole goes deeper

https://twitter.com/cubeghost/status/1480233259527286794?s=21

carry on then
Jul 10, 2010



haha wow

Menacer
Nov 25, 2000
Failed Sega Accessory Ahoy!

yeah like 3 posts down on his twitter he's using the gamergate hashtag. oh boy.

Adbot
ADBOT LOVES YOU

rjmccall
Sep 7, 2007

no worries friend

Fun Shoe

even ignoring that he's apparently an idiot, if the dude intentionally replaced his package with defective code / arguable malware, i can understand why npm would have to take action

github would be totally within their rights to kick him off their platform, but shutting down his access while keeping his accounts up seems legally shaky unless they're saying they though he'd been hacked or somethng. they have the right to continue to share his code, but he probably has a recognizable right to control things done under his name that would supersede github's terms of use

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply