|
lol apparently there's a .properties tld and java will helpfully look for your .properties file as a URL in some cases now there's a few spring config files that are registered already as domains, and a few real fuckin' juicy ones I can think of that don't appear to be registered yet
|
#
?
Jun 1, 2023 06:37
|
|
|
|
| # ? Jun 5, 2023 00:03 |
|
|
You know, it kinda made sense to type in a dot-com tld but who the hell is going to go on the radio or a pa system or whatever with a dot properties URL?quote:And a big thanks to today's generous sponsor, betterly properties! Extract more wealth from potential tenants with their proprietary intelligence system. Get a free quote from b-e-t-t-e-r-l-y-dot-p-r-o-p-e-r-t-i-e-s slash monster dash trucks. of course, someone will probably misspell properties or whatever but it doesn't matter because no one's typing that poo poo in anyway... they'll probably just google it and go to the first link which will be a phishing scam, placed on top thanks to unchecked malicious advertising
|
|
#
?
Jun 1, 2023 06:51
|
|
|
brb registering yosp.horse
|
|
#
?
Jun 1, 2023 11:58
|
|
|
theres one way to piss off everyone at once keep all those dumb tlds but only make then work if you have a url with https://www.
|
|
#
?
Jun 1, 2023 14:52
|
|
|
good luck everyone https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
|
|
#
?
Jun 1, 2023 14:52
|
|
|
Not that aiohttp is the most popular framework out there, but it certainly doesn't help when you're forced to use it on the same day that https://docs.aiohttp.org and https://aio-libs.org get domain squatted
|
|
#
?
Jun 1, 2023 15:14
|
|
|
Shame Boy posted:lol apparently there's a .properties tld and java will helpfully look for your .properties file as a URL in some cases now is it Java or some third party library? I am interested
|
|
#
?
Jun 3, 2023 21:33
|
|
|
Boner Wad posted:is it Java or some third party library? I am interested not entirely sure. i know spring is involved, but it's second-hand from someone else who dealt with it at their work just recently (when it unexpectedly took down production lol) so idk
|
|
#
?
Jun 3, 2023 21:40
|
|
|
isn't that the sort of thing that was at the heart of the log4j fiasco? i.e. java brains thinking that it's cool and good to fetch some stuff from remote hosts and deserializing it
|
|
#
?
Jun 3, 2023 21:45
|
|
|
4lokos basilisk posted:isn't that the sort of thing that was at the heart of the log4j fiasco? i.e. java brains thinking that it's cool and good to fetch some stuff from remote hosts and deserializing it Yep. Log4j wasn't a bug, it was working as designed (fetching and eval()ing code from a remote address). It was just a case of the design being utterly counterproductive for anyone who doesn't still live in the 90s.
|
|
#
?
Jun 3, 2023 22:34
|
|
|
it's a good thing no modern languages handle dependencies by letting you import from random git repos at compile time
|
|
#
?
Jun 3, 2023 22:35
|
|
|
nudgenudgetilt posted:it's a good thing no modern languages handle dependencies by letting you import from random git repos at compile time ...are we talking about JS, or Python, or
|
|
#
?
Jun 3, 2023 22:38
|
|
|
compile? sorry I code close to the metal
|
|
#
?
Jun 3, 2023 22:38
|
|
|
Quackles posted:...are we talking about JS, or Python, or I think node.js is the most stereotypical implementation of "downloads 10 dozen libraries at compile time, most of which contain like two lines of code or are just a bunch of constants for hex color representations, and 3 of which get deleted and subsequently squatted upon by a malware author every year"
|
|
#
?
Jun 3, 2023 23:04
|
|
|
i was actually talking about go... on the bright side, go does have decent dependency verification at this point, but from the start it was literally import from rando git repos
|
|
#
?
Jun 3, 2023 23:10
|
|
|
log4shell had multiple levels. the primary problem was that the lookups feature parsed the formatted log message, not the format string, so it would recognize metacharacters in any data embedded in the message. i don’t think that was by design, just incompetence, though maybe someone had a kickin’ rad metaprogramming justification for it. the secondary problem was that one of the things you could put in a lookup was an ldap resource, which could do a remote class file load. that part was by design
|
|
#
?
Jun 3, 2023 23:32
|
|
|
win11 has played much nicer with multiple audio devices than win10 did for me
|
|
#
?
Jun 4, 2023 00:30
|
|
|
raminasi posted:win11 has played much nicer with multiple audio devices than win10 did for me could this finally be the year of windows on the desktop
|
|
#
?
Jun 4, 2023 12:42
|
|
|
|
| # ? Jun 5, 2023 00:03 |
|
|
Soricidus posted:could this finally be the year of windows 11 on the desktop fixed, and no.
|
|
#
?
Jun 4, 2023 19:36
|
|
