Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Shame Boy
Mar 2, 2010

lol apparently there's a .properties tld and java will helpfully look for your .properties file as a URL in some cases now

there's a few spring config files that are registered already as domains, and a few real fuckin' juicy ones I can think of that don't appear to be registered yet

Adbot
ADBOT LOVES YOU

sb hermit
Dec 13, 2016





You know, it kinda made sense to type in a dot-com tld but who the hell is going to go on the radio or a pa system or whatever with a dot properties URL?

quote:

And a big thanks to today's generous sponsor, betterly properties! Extract more wealth from potential tenants with their proprietary intelligence system. Get a free quote from b-e-t-t-e-r-l-y-dot-p-r-o-p-e-r-t-i-e-s slash monster dash trucks.

of course, someone will probably misspell properties or whatever but it doesn't matter because no one's typing that poo poo in anyway... they'll probably just google it and go to the first link which will be a phishing scam, placed on top thanks to unchecked malicious advertising

NoneMoreNegative
Jul 20, 2000
GOTH FASCISTIC
PAIN
MASTER




shit wizard dad

brb registering yosp.horse

Wild EEPROM
Jul 29, 2011


oh, my, god. Becky, look at her bitrate.
theres one way to piss off everyone at once

keep all those dumb tlds but only make then work if you have a url with https://www.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD


good luck everyone https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

RokosCockatrice
Feb 19, 2004

I have a lot of points to make and I will make them later.
Not that aiohttp is the most popular framework out there, but it certainly doesn't help when you're forced to use it on the same day that https://docs.aiohttp.org and https://aio-libs.org get domain squatted

Boner Wad
Nov 16, 2003

Shame Boy posted:

lol apparently there's a .properties tld and java will helpfully look for your .properties file as a URL in some cases now

there's a few spring config files that are registered already as domains, and a few real fuckin' juicy ones I can think of that don't appear to be registered yet

is it Java or some third party library? I am interested

Shame Boy
Mar 2, 2010

Boner Wad posted:

is it Java or some third party library? I am interested

not entirely sure. i know spring is involved, but it's second-hand from someone else who dealt with it at their work just recently (when it unexpectedly took down production lol) so idk

4lokos basilisk
Jul 17, 2008


isn't that the sort of thing that was at the heart of the log4j fiasco? i.e. java brains thinking that it's cool and good to fetch some stuff from remote hosts and deserializing it

Quackles
Aug 11, 2018

Pixels of Light.


4lokos basilisk posted:

isn't that the sort of thing that was at the heart of the log4j fiasco? i.e. java brains thinking that it's cool and good to fetch some stuff from remote hosts and deserializing it

Yep. Log4j wasn't a bug, it was working as designed (fetching and eval()ing code from a remote address). It was just a case of the design being utterly counterproductive for anyone who doesn't still live in the 90s.

nudgenudgetilt
Mar 18, 2003

it scratches that "oddly satisfying" itch
it's a good thing no modern languages handle dependencies by letting you import from random git repos at compile time

Quackles
Aug 11, 2018

Pixels of Light.


nudgenudgetilt posted:

it's a good thing no modern languages handle dependencies by letting you import from random git repos at compile time

...are we talking about JS, or Python, or

spankmeister
Jun 15, 2008






compile? sorry I code close to the metal

BattleMaster
Aug 14, 2000

Quackles posted:

...are we talking about JS, or Python, or

I think node.js is the most stereotypical implementation of "downloads 10 dozen libraries at compile time, most of which contain like two lines of code or are just a bunch of constants for hex color representations, and 3 of which get deleted and subsequently squatted upon by a malware author every year"

nudgenudgetilt
Mar 18, 2003

it scratches that "oddly satisfying" itch
i was actually talking about go...


on the bright side, go does have decent dependency verification at this point, but from the start it was literally import from rando git repos

rjmccall
Sep 7, 2007

no worries friend
Fun Shoe
log4shell had multiple levels. the primary problem was that the lookups feature parsed the formatted log message, not the format string, so it would recognize metacharacters in any data embedded in the message. i donít think that was by design, just incompetence, though maybe someone had a kickiní rad metaprogramming justification for it. the secondary problem was that one of the things you could put in a lookup was an ldap resource, which could do a remote class file load. that part was by design

raminasi
Jan 25, 2005

a last drink with no ice
win11 has played much nicer with multiple audio devices than win10 did for me

Soricidus
Oct 21, 2010
freedom-hating statist shill

raminasi posted:

win11 has played much nicer with multiple audio devices than win10 did for me

could this finally be the year of windows on the desktop

Adbot
ADBOT LOVES YOU

Volmarias
Dec 31, 2002

I'm sure I'll think of something.

Soricidus posted:

could this finally be the year of windows 11 on the desktop

fixed, and no.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply