|
Paper OTP tokens? Something like https://privacyidea.readthedocs.io/en/v2.22/configuration/tokens/paper.html edit: comedy answer http://www.ranum.com/security/computer_security/papers/otp-faq/ bonus for non HTTPS page. Oysters Autobio fucked around with this message at 04:50 on Sep 6, 2023 |
#
?
Sep 6, 2023 04:47
|
|
|
|
| # ? May 15, 2024 06:10 |
|
|
i am a moron posted:Was extremely annoyed when I went to pay the $40. Their website had a ‘pay random amount’ option that let you input any number you wanted. I paid the entire thing in 50 cent increments in the hopes there’s some floor for credit card processing fees and that the whole thing cost them more than they made. Y’all don’t know poo poo about HIPAA and your app sucks gently caress you actual cyberpunk
|
|
#
?
Sep 6, 2023 05:15
|
|
|
https://your.mom
|
|
#
?
Sep 6, 2023 05:45
|
|
|
Lysidas posted:yeah what is the best way to do this thats most accessible people who arent technically inclined? "What now? I don't know what code you're talking about, why do I need a secret code anyway, it's my spouse! Why won't you just tell me what I need to know! Oh, is that so? Well I wonder what the ombudsman will say about th- you can? Great! That wasn't so hard, was it?" It's 100% going to be SMS based auth codes if they even do require a code.
|
|
#
?
Sep 6, 2023 06:00
|
|
|
from the big outage of Air Traffic Control in the UK the other day:quote:The problems began when a flight plan was received at the Nats headquarters in Swanwick, Hampshire, containing duplicate waypoints — five-letter capitalised words that are used to navigate aircraft — that made the system believe the plane would leave UK airspace prior to entering it. OK that does seem like a pretty one-off type of scenario, but having the whole system go into Safe Mode and not be accessible from it seems excessive..?
|
|
#
?
Sep 6, 2023 09:29
|
|
|
at least we can rule out any cyber
|
|
#
?
Sep 6, 2023 09:32
|
|
|
is it just me or is that explanation utter gibberish?
|
|
#
?
Sep 6, 2023 10:05
|
|
|
Shaggar posted:the guardian is right to be wary because this is exactly how every spam call scam works. In the end its an intractable problem. A provider cant give information out to whoever they call cause of patient privacy and the patient shouldnt give information to whoever calls because of their own privacy. use challenge/response keys like in the Bourne Identity, also you can then indicate if you're under duress
|
|
#
?
Sep 6, 2023 10:38
|
|
|
Oneiros posted:is it just me or is that explanation utter gibberish? it's someone trying to explain code in low-level detail without using too many big words. not really sure why they bothered but i guess some exec needed reassurance that it was just a software fuckup and not a malicious cyber attack, and then insisted that they put that reassurance in the press release. the relevant information is that: - pilots use waypoints - these waypoints have 5-letter names - waypoint names are not globally unique (they just need to sound different from any nearby waypoints they could be confused with) - the software barfed when given a route that went through two waypoints with the same name
|
|
#
?
Sep 6, 2023 11:14
|
|
|
specifically the "In such an eventuality the system begins searching for the nearest point beyond the UK exit point. This was also not present. The software therefore moved on to the next waypoint. This search was successful, although it had found the duplicate waypoint." is what doesn't make any sense. ok, there are two waypoints in the list with the same "id" sure. it can't find an exit point from the uk searching backwards from the end of the flight plan so it just selects the next waypoint from the entry point which has a duplicate id and is also four thousand km away? if i squint i can kinda make out what happened but it requires so many awful design decisions and total fuckups of error handling that it kinda boggles the mind
|
|
#
?
Sep 6, 2023 11:24
|
|
|
ye, i get that it's a journalist trying to relay the details of an algorithm described to them but even given that it sounds hosed
|
|
#
?
Sep 6, 2023 11:29
|
|
|
i mean it sounds like there's one bad decision (to use waypoint names as unique keys) that was probably made forty years ago, and mostly doesn't cause problems in practice (since waypoint names probably are actually unique within the uk), and everything else kinda just follows from that
|
|
#
?
Sep 6, 2023 11:32
|
|
|
yeah this is someone explaining a deeply nested set of conditionals and I assume regexs. I'm gonna talk about this at work because our problem space involves parsing flat files into structured data and tossing it into a complex set of conditionals. it's a good example of why you need robust test data and need to validate inputs and why you need to think about the consequences of failing closed versus failing open. no doubt some guy squinted at some conditional indented into his coworkers screen and said "there's no way anything legit gets here, just shut the whole thing down".
|
|
#
?
Sep 6, 2023 11:52
|
|
|
from what i can put together it's basically looking at a list of waypoints like aaa - bbb - ccc -|- ddd - eee - ffff -|- ggg - hhh - iii - ddd - jjj each waypoint code either represents a totally unique positional reference in which case somebody planning the flight hosed up and validations failed or may in fact be a member of a completely different coordinate system but whatever the system crawls the list up to ddd where it determines the flight plan has entered the u.k.'s airspace the system then goes thru the list backwards until it hits another ddd waypoint upon which it thinks it has gotten back into u.k. airspace. since it thinks the exit point it found is the same as the entry based on the id it just bumps the exit point up one node to jjj. except jjj is four thousand miles from the first ddd so at this point some sanity check catches it and then the whole system degrades to "safe mode" because ¯\_(ツ)_/¯ i'd loving fail a freshman cs assignment for this poo poo
|
|
#
?
Sep 6, 2023 11:56
|
|
|
but ye thisuninterrupted posted:no doubt some guy squinted at some conditional indented into his coworkers screen and said "there's no way anything legit gets here, just shut the whole thing down". this is why you always validate/sanitize your inputs at the boundary between where you don't give a gently caress and give a gently caress
|
|
#
?
Sep 6, 2023 12:00
|
|
|
trying to recover from unexpected errors is often extremely difficult and fragile, largely impossible to test and hard to design. failing visibly and as completely as is necessary to not risk having some lingering issue is cool and good.
|
|
#
?
Sep 6, 2023 12:08
|
|
|
nah, if your air traffic control system's response to someone submitting a "malformed" flight plan is to completely shut down an entire loving country's air travel for a day then literally ever single person involved should be bared from touching computers (or managing computer touchers) again. there were undoubtably human process issues as well and every single person involved in those decisions should be finding new work as well.
|
|
#
?
Sep 6, 2023 12:19
|
|
|
Cybernetic Vermin posted:trying to recover from unexpected errors is often extremely difficult and fragile, largely impossible to test and hard to design. failing visibly and as completely as is necessary to not risk having some lingering issue is cool and good. Oneiros posted:nah, if your air traffic control system's response to someone submitting a "malformed" flight plan is to completely shut down an entire loving country's air travel for a day then literally ever single person involved should be bared from touching computers (or managing computer touchers) again. the two genders fake edit this is exactly why it's a good example. the definition of "fail as visibly and completely as necessary" is a business logic problem, and varies wildly between air control systems, and fart apps, and artificial hearts, and payments. poo poo from 2021 to 2023 broken auth went from the top issue to the top 5 issues because these are hard requirements to nail down.
|
|
#
?
Sep 6, 2023 12:38
|
|
|
Oneiros posted:nah, if your air traffic control system's response to someone submitting a "malformed" flight plan is to completely shut down an entire loving country's air travel for a day then literally ever single person involved should be bared from touching computers (or managing computer touchers) again. there were undoubtably human process issues as well and every single person involved in those decisions should be finding new work as well. This isn't that constructive. It's effectively saying "welp, no way to learn from mistakes, start over from square one." If this were the position companies actually took, this wouldn't result in anything but an even quicker race to the bottom as companies replaced their semi-experienced engineers with even more unqualified candidates. But hey, good excuse to pay a whole lot of people a whole lot less for even lower quality.
|
|
#
?
Sep 6, 2023 12:41
|
|
|
Half-wit posted:This isn't that constructive. what's not constructive is cancelling a thousand flights and hundreds of thousands of peoples' travel plans because you can't work out error handling
|
|
#
?
Sep 6, 2023 12:52
|
|
|
Oneiros posted:nah, if your air traffic control system's response to someone submitting a "malformed" flight plan is to completely shut down an entire loving country's air travel for a day then literally ever single person involved should be bared from touching computers (or managing computer touchers) again. there were undoubtably human process issues as well and every single person involved in those decisions should be finding new work as well. i hope you do understand that air traffic control is super duper risk averse and if the operators could go "well something is fucky but lets continue nevertheless" this could very much end up with tons of civilian casualties my assumption is that stuff like this was developed and tested during the time where you could fly over russia, and now due to rerouting of the flights over the arctic you can very well have two identically named waypoints that happen to be pretty much on the other side of the world and also next to each other on the itinerary
|
|
#
?
Sep 6, 2023 12:52
|
|
|
4lokos basilisk posted:i hope you do understand that air traffic control is super duper risk averse and if the operators could go "well something is fucky but lets continue nevertheless" this could very much end up with tons of civilian casualties being risk averse in such a critical system good. taking the whole system down instead of rejecting a "bad" flight plan is not
|
|
#
?
Sep 6, 2023 12:56
|
|
|
It was an unanticipated error scenario. Why should they assume that such a scenario is always contained to the flight plan for which it triggers, and not a symptom of a wider-reaching problem?
|
|
#
?
Sep 6, 2023 13:08
|
|
|
Slashrat posted:It was an unanticipated error scenario. Why should they assume that such a scenario is always contained to the flight plan for which it triggers, and not a symptom of a wider-reaching problem? they trusted it for the other fifteen million flight plans they processed. could a cosmic ray have flipped a critical bit and now every single flight is suspect or could maybe their input validations have a gap?
|
|
#
?
Sep 6, 2023 13:12
|
|
|
Somebody must have thought the only way to get into that condition was a fuckup in the navpoint database and I think that might justify a system pause.
|
|
#
?
Sep 6, 2023 13:15
|
|
|
Guy Axlerod posted:Somebody must have thought the only way to get into that condition was a fuckup in the navpoint database and I think that might justify a system pause. possibly, tho i suspect that they just trusted any input to the system at that point / from that access point and just did not have any decent error handling
|
|
#
?
Sep 6, 2023 13:24
|
|
|
i mean, does your take boil down to "they should have just thought of everything", with the rider "they should fire the people working on it to hire some that would think of everything a bit harder"? otherwise one does have to face the question of how to react to a truly unanticipated failure in some way.
|
|
#
?
Sep 6, 2023 13:31
|
|
|
if by "thought of everything" you mean "maybe the data we're ingesting from an external system isn't to be trusted" and that error handling of an individual flight plan should mean something other than SHUT EVERYTHING DOWN, sure but i know a lot of computer touchers paid with funny money are allergic to ever facing consequences for their actions
|
|
#
?
Sep 6, 2023 13:38
|
|
|
guarantee you that if things had failed open in a way that caused injury or loss of life, the same person currently employing their 20/20 hindsight to declare that everyone involved is A Huge Fuckup That Should Be Fired And Permanently Banned From Working With Computers would still be declaring that it was a huge fuckup and the system should instead have been designed to fail safe the only real difference is that in that scenario they'd be right
|
|
#
?
Sep 6, 2023 13:42
|
|
|
this is why business logic is an ongoing problem. say you've got a pacemaker. pacemaker needs to deliver shocks based on rules passed to it by a config. that config is checked against, whatever, an ongoing EKG and drops shocks accordingly. what's a good failure state? it stops running? it drops a shock every x minutes? can you even have an alarm blare on a pacemaker? do you get an email that your heart is dying? ideal world, the pacemaker has some rules at the config change, where it rejects rules like "shock whenever heart rate is above 0" and keeps the old config. but also it should keep a log of old readings, and fail the same way if the new rules would make it shock a heart 1000% more than previous in an hour. ALSO it should have some failsafe mechanism, where if it has a default mode it can fail to where it's delivering the minimal shocks needed to keep someone alive when some boundary has been crossed in BP/HR/whatever. it's not just a matter of "fail open or fail closed", it's a matter of "where can we afford to fail" and "how do we isolate where we can fail with minimal repercussions and beat the absolute poo poo out of the data we will be processing" and "how do we know we are in the critical flow where failing means a corpse" and "how we handle being at a critical point where there's a non-zero chance a bug is murdering this patient". im sure someone who's worked with embedded medical devices would say this is woefully incomplete, but the point is failure stakes are high here. and they're very different from whether or not your next tinder match had the same id as the previous one. actual edit: and the reason this is such a motherfucker is tools can't find this out of the box. insecure dependencies? Toss ECR and dependabot at your poo poo, they'll find all of it. insecure cryptography? most SAST will scream if you add "skip ssl check" options. most well used lib that touch sql will have basic sqli controls, along with sast behind it. business logic is the one thing where devsecopsproduct need to actually talk about poo poo that can go wrong and put up hand-crafted guardrails. uninterrupted fucked around with this message at 13:57 on Sep 6, 2023 |
|
#
?
Sep 6, 2023 13:47
|
|
|
yes, loving up in a completely different way is exactly the same. what an amazing observation. you win.
Oneiros fucked around with this message at 13:50 on Sep 6, 2023 |
|
#
?
Sep 6, 2023 13:47
|
|
|
Oneiros posted:yes, loving up in a completely different way is completely different. what an amazing observation. you win. it's not completely different. you need to choose how you handle unanticipated failures. (if you try to say "i will just anticipate everything" instead of making a choice then you're an idiot, lol. and you're just choosing to handle them in an arbitrary and unpredictable fashion.)
|
|
#
?
Sep 6, 2023 13:50
|
|
|
tbf i feel like provably handling every possible input sanely when the inputs are as well-defined as they are in this case isn't actually out of the question, especially with the timescales and budgets allotted to safety-critical systems like ATC
|
|
#
?
Sep 6, 2023 13:54
|
|
|
the "unanticipated failure" here is that someone submitted a flight plan that does not make sense (according to the algorithm we have for analyzing these things) do you a) reject the flight plan b) cancel most of the flights scheduled that day if you answer b congratulations, you have a bright future in government contracts
|
|
#
?
Sep 6, 2023 13:57
|
|
|
they forgot to use waypoint_real_escape_string() and this is what happened
|
|
#
?
Sep 6, 2023 14:00
|
|
|
Sounds like we don’t have enough information to determine if this was actually correct error handling or not. Industry experts do think it’s abnormal to shut down automated ATC for an invalid flight plan, but the company that made the software thinks they handled the error correctly:quote:https://www.theguardian.com/world/2023/aug/30/uk-air-traffic-control-failure-what-caused-it-and-who-will-have-to-pay
|
|
#
?
Sep 6, 2023 14:01
|
|
|
Shame Boy posted:tbf i feel like provably handling every possible input sanely when the inputs are as well-defined as they are in this case isn't actually out of the question, especially with the timescales and budgets allotted to safety-critical systems like ATC i doubt the inputs are well defined because you probably have neat boeing 747 flight plans and then you also need to handle rando cessna enthusiast flight plans that might not be as rigorously formatted like whatever automated system that ingests the flight plans has to be super compatible with everything and i also believe was last updated in the 90s by some greybeards which means that it has been somehow kept running ever since
|
|
#
?
Sep 6, 2023 14:02
|
|
|
Trabisnikof posted:Sounds like we don’t have enough information to determine if this was actually correct error handling or not. Industry experts do think it’s abnormal to shut down automated ATC for an invalid flight plan, but the company that made the software thinks they handled the error correctly: company that makes the software says that actually everything is fine. no problems here.
|
|
#
?
Sep 6, 2023 14:10
|
|
|
i don't even own a radar  atc in my country uses radio and paper flight strips. the recent attempt to implement some software solution was a garbage fire. and still no in-country radar
|
|
#
?
Sep 6, 2023 14:12
|
|
|
|
| # ? May 15, 2024 06:10 |
|
|
4lokos basilisk posted:i doubt the inputs are well defined because you probably have neat boeing 747 flight plans and then you also need to handle rando cessna enthusiast flight plans that might not be as rigorously formatted just going by the description i'm assuming the actual file format is parsed at a lower level and not at "the machine that controls the entirety of UK airspace" level, and we're not just dealing with "someone sent in an XML file but forgot to escape a <" or whatever. i mean maybe not but it sounds like this is an actual logic problem with a big list of waypoints that are otherwise valid (as in they're real waypoints submitted in a valid format that only causes a problem once it starts trying to connect them together) and that kind of thing seems like the sort of well-defined problem space you absolutely can account for every possibility in, or even formally verify
|
|
#
?
Sep 6, 2023 14:13
|
|