|
til that pippin (a ppc 603) ran 68k boot code the thing was really such a mess that it is sort of hard to get excited for the crack, it was so half-hearted in every way. the write-up is interesting though, and not like i have a pippin anyway :p
|
#
¿
May 6, 2019 17:55
|
|
|
|
| # ¿ May 25, 2022 16:51 |
|
|
this is definitely more 'lol amd' than 'lol lennart' at any rate
|
|
#
¿
May 8, 2019 17:33
|
|
|
Lysidas posted:so is this a staged rollout for different models? nothing new available for x1 carbons 3rd and 6th gen afaict from what i understand nothing is supposed to be available yet and we only know something exists because that one leaked (that may have changed though, or, as likely, I've misunderstood)
|
|
#
¿
May 9, 2019 19:06
|
|
|
just buy her an account
|
|
#
¿
May 16, 2019 18:33
|
|
|
Soricidus posted:goon project: let’s make a good encrypted chat app with a full set of forums smileys, native clients for windows, linux console, and amiga, amber/green stylesheets, and a goon-made encryption algorithm that you can actually trust not to have any nsa backdoors counterpoint, the just post thread is here: https://forums.somethingawful.com/showthread.php?threadid=3885452
|
|
#
¿
May 16, 2019 19:44
|
|
|
jre posted:Huge amounts of hotel booking websites ultimately fax your card details to the front desk fax machine it is sort of key to credit cards precisely that your liability is limited to leave it up to the merchants and credit card company to fight out how to keep things reasonably balanced ease/safety
|
|
#
¿
May 18, 2019 12:52
|
|
|
Soricidus posted:i can't decide whether to predict minix or gnu hurd minix is running on more pc's than linux does by a substantial margin, so it is the more proven choice. Cybernetic Vermin fucked around with this message at 08:52 on May 29, 2019 |
|
#
¿
May 29, 2019 08:49
|
|
|
that's what microsoft gets for selling out and adding unix line ending support to notepad
|
|
#
¿
Jun 4, 2019 12:43
|
|
|
Jabor posted:i mean, notepad does do text layout (break into lines, tab spacing, etc.), and unicode that and microsofts recent updating of it (broader encoding support, different line ending support, long path support, etc.) has indeed replaced a lot of that plumbing. so he is most likely teasing a bug in the newer versions of the components notepad uses.
|
|
#
¿
Jun 4, 2019 17:33
|
|
|
yeah, in principle there can be malware in the uefi firmware or bios, but as the only way to fix that is to toss the laptop and not get a new one (as the new one may have it too) it is not very helpful info. ideally do a full format and reinstall, but whatever reset-to-factory-image is offered up by hp is *probably* sufficient. there is a lot of stuff malware *could* do to be incredibly well-hidden and persistent, but as the actual reformat is such a rare event in the life of a piece of consumer-grade malware i don't think many bother to try very hard.
|
|
#
¿
Jun 5, 2019 14:56
|
|
|
while the general thrust of this argument is true microsoft did in fact crack down on the use of this uefi hook for loading software
|
|
#
¿
Jun 5, 2019 16:09
|
|
|
besides, the nsa already lives in your intel me install.
|
|
#
¿
Jun 5, 2019 16:24
|
|
|
i originally found thompsons 'trusting trust' talk (you know the ones, the impossibility of figuring out a backdoor inserted by a compiler by source inspection), but it comes up pretty often in this kind of conversation: yeah, no poo poo, you can't trust anything. your intel-based laptop comes with three operating systems installed, and you can only have an effect on the one that is least trusted and loads last.
|
|
#
¿
Jun 5, 2019 16:28
|
|
|
weeeell, i don't doubt that local government does indeed struggle with security for reasons not entirely in their control, and in fact agree that the culture around the ongoing security catastrophy we all inhabit is part of the problem.
|
|
#
¿
Jun 13, 2019 16:55
|
|
|
duz posted:its purely a cost issue well, that is one read, but there may need to be a larger shift in approach, it might not be reasonable to expect that "security expertise" should be a funded line item in every budget, while e.g. the local school children go hungry not to lay the blame at the feet of security professionals, but the framing of the problem is not good.
|
|
#
¿
Jun 13, 2019 17:57
|
|
|
either way the nsa can no doubt get their primary work done by hacking on a higher level, and may be worried primarily about the black box nature of the preloaded uefi stuff loaded in locations outside nsa control.
|
|
#
¿
Jun 22, 2019 13:27
|
|
|
Boiled Water posted:in secfuck of yester-week: the highest danish court of justice ruled on a case of “what happens when you’re defrauded of your digital signature credentials?” same issue in sweden, despite the system being slightly more careful using a 2fa app which will display a reason-for-approval-request thing (e.g. "approve transfer of xxx kronor", "sign document xyz"). i think it helps, but getting old people on the phone is of course as always enough for at least some success-rate. i have to think also that android malware will target this stuff a lot harder as time goes on, which will turn into a real shitshow.
|
|
#
¿
Jun 25, 2019 10:32
|
|
|
Boiled Water posted:China is at best a police state, the us is not really loving arguable on a broader level, the us will happily dissappear foreign 'obstacles' at the drop of a hat.
|
|
#
¿
Jun 28, 2019 10:25
|
|
|
also if you're doing regular videocalls in the office it is worth it picking up a cheap logitech webcam and placing it properly. they vastly outperform whatever you get builtin, for both checking your nostrils and playacting being the smoking man.
|
|
#
¿
Jun 29, 2019 16:07
|
|
|
didn't know and a bit struck by this info, so still a good post for me
|
|
#
¿
Jul 13, 2019 15:46
|
|
|
CRIP EATIN BREAD posted:its amazing that Linus still has control over the kernel even though so many gigantic corporations depend on it's existence. the gigantic corporations don't run a linus-blessed kernel, and have no intent of doing so. in practical effect redhat controls the kernel that is used.
|
|
#
¿
Jul 18, 2019 11:32
|
|
|
i presume taviso's point is that they reported before business open day 1 and disclosed after business close on day 90 or some such, but since afaik we don't know that the public snark was pretty uncalled for.
|
|
#
¿
Aug 14, 2019 11:25
|
|
|
Shaggar posted:seems like that would be useful in the world of android where no handset is guaranteed to have the same standard underlying system. yeah, unfortunately this seems a really legitimate and necessary thing to do for a company suffering to make a stable of apps run on every handset in existence.
|
|
#
¿
Aug 31, 2019 08:53
|
|
|
i can't claim they have the *right*, but i can very easily see myself making the same decision. the metadata is bound to be trash on a non-trivial number of handsets, and if the library doesn't match any fingerprint you've seen before, and your apps are crashing and the users are livid, you'll need to get this stuff out to figure out what the gently caress the platform you're trying to run on even is. might not be quite right, but i also don't see much of an ethical problem in this. system libraries isn't very private info, and you are grabbing it from users who are agreeing to be fingerprinted in an actually personal way already.
|
|
#
¿
Aug 31, 2019 09:07
|
|
|
actual crash dumps have way more potential for ethical issues though, messenger and whatsapp crashes may contain plaintext that facebook could not otherwise get at, and in general there may be unposted private things in the memory map. the system libraries just get dumped into the memory space of any dumb application with no checks or questions. if there are secrets to them i think there is some pretty heavy rethinking of platform security needed.
|
|
#
¿
Aug 31, 2019 09:21
|
|
|
evil_bunnY posted:it’s not so much the library map uploading as much as knowing fb would use it to assist fingerprint unsuspecting users first chance they got, and doing it silently, in the background, instead of when crashing. explain how having the entire binary helps with fingerprinting beyond having the, you know, fingerprints? Stick Insect posted:and on top of that, the facebook app is usually pre-installed on androids with no option to remove it. really nefarious, cutting a deal with the manufacturer, who picks and installs the system libraries, to get an app installed on the handset which they use to steal info on what system libraries it has installed. the perfect plan. still, this is absolutely yet another reason to not run any facebook-made app, and it is at minimum a bit shady a thing to do, but i really haven't heard an explanation of the actually shady usecase for it that measures up to "facebook wants to run their testsuite on the apps in each environment they are deployed, but android installs are a shitshow of hacked up esoteric variants impossible to get a hold of, so they try to recreate them based on what actually gets loaded on user systems". Cybernetic Vermin fucked around with this message at 09:27 on Sep 1, 2019 |
|
#
¿
Sep 1, 2019 09:24
|
|
|
Subjunctive posted:(I said “code”, so it’s not much of an italicized stretch to extend my post to indicate that.) gets a bit circular talking about "significant" though, as it is most natural to define it economically, which will of course coincide with where companies are very active.
|
|
#
¿
Sep 26, 2019 15:07
|
|
|
Subjunctive posted:what attribute would you rather compare? i don't care at all about the argument, as it is such a vague idea, just wanted to poke fun at going "most open source code, by a very large margin..." and then throwing in some implicit commercial weighting
|
|
#
¿
Sep 26, 2019 17:18
|
|
|
hmm, yes, that is indeed some impressive digging uncovering that slack
|
|
#
¿
Nov 2, 2019 19:09
|
|
|
Shaggar posted:the amount of user tickets generated from not knowing if it's the password or the token is not worth the added security. especially when you can handle it other ways like brute force detection, unknown location detection, disallowing common passwords, etc... you could just tell them which was wrong if they got one right though, and it indeed seems more secure that way. otoh just limiting to three attempts an hour with some logic to fully ban bruteforce attempts is indeed 99.9% of the security with less juggling of responsibilities.
|
|
#
¿
Nov 4, 2019 15:04
|
|
|
pretty sure apple eol'd it anyway
|
|
#
¿
Nov 4, 2019 16:04
|
|
|
user-hostile security threatre is just awesome
|
|
#
¿
Nov 4, 2019 16:25
|
|
|
the late stymies two gimmicks; warning about the dangers of alcoholism, and espousing the inherent immorality of computer touching; were both entirely correct and very effective trolling for yospos. rip~
|
|
#
¿
Feb 26, 2020 17:27
|
|
|
Pile Of Garbage posted:getting tired of all these exceptionally esoteric CPU vulns. beep boop it affects everything and you can't mitigate it but also we haven't seen it used in the wild as an attack vector but it could be right? its also a waste to vaccinate your kids against a bunch of diseases no one i know has had
|
|
#
¿
Mar 10, 2020 17:41
|
|
|
Shame Boy posted:if u think about it life is just one big app that requests all your permissions all the time whether or not it needs them or you want to give them i dare bet that every sovereign citizen nut also micromanages their app permissions.
|
|
#
¿
Mar 26, 2020 15:12
|
|
|
zoom seems perfectly adequate.
|
|
#
¿
Mar 31, 2020 11:14
|
|
|
what i look for in a standardized 2fa implementation is developers that change it every minute of every day. just pipe all of npm into my tokens or i will scream.
|
|
#
¿
Apr 6, 2020 15:25
|
|
|
presumably the longer term plan and expectation is that they'll switch all their electron stuff (and probably electron itself) over to edgium and put in more work to stabilize and fix up that.
|
|
#
¿
Apr 25, 2020 07:55
|
|
|
Phone posted:a better approach than the 737 max 8 :v well, no, precisely the same. it is the nature of the "aborting" people are complaining about.
|
|
#
¿
May 4, 2020 18:28
|
|
|
|
| # ¿ May 25, 2022 16:51 |
|
|
Dylan16807 posted:https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt haha, gently caress you djb for your rear end in a top hat response to those exact same overflows 15 years ago. one of the few old security vulnerabilities i remember precisely because the response was so overbearing.
|
|
#
¿
May 21, 2020 08:04
|
|