|
the gdpr is cool and good and hopefully the eu keeps strengthening it until the "innoventors" like facebook and google indeed to do pull out of the region.
Cybernetic Vermin fucked around with this message at 11:43 on Dec 30, 2021 |
# ¿ Dec 30, 2021 11:39 |
|
|
# ¿ Apr 26, 2024 01:53 |
|
Midjack posted:some galaxy brain got a bunch of clocks for our office ten years ago and for some reason half of them are these and half are normal. no rhyme or reason what clock goes where so it's a bit of a pause to determine what hour it is when i look up in a conference room. the building i work in used to have a proper centrally run system of clocks, but something broke down a couple of years back and now all the clocks are stopped on random times. i found after a while that it was genuinely (temporally) disorienting for me to walk by a dozen randomly set extremely legible clocks whenever i left my office, and wound up asking building maintenance to at least cover them up. possibly just my brain being broken, but i could not help subconsciously trying to retune my internal clock to match up with what they were showing.
|
# ¿ Jan 3, 2022 14:50 |
|
Xarn posted:I see poo poo like this surprisingly often in oss community. Someone does a permissively licenced project, spends x years on it, it takes off, he burns out on supporting users all the time and then goes "wtf, I spent years and have no money from it wtf, why aren't corporations paying me". caused by idiotic open source mysticism implying there are rewards for and inherent goodness in this kind of work, plus of course moron users thinking they are owed anything at all. perfectly valid to intentionally break the thing, the dev owes the users nothing.
|
# ¿ Jan 10, 2022 11:22 |
|
infernal machines posted:information wants to be free, man should always have been obvious that the second part to that is "unless we invest heavily in stopping it now".
|
# ¿ Jan 13, 2022 22:15 |
|
infernal machines posted:what is the mechanism by which terminating launchd can render your system unusable without a reinstall? should have waited until it was safe to turn off your computer
|
# ¿ Jan 15, 2022 15:59 |
|
pretty normal isn't it, at least with hardware crypto "disabled" is often just the key being freely available rather than a special path where the bits hit the storage 1:1?
|
# ¿ Jan 17, 2022 16:12 |
|
Jenny Agutter posted:guess its good to know the hardware TPM requirement for W11 was in fact entirely arbitrary what security boundary are you trying to preserve here though, if the expectation is no encryption leaving the key out in the open seems perfectly fine, involving tpm to with no credentials decrypt at most adds a thing that can fail? e: i honestly suspect i am just missing something here though Cybernetic Vermin fucked around with this message at 16:50 on Jan 17, 2022 |
# ¿ Jan 17, 2022 16:37 |
|
Kazinsal posted:something tells me no one there is actually a yosposter anymore eh, i'd assume hbag is on there
|
# ¿ Jan 18, 2022 12:55 |
|
cinci zoo sniper posted:sms is not an adequate 2fa measure, and you should explicitly disable it from being such wherever possible. there have been plenty of documented sms takeovers by random bandits vs random people in the states, this doesn’t require russian cia resources is this not to some extent because of some weird choices in how us carriers are set up though? my understanding is that it depends a bit on where you are (which is however opaque enough that the advice probably remains sound everywhere)
|
# ¿ Jan 18, 2022 15:28 |
|
hbag posted:aren't you meant to announce those AFTER you've patched them that's security through obscurity you fool, announce them and let the free market adjust
|
# ¿ Jan 20, 2022 12:33 |
|
Phone posted:re: gdpr and the idea of “pushing back” against entrenched ad tech companies i mean, internet advertising fully disappearing is hard to imagine because it is just about that unlikely. internet ads without a bunch of personal information though? might wind up being the norm yet. did some work on the bidding platform for a company that does context analysis for ads, where they try to give some description of the entire page the ad appears in (deep learning labeling of the various things on the page), and tbqh i found their results compelling enough that it is probably better advertising than amazon trying to sell me the toilet seat i already ordered (or whatever).
|
# ¿ Jan 20, 2022 19:25 |
|
cinci zoo sniper posted:listen, just let me fantasise about iis on k8s for a bit migrate to nginx on wsl on windows on k8s, maybe gain some performance somehow? (but, yeah, local escalation, mostly lol-worthy because it is a setuid binary which pops ui and parses strings and whatnot)
|
# ¿ Jan 26, 2022 11:33 |
|
BlankSystemDaemon posted:phoronix.jpeg2000 with all the statistical confidence that that implies good thing you're putting things straight, wouldn't want that post to persuade people that the highest performance web serving solution involves double-nesting virtualization.
|
# ¿ Jan 26, 2022 14:39 |
|
mostly though someone sat down with the plan of writing a setuid program and started doing string parsing and strdup'ing, brought in some libraries to pop a ui, etc. what i am saying is that i think the *really* bad decision is separate from whether argc=0 is allowed.
|
# ¿ Jan 26, 2022 17:49 |
|
with ethernet and (tcp/)ip designed concurrently imagine how much easier things would have been if the ip guys had gone for 48 bits and ethernet with 32 bit macs instead of the other way around? seeing how they are by and large bloating the same frames and all.
|
# ¿ Feb 14, 2022 18:14 |
|
BlankSystemDaemon posted:The image linked above is also a link to the Ars article on it. it is in general undecidable whether a variable might get used uninitialized, can of course require initialization at the site of declaration, but that'd break most c projects so can't very well make it a default.
|
# ¿ Mar 8, 2022 13:50 |
|
Jabor posted:having the compiler default-initialize every variable, while it would completely mitigate an entire class of security vulnerabilities, would impair performance by 0.01% and so is unacceptable as a general default it is kind of a distraction from the reality that nothing in the world should be written in c in 2022.
|
# ¿ Mar 8, 2022 14:00 |
|
infernal machines posted:APC units do daily self tests by default and you'll know if the battery is failing because all your poo poo will turn off and the alarm may sound when the self test runs lol, so getting one would likely cause more power outages than it prevents at my place, sounds like good defaults
|
# ¿ Mar 14, 2022 20:01 |
|
yeah, it is unfortunate that it gets wrapped up in the iot stupidity so directly, because there is a lot of energy to save, and it is very very good if we can save that energy.
|
# ¿ Mar 30, 2022 19:45 |
|
reflection is good for decoupling, code where every component has to be aware of and relate to the type hierarchy of every other component becomes a mess. it is simultaneously true that one needs to be careful and it should be designed with more concern for security, but pretending that we should just not do it is where you instead start passing around random string serializations or untyped collections of stuff all over the place, and probably ultimately recreating dynamism by doing some even worse eval() garbage.
Cybernetic Vermin fucked around with this message at 15:16 on Mar 31, 2022 |
# ¿ Mar 31, 2022 15:13 |
|
Penisface posted:if integration points between different components are allowed to become so finicky that you need reflection or some other magical technology, i would argue that the design is too complex. the reason the standard is xml/json is to make it go on a wire, do you figure that in general the solution lies in having less strong typing and encapsulation?
|
# ¿ Mar 31, 2022 15:47 |
|
beyond reflection i do wonder how many hilariously huge security bugs hide in dumb use of cglib across the java ecosystem. harder to analyse, but i expect the new interest in this stuff will get there in time. one problem certainly that the tools involved are so blunt (i.e. reflection just breaking into intended-to-be-encapsulated data), but more than that there is so much unprincipled use where it should almost all be wrapped up in a reasonably carefully validated libraries.
|
# ¿ Mar 31, 2022 16:32 |
|
nothing makes me happier than extremely long support timelines, it is hard to overestimate how much time, money, and really pointless effort it saves the world.
|
# ¿ Apr 20, 2022 17:10 |
|
FlapYoJacks posted:Java 1.8 was released in March 2014. If it does get EOLed on 12/30/30, that's a 16-year support cycle. 4 years less than Python 2. Shameful. 16 years is pretty decent, where python 2 eol was a garbage decision made by idiots. the difference being that java has excellent compatibility, where python3 intentionally broke poo poo to a point where they went back and unbroke half again.
|
# ¿ Apr 20, 2022 20:05 |
|
layer 4 horseshoe theory suggests icmp and tcp actually approach the same position fyi
|
# ¿ Apr 26, 2022 18:07 |
|
abigserve posted:Has there ever been a conference that wasn't an excuse to get pissed up and talk poo poo this question doesn't make sense, no there has not been a conference that wasn't a conference
|
# ¿ May 21, 2022 12:01 |
|
Beeftweeter posted:i was gonna post almost exactly this for inherently dense stuff like this that kind of classic ui is so good yeah. have to basically know what you're doing anyway, so just pack it all in with little ceremony. (though it could if course still be improved in a myriad of ways)
|
# ¿ Jun 15, 2022 16:23 |
|
BattleMaster posted:
it's got the *s* in https right in there, do you even know what the acronym means scrub?
|
# ¿ Jun 15, 2022 21:53 |
|
Armitag3 posted:who disabled garbage collection in CppCon presumably hacked up template gc not able to deal with the "good buddy" reference cycle between the pedophile and organizers
|
# ¿ Jun 20, 2022 08:39 |
|
Shame Boy posted:i've actually got a twofer, courtesy of my wife: eh, uniroincally good enough, mess with it if people start actually systematically abusing it, otherwise at least make sure the washing machines do run in most scenarios.
|
# ¿ Jul 8, 2022 16:42 |
|
Beeftweeter posted:neopets has definitely been around since at least 2000 or so, i remember it being on a bunch of "most visited" lists for a looong time if i had spent 23 years (founded 99) running neopets i too would feel too drained of life to care about literally anything
|
# ¿ Jul 22, 2022 18:41 |
|
here they do rare random checks (never been in one, but a friend-of-a-friend etc.), which should be plenty really. you'll certainly feel pretty iffy buying a resale ticket if there's even a 5% chance you're just turned back at the gate in the middle of a thing, or getting prosecuted if you're on a no-fly list.
|
# ¿ Jul 24, 2022 21:16 |
|
Loezi posted:"Are there any emergency calls in progress at this time? Good enough." this is the kind of thinking that'll land you maintaining a huge erlang/otp codebase, and no one wants that
|
# ¿ Aug 9, 2022 17:01 |
|
the average age of running code will almost necessarily go up forever, so best just accept compatibility will only get more important.
|
# ¿ Aug 12, 2022 17:16 |
|
chaosbreather posted:i mean if docker was literally 'give you the machine', then we're talking. like if it worked like an emulator, so you just use a computer, get it set up exactly how you want and then save a snapshot, then share that exact save state, that would be ace. you could download the app or spin up a node and the server would already be running in a precisely known state that includes actually everything you need. yeah, i've made peace with the usefulness of docker, as i think it was always a pipedream to do actually good/durable distribution without freezing a *lot* of the environment, and docker is kind of the ultimate tool for that (when dealing even partially with software ecosystems not making that easy by themselves, e.g. java). but the way the images tend to get built is kind of infected by some bad ideas. not like there is only one fixed way to do that though, so i expect it'll evolve over time.
|
# ¿ Aug 27, 2022 15:12 |
|
half the value of rpi's is precisely that the software is as well figured out as can possibly be achieved with an arm soc packed with proprietary stuff. would not bother going with anything other than a pi or a full "proper" pc architecture. though that's of course me being very unwilling to tinker on that level.
|
# ¿ Sep 3, 2022 14:59 |
|
tbf the fsf remains important for some key things. for example they just added deprecation warnings to egrep to inform you that it is outdated and will be removed from the collection of universally outdated software the fsf ships.
|
# ¿ Sep 4, 2022 20:24 |
|
if it is fake it is very well timed, there were a lot of noise in the large language model community earlier this week about attacks of the form "ignore the above instructions and..." i see no reason to doubt it is real really, you can certainly make e.g. gtp-3 do these things.
|
# ¿ Sep 17, 2022 18:49 |
|
Shame Boy posted:that makes it feel more fake to me it was talking about as the result of someone demonstrating it in a bunch of cases with gpt-3
|
# ¿ Sep 18, 2022 17:17 |
|
|
# ¿ Apr 26, 2024 01:53 |
|
let's just make gits wire protocol into an archiving file format.
|
# ¿ Sep 22, 2022 13:52 |