Re: Older version safe?
Most likely it's another hole in a new feature, like Heartbleed; that was DTLS.
332 posts • joined 4 Feb 2011
Most likely it's another hole in a new feature, like Heartbleed; that was DTLS.
Reddit has become ... Facebook
The last time I was given XML from a client - ummm, this year - it wasn't even proper XML. Embedded in it were chunks of unescaped invalid HTML. I had to parse it with adhoc regexes.
And then there's JSON, which would be OK if everything consisted of arrays, dicts, floats, and strings; if JSON serializers were all 100% bug-free; and if it didn't have to flow through a pipeline of cloudy REST APIs and database layers that don't know whether to escape it as SQL, JSON, XML, HTML, urlencoded, PHP-serialized, or what have you. This includes gems like WordPress's maybe_unserialize().
Just to be safe, better use a custom text format and base64 it....
Is that like "hackers 'tweaked' OPM"?
less also has a history of vulns; you should consider using more.
Devless dev houses? We already have those. Too bad CodePhage can't handle WordPress...
We're still waiting for hard cost limits, Amazon.
Sounds like coincidence to me. If you look at our situation across the pond, you'll see the opposite situation with water - state and municipal systems providing excellent water while privatized systems charge a fortune for crap water. Probably has more to do with regional economics and long-term drought than with ownership.
Then wr have horrible rail systems public and private, phone/cable companies that can hook you up in 3 days (months? LMAO)... it's all over the place.
Personally I'm in favor of *competitive* capitalism, but Tim's not making a good case for it with these statistical anecdotes. Combining the two most-abused forms of 'evidence' is even less convincing.
I can already see where this is going: a handful of AAA showcase games, second-tier titles with insufficient funding to break through the Uncanny Valley, and a bunch of gimmicky indie games.
Then it's "not realistic enough, yawn" and at the same time "too realistic, not fun".
Oh no, don't tell me I can't play Dixie anymore. Seriously, it's one of the great old tunes. To hell with politics.
Should be secure, but aren't necessarily. There's been a slew of security patches for various bitmap loader libs this year. (PNG anyone?) Much better odds than PDF though.
Open-src font libs are also potentially vulnerable to similar attacks, and the PDF readers on Linux... yeah they've got major problems too.
Sometimes I 'like' stuff I really don't, just to keep people (and heuristics) guessing. Plus, it causes FB to show me even more crap so I waste less time there.
Late 80s dialup speed. Not bad if you don't have to share the phone line. I remember downloading Linux 0.x via some old modem bank that still hadn't been upgraded in 1993. It did the job though.
Quaint. If only you could convince all the devs to stop using minify/uglify...
So I read Eich's actual blog... he freely admits it's become a cliche that JS is web assembly. This is actually a binary AST format for Asm.js, to cut the client's parsing overhead.
I share your scepticism, 1980s_coder. To paraphrase a line from yesterday's Elon Musk article, it's a shame that all these language designers are fiddling with the web instead of just designing a better language.
While we're at it, let's dump ALL the Bad Parts (tm): DOM, HTML, XML, CSS... until all that's left are LLVM and some cross-platform 'native' APIs. Cross-platform apps! Wait, this sounds familiar *cough* Java *cough* ... but can we learn from those mistakes? Nah...
I was hopeful about JS and HTML5 a few years ago but it's not working out. On to plan C...
Actually it was, in a way. They made the laws, they set the budgets and policies... watering down crypto so NSA can spy on everyone more conveniently, and treating hacking as a law enforcement matter instead of a preventive security measure.
1. They store your passwords on their servers; 2. Their servers can and do get hacked; 3. If you enter your master password when their servers are compromised, the hackers can decrypt all your saved passwords.
It's a significant risk. For anything beyond "silly social crap" you need a local app + file sync (or version control), compartmentalized with separate master passwords for different teams and security levels. Nope, there isn't a good answer for non-nerds.
and KeePassX is open-src, runs on every desktop OS including Linux.
I've also heard good things about 'pass' - a commandline pw mgr that stores data in text files.
...or an obsolete version of Linux. Lookin' at you, Ubuntu and Fedora...
yep... google 'shodan'
You could have blocked this crap 10-20 years ago, but you prioritized your profitable partnerships with these scum instead. Now everyone thinks you're scum too. (Me, I always did..)
And how many bugs remain undetected? Sure seems like a lot.
You can't even trust them with APIs that cost big money. They'll drop 'em, or jack up the price 300% on renewal ...
I thought about filtering but decided I really wanted to block everything, so I just stopped using twitter.
Malware Maker Safari Edition ... $666
Dummy app reskinning (offshore) ... $333
Yearly app store listing fee... $99
Owning mad noobs... priceless
Well, how else are you gonna buy nice things with all that dirty money? Convert it to 'legitimate income' by paying taxes on it.
It's an old open secret that Uncle Sam loves money launderers, banksters, arms dealers, drug runners. One big happy family.
One language won't help much, given the mind-boggling array of different APIs.
No thanks. This sounds like a kitchen sink language, not a systems language. I'll look at it if it's on Linux but only to see what the hype is all about.
"It's not that bad" says an anonymous noob who cares about *terminal transparency*...
Gnome3 isn't bad from a casual user perspective, though it takes some getting used to. The problem is its web of dependencies, including systemd and its dependencies. This is a complex, fragile, un-adaptable system. Piss-poor engineering.
Is DNF any faster than Yum?
Not that I care - Fedora's got bigger problems, like systemd.. no thanks.
Definitely not worth the paper it's printed on. It's basically a blanket exemption for US companies acting "in good faith". If there's a genuine effort to add teeth, it's only to cement the market position of Google and Facebook.
Good point. And I don't see much point in casting blame. It's tough to keep any system secure, impossible for one as big and old as this. Everyone's info has presumably already been looted from one place or another anyway; we just don't know it yet.
2015: Year of the Datapocalypse
DCs in every country of the EU? Unnecessary pain in the ass for the internet titans, and it means death for their future competitors. So no, no problem if you like corporate hegemony.
The one day I use Skype, this happens. Update, talk, crash, update again. And unlike EVERY OTHER TIME, it didn't ask "how shitty was your user experience?" after the call.
Where's the head-in-ass icon?
If? godaddy and all the domain registrars are already selling cheap certs...
I started powershell by accident once. Took 10 seconds or so. LOL.
They've already bred chickens to have humongous breasts. Apparently those varieties are so unhealthy they require antibiotics for their entire ~2 month lives. Mmmmmm.
They didn't have BEEELIONS like Shuttleworth.
Even Adblock blocks most trackers (all but one on this site) IF you choose an appropriate blocklist. If these guys tried that, they neglected to mention it in their paper. Probably because it makes their own work look unimpressive.
How did all my fellow Linuxtards miss the sarcasm in that first COTW? Buncha hardcore 'spergs? Never seen Win8.x? Even XFCE has more bling than this throwback to the 80s. And in terms of technical fuckery, systemd's got nothing on it.
Just put a shortcut/symlink to the binary on your desktop. Better than having Java.
You can auto-update by running wp-cli from a cron job.
Dumping WP sounds like the best solution though.
Yeah, this is easy to overlook - just a bit of JS in an HTML file. Only problem is, it's using unsanitized input from window.location.hash, and it's found in predictable locations on target sites. The hardest part of exploiting it is tricking an admin into clicking a crafted URL.
The WTFs are that the offending JS was newly added window dressing (it's not in the twentyfourteen theme's example.html) and that something so innocuous is enough to own WP or any CMS.
Nuke icon because WWW doomsday is coming...
Have an upvote, even though I loathe Android and Ubuntu. Nokia actually had a few decent OSes, but alas... Microsoft.
The reason switching mobile OSes is such a pain: too much locked-down proprietary hardware, and douchebag manufacturers and carriers. OSdevers have better things to do.
That bored, huh? I've got better things to do. Mint MATE is working, not great, but better than my old pre-systemd Debian desktop. I can't imagine any improvement from systemd (which I've experienced in Fedora 17-18) or the Ubuntu stuff that Mint excludes for a reason.
And conversely, if you don't want spooks sniffing your metadata (say you're reading anti-goverment blogs in China, or merely NSFW at work) then HTTPS isn't enough. Hell, TOR isn't enough unless it's baked into the net so that using it isn't a red flag.
You're probably right. Apparently I live in a remote oasis where Yelp is spot on - which surprises me. I've never seen another ratings startup that hasn't been gamed into irrelevance. As far as I can tell, most are outright pay-for-ratings scams.
heh... Yelp stock crashed 25% a couple days ago.
WordPress is also egregious; I relented a few years ago and started working with it, thinking my opinion of it was too harsh... nope, it's far worse than I imagined. Why does everyone use it? It's a cult of noobs, feeding the hype cycle until they awaken, too late, to the monstrous reality of it...