|
Despite what the version number indicates, GCC 8.1 is actually the first production release in the new GCC line. Not much, what's gnu with you?
|
|
|
|
|
And that doesn't include people who aren't logged in -- which means the actual number of people watching YouTube is definitely much higher. That's a lot of cat videos
|
|
|
|
|
That's a lot of cellphones with Internet.
|
|
|
|
|
Not surprisingly, the smartphone revolution has also given rise to new human behaviors. If you keep doing it, you'll go blind!
|
|
|
|
|
If the answer isn't "An Unhealthy Obsession With His/Her Fondleslab" it's wrong.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Sometimes a phone being held is just a phone being held.
This past Saturday, I was at a place with terrible reception. As I left, I kept my phone out and glanced at it periodically until the reception improved.
(I was going to write something sarcastic about the researchers wasting money, but looked them up instead. Both are ridiculously smart and have lists of impressive mathematical and physics papers. I concluded this was a trivial thing they did to relax.)
|
|
|
|
|
Because I don't have a holder and it's more comfortable in my hand than in my pocket.
I don't have a holder, because 1) it hurts when I bend over, 2) it looks ridiculous, 3) it finds ways of getting rammed into things, and 4) it breaks off.
So holding the phone or placing it on the table at the restaurant or on one's desk is what's left.
See? Not hard to figure out.
#SupportHeForShe
Government can give you nothing but what it takes from somebody else. A government big enough to give you everything you want is big enough to take everything you've got, including your freedom.-Ezra Taft Benson
You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun
|
|
|
|
|
According to a recent developer survey, Rust was the “Most Loved” programming language for the third year in a row and in the top ten of “Most Wanted” languages. Because it doesn't sleep?
Apparently all that love is happening away from places I know about
|
|
|
|
|
The team collaboration tool provider Slack is open sourcing a new tool designed to help developers secure features with high output and low friction. Because when you think 'security', think of a company named for 'characterized by a lack of work or activity'
|
|
|
|
|
Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again. You are encouraged to change your password again. If you have reused the password on other sites, change those too
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: Due to a bug
More like a severe design flaw
Besides, shouldn't passwords be encrypted even before they are sent to the server? (whether using https or not)
|
|
|
|
|
V. wrote: Besides, shouldn't passwords be encrypted even before they are sent to the server? I'd go for "both". If only the client hashes, then that hashed piece becomes similar to a password; if I can steal it, I can use it as a password directly on the server, without needing the actual unhashed password.
The server should hash its data too, to prevent any (temp) workers from getting those tokens.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: Besides, shouldn't passwords be encrypted even before they are sent to the server? I'd go for "both".
You think the client should encrypt the password before sending? The only way the client (a web browser, we're talking about twitter) could encrypt the data before sending is to use javascript and anything in js on the client can be reverse engineers (View->Source) and that includes your encryption algorithm and any passwords\secrets\keys you use to achieve the encryption. If a malicious person knows that information then your encryption is literally useless. That's what https is for, so you don't have to waste your time doing pointless things like client-side encryption on a website.
|
|
|
|
|
F-ES Sitecore wrote: You think the client should encrypt the password before sending? No, hashed. With salt.
F-ES Sitecore wrote: The only way the client (a web browser, we're talking about twitter) could encrypt the data before sending is to use javascript and anything in js on the client can be reverse engineers (View->Source) and that includes your encryption algorithm and any passwords\secrets\keys you use to achieve the encryption. Yes, they can; but they will have a hard time reproducing the original password. It would also mean that (thanks to SSL) this can only be broken if they have access to your local computer.
F-ES Sitecore wrote: That's what https is for, so you don't have to waste your time doing pointless things like client-side encryption on a website. SSL is to secure transport.
Simpeler; SSL is a secure train-transport, but there will be loading and unloading of the cargo. You can just blindly hire such a secure train-transport and assume all is well, but that leads to the vulnerability that Twitter describes. There was an automated audit during unload, and it was theoretically possible that some employees saw the content.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: No, hashed. With salt.
You said encrypted, not hashed. Anyway, we'll run with your complete change in argument...what use is the salt if this is done on the client as the malicious user has access to the salt so that can be used to brute force the password. One of the reasons salt works is because it is unknown to the attackers.
|
|
|
|
|
F-ES Sitecore wrote:
You said encrypted, I did not.
F-ES Sitecore wrote: One of the reasons salt works is because it is unknown to the attackers. Duh.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: I did not.
V said "shouldn't passwords be encrypted even before they are sent to the server?" and you replied "both".
Eddy Vluggen wrote: Duh
So why are you advocating javascript-based hashing with salt if you're aware that it's pointless?
|
|
|
|
|
F-ES Sitecore wrote: V said "shouldn't passwords be encrypted even before they are sent to the server?" and you replied "both". Yes, no direct intention on explaining the difference between hashing and encrypting.
F-ES Sitecore wrote: So why are you advocating javascript-based hashing with salt if you're aware that it's pointless? It is not pointless, that's your opinion and you're entitled to it.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: It is not pointless
So why don't websites use it? Why is https such a big thing? You admitted yourself salt was not much use when the potential attacker knew what it was.
|
|
|
|
|
Which part of the truck analogy was too complicated? And it's rather simple to not share the salt
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: Which part of the truck analogy was too complicated?
We're not talking about Twitter, we're talking about your belief that javascript security is a good idea, and why it actually isn't.
Eddy Vluggen wrote: And it's rather simple to not share the salt
Not if you are using javascript.
|
|
|
|
|
F-ES Sitecore wrote: Not if you are using javascript. So who limits you to JavaScript on the client?
F-ES Sitecore wrote: We're not talking about Twitter Correct, we're not talking at all.
F-ES Sitecore wrote: your belief that javascript security is a good idea, and why it actually isn't. I do not believe anything. I know, or I'll verify, but belief is not my beef. I also haven't advocated JS security, you're jumping to conclusions again
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: So who limits you to JavaScript on the client?
We were talking in the context of major websites like twitter. If you're now saying that for the last 5 messages or whatever you weren't talking about js but some other as yet unidentified technology then I can't tell if you're waving or drowning.
|
|
|
|
|
F-ES Sitecore wrote: I can't tell if you're waving or drowning. Why would I care about that?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
I'm not asking you to care, I'm saying that what you're saying is so implausible and flip-flops so much I don't know if you genuinely believe what you're saying or if you know your argument is dead but you're trying to save face.
|
|
|
|