|
lol
True story: Reminds of the time in physics class when the overhead clock stopped about 1/2 through. Someone pointed out to the professor the clock had stopped. He said "I wonder when that happened?" We were confused and amused.
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
My friends and I used to pull this prank on unsuspecting strangers when we were eleven. We were mature beyond our years.
/ravi
|
|
|
|
|
Dave's not here, man.[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Wordle 483 5/6
⬛⬛⬛⬛⬛
⬛⬛⬛⬛⬛
🟨🟩⬛⬛⬛
🟩🟨🟨⬛🟨
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 483 5/6
🟨⬜⬜⬜⬜
⬜⬜⬜🟨⬜
⬜🟨🟨⬜⬜
🟨🟩🟨⬜⬜
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 483 4/6
🟨⬜⬜⬜⬜
⬜⬜🟨⬜🟨
⬜🟩⬜🟨🟩
🟩🟩🟩🟩🟩
Lucky guess: loads of options!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
🟩⬜🟨⬜⬜
🟩🟨🟨⬜⬜
🟩⬜⬜🟨⬜
🟩🟩⬜⬜⬜
🟩🟩🟩🟩🟩
Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 483 6/6
⬜⬜⬜⬜⬜
🟨⬜⬜⬜⬜
🟩🟨⬜⬜⬜
⬜🟩⬜⬜⬜
⬜🟩⬜🟨⬜
🟩🟩🟩🟩🟩
Had to look it up.
I didn't think I'd know this word, but I felt pretty stupid when this turned up to be my only option (and I already knew all the letters)
|
|
|
|
|
Wordle 483 6/6
⬛🟨🟨⬛⬛
⬛🟩🟩🟩🟩
⬛🟩🟩🟩🟩
⬛🟩🟩🟩🟩
⬛🟩🟩🟩🟩
🟩🟩🟩🟩🟩
And there was still one more possibility!
|
|
|
|
|
Wordle 483 4/6
🟩⬛🟨⬛⬛
🟩⬛⬛🟨🟨
🟩🟩⬛⬛🟨
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 483 4/6
⬜⬜⬜🟨⬜
⬜⬜🟩⬜⬜
🟩⬜🟩⬜⬜
🟩🟩🟩🟩🟩
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Someone above me decided that we need to update ALL NuGet packages in the app. Literally just open NuGet Package Manager and click Update. The rational behind this was "to ensure we're on the most secure packages".
I pushed back saying
1. That doing this could introduce new bugs,
2. Without researching them first, there's to guarantee they'll be 'more secure'. In fact, the opposite could be true
3. If it's not broke, don't fix it.
My concerns were dismissed, and I was told to do it anyway.
At every company I've worked at up to now, there had to be a real reason to upgrade a package, like a new feature we needed, or the package was deprecated. I've never been tasked with a blanket upgrade of ALL packages "to make sure they're secure"
I'd like to hear what you guys think.
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
Management. It's an absurd request, IMO. There are some expensive third party tools that will analyze the package dependencies for security issues, I would suggest that. Can't remember the name of the tool our company bought, but it did identify a couple issues. Even worse, the code analysis it did identified a piece of code that had been copied from StackOverflow that apparently was "licensed." We had to remove that code. It actually wasn't even doing anything, lol.
|
|
|
|
|
Thanks Marc
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
I would recommend a tool like OWASP Dependency-Check to scan for security problems.
modified 11-Nov-22 12:23pm.
|
|
|
|
|
Kevin Marois wrote: I've never been tasked with a blanket upgrade of ALL packages "to make sure they're secure"
They'll probably change their minds real quick when some newer package introduces problems/vulnerabilities/backdoors.
|
|
|
|
|
This company has a "Just do it and we'll deal with the issues later" mindset
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
I would report them to law enforcement. Stupidity like this isn't born overnight. They're clearly ingesting large quantities of illegal substances.
/ravi
|
|
|
|
|
I think there should be a middle ground.
You need to have a procedure to upgrade packages on a continuous basis.
If you start upgrading too many packages at the same time, it will be difficult to detect errors.
Also, you should have testing in place for code related to those packages, no ?
CI/CD = Continuous Impediment/Continuous Despair
|
|
|
|
|
We are in a similar position with log4j. The big LDAP injection bug that was so publicized was introduced in 2.x.
We are still using 1.2.x because who wants to do things like make an LDAP call in the middle of trying to log something? (Some bad actor probably introduced that LDAP feature on purpose! Maintainers succumbed to ridiculous feature creep.)
Management:
1.2.x is no longer supported, update to the version that introduced all of the security holes!
|
|
|
|
|
When I told the guy that just because a package is on NuGet doesn't mean it's secure, I was blown off and told to do it anyway
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
Don't tell... say it per email.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Połoz - Run Away Jimmy[^]
I'm currently watching the Cyberpunk Edgerunners series.
Haven't played the game, but I heard good things about the series and, indeed, I love it!
Awesome anime with lots of gore and violence
And a great soundtrack.
Couldn't find the official soundtrack, but I did find a playlist with songs, and Połoz was on it.
Can't remember if it was this particular song, but the song I found impressed me and I've been listening to Połoz for the entire week.
Love this one in particular, so SOTW
Can't find much about the guy, except his Facebook, SoundCloud and Spotify page (so his music, basically).
Real name(?) Piotr Połoz a.k.a. Tsar Poloz, formerly known as Deuce, Polish.
|
|
|
|
|
Quote: Awesome anime with lots of gore and violence
Nie mogę się doczekać. Może znasz trzy ostatnie litery mojego nazwiska.
|
|
|
|
|
"Can't wait. Maybe you know the last three letters of my last name."
Are they "nce"?
|
|
|
|