Hypolite Petovan likes this.
I am slowly going mad
I am trying to report to Simplii Financial that they don't have SSL on simplii.com and they just keep telling me that they have SSL on www.simplii.com
This is one of those "type it into SSL labs and see what pops out situations", incredibly boring, and it just breaks my HSTS and it's annoying and bad.
Their support team needs a screenshot of my browser not connecting , and a version number of a browser and the model number of my computer, and it needs to be running Windows or Mac in order to report this. But they did finally send me to BugCrowd.
BugCrowd tells me that it's a false positive, and that this means SSL is working fine ssllabs.com/ssltest/analyze.ht…
I am definitely moving my money, but also - is BugCrowd usually this dumb?! Is there anywhere where you can report a (admittedly incredibly minor) security issue to a Canadian bank where someone who knows what SSL is will read it?
The theme of this week has been
"damn we made a mistake 2 years ago, I guess we can't ever fix it"
and then me stubbornly deciding to force people to fix it
fun fact: the security team can't get a ticket in the sprint. but they can get a high priority issue to override sprint priorities as part of an incident postmortem.
like this
silverwizard likes this.
@silverwizard Microsoft went a step further and made sure of it: dair-community.social/@emilymb…
MSFT lays off its responsible AI teamThe thing that strikes me most about this story from @zoeschiffer and @caseynewton is the way in which the MSFT execs describe the urgency to move "AI models into the hands of customers"
platformer.news/p/microsoft-ju…
>>
Microsoft just laid off one of its responsible AI teams
As the company accelerates its push into AI products, the ethics and society team is goneZoë Schiffer (Platformer)
@Hypolite Petovan I was mostly thinking of people telling me to me empathetic to laid off Meta employees
But yeah - Microsoft and Google employees also don't seem very ethical.
And at least Microsoft seems to be doing it because they outsource all their AI (hopefully they are thinking this) and because they have decided it's layoff season. But at least they aren't Google who fired their best AI ethics person because she was like "Maybe we should not burn the environment for bad AI?"
Hypolite Petovan likes this.
My son has decided he wants to make balloons so wants:
Liquid latex and paraffin for the balloon
A star for the helium
I... Am bad at 3 year olds
Hypolite Petovan likes this.
No like, new hardware - switched from MySQL to Amazon Aurora MySQL
my life choices that lead me here are bad and mercenary - but it feels way more impressive
People often talk about the barriers to entry of the fediverse and IRC
and uh - what if we called those barriers to entry "culture"
like this
Eva Winterschön reshared this.
it's true. the mastodon onboarding problem had basically no technical hurdles and one big "ah shit, what room full of strangers do I walk into?"
(I still don't understand why people act like gambling on which interoperable fediverse instance to join is worse than gambling on which of several mutually incompatible services to join)
I mean - i get that the problem is:
If I go to Post.News I am done making choices
If I go to the Fediverse, now I need to make a second choice
And I mean - from my end it's a question of wanting to give up on the model (which I've wanted to do for as long as the model has existed)
I also have a weird relationship with the "room full of strangers" question, as I started with "I want a single panel for all my social stuff which can also use the federated stuff" rather than "I want to join this network" (I already had a disused GNUSocial, and a Diaspora account)
Hypolite Petovan likes this.
Set it in one of the cities ravaged by Night Beasts, whole army of monsters, some leftover. Wolves, both were and mortal roam the town, fresh water must be secured, alliances, the old government and new social structures. Room to flesh out literally hundreds of NPCs if you wish, while still focusing on a band.
Lots of available combat, but with it considered a horrible idea.
Trying to go sledding with the cousins
3L of hot chocolate, bag of marshmallows, little thing of butter, couple knives, and candied orange buns
I am bad at sledding but a good companion
My nephew made a North American Ticket To Ride that he calls North North America rather than Canadian and added an Airport mechanic
Proud of him (he's 9)
Hypolite Petovan likes this.
This is 100% shade at Zellij
If you wanna use WASM as a compilation target, why not use Excel? It's used in more places and serious workflows!
Me: *sends over 6000 words of tables...*
Markdown is a tool specifically designed to harm the brain of a programmer
It's 100% syntax and valuable syntactic data - but it's also it's supposed to be an informal grammar, and programmers can't handle it
Most people are more likely to lose authenticator tokens (their phone, their yubikey) than be hacked by a sophisticated attacker
Password manager 2FA and SMS 2FA solves the threat model that most people live in
(Organizational security has a far different threat model)
silverwizard likes this.
silverwizard likes this.
Oh, no - attacking SMS 2FA is easy to just SIM hijack
I am talking about getting locked out because you accidentally lost your auth app
silverwizard likes this.
That's what I'm saying
You won't lose your phone number for SMS or password manager
Whereas losing a phone with an TOTP authenticator setup or losing a yubikey is pretty simple
Hypolite Petovan likes this.
So far, every service for which I've registered TOTP (Twitter, Facebook, Mastodon) has offered recovery codes in case I lose my TOTP device. Surely that mitigates @silverwizard 's loss model.
like this
silverwizard likes this.
Yeah, I just only have the option of Google TOTP which squicks me, or Yubico TOTP which needs a key, so uh, kinda fails the access test
But also - I am *far* more likely to lose a phone than by hit by SIM swapping (to be clear - only because I'm a dumbass)
Yeah, most of my TOTP tokens are mirrored across my Yubikeys largely to save headaches when changing phones. I have one on Entrust's app that I can't do that with and the couple of times I've had to move it were a pain finding the instructions again.
But using Yubico TOTP also basically primed me for "password manager TOTP is functionally the same as Google TOTP but with the convenience of device portability"
silverwizard likes this.
Well, the issue most people have with password manager TOTP is that then if your password manager is compromised, then your password is
And the answer to that is "it's complicated" - but yeah - in a perfect world we'd all have two security keys, and one is kept in a secure location and one is kept in a wallet/keychain - but that's not feasible (says the man with that)
silverwizard likes this.
I dummyed a variable for integration testing of our pipelines
And it turns out it silently failed *lint* in the *build stage*, not a prelinter
Pipielines were a mistake
i went absolutely apeshit on a linter two months ago:
it barfed up a message like "you are adding elements to this array in a fixed-size loop, preallocate space for it first" for some test setup code that was like,
for (int i = 0; i < 1000; i++) { vector.emplace(blah blah); }
so the guy fixing all this linter garbage typoed
vector.resize(1000);
instead of
vector.reserve(1000);
so a bunch of unit tests were now using a homogeneous pile of default-constructed elements
…
silverwizard likes this.
…
does the linter warn you about "hey, you have a big vector of identical default-constructed elements and then you added 1000 actual randomized test objects to it that none of your code will ever touch?" — no, of course not, that's too complicated for it
¯\_(ツ)_/¯
silverwizard likes this.
silverwizard likes this.
I mean - a compiler warning and a linter is definitely similar.
But yeah - the compiler will usually say "you're an idiot, but I'll allow it' instead of "fuck off and rewrite it"
I get why the linter said it - but - horrible - these are both *good* uses for a linter - but fuck - that shouldn't have passed review.
But - seriously - make the linter not dumb, and make it make suggestions if it has some.
Also - why the fuck are they populating a vector with a loop?!
the actual code is more like
for (blah blah) {
// do some rng shit to make a funny object and maybe connect it to some other objects
vector.emplace(blah blah);
}
silverwizard likes this.
silverwizard
in reply to silverwizard • •This is their proof that the bareword domain has SSL on it. Whicjh uh, I am glad BugCrowd hires the best.
silverwizard
in reply to silverwizard • •Quincy reshared this.