log☇︎
114200+ entries in 0.068s
mircea_popescu: douchebag how do you know yahoo is more secure than alphabet ?
douchebag: When working with extremely large codebases, vulnerabilities are going to occur
mircea_popescu: to be established by the number written on the rightmost spot on the odometer.
mircea_popescu: asciilifeform did you do this thing as a kid, where you'd go about the parked cars in the street after leaving school to see "asta cit prinde ?!?!" ie, "how fast does this one go ???"
mircea_popescu: two people in euclidean geometry share the priors noted down by euclid. some other guy on a bannach sphere somewhere, does not.
douchebag: Uber also has a very good security team, despite recent press
douchebag: I can tell you Yahoo is a less secure company than Google
mircea_popescu: douchebag "shared priors" is a term of art, denoting those useful notions that two participants to a discussion share identically.
asciilifeform: and hillary clitler 'cares about the children' ahahaha.
douchebag: Apache doesn't - that's why it's called A patch e
douchebag: I can tell you for instance
asciilifeform: nao to be fair maybe d00d dun speak the king's english, whoknows
douchebag: I have plenty of priors, I work with a team of highly trained security professionals every day and we have audited all sorts of applications
mod6: I've read enough of this for today.
asciilifeform: and no response to the very imho concrete q, of what exactly 'to high standard' program douchebag has seen, read, used ?
asciilifeform: so no shared priors then ?
douchebag: asciilifeform: You're not even worth responding to at this point, I think you're the one who wouldn't know 'if it bit you' ☟︎
asciilifeform: like the smooth doll vulvas of the boy's dream.
asciilifeform: rather than empty words. which i suspect , in your head, it right now is.
asciilifeform: douchebag: you speak of 'program written to high standard' as if it were a concrete item that you have actually seen or touched
a111: Logged on 2018-03-22 16:25 mircea_popescu: douchebag if 13 yo kid comes to psychologist's office because insomnia, and after some hymenlick maneouvering on the part of the professional comes out with the story that has "terrifying and disturbing dreams", thereuponwhich recounts numerous instances of dreamed tits, nipples and areola but 0 clits, labia or vaginal openings, the psychologist can safely thereby infer 13yo kid is a virgin.
douchebag: asciilifeform: In my head an idea of 'high standard' is when functionality and security are both taken into consideration during implementation
asciilifeform: and so, without any ill will to douchebag , i would put the likelihood that he had learned from something worth learning from, as somewhere near 0
asciilifeform: there is ~precious~ little 'high standard' anything to learn from.
douchebag: I agree with that
asciilifeform: douchebag: from whence comes the idea in your head of 'high standard' ? what program have you read that 'was written to high standard', wouldja know it 'if it bit you' ??
asciilifeform: douchebag: auditor studies three separate ( and usually in cases where audit is called for, quite disjoint ) items -- a) the problem the program is solving b) what the author ~declared~ to be the solution to (a) c) what the program he wrote, ~actually does~, under the closure of all possible inputs
douchebag: asciilifeform: If the audit reveals that everything was done properly and to a high standard
mircea_popescu: BingoBoingo by now i suspect they're pasty enough to make great bottoms.
asciilifeform: in what case, douchebag , is proper audit somehow easier than writing the program from empty space to solve the same problem. describe one.
asciilifeform: how does this connect to the thread ?
BingoBoingo: In other campus rape, In Saint Louis the sexual predators target the Fratbois http://www.stltoday.com/news/local/crime-and-courts/suspect-in-rape-of-male-umsl-student-had-been-arrested/article_e886f53b-6589-5ab4-8320-80409a5ef78c.html
asciilifeform: then from whence came the 'it depends...' ?
douchebag: No, I think if you're auditing code you should understand exactly what, why and how that code is doing what it is doing
asciilifeform: at least the linter only wants a few watts to run
asciilifeform: exactly like the idjit payware linter, but more expensive because you are made of meat
asciilifeform: if you think that it suffices to look for 'known types of questionable code', you are then a meat scanner
asciilifeform: so evidently douchebag you think that it is possible to speak of 'having audited' a program that you did not fully understand, in the sense where you could sit down in a room with a 'clean' comp and write it again ?
douchebag: it also depends on who wrote the program
douchebag: It depends on the complexity of the program
asciilifeform: douchebag: do you, for example, think that it is easier to audit a program, than to write it ?
douchebag: what do you mean by that?
asciilifeform: douchebag: i suspect that your idea of 'comprehensive audit' is exaggeratedly painless
douchebag: Yeah generally speaking when it comes to security, you should never depend on a scanner or set of 'tools' to comprehensively perform an audit
asciilifeform: ( evidently , shitoshi -- for whatever his other flaws -- knew how to run 'lint' )
asciilifeform: possibly funnily , early in trb life , asciilifeform on a lark put it through a $maxint scamolade 'cpp security auditor' proggy that the imperial slavegalley he was working in, had bought. the result -- unsuprisingly to tuned-in folx, i expect -- was so unremarkable that i did not bother to post it.
douchebag: Yes, I'm going to be looking into that ater work
asciilifeform: as discussed, re e.g. trb.
asciilifeform: douchebag: consider to demonstrate some skilled work.
asciilifeform: douchebag: if you indeed do something moar than running scanners, it still remains to be seen here
douchebag: There is nothing professional about running a scanner and reading the results.
douchebag: mircea_popescu: Anyone who uses scanners such as acunetix or whatever that is called is not a professional.
mircea_popescu: yet magic doesn't work in the working sense of the verb to work, as found in hospitals as opposed to magic shaman nigger hut.
mircea_popescu: but hey -- vulnweb "works" and therefore... "works". the confusion between these workings is lost to the noob. and yet... magic also "works" in the first case -- when magician/warlock/condoleeza rice walk into room with sickman and wave magic wand, SOMETIMES IT HEALS IT!!!
mircea_popescu: to them -- room is mine and mine is room, sure thang.
mircea_popescu: and the only folk to whom the difference is immaterial are our stone age friends from the cargo-cult, cave dwellers as they find themselves.
mircea_popescu: the situation is approximately the same as of a "young aspiring gold prospector" who goes to the designated ROOM in his local community center, where he spits on some pebbles / digs through the plasticine cubes.
a111: Logged on 2017-02-09 18:03 asciilifeform: ers, handymen, the auto mechanics of the IT industry, all flocked to Perl because they could tinker so well with it with no required knowledge or skills.' ( http://www.xach.com/naggum/articles/3241270848355795@naggum.no.html ) would go a long way.
a111: Logged on 2017-02-09 18:03 asciilifeform: the expulsion of 'In all likelihood, there was no change at all to the labor-intensiveness, but the labor was more "fun" for a certain class of people. Now, industrious retards can be a horrible thing. Over a number of years, close to a decade, Perl accreted bits and pieces from programming languages and became usable in lieu of a programming language by people who lacked the mental wherewithall to do programming. Tinkerers, repair
mircea_popescu: that's the problem with pantsuit "tools", branded however they may be branded : there's 0 marginal utility to them.
mircea_popescu: nevertheless... do you expect the 62nd application of the same magic wand upon trilema is liable to yield anything more, or better, than the previous 61 ?
mircea_popescu: it is sold to ignorant youths on the basis that "hey, SOMETIMES it yields results, when applied randomly to the web". that may be, as Framedragger 's ssh tests or phuctor dredged up, everything, every last bit of nonsense can be found "on the web".
mircea_popescu looks into the logs, sees 62 instances of eg - http://testasp.vulnweb.com/t/fit.txt%3F.jpg and similar garbage. this, of course, is "web security" or "penetration testing", or however you'd call it. a set of "tools", no doubt "professional" that permit one A CERTAIN KIND of cargo-cultish periphrastic cvasi-but-not-really involvement in their chosen field.
mircea_popescu: http://btcbase.org/log/2018-03-22#1788658 << loller where's that from ☝︎
mircea_popescu: fuck this "choice".\
a111: Logged on 2018-03-21 14:41 a111: Logged on 2018-03-08 00:21 mircea_popescu: this entire exercise in idiocy has, practically speaking, resulted in me paying various hard working ticos a grand or so, to the people fucking in the ass the "security" paradigm of pantsuit.fetlife. IN LIEU of having paid that much, and rather more, to the fetlife itself.
mircea_popescu: consider hanbot's problem : there is "An abundance" of vps hosten to "choose" from. with the aforegiven knowledge that buttpay and shitsandwich. "but it's our policy to suck" and http://btcbase.org/log/2018-03-21#1788393 dedication and so on. ☝︎
a111: Logged on 2018-03-22 16:02 mircea_popescu: the unsustainable, unacceptable etc systematically misrepresented to them as socially acceptable, the necessary, correct etc equally systematically misrepresented as socially unacceptable... it's true that this is grade A child abuse, but then again it's also true the children so abused carry on the sad smoldering stumps of what's left of their lives
mircea_popescu: faux choice of meaninglessness is the cornerstone of that entire http://btcbase.org/log/2018-03-22#1788602 system. ☝︎
mircea_popescu: kinda the idea.
ben_vulpes: lobbes: i think it'll be great; will push everyone on the box to standardize on known-ok package versions. "we support weechat 1.4 and fuckyou"
asciilifeform: earliest mention seems to be an 1877 item.
asciilifeform: because he asked 'how the fuck do we know it ~was~ gauss'
asciilifeform: ^ somebody sat and tried to collect all known versions of the legend
mircea_popescu: lobbes considering what the level of committment required to try it is... what, waste 20 bux ?
lobbes: Honestly, my knee-jerk reaction against sharing a box is probably based on the old idea of sharing it with $random_orcs. Sharing it with L1s may actually be a Good Thing (I'd probably learn a few useful things)
asciilifeform: but by getting'em to get along.
asciilifeform: and observe, mircea_popescu does not pack his harem gurlz 2-3 to a room by sawing off their beaks
a111: Logged on 2018-03-22 16:58 asciilifeform: point being that a student who is tired of 'solved problems' can demonstrate mastery any time he's ready and able.
mircea_popescu: http://btcbase.org/log/2018-03-22#1788711 << this reminds me of ye famous euler story, when he was punished to add all numbers up to 100. ☝︎
mircea_popescu: very evidently same winds blew those sails up.
mircea_popescu: asciilifeform which may be the last time this (ie, sane people working) even occured.
asciilifeform: state of the art 1974!11
mircea_popescu: yup. and trinque made the bot, it's a pipe job.
asciilifeform: unix even has helpful commandline items for this..
mircea_popescu: i suppose a logical next step for pizarro is to have a bot dedicated to listing who's on boxes, what the load is like etc.
asciilifeform: and suddenly when you apply this you get flexibility that you could never get from mechanical fences.
asciilifeform: cpu quotas and other 'systems that can be exam-gamed' are not substitute for talking to people.
asciilifeform: the ~other~ engineering heuristic that's absolutely imho grand, and that i stole from mircea_popescu , is 'there is not a mechanical substitute for coming to an understanding with the people you live and work with'
mimisbrunnr: Logged on 2018-03-22 17:23 lobbes: To run with the house analogy: my current vps arrangements feel more like 'condominium' than 'roomies sharing a house'. E.g. I could set up a cronjob to blow away /var/www/ every hour if I felt like it. No need to consult (nor do I see) other renters
a111: Logged on 2018-03-22 17:31 asciilifeform: back to the 'let's remove pretenses' -- let's put on record for the log: the 'traditional' style of vps is quite heavy in overhead, because pointlessly emulates for each inhabitant 'you have a i-cant-believe-its-not-a-physical-box-with-physical-nic-and-disks-etc' item
lobbes: Ah okay. Thank you asciilifeform, this http://btcbase.org/log/2018-03-22#1788767 satisfied my http://logs.bvulpes.com/pizarro?d=2018-3-22#317425 inquiry sufficiently ☝︎
ben_vulpes: was more interested in the adults with beer and teenaged girls
mircea_popescu: imo brits are the dumbest of animals, and for two reasons : the constant rape the muslims put them through, and the constant rape the real estatists put them through.
ben_vulpes: last time i was in england i was like 14
ben_vulpes: not even japan with the traditional every-30-year rebuild of housing stock?
mircea_popescu: ever been to england btw ? worse wastage of construction materials never was seen.
asciilifeform: and the friction is substantial and is in fact not 60 but 90+% of the resources spent at shitazon etc
mircea_popescu: ben_vulpes nah, walls in apt building is the linux user system. you're thinking of english "cottages" piled up in town, each with their 3 sq ft "garden" in front.
asciilifeform: not only cpu; they all share bus, and nic