HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zsims

no profile record

comments

zsims
·il y a 2 ans·discuss
Tradeoff is all the edge cases of cookies, CSRF etc. It's not a simple "cookies are better"
zsims
·il y a 2 ans·discuss
> The U.S. government wants everyone to abandon C/C++ -- how will they do this if they depend on SQLite3?

ABI, the same way you don't need the Linux kernel to be rewritten to remove your app dependency on C/C++
zsims
·il y a 2 ans·discuss
We do, I want to know if it's going to rain on my birthday
zsims
·il y a 2 ans·discuss
> Whilst Crowdstrike are going to cop a potentially existential-threatening amount of blame, an application shouldn't be able to do this kind of damage to an operating system.

It doesn't operate in user space, they install a kernel driver.
zsims
·il y a 2 ans·discuss
Blame for Flash? Or celebrated for killing Flash?

Flash was a security nightmare
zsims
·il y a 2 ans·discuss
There are other paths to the attack he mentioned. Eg you find an API that accepts ciphertext or part of. Or a cloud backup/restore flow. Likely you need another vulnerability but it does happen.
zsims
·il y a 2 ans·discuss
The problem is, it's not their software. No control over Slack, Outlook etc
zsims
·il y a 2 ans·discuss
Useful because you can support existing passwords without requiring everyone to login or reset their password. Still has flaws though, like password shucking.
zsims
·il y a 2 ans·discuss
Western Australia could be the ongoing emu war - https://en.wikipedia.org/wiki/Emu_War
zsims
·il y a 4 ans·discuss
If the patch gap is small, yes. But are you patching V8? Node generally isn't.