HackerTrans
TopNewTrendsCommentsPastAskShowJobs

phonethrowaway

no profile record

comments

phonethrowaway
·4 tahun yang lalu·discuss
I'm so excited for this: https://www.kickstarter.com/projects/bigme/bigme-worlds-firs...

Basic color support for syntax highlighting is what I've been waiting for...
phonethrowaway
·4 tahun yang lalu·discuss
it doesn't say meta, duh
phonethrowaway
·4 tahun yang lalu·discuss
flask-security is a trivial addon.
phonethrowaway
·5 tahun yang lalu·discuss
they don't even address shell escape injection which is definitely possible...
phonethrowaway
·5 tahun yang lalu·discuss
The farm bill made all hemp derived products legal federally at long as they contain only trace amounts of Delta 9 THC. Delta 8 and THC-O/acetate are legal. Not as strong, slightly different, but it gets the job done... kinda. Check it out... if you can. Check your state laws.
phonethrowaway
·5 tahun yang lalu·discuss
Old isn't janky... hmm... to me janky means duct tape and bubble gum.
phonethrowaway
·5 tahun yang lalu·discuss
shell escapes are real attack vector too...
phonethrowaway
·5 tahun yang lalu·discuss
the point is it's a feature, not an exploit. control and escape codes are a thing for a reason.

it's worse with web stuff though... and it's a real vector.

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=terminal+es...

https://packetstormsecurity.com/files/162518/AWS-CloudShell-...

https://nvd.nist.gov/vuln/detail/CVE-2017-0899

https://github.com/InfosecMatter/terminal-escape-injections
phonethrowaway
·5 tahun yang lalu·discuss
The NSA doesn't need to illegally spy on Americans when an ally can do it for them and then share the data legally.

https://www.nationalarchives.gov.uk/ukusa/

https://en.wikipedia.org/wiki/Five_Eyes
phonethrowaway
·5 tahun yang lalu·discuss
ASSESSEE NAME AND ADDRESS ARE NOT AVAILABLE ONLINE PER CA GOV CODE §6254.21
phonethrowaway
·5 tahun yang lalu·discuss
name it carbon lol
phonethrowaway
·5 tahun yang lalu·discuss
I've seen PAM modules for otp/totp, but that really only adds security if authenticating against a remote machine, if you validate the second factor locally doesn't that still open you to mitm or other exploits? Can you trust your own environment?
phonethrowaway
·5 tahun yang lalu·discuss
humanure is a thing
phonethrowaway
·5 tahun yang lalu·discuss
most companies have perverse incentives not to clean up fake profiles... just like SoundCloud.