HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zsims

no profile record

comments

zsims
·2 tahun yang lalu·discuss
Tradeoff is all the edge cases of cookies, CSRF etc. It's not a simple "cookies are better"
zsims
·2 tahun yang lalu·discuss
> The U.S. government wants everyone to abandon C/C++ -- how will they do this if they depend on SQLite3?

ABI, the same way you don't need the Linux kernel to be rewritten to remove your app dependency on C/C++
zsims
·2 tahun yang lalu·discuss
We do, I want to know if it's going to rain on my birthday
zsims
·2 tahun yang lalu·discuss
> Whilst Crowdstrike are going to cop a potentially existential-threatening amount of blame, an application shouldn't be able to do this kind of damage to an operating system.

It doesn't operate in user space, they install a kernel driver.
zsims
·2 tahun yang lalu·discuss
Blame for Flash? Or celebrated for killing Flash?

Flash was a security nightmare
zsims
·2 tahun yang lalu·discuss
There are other paths to the attack he mentioned. Eg you find an API that accepts ciphertext or part of. Or a cloud backup/restore flow. Likely you need another vulnerability but it does happen.
zsims
·2 tahun yang lalu·discuss
The problem is, it's not their software. No control over Slack, Outlook etc
zsims
·2 tahun yang lalu·discuss
Useful because you can support existing passwords without requiring everyone to login or reset their password. Still has flaws though, like password shucking.
zsims
·2 tahun yang lalu·discuss
Western Australia could be the ongoing emu war - https://en.wikipedia.org/wiki/Emu_War
zsims
·4 tahun yang lalu·discuss
If the patch gap is small, yes. But are you patching V8? Node generally isn't.