HackerTrans
TopNewTrendsCommentsPastAskShowJobs

phonethrowaway

no profile record

comments

phonethrowaway
·há 4 anos·discuss
I'm so excited for this: https://www.kickstarter.com/projects/bigme/bigme-worlds-firs...

Basic color support for syntax highlighting is what I've been waiting for...
phonethrowaway
·há 4 anos·discuss
it doesn't say meta, duh
phonethrowaway
·há 4 anos·discuss
flask-security is a trivial addon.
phonethrowaway
·há 5 anos·discuss
they don't even address shell escape injection which is definitely possible...
phonethrowaway
·há 5 anos·discuss
The farm bill made all hemp derived products legal federally at long as they contain only trace amounts of Delta 9 THC. Delta 8 and THC-O/acetate are legal. Not as strong, slightly different, but it gets the job done... kinda. Check it out... if you can. Check your state laws.
phonethrowaway
·há 5 anos·discuss
Old isn't janky... hmm... to me janky means duct tape and bubble gum.
phonethrowaway
·há 5 anos·discuss
shell escapes are real attack vector too...
phonethrowaway
·há 5 anos·discuss
the point is it's a feature, not an exploit. control and escape codes are a thing for a reason.

it's worse with web stuff though... and it's a real vector.

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=terminal+es...

https://packetstormsecurity.com/files/162518/AWS-CloudShell-...

https://nvd.nist.gov/vuln/detail/CVE-2017-0899

https://github.com/InfosecMatter/terminal-escape-injections
phonethrowaway
·há 5 anos·discuss
The NSA doesn't need to illegally spy on Americans when an ally can do it for them and then share the data legally.

https://www.nationalarchives.gov.uk/ukusa/

https://en.wikipedia.org/wiki/Five_Eyes
phonethrowaway
·há 5 anos·discuss
ASSESSEE NAME AND ADDRESS ARE NOT AVAILABLE ONLINE PER CA GOV CODE §6254.21
phonethrowaway
·há 5 anos·discuss
name it carbon lol
phonethrowaway
·há 5 anos·discuss
I've seen PAM modules for otp/totp, but that really only adds security if authenticating against a remote machine, if you validate the second factor locally doesn't that still open you to mitm or other exploits? Can you trust your own environment?
phonethrowaway
·há 5 anos·discuss
humanure is a thing
phonethrowaway
·há 5 anos·discuss
most companies have perverse incentives not to clean up fake profiles... just like SoundCloud.