HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zsims

no profile record

comments

zsims
·2 yıl önce·discuss
Tradeoff is all the edge cases of cookies, CSRF etc. It's not a simple "cookies are better"
zsims
·2 yıl önce·discuss
> The U.S. government wants everyone to abandon C/C++ -- how will they do this if they depend on SQLite3?

ABI, the same way you don't need the Linux kernel to be rewritten to remove your app dependency on C/C++
zsims
·2 yıl önce·discuss
We do, I want to know if it's going to rain on my birthday
zsims
·2 yıl önce·discuss
> Whilst Crowdstrike are going to cop a potentially existential-threatening amount of blame, an application shouldn't be able to do this kind of damage to an operating system.

It doesn't operate in user space, they install a kernel driver.
zsims
·2 yıl önce·discuss
Blame for Flash? Or celebrated for killing Flash?

Flash was a security nightmare
zsims
·2 yıl önce·discuss
There are other paths to the attack he mentioned. Eg you find an API that accepts ciphertext or part of. Or a cloud backup/restore flow. Likely you need another vulnerability but it does happen.
zsims
·2 yıl önce·discuss
The problem is, it's not their software. No control over Slack, Outlook etc
zsims
·2 yıl önce·discuss
Useful because you can support existing passwords without requiring everyone to login or reset their password. Still has flaws though, like password shucking.
zsims
·2 yıl önce·discuss
Western Australia could be the ongoing emu war - https://en.wikipedia.org/wiki/Emu_War
zsims
·4 yıl önce·discuss
If the patch gap is small, yes. But are you patching V8? Node generally isn't.