[-] Static_Rocket@lemmy.world 8 points 1 day ago

I could appreciate a client certification that is optional, like a list of approved clients on their website or something along those lines.

It should not be enforced by killing the client. I like security, but I enjoy software freedom more.

[-] Static_Rocket@lemmy.world 39 points 2 months ago* (last edited 2 months ago)

I want the statistic on how many Google employees use ad blockers now. It's basically a necessity.

[-] Static_Rocket@lemmy.world 120 points 4 months ago* (last edited 4 months ago)

I was working at a company at one point that got a contract to build something I viewed equivalent to malware. Immediately I brought it up to several higher-ups that this was not something I was willing to do. One of them brought up the argument "If we don't do it someone else will."

This mentality scares the shit out of me, but it explains a lot of horrible things in the industry.

Believing in that mentality is worse than the reality of the situation. At least if you say no there's a chance it doesn't happen or it gets passed to someone worse than you. If you say yes then not only are you complicit, you are actively enforcing that gloomy mentality for other engineers. Just say no.

[-] Static_Rocket@lemmy.world 69 points 4 months ago* (last edited 4 months ago)

Microsoft tried to lock a development feature behind a paywall by introducing an artificial dependency on Visual Studio.

This also happened to occur right around the time there were also licensing and hosting issues around open source libraries. The manipulation of the .NET foundation was the really concerning part. Made it clear that MS still doesn't give a damn about the wider community using their language.

[-] Static_Rocket@lemmy.world 92 points 4 months ago

A thinly veiled M$ ad, trying to save face after the .NET fiasco of 2021...

[-] Static_Rocket@lemmy.world 56 points 7 months ago

Cross platform! You know, accessible across all our platforms

[-] Static_Rocket@lemmy.world 53 points 8 months ago

openbenchmarking.org

[-] Static_Rocket@lemmy.world 87 points 8 months ago* (last edited 8 months ago)

The most useful quote to those familiar with the linux boot process:

“An attacker would need to be able to coerce a system into booting from HTTP if it's not already doing so, and either be in a position to run the HTTP server in question or MITM traffic to it,” Matthew Garrett, a security developer and one of the original shim authors, wrote in an online interview. “An attacker (physically present or who has already compromised root on the system) could use this to subvert secure boot (add a new boot entry to a server they control, compromise shim, execute arbitrary code).”

If an attack needs root then it doesn't matter. Your box is toast anyway. If you're using http boot without verification then you should have seen a MITM attack coming.

[-] Static_Rocket@lemmy.world 45 points 9 months ago

Who could have possibly seen that coming? It's almost like anything other than server side anticheat is conceptually broken! (See the monitors with ML map assist and the past 20 years of client exploits). And that's ignoring the currently strong financial incentives of breaking these things...

[-] Static_Rocket@lemmy.world 118 points 9 months ago

significant economic harm to our company

Oh! I have a solution! Make it a local API you fucking goofs.

[-] Static_Rocket@lemmy.world 177 points 11 months ago

0.0.0.0/0 0::0/0

You didn't specify it couldn't be in CIDR block notation...

[-] Static_Rocket@lemmy.world 43 points 11 months ago

Bottom for life (or at least until something with more stats comes out)

view more: next ›

Static_Rocket

joined 1 year ago