“you thought you did something there, didn’t you?”

  • 0 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: September 25th, 2023

help-circle

  • Non-misandry/-sexism version:

    A meme was made posing the humorous rhetoric of whether sex A would rather be stuck on an island with sex B or a bear. No distinction was made about the character of the sex B persona or the bear persona, it was left as a fill-in-the-blank for those who respond to rhetoric.

    Sex B largely understood this to be stereotyping and hate speech directed towards them at large without any distinction about whom the rhetoric was implying. Audience was then divided between those who recognize equality and sexism versus those who believe either only apply to marginalized groups

    with love, from an agender









  • You know what’s ironic about all this is, as someone who has seen game dev pitches (not good ones), they arguably had their shit together more than most aspiring game devs. Looking back at the skeletals, ya know they actually may have had a chance of getting somewhere. They knew absolutely nothing about the technical side, but hardly any game devs actually do. They probably still stand a better chance today of developing this than some game studios asset-mashing in Unity or Unreal. That’s the true state of game dev.





  • yeah OP needs to provide this detail specifically as it changes everything.

    If the Ethernet jack was not on a desk, then it wasn’t there for them to use. If they unplugged a cable to make it accessible, that is unfortunately enough to be considered tampering.

    If an Ethernet jack was not expressly provided, unoccupied, at the technology access station then yes the access to Ethernet information facilities was unauthorized and illegitimate and could carry legal ramifications. Say what you want about proprietary wifi drivers, you get the access you are given and any attempts to gain further access without authorization are defined as intrusion attempts and will more likely than not be treated as such to some degree. Because honestly, the libraries aren’t funded enough to have great security and Ethernet security is harder than WiFi security in practice, despite the challenges being characterized by the same principles.


  • If I were to fully elaborate, I’d be typing for hours, so I’ll sum up:

    • pip - default behavior is to install to system-wide site packages. In a venv, it will try to upgrade/uninstall system packages without notice/consent unless you specify --require-virtualenv. Multiple things can fuck up your ENV to make the python binaries point to system-wide, while your terminal will still show you as in a venv. Also why TF would package metadata files need to be executable? Bad practice, -1/10
    • nix - they acknowledged years ago that they should probably have some kind of package signing and perhaps an SBOM or similar mechanism, but then did nothing to implement it and just said “oh well, guess we’re vulnerable to supply chain attacks, best not to think about it”
    • brew - installing packages parallel to your system packages manager, without containers. My chief complaint here is that brew is a secondary package manager that people might treat as a “set and forget” for some packages, rarely updating them. So what happens when a standard library used by a brew package is vuln? A naive Linux user might update their system packages but totally forget to update brew. And when updating brew, you can easily hit max_open_file_descriptors because kitchen sink

    From there, it’s all extremely nit-picky and paranoid-fueled-- basically, none of the package managers I mentioned are conducive, in my eyes at least, to a secure and intuitive compute environment.

    Unfortunately, there’s not much I can do about it except bang pots and pans and throw maintainers under buses when the issue that has been present for years rears it’s ugly head. Because they are the only ones who can change this, and pressure is the only thing that might motivate them to.