ysjet @ ysjet @lemmy.world

Posts

1

Comments

337

Joined

2 yr. ago

yes, it's a known problem that one party has managed to 'stack' the entire judicial system with their judges.

It's not an 'if', it's an absolute guarentee. This isn't a new play, this has been their gameplan every single time they do these sort of things.

I think the key here is of they were truly a demo username/password. If they were, there's an expectation of use there.

The problem here is "reasonable court." One party in the US has spent decades stacking the courts with unreasonable judges who will agree to anything a corporation hands them.

Possibly, but I'll just transcribe it here for screenreaders and people who can't see through the pixelation:

Linux Error Messages That Go Hard Starter Pack

    
ERROR: Failed to mount the real root device.
Bailing out, you are on your own. Good luck.


  

    
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
   sysvinit initscripts (due to sysvinit) sysv-rc (due to sysvinit) util-linux
0 upgraded, 0 newly installed, 198 to remove and 3 not upgraded
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
 ?] 


  

    
(12/19) upgrading linux-raspberrypi
WARNING: /boot appears to be a seperate partition but is not mounted.
         You probably just broke your system. Congratulations.
>>> Updating module dependencies. Please wait...


  

    
[   0.895799] ---[ end Kernel panic - not syncing: VFS: Unable to mount root fs 
on unknown block(0,0)


  

    
  _______________________________
< Your System ate a SPARC! Gah! >
  ------------------------------
            \    ^__^
              \  (xx)\_________
                 (__)\         )\/\
                  U   ||-----w |
                      ||      ||


  

    
Out of memory: Kill process 15745 (postgres) score 10 or sacrifice child

  

Regardless of if they actually hired a hitman, it's very clear that Boeing harassed and psychologically attacked this man to the point of him ending up dead.

Whether they actually hired a man to pull that trigger or convinced him to pull it himself, legally his murder would be on their hands and they damn well need charged for it.

Frankly speaking, whether or not a hitman was hired, Boeing is culpable.

Organizing a concerted effort to drive someone to suicide is just as illegal as murdering them. End of story.

The funny thing is, their fees aren't high. You just got duped by Epic's propaganda that 30% was high.

In fact, it's vastly lower than the previous alternative, which was in store and took almost twice as much more of the cut.

Even today, 30% is standard for a digital eshop (Nintendo, Sony, Microsoft, Apple), except Valve offers more services and benefits than all of them combined.

Because every other dev here is saying that on-premise work isn't actually needed for for devkits, and this guy has a definite vibe of "man, if I don't defend the multi-million dollar game corporations, no one else will!"

Because they can use the phone company records to say "We think you were here when this "violent riot" happened (actually just a protest that police started shooting at protestors because they know they'll get away with it), you're arrested". And cops don't care if you're recording, they'll either break your phone or shoot you anyway and then claim it was self defense.

np

gdb gives you waaaaaaaaaaaaaaay more than a stack trace.

https://wiki.ubuntu.com/Apport

It intentionally acts as an intercept for such things, so that core dumps can be nicely packaged up and sent to maintainers in a GUI-friendly way so maintainers can get valuable debugging information even from non-tech-savvy users. If you're running something on the terminal, it won't be intercepted and the core dump will be put in the working directory of the binary, but if you executed it through the GUI it will.

Assuming, of course, you turn crash interception on- it's off by default since it might contain sensitive info. Apport itself is always on and running to handle Ubuntu errors, but the crash interception needs enabled.

Imagine if you knew the most basic foundational features of the language you were using.

Next we'll teach you about this neat thing called the compiler.

Dude is a trumpet, I've seen him elsewhere trying to shill.

Correct, I agree you run it with an eye on it (which you should probably do anyway) instead of firing and forgetting (which, to nginx's credit, is typically stable enough you can do that just fine).

That said, nginx treats experimental as something you explicitly run in production- when they announced they added it into experimental they actually specifically say to run it in prod in an A/B setup.

https://www.nginx.com/blog/our-roadmap-quic-http-3-support-nginx/

Because the entire design of it is to mathematically prevent you from having the option to hack or block the ads. THe way to get around it is to... not use chrome.

Really dude? I never once devolved to name calling, I stated that s/he lied when s/he made false statements. What else am I supposed to say there?

I also don't understand how saying they doesn't know what the subject matter s/he's taking a stance on is 'know-knowing' either? S/He's straight up said they doesn't know what a CVE is, doesn't know what experimental means, and while they claims to be in this field of work, they doesn't know what a web worker is and confused a web transaction with a database transaction.

Sure, I could have been nicer about it when they started escalating, but I never made it personal, and have no intentions of doing so either.

EDIT: realized I was assuming their gender.

1. I'm glad we agree a DoS is a vulnerability.
2. CVE best practices state that CVEs are required to be assigned to experimental features. F5's company policy is that CVE best practices are followed. F5 is the company that owns nginx. Therefore, it was required. Nice 'legal requirement' strawman. Also, 'Common' in this situation is not defined as 'Widespread; prevalent,' it's defined as 'Of or relating to the community as a whole; public.'
3. That was a typo regarding 'stable,' my bad. I meant to say 'It is just not available on stable, but is both via commercially and via the open source version.' However, it's still available on commercial versions and open source, and 'non-stable' versions are not inherently unstable, they're just called 'mainline'. Proof: https://nginx.org/en/download.html Stable is basically just 'long term support/LTS' versions of nginx.
4. Again, you are intentionally misusing the definitions of the word common. Lets see what MITRE has to say about it, hmm?

   Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE's common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization's security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.

Source: https://cve.mitre.org/about/

5. Yes, I would consider notifying the development mailing list as 'quietly' fixing it, as most all companies using it will not be on the development mailing list. It's meant to be an area for developers to discuss things. They didn't inform the public, they informed the devs.
6. Where are you getting database from? You've randomly pivoted into talking about database transactions then started babbling about how you somehow think using a production mainline release with production options on a fully supported commercial binary is somehow inherently unsafe, as though it wouldn't still be in dev or test.

Since you seem to have no idea about how web servers work, or indeed, experimental features, I'll let you in on a secret- The only difference between a non-experiemntal option in nginx and an experimental option is that they're unsure if they want that feature in nginx, and are seeing how many people are actually using it/interested in, or they think that usage patterns of the feature might indicate another, better method of implementation. "Experimental" does not mean "unfinished" or "untested."

If you know nothing about programming, CVEs, or even web engines, please stop embarrassing yourself by trying to trumpet ill-thought out bad takes on subjects you don't understand.

There is an astounding number of lies in your post, good lord.

1. It is an issue. A DoS is a fairly serious vulnerability, and very much is a vulnerability.
2. Experimental features are explicitly defined to require their vulnerabilities to be assigned CVEs.
3. It is not just available on the stable version, but both commercially and via the open source version.
4. CVEs are not just for serious issues, they are for vulnerabilities. All vulnerabilities. It is a number that allows you to reference an vulnerability, nothing more, nothing less.
5. Mentioning a CVE on the mailing list is the absolute least they should be doing.
6. 'workers can just be restarted anyway' shows a deep misunderstanding of what a worker does. Any pending or active transactions that worker had now hangs, meaning that the service is still being denied. Trying to recover automatically from a DoS does not mean the DoS is not happening- it just means that the DoS is slower to get rolling, or intermittently seems to work mid-DoS.