WTF Bites
-
@HannibalRex said in Deep Learning:
@pie_flavor I don't remember the exact context, but another student in a discussion class of mine said, in all seriousness, that deep neural networks should be trained by other deep neural networks. We ended class.
This reminded me of a database class I took as a sophomore in college. One student completely derailed a lecture on intro-level SQL, turning it into a 20-minute argument with a frustrated professor. This student made the claim that SQL was highly inefficient, and the best way to access a database was directly, in binary. Binary is so much faster than text, and that's how the real world does it, and that's what he (the student) has always done any time he had to deal with databases.
This student was, IIRC, something like a fourth or fifth-year freshman who continually failed the intro-level CS courses, and he was a poster child for the Dunning-Kruger Effect. I ran into him about 2 years after I graduated, and he didn't remember who I was, but he told me how he was such a talented programmer and I needed to hire him at my company even though he was still struggling through the intro-level CS courses.
-
best way to access a database was directly, in binary. Binary is so much faster than text
Note to self: writing assembly is very inefficient, better write binary! So much faster than text.
-
We just upgraded to Jira 7. Ugh. So slow! I'm starting to understand the Jira hate around here.
-
best way to access a database was directly, in binary. Binary is so much faster than text
Note to self: writing assembly is very inefficient, better write binary! So much faster than text.
@error_bot !xkcd real programmers
-
@Gąska Do you have any idea how slow butterflies are?
-
best way to access a database was directly, in binary. Binary is so much faster than text
Note to self: writing assembly is very inefficient, better write binary! So much faster than text.
That sounds like something he would have said.
-
@Gąska Do you have any idea how slow butterflies are?
The compilation might be slow - but think how much faster the runtime will be!
-
@Gąska Do you have any idea how slow butterflies are?
The compilation might be slow - but think how much faster the runtime will be!
Yeah, 343 m/s (at room temperature) is not really that fast.
-
Little WTF of my day:
Brexiteer: You see, the backstop violates the Good Friday Agreement (GFA) because it states that alterations between the relationship of Ireland and Northern Ireland are subject to consent*)! And thus the backstop is illegal!
Me: Erm, okay, there's one small problem with your argument: Brexit is also such an alteration. Wouldn't that mean that any kind of Brexit would also be illegal, particularly in light of the fact that the majority of NI voted Remain?
Brexiteer: *head explodes*
*) "Consent" as in: Subject to a popular vote
-
@Rhywden damn, that teeny tiny part of teeny tiny island is causing so many problems to UK. One wonders whether it was worth it after all.
-
@Rhywden damn, that teeny tiny part of teeny tiny island is causing so many problems to UK. One wonders whether it was worth it after all.
The best part is that NI may very well consider reunification with the republic after a Brexit if things go really south. I mean, despite the rumblings of some NI politicians, there's currently not much appetite for a referendum.
I dare say that this will change when the whole mess directly and unequivocally impacts their wallets.
I'm really interested what the sheep farmer's opinion will be who stated that he would vote for Brexit again. Even though he exports 70% of his sheep into the EU.
-
The best part is that NI may very well consider reunification with the republic after a Brexit if things go really south. I mean, despite the rumblings of some NI politicians, there's currently not much appetite for a referendum.
What's the actual popular support of the DUP? I'm
to look it up.
-
@PleegWat 36% at the vote in 2017
-
This news article on a piece of YouTuber gossip has "UPDATE!" appended to the headline.
The update is that an hour after they posted it, they had to retract a false statement.
Somehow they were able to turn that into clickbait.
-
Status: The small WTF is this six-level if-tree that has else if branches...
-
I dare say that this will change when the whole mess directly and unequivocally impacts their wallets.
That's one thing I think won't happen. The politicians in question are way too good at stubbornly saying NO to everything, and unification with the Irish Republic would effectively strip them of their power, which is the most important thing to them, possibly even beyond their very lives.
They're assholes. They've been assholes for decades at least, possibly centuries, so there's no chance of that changing.
-
@levicki said in WTF Bites:
@Gąska said in WTF Bites:
@topspin I have no spouse, no children, no real estate, no registered business, and no other special exemptions, so my tax case is very simple.So, according to yourself you don't have a life?
Oh, he has a life. Getting rid of a spouse is much more costly than getting rid of a girl friend, and usually involves getting rid of real estate, too.
Without such unnecessary bounds, life becomes easy and full of choices.
Enjoy!
-
@BernieTheBernie said in WTF Bites:
Cisco expects an über password, which must contain an umlaut, a whitespace character, and at least one character of at least 2 different non-Latin alphabets each.
QV&Ä タ%Dfvv68fगrbnYour faith in Cisco is disturbing.
I would rather bet that it removes all symbols, numbers, duplicate characters, and casing and thus complains that qvdfrbn is way too easy to guess.You remind me of Siemens Medical Solutions' hospital information system: only the first 12 characters of the password were required for authentication, though your password could be longer.
-
-
One of the guys in my team at my current gig done the needful today...
He wrapped up a commit and sent the code review to our test leader instead of me, so I never saw his code. Our test leader don't do code, but he's an excellent test leader. He accepted the code as is, and tried to build it for his tests. Unit tests failed with FileNotFoundException. I only sorta overheard this happening being busy with figuring out why the fuck a request was bombing out with a 500 error in the master branch.
A couple of hours later that team member pokes his head over and wonders if I can help him out, because he cant recreate the problem in the build environment on his local setup.Well, he was loading a file in a test from his own C: drive. With a hard coded path full path. And it wasn't even in the git repo.
He's not the sharpest cucumber in the tool box.
-
He's not the sharpest cucumber in the tool box.
So he's quite a pickle to deal with?
-
@loopback0 said in WTF Bites:
Without further context, I can only assume:
"My husband left me when I told him I was pregnant. Let's plant a garden!"
-
@Tsaukpaetra said in WTF Bites:
@loopback0 said in WTF Bites:
Without further context, I can only assume:
"My husband left me when I told him I was pregnant. Let's plant a garden!"'OK, OK. Pitch for a new indie game; it's Stardew Valley but terribly depressing'
-
Minor annoyance but every time I bring up the Find In Files dialog in Visual Studio, it prepopulates the box with whatever is under my text cursor; which is not at all what I want 99% of the time. Almost always I want to either repeat the same search I did last time, or tweak it a little (especially if it's a regex search, or I just want to change the scope of the searched files).
It makes me retype it or find it in the MRU list every, damn, time.
Edit: even better would be if the damn thing just stayed open after a search
Editedit: and it does if it's docked, but not floating? But it takes up way too much room to stay docked when I'm not using it.
-
-
A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts
One researcher's discovery suggests troubling oversights in Boeing's cybersecurity.
I think the Boeing management picked the wrong
weekyear to snop sniffing glue.
-
@Zerosquare Good Lord that's a pile of complete rubbish. It would take me 10x as many pages to explain why it's so wrong. Just another case of someone who maybe knows a little bit about Ethernet freaking out over Ethernet on aircraft, without any understanding of how Ethernet on aircraft is a billion times different than Ethernet as we know it in IT.
-
If Boeing's implementation was done correctly, yeah, it's rubbish. The question is: was it? Given what we've learned about them recently, I think a reasonable doubt exists.
-
He suggests that for a hacker, exploiting those bugs could represent one step in a multistage attack that starts in the plane’s in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.
No. A hundred times no, for a hundred different reasons.
Boeing flatly denies that such an attack is possible, and it rejects his claim of having discovered a potential path to pull it off.
Regardless of the 737 MAX fiasco, Boeing is correct in this matter.
Santamarta himself admits that he doesn't have a full enough picture of the aircraft—or access to a $250 million jet—to confirm his claims.
I suggest he forget about the plane and spend some time reading the ARINC 664 specification. Everything he thinks he discovered is outright prevented by this spec in many, many different ways.
Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane's network.
Maybe, but you'd have to already have kernel-mode access to the computer in question, along with a few hundred grand in tooling and compilers.
An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.
Nope. Nopety nope. To do this, you would have to have complete documentation over the plane's entire network, along with config access to its core avionics switches to even allow data to flow from the entertainment system to anything else. This stuff is all tightly policed by very expensive avionics switches that have a hard-configured map of which physical ports are allowed to transmit to which other physical ports, how often they can transmit, how much they can send per frame, and none of this can be altered unless the plane is on the ground and in maintenance mode.
Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible.
This.
Santamarta admits that he doesn't have enough visibility into the 787's internals to know if those security barriers are circumventable.
So he's talking out his rectum.
But he says his research nonetheless represents a significant step toward showing the possibility of an actual plane-hacking technique.
No, his research proves that he knows far, far less than he supposes.
But Boeing counters that it has both "additional protection mechanisms" in the CIS/MS that would prevent its bugs from being exploited from the ODN, and another hardware device between the semi-sensitive IDN—where the CIS/MS is located—and the highly sensitive CDN. That second barrier, the company argues, allows only data to pass from one part of the network to the other, rather than the executable commands that would be necessary to affect the plane's critical systems.
Emphasis mine. Anything the noncritical network receives from the flight control network passes through an Ethernet transmitter that has no receiver. Blast anything you want at this bridge from the in-flight Wi-Fi, it doesn't matter because there's nothing there even capable of listening to you. The receive pins go nowhere.
He previously hacked a Panasonic Avionics in-flight entertainment system.
Skimmed the linked article. He hacked the computer/screen in the seat in front of him, nothing more. He never gained access to anything critical.
he presented vulnerabilities in satellite communication systems that he said could be used to hack some non-sensitive airplane systems.
Skimmed that article, too. His "vulnerability" is called a radio jammer.
The Aviation Industry Sharing and Analysis Center shot back in a press release that his findings were based on "technical errors."
Based on this article, I'd agree with this.
But even granting Boeing's claims about its security barriers, the flaws Santamarta found are egregious enough that they shouldn't be dismissed, says Stefan Savage, a computer science professor at the University of California at San Diego, who is currently working with other academic researchers on an avionics cybersecurity testing platform. "The claim that one shouldn't worry about a vulnerability because other protections prevent it from being exploited has a very bad history in computer security," Savage says. "Typically, where there's smoke there's fire."
The protections that exist are there precisely to prevent it. In the words of Raymond Chen, "It rather involved being on the other side of the airtight hatch." And the only smoke here is the smoke this guy is blowing up the reporters' bums.
Savage points in particular to a vulnerability Santamarta highlighted in a version of the embedded operating system VxWorks, in this case customized for Boeing by Honeywell. Santamarta found that when an application asks to write to the underlying computer's memory, the tailored operating system doesn't properly check that it's not instead overwriting the kernel, the most sensitive core of the operating system.
That's not a vulnerability in VxWorks. That's just how it works. Everything, including the kernel, is in one big process. You can write anything to anywhere, at least during init. That's why flight-certified software is not allowed to malloc or free after init, because that prevents the "vulnerability" he thinks he found in this case. And if you have any mallocs or frees after init, your software doesn't get certified for flight. Everything is initialized during initialization, on the ground, and after that you have no memory freedom to allocate or alter your pointers or anything like that.
"Every piece of software has bugs. But this is not where I’d like to find the bugs. Checking user parameters is security 101," Savage says. "They shouldn't have these kinds of straightforward vulnerabilities, especially in the kernel. In this day and age, it would be inconceivable for a consumer operating system to not check user pointer parameters, so I'd expect the same of an airplane."
I'm not really sure what he's going on about, except for proving he knows very little about VxWorks or the flight certification process for safety-critical software.
"But saying, 'It doesn’t matter because there are mitigations further down' isn’t that good an answer. Especially if some of the mitigations turn out to be not as robust as you think they are."
Suddenly, I'm really, really worried about the firmware on the USB flash drive in my safety deposit box. What if there's a kernel buffer overflow vector there, and armed thieves break into the bank and steal the flash drive?
To be fair, there may be vulnerabilities somewhere. But not that this guy has found, as reported in the article.
-
@Zerosquare said in WTF Bites:
If Boeing's implementation was done correctly, yeah, it's rubbish. The question is: was it? Given what we've learned about them recently, I think a reasonable doubt exists.
Not sure how much I can say because potential NDA's and such, but I can definitely say that my company was involved with the 787. And I'm one of our occasional travelling trainers who teaches paid classes on how Ethernet is implemented and used on aircraft (ARINC 664). That standard is specifically designed to mitigate the "vulnerabilities" this guy thinks he found, and in this case, I know that the guys who sell the $100,000 flight-certified avionics switches (those are non-Boeing parts, by the way) that go on the 787 know what they're doing.
This guy is probably a competent and intelligent PC or network programmer, but he doesn't have the domain knowledge in avionics to realize just how wrong he is. I'm reminded of the time when I was a kid, when I figured out how to put application launch icons in a PowerPoint slide, and I thought I'd just created an operating system.
EDIT: I'm sure there are vulnerabilities and bugs. Modern aircraft are quite complicated. I just don't believe a guy who demonstrates near-zero domain knowledge on avionics when he claims he found an avionics vulnerability.
-
Good to know.
-
Why the hell doesn't word have a simple, minimal template for letters?
When I want to create a document from a template (instead of an empty one) and search for letter, I get this:
All I want is a simple template with two fields for sender and receiver address, a date and maybe even a subject line. That's it. No colors, no logos, none of that other bullshit. All it has to offer is "letterhead with blue spheres", "letterhead in earth colors", "letter about expiring benefits in the health system", and other shit like that nobody needs.
Seriously, a simple template would probably suffice for 95% of private letters, whereas all of these are useful to approximately nobody, within margin of error.I mean, I can type this myself from a blank document, but I don't want to check the correct formatting/positioning of the address fields when I put the letter in a window envelope.
Not sure about ISO, but there's a DIN standard for this. Even the post office website details the format:
There's a download button for a "Normbrief", too, but that's for a PDF with forms and I didn't want to use that.
-
Seriously, a simple template would probably suffice for 95% of private letters, whereas all of these are useful to approximately nobody, within margin of error.
No self-respecting graphic designer would stoop so low as to create a simple template, not when they can make all that other flashy nonsense!
-
Seriously, a simple template would probably suffice for 95% of private letters, whereas all of these are useful to approximately nobody, within margin of error.
No self-respecting graphic designer would stoop so low as to create a simple template, not when they can make all that other flashy nonsense!
In any way related to "for this beginner's JS tutorial on variadic functions, we'll use a Haskell-style Y-combinator"? Yeah, seems about right.
-
Why the hell doesn't word have a simple, minimal template for letters?
Blank Document
edit: mine has "Basic Cover Letter" which seems to disappear if you actually search for any of the terms "Basic", "Cover" or "Letter".
-
@topspin I just use latex for letters.
-
I figured out how to put application launch icons in a PowerPoint slide, and I thought I'd just created an operating system.
Kek. I had powerpoint calling out to SAPI on demand to speak the slides. Everyone thought it was cool. Nobody thinks it's cool anymore.
-
@loopback0 said in WTF Bites:
Why the hell doesn't word have a simple, minimal template for letters?
Blank Document
edit: mine has "Basic Cover Letter" which seems to disappear if you actually search for any of the terms "Basic", "Cover" or "Letter".
That's because when you see the Basic Cover Letter template, it's loading from the local template store. Microsoft simply didn't upload the default local templates to their online repository, so when you type stuff and it searches said online repo, you can't find it.
-
But it takes up way too much room to stay docked when I'm not using it.
You can try to dock it and make that dock auto-hiding (in context menu of the dock). That should count as docked, but only takes up a tab stripe unless you focus it.
-
@Cursorkeys said in WTF Bites:
What was the terrible password?
QV&%Dfvv68frbnWhat the hell is a strong password Cisco
I entered a password like
tu45uMS7cR33Lfls1qtP9rRaUehSYtCsAxK36jBa3pxeXu3kWFcMCq7lAiwbufmsomewhere recently and was told it was too weak and I needed to add symbols to it.
-
@Tsaukpaetra said in WTF Bites:
@loopback0 said in WTF Bites:
Why the hell doesn't word have a simple, minimal template for letters?
Blank Document
edit: mine has "Basic Cover Letter" which seems to disappear if you actually search for any of the terms "Basic", "Cover" or "Letter".
That's because when you see the Basic Cover Letter template, it's loading from the local template store. Microsoft simply didn't upload the default local templates to their online repository, so when you type stuff and it searches said online repo, you can't find it.
It seems to have fixed itself now.
-
@ben_lubar said in WTF Bites:
I entered a password like
tu45uMS7cR33Lfls1qtP9rRaUehSYtCsAxK36jBa3pxeXu3kWFcMCq7lAiwbufmsomewhere recently and was told it was too weak and I needed to add symbols to it.Mind if I reuse it then? I'd hate seeing it go to waste.
-
No self-respecting graphic designer would stoop so low as to create a simple template
On the other hand, I seriously doubt the default styles were created by self-respecting graphic designer.
-
@Tsaukpaetra said in WTF Bites:
so when you type stuff and it searches […] you can't find it.
Yet more proof (if it was still needed) that to Microsoft, search is always difficult.
-
Mind if I reuse it then? I'd hate seeing it go to waste.
No, don't do that. The passwords mentioned here will be scraped by some password collection bot and used for attacks. Hence using any of these passwords means an enormous vulnerability.
-
@BernieTheBernie said in WTF Bites:
Mind if I reuse it then? I'd hate seeing it go to waste.
No, don't do that. The passwords mentioned here will be scraped by some password collection bot and used for attacks. Hence using any of these passwords means an enormous vulnerability.
-
@ben_lubar said in WTF Bites:
I entered a password like
tu45uMS7cR33Lfls1qtP9rRaUehSYtCsAxK36jBa3pxeXu3kWFcMCq7lAiwbufmsomewhere recently and was told it was too weak and I needed to add symbols to it.Mind if I reuse it then? I'd hate seeing it go to waste.
Might need some bigger Post-It notes to write it on.
-
@ben_lubar To be fair, it is one of the top five most-used passwords:
lovesexGodtu45uMS7cR33Lfls1qtP9rRaUehSYtCsAxK36jBa3pxeXu3kWFcMCq7lAiwbufmsecret
-
@hungrier Wait, you are saying
passwordisn't among five most used passwords?
-
@Bulb Not according to the documentary I watched in the 90s
x.com
