The Official Status Thread
-
@Tsaukpaetra said in The Official Status Thread:
Should have skipped Windows 8 Server and went straight to Windows 10 Server.
Yeah, with the kind of hacked shit I need to run on this server, I don't want to worry about these modern nanny OS-s getting in my way.
-
@cartman82 said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
Should have skipped Windows 8 Server and went straight to Windows 10 Server.
Yeah, with the kind of hacked shit I need to run on this server, I don't want to worry about these modern nanny OS-s getting in my way.
Odds are, if it works in Windows 8, it will work in Windows 10.
-
status
Placebo pills cost €24,15 per box.
-
Status: Lol wat.
In other news...
HOLY CRAP LOOK AT THAT UPTIME!!!
-
@Luhmann said in The Official Status Thread:
status
Placebo pills cost €24,15 per box.500mg of WHAT?
-
@ben_lubar said in The Official Status Thread:
@Luhmann said in The Official Status Thread:
status
Placebo pills cost €24,15 per box.500mg of WHAT?
Placebo, obviously!
-
@ben_lubar
But it specifically says so ... lactosum, cellolosum, microcistallinum and magnesii stearas
-
@Tsaukpaetra said in The Official Status Thread:
In any other non-NuGet dependent project, I open the solution, hit F5, and it compiles and runs the default project.
Which... is also what happens when you do use NuGet, automatically pulling the packages before build? Unless you have restore on build turned off, I guess, but why would you?
It might be a little different if you're pulling build targets, but with regular libraries it's effectively transparent.
-
Status: Wondering what the next question is:
I choose to believe it's "do you like cake?"
Filed under: The answer is "Yes"
-
@Onyx said in The Official Status Thread:
I choose to believe it's "do you like cake?"
Are you sure it isn't "u want sum fuk"?
-
@RaceProUK said in The Official Status Thread:
Are you sure it isn't "u want sum fuk"?
Might be.
In which case, I'd appreciate at least a drink first.
-
@anonymous234 said in The Official Status Thread:
Fun fact: aside from this post, no one has mentioned "perl" in this forum in the last 3 months.
I beg to differ https://what.thedailywtf.com/topic/20319/wtf-bites/3849
-
@Onyx said in The Official Status Thread:
@RaceProUK said in The Official Status Thread:
Are you sure it isn't "u want sum fuk"?
Might be.
In which case, I'd appreciate at least a drink first.
-
@homoBalkanus said in The Official Status Thread:
@anonymous234 said in The Official Status Thread:
Fun fact: aside from this post, no one has mentioned "perl" in this forum in the last 3 months.
I beg to differ https://what.thedailywtf.com/topic/20319/wtf-bites/3849
Well then
Fun fact: the search tool in this forum sucks.
-
@cartman82 said in The Official Status Thread:
STATUS:
As best as I can tell, I just had random seed collision on the production. The token generator uses chance.js, which uses mersenne twister with Math.random() as the default seed.
Either I've just had 1 in 100 years event, or something is seriously wrong.
Or is it like PHP that had to have two goes at implementing Mersenne? (And that's just
mt_rand
, the fun ofrand
is another ball of wax entirely)
-
@Tsaukpaetra said in The Official Status Thread:
Ah! So that's what kids are using to hide their porn nowadays!
Can't be. “Growth” has been disabled.
-
@cartman82 said in The Official Status Thread:
Math.random() is a pretty terrible seed.
They just need to throw current timestamp into the seed and be safe from random collisions. How hard is that!?
This is definitely recurring problem.
My best guess, zero or some other const is somehow getting seeded over and over again. First order of business: confirm this is the case.
-
@cartman82 said in The Official Status Thread:
This is definitely recurring problem.
How serious are you about needing good random numbers? And good in what way? (Use cases matter…)
-
@dkf said in The Official Status Thread:
How serious are you about needing good random numbers? And good in what way? (Use cases matter…)
I don't have money or personal data behind this, so whatever. I just need to not have collisions.
-
@Weng Do those circuit breakers say O/0FF?
-
@cartman82 No security, no need for full good spectral properties? Seed with the highest-resolution time source you can find. The CPU timer tick is ideal.
-
Status: Flagging quite badly this afternoon... Gonna go get some covfefe...
-
@coldandtired said in The Official Status Thread:
@Weng Do those circuit breakers say O/0FF?
Apparently.
-
@dkf said in The Official Status Thread:
@cartman82 No security, no need for full good spectral properties? Seed with the highest-resolution time source you can find. The CPU timer tick is ideal.
Node has crypto-secure seed source, but it's fiddly to use and slow. So unless I really need the security, I'll take the default.
The problem was, BTW, the way I was instantiating the randomizer library. As I suspected, I was unintentionally sending in the same argument for the seed every time, when I wanted the default of no argument.
-
@cartman82 said in The Official Status Thread:
@dkf said in The Official Status Thread:
How serious are you about needing good random numbers? And good in what way? (Use cases matter…)
I don't have money or personal data behind this, so whatever. I just need to not have collisions.
Random.org APIs. Accept nothing less than cosmic background radiation.
-
Contracted someone to fix a leak in the roof flashing and it got worse. Then asked the guy to fix his fix and it got worser. And one more time and git better but still a lot worse than when he first messed with my roof.
-
@wharrgarbl Yep, that's roofing.
-
From the Department of No-Shit-Sherlock:
-
@RaceProUK Toby Faire i'd imagine this was aimed at people who CBA to turn out.
-
@Maciejasjmj said in The Official Status Thread:
Unless you have restore on build turned off,
Never heard of this feature, or it's automatically off in every project I've opened in a vanilla install of Visual Studio 2015.
-
My junk laptop has the transparency and everything, and these glows.
Also, clicking notifications on Edge on both of the machines I've tried it on gives me an access denied until I refresh.
-
@Magus said in The Official Status Thread:
Also, clicking notifications on Edge on both of the machines I've tried it on gives me an access denied until I refresh.
If you're talking about the forum notifications, I get that often on mobile Edge too. I think there's a bug thread about it.
-
@coldandtired said in The Official Status Thread:
@Weng Do those circuit breakers say O/0FF?
They also say I/ON too.
-
@cartman82 said in The Official Status Thread:
Who thought that fancy tiling interface was a good idea for a server!??
Could have gone with Core Server instead... The UI there is the command line.
-
@Tsaukpaetra said in The Official Status Thread:
@coldandtired said in The Official Status Thread:
@Weng Do those circuit breakers say O/0FF?
They also say I/ON too.
Take a closer look at the characters, particularly with a font that more readily distinguishes O and 0.
-
@dcon said in The Official Status Thread:
The UI there is the command line
Something to prove that the tiled interface isn't the worst possible UI?
-
@Perverted_Vixen said in The Official Status Thread:
some would argue you don't delete
too manyenough things and the things that you do delete, you delete too late.FTFM
-
@antiquarian You people are never happy
-
After two and a half hours of sitting in a Federal equivalent of a DMV, I'm exhausted. What is it about sitting and waiting (planes are another good example) that makes one so tired? Need about this much caffeine.
-
@wharrgarbl said in The Official Status Thread:
@antiquarian You people are never happy
Only when they're giving you shit.
-
@boomzilla You are starting to sound like me ...
-
@lucas1 I've been sounding like you since before you were my alt.
-
@boomzilla said in The Official Status Thread:
@lucas1 I've been sounding like you since before you were my alt.
Wait, your alt is @GodEmperor ????
-
@coderpatsy said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@coldandtired said in The Official Status Thread:
@Weng Do those circuit breakers say O/0FF?
They also say I/ON too.
Take a closer look at the characters, particularly with a font that more readily distinguishes O and 0.
Oh crud, I know i typed 0. Stupid autocorrect...
-
Status: After having been hard stuck on my 5K times between 42:20 and 43:00 for 4 weeks worth of 5Ks (over 6 weeks of time, boo weather and work), my last three times have been 41:50, 40:00, and 40:00. #newstratsop
-
@cartman82 said in The Official Status Thread:
Node has crypto-secure seed source, but it's fiddly to use and slow. So unless I really need the security, I'll take the default.
Which is why I said use a high-res timer. They're usually fast and easy and, as long as you're not using it for security, good enough. Splat it into the default RNG as a seed and you're good to go for adding a bit of uncertainty for normal purposes.
Crypto is different, in that it needs very good algorithms and seeds or it becomes just security theatre. Some types of simulation also need that grade of algorithm but with potentially known seeds (for repeatability), so the details matter.
-
@dkf I doubt about any real life possibility of exploiting a time-based seed against a remote server. Not that I would risk it, I just think it only makes sense when the attacker has access to your clock.
-
@wharrgarbl said in The Official Status Thread:
I doubt about any real life possibility of exploiting a time-based seed against a remote server. Not that I would risk it, I just think it only makes sense when the attacker has access to your clock.
Depends on the value of the target, but best practice for crypto work is to use the system entropy source just for the initial seed for a more conventional PRNG with the usual requirements for a long cycle time and good spectral properties in the random bits. The long cycle time means that there's a decent amount of internal state, and the “spectral properties” stuff refers to how hard it is to predict particular bits. There are RNGs that give reasonable randomness, but which make some bits (typically low-order) highly predictable even so; they're fine with a little work to mitigate (covered by standard best-practice use patterns) but for some application areas you have to be more careful.
-
@dkf Maybe if the attacker already got access he may get access to the clock. But then he is already in and the point is moot.
Maybe if the guy bruteforce all the possible values in the moment your thing was cryptographed?
Security is a landmine, so many details to do it wrong
-
@wharrgarbl said in The Official Status Thread:
Maybe if the guy bruteforce all the possible values in the moment your thing was cryptographed?
If stuff's done right, that doesn't help much as you need the exact moment (to the sub-millisecond level) that the particular service instance booted and a bunch of other info. If you're just using the basic time though, well, lots of services (including HTTP) tell you their exact time as part of of their responses even before you authenticate.
It doesn't matter too much if you're just using it to protect your grocery list or to add a little randomness to a bot. It matters a lot more if you're protecting high-value financial transactions.