In other news today...
-
@Tsaukpaetra said in In other news today...:
@TwelveBaud said in In other news today...:
@Tsaukpaetra The distinction is that DNA is not usually considered "user input" that needs a
securitytrust and validation boundary. When it totally is.It doesn't matter if it's "user" or "automated" or whatever. If it's not coming from yourself (and in actuality, in many cases even if it is!) you always guard and gate until you're absolutely certain that nothing less than a cosmic event can let the information escape, erase, or otherwise unexpectedly alter the expected state of the program. And since that's incredibly unlikely...
At the place I'm working now, they decided that NO VALIDATION ALLOWED on things that come from internal systems. And they don't do sanity checks anywhere on internal stuff either.
I told them that it's a security concern, apart from the stability issues, but they didn't understand.
-
Article @DogsB posted in In other news today... said:
They cheated a little by introducing a particular vulnerability into the software themselves, but they also point out that similar ones are present elsewhere, just not as conveniently for purposes of demonstration.
For the computer program analyzing it, the DNA sequence is just data. It does not encode any logic for the program (obviously it encodes a lot of logic for the biological system, but that's not a concern for the program) and it is to be processed in a fairly simple ways.
So a buffer overrun is about the only kind of error where it can trigger something bad. And they even didn't demonstrate any existing one, they fudged it. Sounds like sensationalist article about almost nothing.
Which does not mean scientific software wouldn't deserve a thorough review by someone who knows what they are doing. It certainly would.
-
@Tsaukpaetra said in In other news today...:
So it's really nothing about DNA, just the program that was fucktards developed.
It was apparently specially written to be “vulnerable” (I don't really count deliberate actions like this to be making actual vulnerabilities). Yes, we can do that. It's not particularly difficult —
if (match(special-seq)) { system(decode-stuff-after); }
can be coded up in many languages — but it doesn't really teach you very much. I guess in some languages you can add a buffer overflow too, why the fuck not?
-
@JBert said in In other news today...:
smallpox
Old farts like me do not need to care about that. I received the vaccination (required by law) when I was some 2 years old.
-
I might have to stop using Amazon now.
-
@Bulb said in In other news today...:
scientific software ... thorough review
A job for masochists only. Or for someone writing the Annals of the What the F.
-
@DogsB 'd
-
@BernieTheBernie said in In other news today...:
@JBert said in In other news today...:
smallpox
Old farts like me do not need to care about that. I received the vaccination (required by law) when I was some 2 years old.
TIL there is a "great pox".
Better known as "syphilis".
-
@DogsB Hm, my bank gives Visa debit cards (not affected) and EC/MC credit cards (not affected either, apparently). I don't know what would be the reason, but might actually have something to do with the transaction fees.
-
@Bulb said in In other news today...:
Visa debit cards (not affected)
Visa debit is by a considerable amount the most issued card in the UK - Amazon would lose the most in sales if they cut Visa debit off too
@Bulb said in In other news today...:
MC credit cards (not affected either, apparently)
Amazon's own credit card is a Mastercard which I'm sure is just a coincidence.
-
@Tsaukpaetra said in In other news today...:
@DogsB unexpectedly sexy aliens laughing gif?
That was a great joke and almost no one up boated it. Humourless fuckers!
They're lizard people. The royals are often accused of being lizard people and now they're trying to prevent Philip's will from getting out just in case it contains details about their lizard people stuff.
No up boats. I can only assume a lizard people inflitration.
-
@DogsB said in In other news today...:
@Tsaukpaetra said in In other news today...:
@DogsB unexpectedly sexy aliens laughing gif?
...and watch The Wheel of Time?
-
@DogsB said in In other news today...:
Humourless fuckers!
I would like to be fucking Funny, but it Humorless is still available I would never say no!
-
@Applied-Mediocrity said in In other news today...:
@DogsB said in In other news today...:
@Tsaukpaetra said in In other news today...:
@DogsB unexpectedly sexy aliens laughing gif?
...and watch The Wheel of Time?
-
Found it while looking for that picture. I think we just found female @Polygeekery
-
It's nice to see good old fashion incompetence was the cause of a crisp shortage rather than a ransomware attack or ongoing world events.
-
@DogsB said in In other news today...:
I might have to stop using Amazon now.
Note that they're not going to do this until after the Christmas period. Can't actually stop people from spending at the most profitable time of the year, after all…
-
@dkf said in In other news today...:
@DogsB said in In other news today...:
I might have to stop using Amazon now.
Note that they're not going to do this until after the Christmas period. Can't actually stop people from spending at the most profitable time of the year, after all…
But they'll probably make sure there's a big
Just $3 can help us keep the lights onVisa is being evil and forcing us to stop taking your money in January interstitial every time you try to pay with Visa now.
-
Well, my bank (NatWest) is issuing me with a new debit card - not Visa - any day now so maybe this is Visa being greedy and people telling them to go fuck themselves.
-
@Arantor said in In other news today...:
Well, my bank (NatWest) is issuing me with a new debit card - not Visa - any day now so maybe this is Visa being greedy and people telling them to go fuck themselves.
Visa and Mastercard both put up their credit card transaction fees on UK purchases from the EU from 0.3% to 1.5%.
But Amazon also uses Mastercard for its own credit card so isn't applying the same restrictions to Mastercard because that would be ridiculous for Amazon to offer a card the customer can't use with Amazon.Natwest's replacement of Visa debit cards with Mastercard debit cards was announced long before so may be unrelated.
-
@loopback0 I only got the letter from NatWest last week about it and they didn’t explain why, simply they were doing it.
-
@Arantor yeah but it was announced months ago.
-
@loopback0 like I read the news… that’s what forums are for, right?
-
@Carnage said in In other news today...:
@Tsaukpaetra said in In other news today...:
@TwelveBaud said in In other news today...:
@Tsaukpaetra The distinction is that DNA is not usually considered "user input" that needs a
securitytrust and validation boundary. When it totally is.It doesn't matter if it's "user" or "automated" or whatever. If it's not coming from yourself (and in actuality, in many cases even if it is!) you always guard and gate until you're absolutely certain that nothing less than a cosmic event can let the information escape, erase, or otherwise unexpectedly alter the expected state of the program. And since that's incredibly unlikely...
At the place I'm working now, they decided that NO VALIDATION ALLOWED on things that come from internal systems. And they don't do sanity checks anywhere on internal stuff either.
I told them that it's a security concern, apart from the stability issues, but they didn't understand.Just introduce them to little Bobby Tables...
-
@loopback0 said in In other news today...:
Amazon's own credit card is a Mastercard which I'm sure is just a coincidence.
Over here, mine's a Visa (issued via Chase, but branded Amazon).
-
@Arantor said in In other news today...:
@loopback0 like I read the news… that’s what forums are for, right?
It's probably the most unbiased source there is.
-
@Arantor said in In other news today...:
@loopback0 like I read the news… that’s what forums are for, right?
With the amount of we've seen this week most of us fail at that.
-
@dcon said in In other news today...:
@Carnage said in In other news today...:
@Tsaukpaetra said in In other news today...:
@TwelveBaud said in In other news today...:
@Tsaukpaetra The distinction is that DNA is not usually considered "user input" that needs a
securitytrust and validation boundary. When it totally is.It doesn't matter if it's "user" or "automated" or whatever. If it's not coming from yourself (and in actuality, in many cases even if it is!) you always guard and gate until you're absolutely certain that nothing less than a cosmic event can let the information escape, erase, or otherwise unexpectedly alter the expected state of the program. And since that's incredibly unlikely...
At the place I'm working now, they decided that NO VALIDATION ALLOWED on things that come from internal systems. And they don't do sanity checks anywhere on internal stuff either.
I told them that it's a security concern, apart from the stability issues, but they didn't understand.Just introduce them to little Bobby Tables...
I did. They don't understand.
-
@Carnage said in In other news today...:
@dcon said in In other news today...:
Just introduce them to little Bobby Tables...
I did. They don't understand.
Nonono. I meant introduce them to Bobby!
-
@dcon said in In other news today...:
@Carnage said in In other news today...:
@dcon said in In other news today...:
Just introduce them to little Bobby Tables...
I did. They don't understand.
Nonono. I meant introduce them to Bobby!
Yes, I guess I could do that. They seem to have been smart enough to not concatenate queries though. I'll see if I find something juicy that I can make a demonstration out of.
-
Elon Musk, Master Swineherd:
-
Nice of them to tell us about our God-given rights.
-
Patient zero!
-
@DogsB Thanks to Indian power cuts and overall freezer quality, he had not yet reached freezing temperatures.
-
Another azure fuckup.
-
@DogsB said in In other news today...:
Another azure fuckup.
Yes and no. It seems to be about the August 2021 fuckup.
-
@DogsB said in In other news today...:
The no-longer-dead horse comes backs for revenge against those who've beaten him?
-
And another great piece of science:
https://link.springer.com/journal/12517/topicalCollection/AC_7a86c4ac40e96eb0297a3b18f06fd917
Look at the titles of those retracted papers - e.g.Evolution of dissolved total solids in groundwater based on high resolution image processing and evaluation of urban English translation
Wow!
-
@BernieTheBernie If that's not a Markov Chain Troll, I am a Chinese god of laughter.
-
@Bulb said in In other news today...:
@BernieTheBernie If that's not a Markov Chain Troll, I am a Chinese god of laughter.
I thought it might be some processing fuck-up, i.e. this is part of the title and "English translation" refers to machine translation.
But your assessment was spot on:
The Editor-in-Chief and the Publisher have retracted this article because the content of this article is nonsensical. The peer review process was not carried out in accordance with the Publisher's peer review policy. The author has not responded to correspondence regarding this retraction.
-
@topspin said in In other news today...:
The peer review process was not carried out in accordance with the Publisher's peer review policy.
Sounds like it wasn't carried out at all. Even the title couldn't have gotten through the most cursory of reviews.
-
@HardwareGeek said in In other news today...:
Even the title couldn't have gotten through the most cursory of reviews.
I thought it had to do with talking shit so much that the sewers overflowed.
-
@HardwareGeek said in In other news today...:
@topspin said in In other news today...:
The peer review process was not carried out in accordance with the Publisher's peer review policy.
Sounds like it wasn't carried out at all. Even the title couldn't have gotten through the most cursory of reviews.
"Evolution of dissolved total solids in groundwater based on high resolution image processing" might be a valid topic (actually quite interesting, and trying to apply heavily-optimized algorithms on completely different problem is not anything new). The "and evaluation of urban English translation," however, is straight out of Monty Python. Or Google Translate.
-
@Kamil-Podlesak said in In other news today...:
The "and evaluation of urban English translation," however, is straight out of Monty Python. Or Google Translate.
That's why I assumed it might be "and evaluation of ... [rest snipped] (English translation)".
But turns out it was just non-sense.
-
@Zecc said in In other news today...:
@DogsB said in In other news today...:
The no-longer-dead horse comes backs for revenge against those who've beaten him?
Honestly, I like the meme.
And, in 2014 it was even rolling its own groupware cloud before performing an abrupt about-turn and scurrying back into the welcoming arms of Microsoft.
I wonder if it's contract negotiation time again?
-
From the department of If At First You Don't Succeed Try Try Again comes news that a German state is to have a crack at shifting thousands of PCs from proprietary software to an open-source alternative.
Eh, that makes it sound like they hadn't succeeded. They had been running successfully for years.
Of course there were some problems, and amplified voices by people lobbying for MS, but there are a ton of problems with MS software too. In the end it came down to good old corrupt politicians without any technical competence deciding to switch back to MS software, against the explicit advise from their IT people. All of which just so happened to coincide with MS moving their HQ.
-
@topspin sounds like efficient use of public money
-
@loopback0 said in In other news today...:
@topspin sounds like efficient use of public money
Think of the tax benefits! MS moved from Unterschleißheim, a small city in the Munich rural district (or county or however that's translated) 17 km north of Munich, to Munich city. So all the local tax now goes to this city instead of that one! Of course the mayor considers that a great deal.
And for Microsoft the PR difference between "you can run without Windows" to "they failed to run without Windows" is invaluable.
-
What?! Are we going to pay them to stay home and not touch anything sharp?
-
@DogsB PHP as a language has a bus factor of 2? How much does it cost to buy a bus?