WTF Bites
-
WTF happened to Ars?
How do you actually, you know, read the fucking story?!
-
How do you actually, you know, read the fucking story?!
On another site
Article loads properly on my phone FWIW.
-
@boomzilla said in WTF Bites:
@Benjamin-Hall yes! It's actually useful because there is some information about what you were doing with the commit.
Well, I guess "initial setup" isn't quite as brain dead as "initial checkin." As the gif said, I was triggered.
Heh. Mine usually go like this:
Checkin 1: "Adding typical .ignore file."
Checkin 2: "Initial project checkin."
-
-
@Zerosquare said in WTF Bites:
JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware.
They were already infected with JS and Node. How much worse could it be?
-
@Zerosquare If you allow anyone to publish stuff, you really do allow anyone to publish stuff. Even people you'd rather didn't.
The fucked up JS ecosystem is the gift that keeps giving.
-
@dkf to be fair, every other programming ecosystem has all the same problems. It's just that JS devs are unusually eager to install random unvetted dependencies.
-
It's just that JS devs are unusually eager to install random unvetted dependencies.
In other news, JS devs are surprised at getting various diseases when having sex with every occupant and random household object in their crack dealer's crib.
-
-
@dkf: Tsk tsk! No kink-shaming!
(On the other hand, programming language-shaming is not only allowed, but encouraged).
-
@dkf to be fair, every other programming ecosystem has all the same problems. It's just that JS devs are unusually eager to install random unvetted dependencies.
Well, it's a safe language, they don't have these pesky memory leaks or null pointer dereferences. So what could possibly happen!
-
I tried to send a screenshot from my Nintendo Switch console to my phone. Luckily there was a built-in Send to Smartphone feature. Well, that's useful and convenient, and it should be simple enough since it's on my wifi, and the console also supports Bluetooth, NFC, and USB.
I knew it was about to go to sville when it warned me that I had to disconnect from the Internet to use this feature.
So, how do you fuck up something so simple?
- first, the console disconnects wifi, to itself become an ad hoc wifi hotspot
- then it presents you with two QR codes to scan with your phone's camera
- the first code gives your phone the SID of its hotspot so you can connect to it (which means your phone ALSO must disconnect from home wifi)
- the second code points to a local web server hosted on the switch at a local IP address
- then remember to switch your phone back to your original network
I guess it might make sense if you weren't already on wifi or a local network, but I am so this is pointless and painful. I went with the wooden table instead.
-
I knew it was about to go to sville when it warned me that I had to disconnect from the Internet to use this feature.
And not when you learned this feature exists?
If there's anything the last decade of the purpose-made photo sending/file transfer/device clone/screen sharing/remote control/etc. functionality every modern piece of technology is filled to the brim with has taught me, it's that Bluetooth isn't that bad after all.
-
the second code points to a local web server hosted on the switch at a local IP address
then remember to switch your phone back to your original networkOn the one hand, after you hit "End" on the Switch your phone should reconnect to your normal wifi, after it realizes that the Switch one is gone. But on the other hand, the whole thing never worked for me unless I turned off my mobile data, because the Switch hotspot has "no internet" and so the phone tries to load the local network page over LTE, which obviously doesn't work.
-
@Zerosquare said in WTF Bites:
@dkf: Tsk tsk! No kink-shaming!
(On the other hand, programming language-shaming is not only allowed, but encouraged).
My kink is VB4
-
@Zerosquare said in WTF Bites:
@dkf: Tsk tsk! No kink-shaming!
(On the other hand, programming language-shaming is not only allowed, but encouraged).
My kink is VB4
Nobody shares kinks like VB4!
-
-
https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/
GitHub notes in its report that the "the vast majority" of the intentional backdoors come from the npm ecosystem.
-
ZDNet, stop driking! No, not even the water from the washing machine!
INB4
I of course mean presenting a video completely unrelated to the story. ZDNet tends to do that at least always.
-
@Bulb Poor old Microsoft, still finding it hard to comprehend that people might do large amounts of collaborations across company boundaries…
Clearly, in that case, they should be joining your domain.
-
As far as government websites go, this Danish one is mostly good (no obvious bugs crashing its JavaScript state machine, not a resource hog, no ads, self-contained within one domain), except for the Next button being completely covered by the previous paragraph and therefore impossible to click. Extra irony points for this happening right next to the "accessibility statement" link.INB4 is this screenshot poorly combined from two different ones
-
@aitap is wanting to move to Denmark in the first place.
-
@Zerosquare said in WTF Bites:
@dkf: Tsk tsk! No kink-shaming!
(On the other hand, programming language-shaming is not only allowed, but encouraged).
My kink is VB4
16-bit or 32?
Filed under: I was there, 3000 years ago.
-
@error You have handled 16 and/or 32 bits at once?
-
@Zerosquare said in WTF Bites:
It looks like the malware was detected and removed within a week, after only 100 downloads.
I typically only install packages with a fairly high popularity; not really because of malware concerns, but because I don't want to be left depending on an abandoned library.
Filed under: But when you install an npm package, you're installing every package that they've installed, and so on, and so on...
-
@error You have handled 16 and
/or32 bits at once?Yes.
<CAUTION mode="Nightmare">
Win32s.
</CAUTION>
-
There's this lovely race condition where, if I start playing Spotify (which happens automatically when my phone connects Bluetooth to my car) and make a phone call at the same time, the music somehow muxes into the call.
I'm not sure if the other side can hear it or not. They may have assumed it was ambient music from my side and politely ignored it.
Edit:
-
Instead of a somewhat reasonable curve (i.e. the steps are 5-5-5-5-5-... or 4-4-4-4-4-5-5-5-5-...) now it's:
1-5-2 - 3-5-3 - 4-6-4 - 5-7-5 - 6-8-6The ranges for the new curve look like they're designed for letter and sub-letter grades:
A+, A, A-, B+, B, B-, C+, C, C-, ...
-
@error You have handled 16 and/or 32 bits at once?
Most of my bits are handled in the background.
-
I'm not sure if the other side can hear it or not.
Only from bleedover from the microphone.
-
Status: Clean OS install. Now to install all the utilities and whatnot (this is all in preparation to making a base image for distribution).
First program installs fine.
Go to install an addon for it.
So far so good...
Dafuq? I have to have the program installed in order to install it? What a load of shit!
-
@Tsaukpaetra said in WTF Bites:
I have to have the program installed in order to install it?
Didn't you say you are installing an add-on for the program?
-
@Tsaukpaetra said in WTF Bites:
I have to have the program installed in order to install it?
Didn't you say you are installing an add-on for the program?
Yes. The base program (WinOMS) is already installed. I'm trying to install OMS imaging. It wants OMS imaging installed before it will let me install OMS imaging.
-
@Tsaukpaetra said in WTF Bites:
It wants OMS imaging version 10 installed before it will let me install OMS imaging version 11.
-
@BernieTheBernie said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
It wants OMS imaging version 10 installed before it will let me install OMS imaging version 11.
Yes, that's the implication. But if I erase the configuration in the registry, it installs fine. Note that this is configuration the installer apparently creates itself while initializing the installer. Just that, apparently, it needs to be told twice that it's not actually installed.
Besides, can you imagine having a requirement like "Must have DOS installed before installing Windows 10"?
-
My company has decided to remove push notifications as a method of the mandatory 2FA we have to use whenever we login to any of the systems. "To prevent accidental Accept responses that can result from the push notification prompt," they say. Now we have to type in the authentication code every time. Motherfuckers.
-
My company has decided to remove push notifications as a method of the mandatory 2FA we have to use whenever we login to any of the systems. "To prevent accidental Accept responses that can result from the push notification prompt," they say. Now we have to type in the authentication code every time. Motherfuckers.
How the fuck?
How could you possibly think that's a viable attack vector at all? Jesus...
-
@sloosecannon the worst part is that I actually believe them it happened at least once. It's basically a variant of "I clicked OK without reading what do I do now".
-
@sloosecannon the worst part is that I actually believe them it happened at least once. It's basically a variant of "I clicked OK without reading what do I do now".
I worked on a 2FA system a few years back, and they had a few ways to deal with that, can't quite remember them... But you can't fix stupid with technology, so they didn't really go overboard trying to do so.
-
@sloosecannon the worst part is that I actually believe them it happened at least once. It's basically a variant of "I clicked OK without reading what do I do now".
Basically every usability study and security study has shown that humans will do whatever it takes to shut the machine up when it yells at them, and the louder it yells the more prejudicially they ignore and dismiss it.
-
On a device I am trying to port something to:
… # ls -l /usr/lib/libxml2.so.2 lrw-r--r-- 1 root root 10 2020-12-03 07:59 /usr/lib/libxml2.so.2 -> libxml2.so … # ls -l /usr/lib/libxml2.so -rw-r--r-- 1 root root 1699344 2020-12-03 07:59 /usr/lib/libxml2.so
ELF shared libraries use a versioning scheme so you can safe(ish)ly upgrade libraries. The library has a “soversion” with two or three digits. The first changes when backward compatibility is broken, the second when forward compatibility is and a third may be added. Basically semver since long before it was called so.
So the actual file should have at least two dot separated numbers at the end. On the build system we have
libxml2.so.2.9.7
.Then, two links should be set up:
- One with only the major number that is used by the dynamic linker to load the library when starting a process. So
libxml2.so.2
→libxml2.so.2.9.7
. That way when you install2.9.8
, you change that link and the new version gets loaded and if you notice a problem, you can move it back to effectively roll back the update. - One without any number that is used by the linker to select which library to use for new binaries. If the system had a compiler, it should be
libxml2.so
→libxml2.so.2
, but since it does not, the file should not exist at all.
I am not sure how they even managed to get that bogus setup, because the build system for libxml2 (which is OSOTS) does the right thing by default…
- One with only the major number that is used by the dynamic linker to load the library when starting a process. So
-
I am not sure how they even managed to get that bogus setup
"Hey, we need libxml2. Let's just copy it here."
Later
"Hey, this program wants libxml2.so.2 instead of libxml2.so. Let's make a symlink."
-
Q: What's the first item in Amazon's "Top Sellers in Video Games"?
A:
-
@hungrier 40 Canada bucks? Either it's a big box or you guys get overcharged!
INB4
-
@loopback0 I clicked through to it, and I can't find any options that are available for that price. A 180g box of hazelnut flavour costs 4.98, and 725g tin is $14.88. There's two other flavours and a 360g tin version, but none of those are available except 725g Original, also for 14.88.
-
-
I am not sure how they even managed to get that bogus setup
"Hey, we need libxml2. Let's just copy it here."
But from where? Normal Linux does not even have the bare
.so
files unless it also has a compiler toolchain, but this is an aarch64 device and those rarely have compiler toolchain and dev packages.Later
"Hey, this program wants libxml2.so.2 instead of libxml2.so. Let's make a symlink."
Also, the reason I started looking into it is that the library is missing the
.gnu.version_d
(VERDEF
) section and the dynamic linker is complaining (though still loading it; it's just a warning). That also indicates some bad misconfiguration of the build.
-
Political views aside, this makes for very amusing reading:
-
@Rhywden inb4
-