Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @alex_gaynor
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @alex_gaynor
-
Prikvačeni tweet
I still regard Twitter as a net-negative force. But it's also a very loud megaphone, and I've got enough things to say that I don't want to keep giving that up.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Which parts of a situation were predictable a priori is never as easy as we like to think it is.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There'll be lots of Iowa takes this morning. Try to remember you (and everyone else) are operating on limited facts. In any environment, but particularly this one, please give weight to "Hindsight biases post-accident assessments of human performance": https://how.complexsystems.fail/#8
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Just yesterday Apple disclosed 23 vulnerabilities in iOS. Two-thirds were due to memory unsafety. Migration away from C/C++ simply must be a priority: https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/ … And journalists should ask Apple whether they're funding teams to do this work. And if not, why not?
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
https://www.washingtonpost.com/technology/2020/01/29/apple-iphone-bezos-hack/ … You can't talk about exploits like this one, the one targeting Uyghurs, those targeting journalists, and others without talking about how preventable they are. The memory unsafe languages used by Apple and others is a massive enabler for exploitation.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Fantastic paper. Has anyone done the analysis to see whether this impacts Privacy Badger as well?https://twitter.com/s_englehardt/status/1220057551271645184 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Via the extremely normal process of "have a friend who works at AWS", they were able to reach directly out to an engineer on that team to resolve the issue. Yay for happy endings. For some values of happy at least.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It has been suggested I should pay for AWS support. I do not need support. I need AWS to fix the fact that between 1:54pm and 2:23pm their product stopped working. Status page: Service is operating normally. Naturally.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Go to make an AWS forum account. "Your account is not ready for posting messages yet". "If you recently activated your AWS forum account, you might not be able to post messages for a few hours." How is this kafkaesque nonsense acceptable when _their product is not working_? 2/N
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
AWS CodeBuild is currently setting CODEBUILD_RESOLVE_SOURCE_VERSION to a hash of all 0s. This is not on the AWS status page (of course). I don't pay bonus money for AWS support, so the answer for "our product is broken" is "post in the forums". 1/N
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I pray that if WhatsApp is serious about not being a vector for authoritarians to conduct surveillance (as their lawsuit against NSO indicates), that they have a fully funded engineering team working to replace all code in memory unsafe languages that processes remote packets
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
For web apps, real-world exploitation is generally considered catastrophic, and would lead to serious self-reflection and need for reforms. For browsers, real-world 0day exploitation is a somewhat regular occurrence, and doesn't seem to lead to the same public self-reflection.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I've had the fortunate opportunity to work on security for both web apps as well as for client software (web browser). There is a fundamental difference between how the security teams for these products carry themselves, and it is fascinating to me:
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Looking forward to participating in the security panel at the upcoming DC area Python2 EOL Mini Conference:https://www.eventbrite.com/e/python-2-end-of-life-mini-conf-tickets-86571245927 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
An implicit belief many people have about software security: Vulnerabilities exist almost entirely in legacy code, new code doesn't have many vulnerabilities. Therefore we just need to burn down the existing vulns and we'll be good. In reality, new code often introduces vulns.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There is _zero_ empirical support for the idea that memory safe and unsafe languages are equally susceptible to critical vulnerabilities. Just read the
@LazyFishBarrel feed. I'm confident that many attack surfaces could have an 80% reduction in vulns in a memory safe language.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Complex systems are heavily and successfully defended against failure (https://how.complexsystems.fail/ ) Building secure systems must rely on more than just trying hard not to make mistakes. Memory unsafe programming languages are always a single missed bounds check from catastrophe.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
As happens anytime I make an anti-C/C++ argument, folks have chimed in to say "it's not the language's fault, it's the developers making mistakes's fault". This position is wrong for at least two reasons:
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Millions of dollars are spent on fuzzing, red teaming, exploit mitigations, and bounties. Nevertheless, based on the (limited) public record, the majority of 0days seen in 2019 can be blamed on memory unsafe languages. Make 2020 the year you start abandoning C and C++.https://twitter.com/LazyFishBarrel/status/1215649325415587840 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In January, I wrote my Security Wish List for 2019. Now, as the year draws to a close, I'm looking back on how we did: https://alexgaynor.net/2019/dec/24/security-wish-list-2019-review/ … We're still far too willing to play whack-a-mole with vulnerabilities. I hope in 2020 more people will admit that we have a problem.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It is remarkable to me how many Googlers I know who feel (a) there's no other place they could do the technical work they're doing (particularly on infosec), (b) they object to a great many things Google itself does. No other company I know engenders this reaction from its staff.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.