• 0 Posts
  • 107 Comments
Joined 1 year ago
cake
Cake day: July 2nd, 2023

help-circle
  • I feel like people need an education about the difference between spirit of the law and letter of the law.

    This comment reads like this:

    “I posted some truly heinous shit and a mod/admin removed it but I didn’t break any written rules therefore my right to force other people to be subjected to my desires was impinged upon😭😭😭😭.”





  • Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn’t have to exploit any of them 7 would be reasonably easy to find.

    Kali basically has a library of known exploits and you just run the scanner on a target.

    This isn’t novel exploit discovery. This is “which of these 10 windows machines hasn’t been updated in 3 years?”


  • Separation of data between accounts makes them fall under different retrieval requirements.

    As one account, a request for all of the data from that account contains both chunks. Separation of those accounts separates the need to accommodate requests for data from one on the other.

    It can also mean that internally they may have a sufficient mechanism that data that was previously identifying to no longer being identifying (breaking userid to data pairings for example) which is sufficient to “anonymize” the data that it no longer needs to be reported or maintained.


  • GDPR and pii reasons most likely. It’s a nightmare keeping track of why certain data is on certain accounts. This can vastly simplify the GDPR compliance mechanisms. If your GOG account is merged with your PR account, there is probably significantly more “sensitive” data (CC numbers, addresses, etc) in the GOG account. This probably exempts some data that either cdpr or gog tracks from deletion or retrieval requests.




  • This will do the opposite of what you want. All of these policies disproportionately cause poor people to remain poor.

    It’s not intuitive and it sounds great till you realize that unless you tax wealth and income with a progressive rate well into the 90% at the highest levels.

    People who are wealthy don’t give a single shit about consumption tax. They also don’t care about transaction taxes (unless it’s progressive). A person with a million dollars doesn’t care if milk costs 5 bucks or 6 bucks a gallon… But the person making the minimum wage absolutely cares.


  • I don’t think either is actually true. I know many programmers who can fix a problem once the bug is identified but wouldn’t be able to find it themselves nor would they be able to determine if a bug is exploitable without significant coaching.

    Exploit finding is a specific skill set that requires thinking about multiple levels of abstraction simultaneously (or intentionally methodically). I have found that most programmers simply don’t do this.

    I think the definition of “good” comes into play here, because the vast majority of programmers need to dependably discover solutions to problems that other people find. Ingenuity and multilevel abstract thinking are not critically important and many of these engineers who reliably fix problems without hand holding are good engineers in my book.

    I suppose that it could be argued that finding the source of a bug from a bug report requires detective skills, but even this is mostly guided inspection with modern tooling.