Readit News logoReadit News
hasa commented on Show HN: Klaus – OpenClaw on a VM, batteries included   klausai.com/... · Posted by u/robthompson2018
hasa · 2 days ago
I get impression that this is automation tool for sales people. Does it do robotic phone calls to try to book meetings with customers?
hasa commented on Feed the bots   maurycyz.com/misc/the_cos... · Posted by u/chmaynard
michaelcampbell · 4 months ago
Was saying this 3x in this thread necessary?
hasa · 4 months ago
I thought it was a bot
hasa commented on Sequence diagrams, the only good thing UML brought to software development   mermaidchart.com/blog/pos... · Posted by u/knsv
hasa · 3 years ago
I remember times in 90's when we planned a software system in UML powered tool called Rational Rose. Oh my god its was clumsy and slow process. But yes, sequence diagrams are very useful tool.
hasa commented on Align Your Latents: High-Resolution Video Synthesis with Latent Diffusion Models   research.nvidia.com/labs/... · Posted by u/lnyan
hasa · 3 years ago
That guitar teddybear sample clearly played Stevie Ray Vaughan's "Scuttle Buttin'". Good taste for music!
hasa commented on Was there a tech-hiring bubble? Job postings data suggest so   fredblog.stlouisfed.org/2... · Posted by u/kieto
BiteCode_dev · 3 years ago
Yes.

We are overpaid for incredible working conditions and devs basically became capricious divas, despite the fact 90% of them are plumbers, and many not very good ones.

If you had any professional doing the same, wasting so much resources as us, changing part of the tech stack every month, debating vocabulary on twitter ad nauseam instead of coding, and whining about how their first world problem should be the focus right now rather than doing their job, they would get laughed at.

But we were incredibly lucky that IT is the most amazing productivity cheat code humanity has come up with so far, so that all this BS was accepted as the cost of doing business.

Well, here is the wake up call.

No, we are not paid to rate the best cappuccino of the valley, converting the most stable software of your org to Elm nor write a commit hook so that nothing can be pushed before the diversity committee validated the change set.

We are paid to solve problems.

If you don't solve problems, when the hard times come, and they always do, you become part of the problem.

hasa · 3 years ago
I love this comment. But this phenomena of first world problems and whiners spreads to whole western civilisation (I'm part of it).
hasa commented on SHA-3 Buffer Overflow   mouha.be/sha-3-buffer-ove... · Posted by u/cbzbc
hasa · 3 years ago
It may be dumb question, but is there any realistic use case to use this vulnerability to reveal SHA-3 hashed secrets? Or is it just that attacker can crash systems with suitable input?
hasa commented on DigitalOcean Functions: A powerful serverless computing solution   digitalocean.com/blog/int... · Posted by u/gabe_monroy
hasa · 4 years ago
New way to get vendor locked architecture?
hasa commented on Frugal Computing (2021)   wimvanderbauwhede.github.... · Posted by u/Seirdy
hasa · 4 years ago
No one has yet mentioned bitcoin?
hasa commented on Climate change: IPCC report is 'code red for humanity'   bbc.com/news/science-envi... · Posted by u/perfunctory
hasa · 5 years ago
We should reduce pollution, not panic about weather. Seas are full of plastic and organic waste, dry land too, rain forests are burned down to make more field. I don't claim that human would not affect to climate, but it is extremely difficult to prove statistically when the data we have is something like 100 years from the full 5 billion years of existence of earth. How can you take all factors into account in this kind of statistical analysis?
hasa commented on SAML Is Insecure by Design   joonas.fi/2021/08/saml-is... · Posted by u/aj3
stouset · 5 years ago
On top of this, I have inside knowledge that some extremely common libraries that implement SAML were built not by reading and understanding the spec, but simply by looking at sample XML documents in the wild and writing code that handled it.

Multiple exceedingly obvious vulnerabilities have been the result. One fun one was: looking at an XML signature in the document, verifying it, then ignoring the assertion it was claiming to sign and just trusting the assertion at the document root.

I tried to write a standards-based implementation and gave up. The standard is enormous, and consists of three parts:

    1. The definitions of what each XML tag means in a vacuum
    2. Patterns on how to assemble those XML tags into a document that means something useful
    3. Protocols that exchange these documents back and forth to accomplish some authentication objective
Half the problem comes from the fact that it's meant to do anything and everything, and so you can theoretically just mix and match all the above parts to get what you want. But that also means that it's exceedingly simple to mix and match stuff in ways that are subtly (or not so subtly) insecure. The other half comes from the fact that the standard is so damned complicaed in order to handle everything under the sun that it's damn near impossible to wrap your head around it all. So people just glance at the spec occasionally and just write something that handles documents they see in the wild and hope for the best, with predictable outcomes.

The whole thing is a tire fire.

Note, I last worked with it about a decade ago so I may have gotten some of the characterizations wrong.

hasa · 5 years ago
I feel that all authentication standards are bloated. Maybe there are reasons why they are like that.
h

u/hasa

KarmaCake day57March 18, 2011View Original