• 1 Post
  • 21 Comments
Joined 1 year ago
cake
Cake day: June 23rd, 2023

help-circle





  • Then I woke up, at first impressed that I did that. Then I just couldn’t help but wonder if I was just dreaming that I lucid dreamed and that the choices I made were actually just a part of the dream.

    Your choices in a dream are colored by the reduced mental output you have when you’re dreaming. In a dream, you might make a lot of dumb decisions than make perfect sense in the dream, but are immediately illogical when you think about them awake.

    With lucid dreaming, you have an increased self-awareness, but you’re still in a low-activity brainwave state.







  • So if your Rust app is built against up to date libraries in Cargo, it’s going to be difficult to package those apps in Debian when they ship stable, out of date libraries since Debian’s policies don’t like the idea of using outside dependencies from Cargo.

    As they should. You don’t just auto-update every package to bleeding edge in a stable OS, and security goes out the window when you’re trusting a third-party’s third-party to monitor for dependency chain attacks (which they aren’t). This is how we get Crowdstrike global outages and Node.JS bitcoin miner injections.

    If some Rust tool is a critical part of the toolchain, they better be testing this shit against a wide array of dependency versions, and plan for a much older baseline. If not, then they don’t get to play ball with the big Linux distros.

    Debian is 100% in the right here, and I hope they continue hammering their standards into people.



  • Yeah, it sounds like the first exploit required your vault to be unlocked

    That barely fits the requirements to even be called a vulnerability.

    “Sir, this safe lock is horribly insecure because all it takes for somebody to get access to the safe is to have the owner invite an intruder over to his house, unlock the safe, and the intruder can barge right in!”

    I’m all for broadcasting vulnerabilities for services that deserve it. But, taking two of the thousand unrated CVEs that appear each year, slapping on a clickbait headline, and trying to scare people into not trusting password managers is a load of shit. The only reason this trash got upvoted is because this community has a massive hard-on for locally-controlled password stores, without acknowledging the negatives.





  • No, it doesn’t.

    From Wikipedia:

    Enshittification, also known as platform decay,[1] is a way to describe the pattern of decreasing quality of online platforms that act as two-sided markets.

    From the guy who coined the term itself:

    Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. I call this enshittification.