Email or username:

Password:

Forgot your password?
Hector's posts Post Back to profile
Top-level
gaytabase
16 comments
syn

@dysfun @marcan what's more secure than a bricked computer after all

19 July at 10:59 | Open on ohai.social
Wilfried Klaebe

I assume you're all joking, but please, use the terms correctly!

From the back of my head, "IT security" is "ensuring confidentiality, integrity AND availability", and a bricked computer only ticks - at maximum - two of those boxes.

@syn @dysfun @marcan

19 July at 17:08 | Open on chaos.social
DaCool

@wonka I think they were just joking, nothing deeper then that.

19 July at 18:07 | Open on layer8.space
Hector Martin

@dysfun Reminds me of gr"let's crash on integer overflows that aren't a security bug, and then let's try to fix one such overflow with a hilariously broken obviously unreviewed patch that instead of working around it replaced it with an actual overflow bug that still crashed, thus creating a local kernel panic DoS that anyone can trigger with a shell one-liner, also we don't count DoSes as CVEs so don't bother responsibly disclosing this but we're going to flame you on Twitter and embarrass ourselves so bad we end up deleting our Twitter account but at least we banned your dynamic IP address from our website and forum, take that!!!!!"security.

(Yes, this really happened after I crashed my grsecurity kernel Gentoo box years ago by pasting too much text into a terminal, then tweeted a repro. I stopped using grsecurity after that.)

reddit.com/r/programming/comme

@dysfun Reminds me of gr"let's crash on integer overflows that aren't a security bug, and then let's try to fix one such overflow with a hilariously broken obviously unreviewed patch that instead of working around it replaced it with an actual overflow bug that still crashed, thus creating a local kernel panic DoS that anyone can trigger with a shell one-liner, also we don't count DoSes as CVEs so don't bother responsibly disclosing this but we're going to flame you on Twitter and embarrass ourselves...

19 July at 11:04 | Open on social.treehouse.systems
gaytabase

@marcan that doesn't surprise me tbh, gibson is an arse

19 July at 11:06 | Open on social.treehouse.systems
Hector Martin
Graham Spookyland🎃/Polynomial

@dysfun @marcan that's GRC, not grsec (we're collectively bad at naming things)

19 July at 17:04 | Open on chaos.social
gaytabase

@gsuberland @marcan yeah but wasn't grsec his kernel extension?

19 July at 17:22 | Open on social.treehouse.systems
Hector Martin

@dysfun @gsuberland No, it's two completely different people.

20 July at 2:16 | Open on social.treehouse.systems
Graham Spookyland🎃/Polynomial

@marcan @dysfun yeah Steve Gibson is the guy who looks like a vacuum cleaner salesman that makes snakeoil disk recovery software under the name "GRC" (and also cohosts a podcast), whereas Brad Spengler is the grsecurity guy who had a meltdown on Twitter.

20 July at 2:55 | Open on chaos.social
Andrew Zonenberg

@gsuberland @marcan @dysfun Lol I knew Steve was nuts and full of snake oil but this is the first I've heard the vacuum cleaner line.

20 July at 3:04 | Open on ioc.exchange
Bornach

@azonenberg @gsuberland @marcan @dysfun
Not seen many vacuum cleaner salesmen to be able to make a judgement but I can picture Steve Gibson being skilled at it
grc.com/pdp-8/deepthought-sbc.
On his GRC site, SG walks the viewer through the features of his "blinkenlights" program for a PDP-8 emulator

20 July at 6:59 | Open on fosstodon.org
Ariadne Conill 🐰

@marcan @dysfun this is why i am reimplementing basically everything from scratch with OpenPaX

22 July at 23:24 | Open on social.treehouse.systems
halva is
Nicolás Alvarez
JaxxAI

@dysfun @marcan Availability is literally one of the three pillars of information security, also known as the CIA triad, along with confidentiality and integrity. A lack of reliability leads to unavailability and I now feel like I'm turning into Infosec Yoda.

19 July at 17:04 | Open on floss.social
Go Up