Search
97 results for “c0dec0dec0de”
-
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
I let my CISSP lapse because I didn’t want to do all the CEUs and paperwork associated with them. I *can* pay them a bunch of money and retake the certification exam to be reinstated, but what’s the damn point?
I’m still not going to want to watch a jillion hours of vendor webinars about their latest product releases and how they’ve integrated LLMs into the static analysis or EDR tool they make.
#CISSP #Security #CredentialIndustrialComplex -
They both have configurations that are at best better left unused and at worst start a death spiral of your whole SCM system. You can store large, frequently changing binaries in Git without LFS. You can do whatever my employer does with ClearCase and choke your server every time someone wants to look up a tag or branch.
#ClearCase #git #scm -
Bitwarden’s been throwing warnings on my phone telling me to scale back my hashing parameters because they might fail on this device.
Of course, now that I post about it, it’s not doing it so I can’t screenshot it…
#Bitwarden #PasswordHashing #Infosec -
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
Is there an accepted pattern for replacing your database pool in an #actixweb application? As in, the system is rotating the database password, updates the file handle it’s passed through to the application, and then my application should reconnect using the new credentials and drop the old connection.
#rustlang #rust #sqlx #ProgrammingPatterns -
I have used a git subtree, and while I kinda hate it. I still think it was the right call given the constraints.
This is not a reply because I don’t want to argue with the take that brought it to mind.If, for some reason, you want to use git subtree, think very carefully about doing so. Reasons follow.
-
“Time flies when you’re having fun.” Or a specific kind of miserable.
Brought to you by ADHD and that last 20% of a coding task that takes 80% of the time because it should have just worked.
#ADHD #TimeBlindness #frustration #programming -
Coordinated Inauthentic Activity: A Neurodivergent Framework for Understanding Allistic Behavior
#FakeBook -
This past week’s episode of Escape Pod is lovely. Hopeful post-apocalyptic, kinda cozy.
@EAPodcasts
#EscapePod #SciFi #Storytelling
https://escapepod.org/2025/01/02/escape-pod-974-once-abandoned/ -
@0xabad1dea I remember listening to and really enjoying the idea of this world in @EAPodcasts
and being just delighted by the idea of a world with ubiquitous acknowledgement of people’s caring needs.
https://escapepod.org/2019/07/18/escape-pod-689-spectrum-of-acceptance/
#neurodivergent #podcast #SciFi #fiction #EscapePod -
@puzzled_squid I like the global leaderboard for #Tunnet. Log scale histogram, no names. It's just nice.
-
My Anbernic RG35XX Pro #GameDad arrived! So, obviously, I immediately started playing Link to the Past.
-
Average person names 3 things a year" factoid actualy just statistical error. Average person names 0 things per year. Names-things-Georg, who is a literal child and names everything he sees Georg, is an outlier and should not have been counted.
#jokes #SpidersGeorg -
Currently writing a blog of all things. I'm not sure I'll ever publish it, but I'm organizing my thoughts about my current side-project as drafts on a blog.
Am I trying to do the equivalent of rubber duck/teddy bear debugging with the entire process of writing an app?
#programming #blogging #AmICrazy -
Is it normal to be tearing up like three pages into the late Terry Bisson’s Fire on the Mountain?
#SciFi #TerryBisson #Reading #ScienceFiction -
@ifixcoinops posted a #GameDad and now I want one. The question is, do I get something cheap and basic that’ll handle SNES, GameBoy, and Genesis-level consoles or do I wait and grab something that would handle PS2 and/or GameCube-level things?
I could be pretty happy playing Link to the Past Randomizer on a handheld for a while, but I would also like to maybe play the PS2 Tenchu games again and maybe get around to playing some of those 3D Zelda’s I keep hearing about… -
I have used a git subtree, and while I kinda hate it. I still think it was the right call given the constraints.
This is not a reply because I don’t want to argue with the take that brought it to mind.If, for some reason, you want to use git subtree, think very carefully about doing so. Reasons follow.
-
I have used a git subtree, and while I kinda hate it. I still think it was the right call given the constraints.
This is not a reply because I don’t want to argue with the take that brought it to mind.If, for some reason, you want to use git subtree, think very carefully about doing so. Reasons follow.
-
I have used a git subtree, and while I kinda hate it. I still think it was the right call given the constraints.
This is not a reply because I don’t want to argue with the take that brought it to mind.If, for some reason, you want to use git subtree, think very carefully about doing so. Reasons follow.
-
I have used a git subtree, and while I kinda hate it. I still think it was the right call given the constraints.
This is not a reply because I don’t want to argue with the take that brought it to mind.If, for some reason, you want to use git subtree, think very carefully about doing so. Reasons follow.
-
`cargo audit` reports a vulnerability in a transient dependency that isn't in the output of `cargo tree`. What's going on here?
#RustLang #CargoAudit #sqlx #Rust -
`cargo audit` reports a vulnerability in a transient dependency that isn't in the output of `cargo tree`. What's going on here?
#RustLang #CargoAudit #sqlx #Rust -
`cargo audit` reports a vulnerability in a transient dependency that isn't in the output of `cargo tree`. What's going on here?
#RustLang #CargoAudit #sqlx #Rust