Sabitlenmiş Tweet
PureRinFunction
3.3K posts
PureRinFunction
@PureRinFunction
Turing tarpit surveyor.
Katılım Ekim 2021
809 Takip Edilen246 Takipçiler
I feel like the x algo changed quite a bit. Not seeing a lot of people's posts.
English
@HSVSphere Just like total correctness, total security is pipe dream, you're always making a trade.
How secure you need to be is exactly just enough to make exploiting you "not worth the time they spent".
English
This is very much "privacy" and "security" like the whole shtick around ipv6 using mac addresses (which made no sense).
PureRinFunction@PureRinFunction
@MrJTroyer Generally, the happy path for allocations is well exercised, with fuzzers, etc. This tanks your performance, to avoid the possibility that a bad actor can use it. But bad actors don't operate as oracles, there is very little precedence for these type of attacks.
English
@MrJTroyer It also almost never makes sense to do this from a threat modeling pov.
There are various places in the stack that are much much less secure, that *are* actively exploited.
regardless this also doesn't achieve what it claims it does.
English
@MrJTroyer They need to spend time finding and exercising the bug. If it was easy enough to exploit, then where are the people doing this? Even three letter agencies usually buy these exploits because exploring the state space to look for them is time consuming and hard.
English
I was considering switching to grapheneOS then saw that they zero kernel allocations.
Kind of made me feel an ick tbh.
English
@HSVSphere Building a house is only 7 months, you live for 970+
Possibly more if we get rid of the pesky roaches!
English
@HSVSphere ;)
I very much nuke the house when I see a cockroach.
It eliminates that cockroach, his family, his bloodline, and it helps the neighborhood by nuking their houses as well. Also gets rid of a whole class of mechanisms for disease to spread.
English
@HSVSphere There is some level of "security" issues that one must be willing to accept, based on how difficult it is to exploit.
Like correctness is something we also trade off. For a nuclear reactor, formal verification might make sense, for a web service, not really?
English
@HSVSphere No, just no.
This is not a great design choice, imo.
I haven't heard a good explanation, or a threat model that makes sense for it.
English
@VinciRSS somewhat.
It will serve it's purpose as an overly expensive audio player.
English
@bubbleboi I rotated around 8k from bonds to things that are sensitive to low energy prices. idk
English
Lowering the bar to get incorrect code up and running is not great for anyone.
DHH@dhh
Being into open source and recoiling from vibe coding is a contradiction in terms. Either we are genuinely excited by giving freedom to many to change their software or we are frauds. If open source means anything it's Open The Gates. Don't erect new ones from ego or fear.
English
I hope they wait until market open to announce something to pump the price.
English