noneucat's recent activity
-
Comment on What programming/technical projects have you been working on? in ~comp
-
Comment on <deleted topic> in ~comp
noneucat (edited )LinkNice and concise guide! The reason that the Nightly binary will not run directly on NixOS is due to the fact that all NixPkgs binaries are hardcoded with a specific dynamic linker (as there can be...Nice and concise guide!
The reason that the Nightly binary will not run directly on NixOS is due to the fact that all NixPkgs binaries are hardcoded with a specific dynamic linker (as there can be multiple versions of
glibcfor different programs). Programs that expect the environment to provide a loader (say, at/lib64/ld-linux-x86-64.so.2) will fail out:$ ./firefox sh: ./firefox: No such file or directoryThe differences in the binaries:
$ # Firefox Nightly from mozilla.org $ ldd ./firefox ... /lib64/ld-linux-x86-64.so.2 => ... $ # NixPkgs Firefox $ ldd /nix/store/ ... firefox-unwrapped-72.0.2/bin/.firefox-wrapped ... /nix/store/ ... glibc-2.27/lib/ld-linux-x86-64.so.2 => ...Solutions:
- patch the binary with the library paths yourself (maybe with
autopatchelf) - run the application in a FHS environment (maybe with
steam-run) - use a Nix overlay to acquire the appropriate package (this solution)
- compile it yourself
- patch the binary with the library paths yourself (maybe with
-
Comment on Security researcher hacks SlickWraps, publishes a disclosure in ~comp
-
Comment on Security researcher hacks SlickWraps, publishes a disclosure in ~comp
noneucat LinkThe original Medium link has been taken down at time of posting. Archive: http://archive.is/yEIJT While I agree there may have been a mishandling of an attempted disclosure by SlickWraps, the...The original Medium link has been taken down at time of posting. Archive: http://archive.is/yEIJT
While I agree there may have been a mishandling of an attempted disclosure by SlickWraps, the author took some actions that I did not agree with:
-
Vague communication with the company about the issue
The author writes in the article that one of their first attempts at establishing a line of collection was to send this tweet, which reads: "Hey @ SlickWraps, You failed the vibe check."; I don't believe that this was a meaningful or professional attempt at contacting a company for a disclosure. The tweet is then followed up by this one, which seems to almost egg them on with a screencap of a CSR exchange taken from the hack. -
Unnecessary exploration of systems
I believe the author should not have gone any further as soon as they obtained shell & write access. The revenue numbers and statistics posted at the beginning of the article strike me as unnecessary. There is nothing to gain from posting these + countless other pieces of data from the hack (e.g. CSR emails, screencaps of their stack, logs, etc.), as they could have demonstrated the vulnerability through other means (such as a file upload). -
Too much information in the disclosure
The article seems to enumerate every single credential/service/item of interest they found or encountered. Consequently, this provides what is essentially a map of internal systems for nefarious third parties who may be interested in exploiting this vulnerability. Publishing this much information about SlickWraps' systems without obtaining consent from the company & confirmation that the vulnerability has been mitigated is irresponsible.
To me, the article seems like some sort of crusade against the company rather than an attempt at responsible disclosure.
-
-
Security researcher hacks SlickWraps, publishes a disclosure
8 votes -
Comment on Funimation removes Vic Mignogna from The Morose Mononokean 2 following allegations of harassment in ~anime
noneucat LinkThis is definitely a tricky situation that deserves careful consideration by everyone involved. I'm still researching claims and testimonials from both sides. It's disheartening, however, to see...“Following an investigation, Funimation recast Vic Mignogna in Morose Mononokean Season 2. Funimation will not be engaging Mignogna in future productions,” Funimation told Polygon in a statement.
This is definitely a tricky situation that deserves careful consideration by everyone involved. I'm still researching claims and testimonials from both sides. It's disheartening, however, to see so many people making assumptions and taking sides fueled solely by emotion on social media.
-
Funimation removes Vic Mignogna from The Morose Mononokean 2 following allegations of harassment
8 votes -
Comment on What have you been watching/reading this week? (Anime/Manga) in ~anime
noneucat LinkI'm currently doing a rewatch of Nichijou, a slice of life comedy! It has a reputation for being sort of a "memey" anime, but it does have its sweet moments :) I'm also working my way through the...I'm currently doing a rewatch of Nichijou, a slice of life comedy! It has a reputation for being sort of a "memey" anime, but it does have its sweet moments :)
I'm also working my way through the corresponding manga and CITY, a spiritual 'sequel' to Nichijou. Both series tend to polarize people; either you like it, or you don't.
-
Comment on During WWII, Bletchley Park was home to codebreaking and tea shenanigans in ~food
noneucat Linkpfft I guess even codebreakers had time to take the piss out of one another ;) If you haven't already, The Imitation Game is a great movie based on Turing's efforts in Bletchley Park. I don't know...In terms of tea, Turing took to securing his mug to a radiator each evening with a lock and chain. This proved irresistible to his colleagues, who would occasionally pick the lock and make off with Turing’s mug in his absence.
pfft
I guess even codebreakers had time to take the piss out of one another ;)If you haven't already, The Imitation Game is a great movie based on Turing's efforts in Bletchley Park. I don't know about the historical accuracy of the film, but it was very intriguing to watch (particularly their replica of the bombe).
I packaged some CUPS thermal printer drivers for NixOS yesterday. Surprisingly, CITIZEN (the company that produced the printer) publishes the source for the binary portions of the driver.