• 0 Posts
  • 6 Comments
Joined 2 years ago
cake
Cake day: June 14th, 2023

help-circle
  • Also preemptively deciding that me disagreeing with you automatically makes you right because you predicted your explanation wouldn’t satisfy me is just A-tier bullshit.

    I predicted that I would waste my time by replying to you, and I predicted right.

    I wanted to give it a chance, though, because Lemmy is a place that is friendly enough and that I want to thrive, despite how little I contribute. I tried to be constructive and explain things the best I could, and assume the best possible faith, etc. When you just say that I sound like an asshole, and completely act in bad faith in how russian roulette is supposed to be in the context of someone who says “you can beat me at any game”, now I feel the urge to try the block feature in Lemmy, sorry.


  • Two people go on a date. The date is going well, there is chemistry between the two people. One says “if you beat me at any game we can have sex”. The two people will typically play a board or card game, and will flirt with the opportunity of sex during the game play, which is gonna be fun and exciting. Seems a good plot idea for your average romantic comedy movie or teenager’s series.

    Now the joke is that the choice of game is stupid because you end up killing your date. Just with that you could make a meme/joke. Now the post is doubling down on the stupidity, insanity, etc., by making it morbid and showing that the guy still had sex with the corpse.

    Here it is. My take on the issue, which is unlikely to be the only possible explanation which is not “incel shit”. I’ve wasted 10 minutes of my time, and you’ll likely will still not agree with me, and will prove valid my first comment.

    Cheers.


  • suy@programming.devtoLemmy Shitpost@lemmy.worldWinner's Luck
    link
    fedilink
    arrow-up
    15
    arrow-down
    2
    ·
    7 months ago

    Has it occurred to you that pressing the downvote button is just much easier that having to bother explaining something that should be obvious?

    If it is not obvious to you that it’s not incel shit, maybe even after an explanation you won’t agree still because you have different views (which I’m not saying are not respectable, but are still different, so an agreement can’t be reached), so whoever replies to you would have wasted their time.

    So of course people downvote without replying.


  • I’d have to dig it, but I think it said that it added the PID and the uninitialized memory to add a bit more data to the entropy pool in a cheap way. I honestly don’t get how that additional data can be helpful. To me it’s the very opposite. The PID and the undefined memory are not as good quality as good randomness. So, even without Debian’s intervention, it was a bad idea. The undefined memory triggered valgrind, and after Debian’s patch, if it weren’t because of the PID, all keys would have been reduced to 0 randomness, which would have probably raised the alarm much sooner.


  • no more patching fuzzers to allow that one program to compile. Fix the program

    Agreed.

    Remember Debian’s OpenSSL fiasco? The one that affected all the other derivatives as well, including Ubuntu.

    It all started because OpenSSL did add to the entropy pool a bunch uninitialized memory and the PID. Who the hell relies on uninitialized memory ever? The Debian maintainer wanted to fix Valgrind errors, and submitted a patch. It wasn’t properly reviewed, nor accepted in OpenSSL. The maintainer added it to the Debian package patch, and then everything after that is history.

    Everyone blamed Debian “because it only happened there”, and definitely mistakes were done on that side, but I surely blame much more the OpenSSL developers.


  • suy@programming.devtoLinux@lemmy.mlXZ backdoor in a nutshell
    link
    fedilink
    arrow-up
    40
    arrow-down
    1
    ·
    9 months ago

    Is it, really? If the whole point of the library is dealing with binary files, how are you even going to have automated tests of the library?

    The scary thing is that there is people still using autotools, or any other hyper-complicated build system in which this is easy to hide because who the hell cares about learning about Makefiles, autoconf, automake, M4 and shell scripting at once to compile a few C files. I think hiding this in any other build system would have been definitely harder. Check this mess:

      dnl Define somedir_c_make.
      [$1]_c_make=`printf '%s\n' "$[$1]_c" | sed -e "$gl_sed_escape_for_make_1" -e "$gl_sed_escape_for_make_2" | tr -d "$gl_tr_cr"`
      dnl Use the substituted somedir variable, when possible, so that the user
      dnl may adjust somedir a posteriori when there are no special characters.
      if test "$[$1]_c_make" = '\"'"${gl_final_[$1]}"'\"'; then
        [$1]_c_make='\"$([$1])\"'
      fi
      if test "x$gl_am_configmake" != "x"; then
        gl_[$1]_config='sed \"r\n\" $gl_am_configmake | eval $gl_path_map | $gl_[$1]_prefix -d 2>/dev/null'
      else
        gl_[$1]_config=''
      fi