More

buttercraft · 2024-12-19T21:00:19 1734642019

Now I'm trying to imagine Taylor Swift hanging out at gate B22 waiting for a flight. Pandemonium.

buttercraft · 2024-12-18T21:26:31 1734557191

> If you don't know what the state of your app is, how do you prevent data corruption or logical errors in further execution?

Even worse, you might be in an unknown state because someone is trying to exploit a vulnerability.

jayd16 · 2024-12-18T21:29:58 1734557398

If you crash then you've handed them a denial of service vulnerability.

buttercraft · 2024-12-19T06:40:52 1734590452

That's an issue handled higher up the stack with process isolation etc. It's still not ok to continue running a process that is in an unknown state.

buttercraft · 2024-12-18T21:21:07 1734556867

That's exactly what the attacker wants you to do after their exploit runs: ignore the warning signs.

ndriscoll · 2024-12-18T21:30:34 1734557434

You don't ignore it. You track errors. What you don't do is crash the server for all users, giving an attacker an easy way to DoS you.

buttercraft · 2024-12-19T00:51:37 1734569497

A DoS might be the better option vs. say, data exfiltration.

ndriscoll · 2024-12-19T01:10:22 1734570622

Most bugs aren't going to create any risk for data exfiltration. In most real application servers (which are very rarely written in C or C++ these days), requests are almost completely isolated from each other except to the extent that they interact with a database. If you detect a bug in one request, you just abort the one request, and there's likely no way it could affect others.

This is part of why something like Rust is usable at all; in the real world a lot of logic has straightforward, linear lifecycles. To the extent that it doesn't, you can push the long-lived state into something like an external database, and now your application has straightforward lifecycles again where the goal of a task is to produce commands to manipulate the database and then exit.

buttercraft · 2024-12-19T06:26:41 1734589601

Sure, but i was talking about an individual process. If you don't know what state it's in, you simply can't trust it to run anymore. That's all.

ndriscoll · 2024-12-19T17:19:47 1734628787

Except you usually can because the state isn't completely unknown. You might not expect some field in a structure to be null, but you still know for example that there's no way for one request to have a reference to another, so you just abort the one request and continue.

joesb · 2024-12-19T01:34:45 1734572085

And what does DOS attacker want you to do? Not crashing the whole service to deny others of the service?

buttercraft · 2024-12-19T06:28:34 1734589714

That is a valid tradeoff in many situations, yes.

buttercraft · 2024-12-18T16:41:30 1734540090

If you say something like, "$fact $slur $ad_hominem $insult" and then you complain about being censored for $fact, you're being dishonest. We can all see the other shit you said. You're not fooling anybody.

buttercraft · 2024-12-18T15:30:59 1734535859

> Can you hide from wildfire smoke by merely closing your windows?

Um, yes? That's what we do every summer. Very little smoke gets in compared to an open window

sterlind · 2024-12-18T19:46:17 1734551177

Blast overpressure has a way of opening windows. And they're hard to close once the glass has become shrapnel.

vorpalhex · 2024-12-18T16:52:47 1734540767

"very little radiation" is still too much.

bendigedig · 2024-12-18T19:47:26 1734551246

bananas are slightly more radioactive than background radiation

ASalazarMX · 2024-12-19T17:48:03 1734630483

"very little nuclear fallout radiation" is still too much.

Background radiation and bananas won't stay in your lungs... normally.

waste_monk · 2024-12-19T06:11:35 1734588695

Everyone who eats a banana (eventually) dies. Coincidence? I think not!

buttercraft · 2024-12-16T17:58:13 1734371893

> Data on CDs/DVDs should remain recoverable for millenia (properly stored, even readable).

If by "properly stored" you mean in a cold, dark vacuum, then maybe. Otherwise this is not true in my experience. I've had CD's in temperature controlled storage for 25 years and about 1 on 10 are unreadable. It's my understanding that they oxidize. In theory gold CD'S are immune to that.

buttercraft · 2024-12-13T15:39:26 1734104366

So you want grandma to suffer for you. How very selfish.

buttercraft · 2024-12-11T20:53:02 1733950382

It's described in the preliminary injunction linked in the article. I can't seem to copy-paste, but it's multipart test including whether the plaintiff is likely to succeed on the merits, and also public interest. It's under the heading "legal standard." Every part of the test went in WP Engine's favor.

buttercraft · 2024-12-11T19:33:11 1733945591

It's really weird for matt to say they don't contribute while simultaneously taking over one of the most popular plug-ins that they contributed.

misnome · 2024-12-12T01:01:48 1733965308

And blocking core contributors with their stupid “Affiliated Checkbox”.

Unfortunately outright lying and saying that “I personally don’t think they voluntarily contribute enough” is “contributes nothing” seems to have been partially successful in seeding the idea.

itsdrewmiller · 2024-12-11T20:08:16 1733947696

My understanding is that they bought ACF in 2022 - this article from 2021 doesn't mention them at all. https://www.advancedcustomfields.com/blog/10-years-of-acf-a-...

Your overall point is still valid though - they were for example sponsors of the very conference where mm first went berserk.

buttercraft · 2024-12-11T21:05:15 1733951115

I don't think it really matters whether they paid for it with with cash or labor.

buttercraft · 2024-12-11T18:40:23 1733942423

Attacking computers that control critical infrastructure could absolutely cause civilian deaths.