| --- Log opened Thu Jan 09 00:00:12 2020 |
| 00:09 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed] |
| 00:25 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 00:30 | | Kindamoody is now known as Kindamoody[zZz] |
| 01:05 | | McMartin [mcmartin@Nightstar-c25omi.ca.comcast.net] has quit [Ping timeout: 121 seconds] |
| 01:05 | | McMartin [mcmartin@Nightstar-c25omi.ca.comcast.net] has joined #code |
| 01:05 | | mode/#code [+ao McMartin McMartin] by ChanServ |
| 01:30 | | celmin|away is now known as celticminstrel |
| 02:38 | <&McMartin> | :golfclap: https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9 |
| 02:38 | <&McMartin> | (spoiler: it probably did not expose your paypal password) |
| 02:44 | <@Reiv> | The most problematic part of that whole setup is that Paypal, apparently, still actually stores password in plaintext at all. |
| 02:44 | <@Reiv> | I'd have expected better from such an obvious-target behemoth. |
| 02:46 | <&McMartin> | That is the final conclusion yes |
| 02:47 | <&McMartin> | Well. Sort of |
| 02:47 | <&McMartin> | "In plaintext" for a normal login script doesn't mean what it would on a login system. |
| 02:47 | <&McMartin> | It is *not*, AIUI, standard practice to have javascript hash the password before transmission to the server. |
| 02:48 | <@Reiv> | It isn't? |
| 02:48 | <&McMartin> | The usual way you do this is to have normal CGI forms, and the password is sent encrypted within the overall TLS session. |
| 02:48 | <&McMartin> | Passwords predate javascript =P |
| 02:48 | <@Reiv> | Aha. Okay then. |
| 02:48 | <@Reiv> | And, well, yes |
| 02:48 | <@Reiv> | But this does not mean passwords have not been updated in their security ever since, right :p |
| 02:49 | <&McMartin> | Right |
| 02:49 | <&McMartin> | But this attack is an XSS vulnerability, which means the client is sending it. That part is fine; the bad part is that it's stored plaintext client-side during what is supposed to be an ephemeral transaction. |
| 02:50 | <@Reiv> | Quite |
| 02:50 | <&McMartin> | If someone has cracked your TLS stream, any password you use in that session is compromised. This isn't that, and the issue is that they leaked. |
| 04:34 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has joined #code |
| 04:34 | | mode/#code [+qo Vorntastic Vorntastic] by ChanServ |
| 04:40 | | Degi [Degi@Nightstar-7j8341.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 04:41 | | Degi [Degi@Nightstar-p8pr1v.dyn.telefonica.de] has joined #code |
| 05:57 | | celticminstrel [celticminst@Nightstar-0p84vo.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 09:04 | < bluefoxx> | Is there a link to a version hosted on a less skeezily designed website? |
| 09:07 | < bluefoxx> | (I tried googling around but most just relink to the medium article, which claims I've read too many for free this month) |
| 09:07 | < bluefoxx> | (fun fact: this is the first medum link I've clicked all year) |
| 09:11 | <&[R]> | Long story short: he did original research, notified Paypal, got paid 15k, Paypal fixed it in 5 days, Paypal *still* stores passwords in plaintext, post is his not-really-humble-brag |
| 10:11 | < bluefoxx> | Heh, that's great :\ |
| 10:12 | < bluefoxx> | I have to deal with paypal all too regularily too, guess I'll be rotating my password for them more frequently than I haven't |
| 10:27 | | Kindamoody[zZz] is now known as Kindamoody |
| 10:50 | <@ErikMesoy> | *sigh* Apparently some company had an internal memo recognizing the fact that they're consistantly overdemanding in their job application criteria, and so this one is divided into "Must-have" and "Should-have" competencies. |
| 10:52 | <@ErikMesoy> | Must-have: Experience with the running, maintenance, administration, configuration and implementation of (five names), knowledge of (seven abbreviations, Windows Server and Windows Client OS), technical competence of scripting tools, good understanding of dependencies and implmentations for (five names), dynamic work surface, it just goes on and on and on. |
| 10:52 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 10:53 | <@ErikMesoy> | Should-have: Experience with (three acronyms), knowledge of the hospital IT field, competence and experience of *previous job of similar scale and complexity*... |
| 10:55 | <@ErikMesoy> | I appreciate the attempt, but I'm pretty sure the must-have section is still overdemanding and they will not hire someone who actually has all those things. |
| 11:05 | < Emmy> | Someone who actually has all those things will likely not appreciate their wage offer :P |
| 12:55 | | Kindamoody [Kindamoody@Nightstar-eubaqc.tbcn.telia.com] has quit [Client exited] |
| 13:00 | | Kimo|autojoin [Kindamoody@Nightstar-eubaqc.tbcn.telia.com] has joined #code |
| 13:01 | | mode/#code [+o Kimo|autojoin] by ChanServ |
| 13:12 | | Kimo|autojoin is now known as Kindamoody |
| 13:41 | | celticminstrel [celticminst@Nightstar-0p84vo.dsl.bell.ca] has joined #code |
| 13:41 | | mode/#code [+o celticminstrel] by ChanServ |
| 13:54 | | You're now known as TheWatcher[d00m] |
| 14:03 | | celticminstrel is now known as celmin|away |
| 14:43 | <@ErikMesoy> | I have an XY problem and I'm not sure how many layers I should peel back before hitting 'refactor everything'. |
| 14:46 | <@ErikMesoy> | I am writing in Java. I have objects that have a bunch of conditional modifiers. I want to be able to evaluate these conditions easily. I want to store and iterate over multiple conditionals per object. The first suggests they should be callable functions; the second suggests they should be attributes of some sort. |
| 14:48 | <@ErikMesoy> | Setting aside the option to change project language, my next thought was to store these conditionals as strings like "doodads>100", and then run if(eval(condition_string)), but Java doesn't have eval, either. |
| 14:49 | | You're now known as TheWatcher |
| 14:50 | <@ErikMesoy> | "How do I eval in Java?" is probably the wrong question to be asking. "How do I give an object multiple associated conditionals that can be evaluated at runtime?" is one layer back but has an ugly feel that suggests I should still be doing something else. |
| 14:52 | | Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has joined #code |
| 14:52 | <@ErikMesoy> | The underlying thing I'm writing is a weighted decision algorithm. My small draft has each option containing a unique method to calculate its own weight from circumstances, but this gets really unwieldy really fast. |
| 14:54 | <@ErikMesoy> | "How do I write weighted decision algorithms in Java?" is vague. What _is_ the problem I should be solving for, um, compact storage of numerous weight modifiers? |
| 14:55 | | Pink [user1@Nightstar-g7hdo5.dyn.optonline.net] has quit [Ping timeout: 121 seconds] |
| 15:07 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 15:07 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 15:29 | <&ToxicFrog> | ErikMesoy: Why can't they be callables? Like, Java has the Runnable interface |
| 16:15 | <@ErikMesoy> | ToxicFrog: I suppose they can, but that seems like a lot of overhead in making a class out of every conditional. |
| 16:31 | <@ErikMesoy> | Then again, I suppose that's just how Java is sometimes |
| 16:34 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 16:44 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 17:39 | | VirusJTG [VirusJTG@Nightstar-42s.jso.104.208.IP] has quit [Connection closed] |
| 17:40 | | VirusJTG [VirusJTG@Nightstar-42s.jso.104.208.IP] has joined #code |
| 17:40 | | mode/#code [+ao VirusJTG VirusJTG] by ChanServ |
| 18:38 | <&ToxicFrog> | "a lot of overhead in making a class out of every ____" is java.txt, yes; that said I believe it does now support anonymous Runnables so you don't need to create a separate .java for each one |
| 19:18 | <&McMartin> | It has supported anonymous Runnables since, like, Java 1.4 |
| 19:18 | <&McMartin> | It has supported Actual Lambda Expressions since Java 8 |
| 19:18 | <&McMartin> | Actual Lambda Expressions are "a class for each _____", yes, as are the anonymous inner classes. |
| 19:19 | <&McMartin> | So are Actual Lambda Expressions in C++ or any other OO language that got lambdas later. They're broadly equivalent constructs. |
| 20:34 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 20:34 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 23:06 | | Kindamoody is now known as Kindamoody[zZz] |
| 23:21 | <&McMartin> | Man |
| 23:22 | <&McMartin> | First time I've passed a value that wasn't 1 to the second argument to fread in longer than I can recall. |
| 23:22 | <&McMartin> | (This puts it in a mode where it's reading records instead of bytes) |
| 23:24 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| 23:25 | <&McMartin> | Might as well through a goto in here while I'm at it |
| 23:25 | <&McMartin> | *throw |
| 23:27 | <&McMartin> | Hm, nah. Shorter without. Still need the record reads though. |
| --- Log closed Fri Jan 10 00:00:13 2020 |