Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. DavidRa

    DavidRa Member

    Joined:
    Jun 8, 2002
    Messages:
    3,023
    Location:
    NSW Central Coast
    *Record scratch* wait, what? You can't just drop that kind of crap here on a Monday, then run away without explanation and exposition!
     
    2SHY and NSanity like this.
  2. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,210
    Location:
    Rocky
    I think this is where the hangup is. I'm clearly not an expert here, but from those who are I'm hearing that current mitigations are not completely effective. Ergo, they aren't completely mitigated. This is what I think Itsmydamnation was trying to get at.

    Assuming for a moment that they are though, in an area where it's clear there *will* be more exploits discovered, can you ever really consider it mitigated? I mean it's not like it's flash where you shake it and shells fall out, but then again flash is being killed off for it's sins.
     
  3. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    35,673
    Location:
    Brisbane
    Leave that basic water cooler chat for the actual water cooler, please. We're intellectuals here.
     
    Unframed and NSanity like this.
  4. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,836
    Location:
    Canberra
    anything is a scripting language if you're obtuse enough to write a script in it.

    today I'm writing a script in 8065 assembler (to copy some registers to memory so I can read them externally for debugging/logging).
     
  5. KDog

    KDog Member

    Joined:
    Jan 9, 2002
    Messages:
    242
    Location:
    ACT
    Isn't that just a subroutine?
     
  6. wullieb1

    wullieb1 Member

    Joined:
    Jul 9, 2013
    Messages:
    439
    Haha shit yeah its not Friday yet is it, ooops my bad

    New PD comes out with Scripting experience PowerShell, VB, C++

    I wouldn't use either for scripting but if that is what needs to be done then so be it :)
     
  7. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,011
    Hello fellow human
    how about that local team eh.
     
  8. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,422
    Location:
    qld.au
    They're absolutely 100% mitigated against all known attacks. If not, Google, Amazon, Microsoft and so forth would stop selling compute.

    Again, same as my previous examples. Not all of the C code has been 100% protected against buffer overflow exploits. Is they sky falling? No. Does patching one overflow fix all instances? No! Can future programs learn from this and either use a language (eg Rust) with inbuilt memory safety? Yes. Can Intel add further protection in hardware against these style of attacks? Absolutely... and already are.

    Speculative Execution has broadened the potential for threats, but nothing to panic about if you have a decent patching regime.
     
  9. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,011
    Citation needed.

    There have been guest to host in the past, and will be more in the future, across all hypervisors. and at no point have any of any of the cloud providers stopped selling.
     
  10. Unframed

    Unframed Member

    Joined:
    Mar 30, 2010
    Messages:
    8,979
    Location:
    Hella south west
    Could be why he still hasn't fixed his backups.
     
    NSanity likes this.
  11. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    35,673
    Location:
    Brisbane
    Would rather discuss gravitational waves and their effects on spacetime. So I do, and drive the sportsball people far, far away.
     
    cvidler and NSanity like this.
  12. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,422
    Location:
    qld.au
    All the majors get advanced warning before there's any public announcements and hence they're patched in advance. This is _why_ they've never stopped selling, they already had their shit patched and mitigated before the public announcements.

    Even the smaller guys worked rapidly together to get patches out and ensure everything was patched as quickly as possible: https://techcrunch.com/2018/01/06/h...d-together-to-cope-with-spectre-and-meltdown/
     
  13. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,011
    Sure, that works for things responsibly disclosed, If someone dropped a 0-day guest to host right now, with PoC - how would it be handled by the Major cloud providers? - at any point would they stop selling?

    Sure, they'd patch it post-haste, but I don't see them bringing down customers shit, because of it.
     
  14. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,210
    Location:
    Rocky
    I wonder how many of them are paying attention to zerodium who are offering up to a million dollars for zero click RCE's. If I had one one I can tell you right now fuck you all would be my response whilst cashing my million dollar cheque.
     
  15. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,422
    Location:
    qld.au
    I'm not aware of their policies in regards to 0day exploits without any warning as I don't believe it's happened.

    Having a public platform with bounties is critical to prevent this wherever possible, eg https://hackerone.com/slack
     
  16. mooboyj

    mooboyj Member

    Joined:
    Sep 13, 2005
    Messages:
    993
    Tech1 financials in the cloud, what a steaming sack of shit. Never had the displeasure of using such a god forsaken shitful product like it.
     
    samus, olie and NSanity like this.
  17. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,011
    Then how can you say


    with any confidence?
     
  18. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    35,673
    Location:
    Brisbane
  19. samus

    samus Member

    Joined:
    Jun 3, 2002
    Messages:
    1,201
    Location:
    Baulkham Hills, Sydney.
    As a government department where TechOne is a dominant supplier, I am very, very interested in why this is. Could you elaborate at all? I don't use them , but my (new) management are in talks.
     
    olie likes this.
  20. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    35,673
    Location:
    Brisbane
    Well I'm glad we dumped them 3 years back prior to our own finance/cloud migration. Sounds like we dodged a bullet.
     
    mooboyj likes this.

Share This Page