How can my JSON response have any concept of Type? If I return a number and you treat it is a string, my API doesn’t have any concept of that. Now in the actual spec of the API I could say that specific URI will return an int, but it’s up to your side to classify the array of bits as an int instead of a str.

Enlightenment is realizing that variables don’t have nor need a type, they are all just arrays of bits.

I can import my_script2.py into my_script.py it doesn’t run the main method unless I specifically invoke my_script2.main() though.

Idk, I guess I should ask why python needs a default function? If I’m running it as a script with commandline invocation I just copy and paste the if main namespace thing from stack overflow and it works as I intended. It also works if I invoke via python my_script.py $args, so I don’t really see why I should philosophically care about how other languages that I’m not using do it.

Partitioning is one of those obsolete Unixisms that is best left in the 90s. Only exception is dual booting, but even there partitioning isn’t really very important anymore

Why does even a modern language syntax insist on having end of line characters like semi colons. Surely we have moved beyond that. What is even the point of those characters?

“YOU NEED A COMPUTER AND DEVELOPER OPTIONS ENABLED FOR THIS TO WORK. DEVELOPER OPTIONS CAN BE ENABLED ON THE PARENT APP.”

So is this just a case where if you have a privileged user i.e. developer options, you can do things like change the time? Maybe i’m misunderstanding the way time-based features work, but surely they can be trivially bypassed by the child in a myriad number of ways if they have privileged access already?

Git is great. Git is Complicated. But assuming you have a protected master branch that requires PRs and will detect merge conflicts before attempting to merge, it’s not really dangerous. It is however frustrating.

Sounds like the perfect evolution of pointers then.

I “understood” on a basic level what pointers were when i was first learning programing as a 12-13year old. But I never understood HOW to use them, or manipulate them, or what functions you use to interact with them, or how to examine them, or how to declare them, etc etc. And since I was young I never got the opportunity to take an actual programming class that taught any of that throughout high school. By the time I got to college I went with Electrical Engineering instead of computer science and so my journey with pointers ended.

Now I do python and never have to think about pointers.

This is fundamentally true. However it is possible to limit the bandwidth of data the employee can exfiltrate.

Assuming a privileged employee suddenly becomes a bad actor. Private-keys/certs are compromised, any kind of shared password/login is compromised.

In my case I have a legit access to my company’s web-certs as well as service account ssh-key’s, etc. If I were determined to undermine my company, I could absolutely get access to our HSM-stored software signing keys too. Or more accurately I’d be able to use that key to compile and sign an arbitrary binary at least once.

But I couldn’t for example download our entire customer database, I could get a specific record, I could maybe social engineer access to all the records of a specific customer, but there is no way I’d be able to extract all of our customers via an analog loophole or any standard way. The data set is too big.

I also wouldn’t be able to download our companies software source code in it’s entirety. Obviously I could intelligently pick a few key modules etc, but the whole thing would be impossible.

And this is what you are trying to limit. If you trust your employees (some you have to), you can’t stop them from copying the keys to the kingdom, but you can limit the damage that they can do, and also ensure they can’t copy ALL the crown jewels.

You are disappointed because it doesn’t have to be this way.

Don’t listen to this guy at all.

I don’t know about the history of the project, but it sounds like those blobs have been there for quite some time. When in reality, the PR that added the blobs in the first place shouldn’t ever have been approved.

Actually just checked 3+ years.

This isn’t a knock against opensource programming, but there shouldn’t ever be precompiled blobs in the repo unless they are the official builds for the various OS’s and if you want to build from source, the pre-compiled blobs shouldn’t be part of that, otherwise you can’t really claim you are opensource.

Hey guys open source is great you can look at all the code and therefore there are no security backdoors etc. Also here are a bunch of pre-compiled blobs in the repo, don’t worry about those, but they are required to run the program.

I’m a network engineer and I run ipv6 natively in all of our datacenters. There are even a handful of end systems that have ipv6 native networking stacks with ipv4 sockets for our non-ipv6 compatible applications. IPv6 issues are basically self-inflicted at this point by companies that see their IT systems as cost centers, or by basilisk directors who’s knowledge stopped in the 90’s.

Seems novel. But from a security aspect, if OpenSSH has security vulnerability that allows an unauthenticated user to login, via whatever means, once you are in the system as a non-privileged user, you are now free to use the same vulnerability to get root.

Basically this exercise is like using two locks that have the same key to open them. If the same key opens them, then a weakness in one, is now a weakness in the other so why bother with two identical locks?

The first 3 are why I can’t get any work done anymore. The last 3 I would absolutely love to have more time to do.

It’s actually a great game. But it’s Eurojank to the extereme. If you want a superior experience, play Gothic 2. But it’s still janky, just not as bad as Gothic 1. Gothic 3 I didn’t like at all.