• 0 Posts
  • 145 Comments
Joined 3 years ago
Cake day: June 18th, 2023
  • NaibofTabr@infosec.pubtoProgrammer Humor@programming.devOp doesn't have time for interviewsEnglish
    6·
    5 hours ago

    I tend to agree with this line of thinking. If you’re trying to hire an effective problem solver, well the first step to solving any problem is understanding the problem - the whole problem - and often more importantly the context in which the problem exists.

    And while my first reaction is to be frustrated with the person asking for a solution to such a vague problem… in the real world problems are rarely clearly stated, and frequently misstated. Investigating the apparent conditions of the problem is always necessary, and generally the fastest path to resolution.

  • NaibofTabr@infosec.pubtoProgrammer Humor@programming.devOp doesn't have time for interviewsEnglish
    14·
    5 hours ago

    Based on the provided information, there are some switches of unspecified type in one room and a light bulb of unspecified type in another room. There is no power source, nor do we know if there is even wiring between the switches and the bulb. For all we know, the switches and the bulb are still in their product packaging waiting to be installed by an electrician.

    The bulb is not controlled by any of the switches in any meaningful manner.

    Also, per the problem specification, I am allowed to visit the room with the light bulb only once. I am not allowed to visit the room with the switches, or operate the switches.

    The comment in the original image is the most rational possible answer to such an exercise. Poorly stated problems are a waste of time.

    *Edit: You know what, scratch all that, none of it really matters.

    I’m not messing with an unknown electrical circuit without seeing the circuit diagram and verifying any relevant lockout/tagout. People die from that shit.

  • NaibofTabr@infosec.pubtoProgrammer Humor@programming.devOp doesn't have time for interviewsEnglish
    1722·
    9 hours ago

    This assumes several things to be true, which might not be true:

    • power is available/the upstream circuit is on (always a bad assumption to make)
    • the bulb is an incandescent type that will generate an appreciable amount of heat in a short amount of time
    • the bulb was in the off state before you changed the position of any switches, and has been off long enough to be cold
    • the bulb is connected to any of the switches
    • the bulb is connected to only one of the switches (parallel circuits are a thing, as are multi-switch lighting circuits)

    If any of the above is not true, the conclusion is invalid.

  • NaibofTabr@infosec.pubtoAsk Lemmy@lemmy.worldIs there any unedited conversation podcast you actually recommend?English
    5·
    6 days ago

    This Week in Tech hosted by Leo Laporte, with a panel of 2-4 guests every week, focused on technology news. Leo has been podcasting since before it was called podcasting. Some of you may remember him as the host of The Screen Savers from TechTV, or The Tech Guy radio show.

    Decentered a podcast about the Fediverse with involved developers as guests!

    The Delta Flyers Tom (Robert Duncan McNeill) and Harry (Garrett Wang) talk about working on Voyager, with other Star Trek cast & crew as guests. They’ve actually finished all of Voyager (nice backlog to listen to) and started covering DS9, adding Jadzia (Terry Farrell) and Quark (Armin Shimerman) as co-hosts.

    risky.biz This one’s more niche, a weekly global cybersecurity news review. Patrick Gray (the show runner) and Adam Boileau (regular co-host) are old experts in infosec with a lot of knowledge and a lot of industry contacts who they interview regularly. In the present there’s a lot of overlap with international politics, so getting an understanding of current events from the cybersecurity perspective is pretty interesting. If you are a professional working in IT or a hobbyist with an interest in computer networking or information security you should be listening to this one regularly.

  • NaibofTabr@infosec.pubtoAsk Lemmy@lemmy.worldIs there is any web comic artists which publish their comics as SVG or as transparent PNG?English
    11·
    24 days ago

    Oh, it’s not, the difference is that the SVG is an unexpected delivery vector.

    The script on a website might change over time, might be blocked by an extension like uBlock origin that prevents sections of web code from loading in the first place. You can block a website’s JS with an extension that specifically does that, like jshelter. A malicious SVG is static, the malicious code is malicious forever and is embedded in the file. A browser extension can’t selectively block pieces of the file from loading.

    Script blocking extensions prevent web page code from loading, but they don’t prevent the application from executing JS. If you open an SVG, the file is downloaded locally (it’s not web code) and the JS in the file will execute locally, with the same permissions and file system access as the user opening the file.

  • NaibofTabr@infosec.pubtoAsk Lemmy@lemmy.worldIs there is any web comic artists which publish their comics as SVG or as transparent PNG?English
    1513·
    26 days ago

    YSK: SVG files are a security risk. Be careful where you get them from and how you handle them.

    Basically, an SVG can contain JavaScript. If you open an SVG in an application that can interpret the JS (e.g. a web browser) then the script will execute (just as with a malicious PDF), at which point it could download other files (malware) or perform any other function that the application has access to (creating, editing or deleting files on the hard drive) because you gave it permission to do that by opening the SVG. Effectively opening an SVG in a JS-capable application is the same as allowing a stranger to run arbitrary code on your computer. You might as well go around the Internet wearing a “please hack me” sign.

    Downloading an SVG to your hard drive directly should be relatively safe, and opening it in a graphics program that does not execute JavaScript should have no risk, but viewing random SVGs in a web browser is a real hazard.