Jenna Magius @jennamagius@octodon.social
There can and should be such a thing as a free lunch.
Though, to be fair, writing a long program and then making it shorter later is probably the most correct thing to do.
If you actually do the "make it shorter later" part >.>
I would have written a shorter program, but I did not have the time.
it is the world's biggest mood to clock fellow transpeople in public and want to reach out to them in solidarity and just not really have any appropriate way to do so
Star Fox video store AU where Krystal is a video clerk, but it's also a modern AU, so there aren't any more video stores so she has to sit on top of a red box to insult people.
R-E-S-P-E-C-C
That's like 50g for me
R-E-S-P-E-C-C
Solo Holy as a Priest
Is there a version of Timber where he says "fuck"?
Bicycle culture is accidentally leaving your right pant leg tucked into your sock all day.
@tinker I don't understand what this means? It seems like I'd need fancy LCD fabric to do that.
Man, if the cat was wearing the display it'd be even worse. "Come back here! I need to see that command output!!!"
I want a transparent cat, so it can get up on my desk in front of my display, but I don't have to stop working because I can't see my code anymore.
@krogoth I'm developing them! In the form of an SSH-like remote access service that has port knocking built in from the start.
@krogoth Kiiiinda, yeah, except that shelling out to iptables is a rough way to live your life.
It's a good idea, but it needs to go further.
.expect() pulls some of that weight, but like... it doesn't make sense to be like:
if x.is_none() {
return;
}
let x = x.expect("Shouldn't happen")
Rust needs .unwrap_as_in_i_havent_worried_about_error_handling_yet() and .unwrap_as_in_it_is_statically_impossible_for_this_to_go_wrong_and_if_it_does_you_should_really_panic()
@espen I'm talking about running services that appear to be closed ports unless you can authorize yourself enough get get the service to admit that it exists.
@espen The even more minimal codepath is "You don't even know where to send the knock, so you don't even have the ability to trigger that static check at will. You can run 0.00 instructions of service code"
@espen There's going to be an unauthenticated RCE in OpenSSH some day. The only way to reduce the chance that RCE will happen is by reducing the amount of codepaths an attacker can hit without creds. The minimum codepaths possible is "Does this UDP packet contain a specific static value? If not, we have reached the end of our codepaths."
@espen Strong disagree. It is absolutely not security theatre, it is surface area minimization. MS17-010 said "access denied" and EternalBlue said "Boy, there sure is a LOT of surface area on the outside of your access denied" and then pwned the shit out of services that were "denying" "access"
@queerhackerwitch s/running visible services should be an option/running hidden services should be an option/
@queerhackerwitch It kinda seems to me like "We've got some great infrastructure in place for running discoverable, ergonomic services. It's called TCP. It runs great services you know and love, like HTTPS. People connect to HTTPS services on servers they don't know much about all the time." I don't feel like UDP needs to _be_ the same thing TCP is.
@queerhackerwitch Also, literally the first time I set up knockd my knock ports showed up in nmap -sU and you could find the knock sequence by brute-forcing permutations on five ports, which is fairly pathetic. I suspect that happens to pretty much everyone the first time they set up knockd.
