Get started with App.net.

  Sign up now  
jnm
    You know, PowerShell ISE is pretty cool. I don't think I'd like to have a reason to use it very often, because that would mean I was managing a bunch of Windows boxen. But it's cool.
    jnm
      @echodunk It's just the aggregation of lots of user data that makes big companies a target. Your Discord account by itself is pretty worthless, you know?
      jnm
        @echodunk I know that sounds weird, because the big companies' risk centers on individual user data... and maybe I'm wrong... >.>
        jnm
          @echodunk It can't hurt to change passwords, but I don't think this demands it. / @jws
          jnm
            @echodunk I honestly don't think individual users have as much exposure here as big businesses do. This is, as Ormandy said in the bug report, an unusual case. / @jws
            jnm
              I can hear Akamai's sales force spooling up from here...
              jnm
                Ormandy: Every site running through Cloudflare potentially leaked data. Pointy-Haired Bosses everywhere <handwaving>: He must be exaggerating.
                jnm
                  Classic Google dork (https://www.exploit-db.com/google-hacking-database/) territory, once that data's cached by crawlers.
                  jnm
                    See also the HN thread about the Cloudflare deal: https://news.ycombinator.com/item?id=13718752 (taviso and jgrahamc are Project Zero and Cloudflare, respectively).
                    jnm
                      @echodunk I'm a cynic about these things. I think anyone that paid attention would have changed already.
                      jnm
                        @echodunk Unfortunately, it's still being used. The risk of collision was known, but there wasn't a "practical" (see the number of computation hours Google put into this) method publicly disclosed until now.
                        jnm
                          @echodunk You're welcome. :)
                          jnm
                            @echodunk That said, the odds of someone both finding that uninitialized memory and knowing what to do with it are probably minimal. It can't hurt to change passwords, but this is a needle in a haystack, IMO. @jws
                            jnm
                              @echodunk Reading through Ormandy's bug report, it seems to me that Cloudflare is being disingenuous **at best** about the impact. Essentially everything running through Cloudflare was potentially exposed. @jws
                              jnm
                                @jws That's Very Bad(TM). Can you imagine the butt-pucker factor of getting tweeted or emailed by him?
                                jnm
                                  @echodunk We're talking about guarding against SHA-1 collisions, not about CAs.
                                  jnm
                                    @echodunk Vivaldi is not open-source, AFAIK.
                                    jnm
                                      @echodunk Max supported RAM on most is 16GB, and in some RAM is soldered on the board and not upgradeable.
                                      jnm
                                        Just for kicks and giggles, I've been looking around at the current crop of laptops. The Venn diagram for laptops that support >=32GB RAM, are <=15", and have UHD screen resolution has very little overlap. :-/