Yup. Rand() chooses a random float value for each entry. By default I believe it’s anywhere between 0 and 1. So it may divide the first bill by .76, then the second by .23, then the third by 0.63, etc… So you’d end up with a completely garbage database because you can’t even undo it by multiplying all of the numbers by a set value.

The scheduling demand thing is referring specifically to the project manager going “we need this for an upcoming major product launch, so you need to fix this before the launch.” It feels like Microsoft cracking the whip to try getting free labor, because it is.

If they truly can’t do without it for their product launch, they can fork it and fix the bug themselves. Surely Microsoft has the resources and brainpower to do so. But the PM didn’t want to do that, because it means they’d be spending their own time and resources on it.

Remember when subs were specifically prohibited from being moderated by company employees? Because subs were supposed to represent public interest, not simply be fluffers for corporate policy? Because having an employee of a company moderate a sub is a clear conflict of interest when people use those subs to complain about the company? Pepperidge Farm remembers…

It isn’t compressible at all, really. As far as a compression algorithm is concerned, it just looks like random data.

Imagine trying to compress a text file. Each letter normally takes 8 bits to represent. The computer looks at 8 bits at a time, and knows which character to display. Normally, the computer needs to look at all 8 bits even when those bits are “empty” simply because you have no way of marking when one letter stops and another begins. It’s all just 1’s and 0’s, so it’s not like you can insert “next letter” flags in that. But we can cut that down.

One of the easiest ways to do this is to count all the letters, then sort them from most to least common. Then we build a tree, with each character being a fork. You start at the top of the tree, and follow it down. You go down one fork for 0 and read the letter at your current fork on a 1. So for instance, if the letters are sorted “ABCDEF…” then “0001” would be D. Now D is represented with only 4 bits, instead of 8. And after reading the 1, you return to the top of the tree and start over again. So “01000101101” would be “BDBAB”. Normally that sequence would take 40 bits to represent, (because each character would be 8 bits long,) but we just did it in 11 bits total.

But notice that this also has the potential to produce letters that are MORE than 8 bits long. If we follow that same pattern I listed above, “I” would be 9 bits, “J” would be 10, etc… The reason we’re able to achieve compression is because we’re using the more common (shorter) letters a lot and the less common (longer) letters less.

Encryption undoes this completely, because (as far as compression is concerned) the data is completely random. And when you look at random data without any discernible pattern, it means that counting the characters and sorting by frequency is basically a lesson in futility. All the letters will be used about the same, so even the “most frequent” characters are only more frequent by a little bit due to random chance. So now. Even if the frequency still corresponds to my earlier pattern, the number of Z’s is so close to the number of A’s that the file will end up even longer than before. Because remember, the compression only works when the most frequent characters are actually used most frequently. Since there are a lot of characters that are longer than 8 bits and those characters are being used just as much as the shorter characters our compression method fails and actually produces a file that is larger than the original.

Chaotic evil is encrypting, compressing, then encrypting again.

Not only that; You have to pay for updates too. Supposedly it’s because Apple takes time to verify that the app is legit and not going to do nefarious things. So they don’t want a bad actor to get a legit app on the store, then later push an update that infects everyone with a virus.

But apparently a company did a study and realized that app testing rarely made it past the main page, with testers spending ~15-20 seconds per app. They’d basically open it and if it looked like it did what it said, they didn’t bother digging any deeper.

Also, by the time you’ve gotten it to compile, another two versions have come out.

You got to it before I did. Programming languages are like vehicles. You wouldn’t take a sports car off-roading, and you wouldn’t expect a tractor to win a drag race. There is a lot you can do with an all-purpose vehicle, but it’s not going to be as good as something that is purpose-built for a single task.

This is doubly true for games, which tend to be re-released over and over again on different platforms. This is true to a lesser extent for things like movies, but it’s much worse with gaming where each console is a closed ecosystem that’s incompatible with other systems. At least with Blu-Ray, you can expect any Blu-Ray player to play the movie you’ve purchased. It’s not like a Toshiba player will only play Toshiba brand Blu-Ray discs.

Companies love to use the “you don’t own the game, you own a personal license to use the game” line when revoking rights to play games you’ve legally purchased… But that goes both ways; If you own a personal license to use the game, it shouldn’t matter what platform it’s on, because it’s the same game regardless of whether you’re playing on PlayStation or PC.

Hell, the entire Flat Earth thing started as a joke. Just a bunch of people going “wouldn’t it be funny if we started memeing about the earth being flat?” And now here we are a few years later, with flat earthers launching rockets into space and subsequently disregarding the results that they get.

Same. Companies like Nintendo have repeatedly proven that they have zero interest in preserving their old games. In fact, they often do the exact opposite, and work to stop people from preserving their own (legally owned) game libraries. But Nintendo also has zero interest in re-releasing those older games. So the only way you’re able to realistically play them is via piracy, since the actual company that owns the rights won’t release them for sale on a legal platform.

I actually suggested exactly that elsewhere. It would be a nuclear option, for sure. Since it would require every single user to log back in. But it would 100% without a doubt stop the attacker in their tracks.

Tokens are signed with a secret string, which basically tells the server that it is legitimate. They could change that secret, and the server would immediately distrust any tokens signed with the old secret. This would be a pretty nuclear option though, because it would require every single user to log back in.

You’re not the first person to say that the expiration time is a year, which is hilariously long if true. A shorter expiration time is more secure (because it specifically limits attacks like this to a specific timeframe) but it also increases server load by requiring token requests more often. For instance, if the expiry was set at 5 minutes, you’d have requests every 5 minutes but an attacker would only have control of an account for a maximum of five minutes. Maybe it was done to help save on server load, since this is all basically run by a few people as a hobby.

Yup. Changing your password or 2FA wouldn’t help here, because they’re not actually logging into your account. Rather, they’re simply telling the server that they’re already logged in, using your auth token as proof. You know that little “Keep me logged in” checkbox that everyone clicks when they log in? That stores an auth token on your browser, which is tied to your account.

The next time the browser starts a session on the site, it sends that auth token instead of going through the regular login process. And since the site knows that auth token belongs to your account, it logs you in automatically without needing to go through the regular login process.

So basically, they’re stealing a cookie from your browser, with your name on it. Then they’re able to tell the server that they’re you, by presenting that cookie as proof.

Proper procedure should be to deauthorize any auth tokens when you change your password. But even big sites get lazy about this sometimes, so it may not be the default. If this is the case for Lemmy, even changing your password won’t help because it doesn’t automatically deauth that token.

Simply having it Print “Hello World” without any user interaction? There are no user inputs to sanitize.

Yeah, I’m part of the second wave purely because I never received the acceptance emails when I tried a few weeks ago. I use a custom domain for my email, so I’m guessing the site automatically flagged it as a bot request. But now registrations on the most popular servers are closed entirely lol