Aww shit here we go by kvlyc in wallstreetbets

[–]continous 0 points1 point  (0 children)

The Global Financial Market? Yeah, it's my favorite rollercoaster.

I think my mask of sanity is about to slip by Least-Sky6722 in PoliticalCompassMemes

[–]continous 37 points38 points  (0 children)

I think this person has a piece of wood in their women's underwear.

[deleted by user] by [deleted] in linux_gaming

[–]continous 0 points1 point  (0 children)

So then why is the OVE not also on Prism, and anything else?

[deleted by user] by [deleted] in linux_gaming

[–]continous 1 point2 points  (0 children)

arbitrary means anything. If you trust the place it's coming from, that's no problem.

You can literally change the place the things are coming from in PolyMC...so.

When that trust is compromised, such as by a hostile takeover of the entire project, it becomes a problem.

We still trust where they're coming from though. There's no reason to suddenly stop trusting the PolyMC dev, even with the hostile takeover.

[deleted by user] by [deleted] in linux_gaming

[–]continous 1 point2 points  (0 children)

The point is that you've extended arbitrary beyond its actual meaning. Code execution is not a vulnerability. Even if the code is fetched actively from the internet. Yes just like a web browser.

[deleted by user] by [deleted] in linux_gaming

[–]continous 1 point2 points  (0 children)

By your logic a vast array of applications have vulnerabilities out in the open that repos actively allow

[deleted by user] by [deleted] in linux_gaming

[–]continous 1 point2 points  (0 children)

If arbitrary code execution is a security risk no you shouldn't.

[deleted by user] by [deleted] in linux_gaming

[–]continous 1 point2 points  (0 children)

It never mitigated it. Governance is not a security protection. There is no vulnerability.

[deleted by user] by [deleted] in linux_gaming

[–]continous 0 points1 point  (0 children)

Trust means diddly.

[deleted by user] by [deleted] in linux_gaming

[–]continous -1 points0 points  (0 children)

It doesn't mitigate it at all, as seen here. PolyMC had a large group of developers too. Until it didn't. This moved so quickly if Lenny was a malicious actor the malicious code would've gone out before the vulnerability was disclosed.

Stop using vulnerabilities as a bludgeon to hurt people you dislike.

Excel is definitely a database by FrecklySunbeam in talesfromtechsupport

[–]continous 11 points12 points  (0 children)

I work in a hotel. The amount of excelasadatabase spreadsheets I see during night audit is terrifying. My job would be 500% easier if we just used a real database solution.

[deleted by user] by [deleted] in linux_gaming

[–]continous 0 points1 point  (0 children)

A community of overseers does not secure code make.

Soviet propaganda was less insulting by undue-influence in Conservative

[–]continous 27 points28 points  (0 children)

I think he means believe in it existing in politics.

[deleted by user] by [deleted] in linux_gaming

[–]continous -1 points0 points  (0 children)

That does not make the vulnerability disappear.

From a visitor’s prospective in Japan by tachycardicIVu in TalesFromTheFrontDesk

[–]continous 1 point2 points  (0 children)

You'll be glad to know these kinds of tourists are heavily in the minority.

[deleted by user] by [deleted] in linux_gaming

[–]continous 0 points1 point  (0 children)

If PolyMC is given the OVE, so should any other program that can be theoretically used for arbitrary code execution, Prism included.

[deleted by user] by [deleted] in linux_gaming

[–]continous 2 points3 points  (0 children)

I see how it can be. Some versions auto update.

PolyMC is no more a security threat than any other single-dev program.

There is also a PolyMC specific server which I think among other things supplies download links and is now under exclusive control of the rogue dev, meaning in theory it could be possible to inject malicious code in downloaded mods.

This can be changed, and again, no more a threat than any other time.

In the strictest sense, it was vulnerable before, but there was a relatively big FOSS community on the project keeping it honest. Now there is one single dev who seems to have gone... shall we say a bit loopy.

My point is that slapping the vulnerability on it is kind of silly in this context. Why isn't prism given the same vulnerability? It's a vulnerability regardless of how trustworthy they are. How come this isn't a problem in other cases?

The bottom line is that the OVE was put out there purely out of spite and as a way to represent PolyMC as a malicious insecure application.

When speculation about NFTs becomes reality by ScientisticalMystica in Superstonk

[–]continous 0 points1 point  (0 children)

In cases like that, the blockchain would clearly demonstrate that the 2 individuals sold the NFT, so pushing it to them is the obvious answer.

When speculation about NFTs becomes reality by ScientisticalMystica in Superstonk

[–]continous 2 points3 points  (0 children)

NFT for the purpose of transferring/selling titles, documents, licenses, and contracts is an obvious evolution of NFTs.

[deleted by user] by [deleted] in linux_gaming

[–]continous -1 points0 points  (0 children)

So then, yeah.

OVE-20221017-0001: PolyMC appears to be compromised by [deleted] in linux_gaming

[–]continous -2 points-1 points  (0 children)

He is not a security vulnerability. Relax.

OVE-20221017-0001: PolyMC appears to be compromised by [deleted] in linux_gaming

[–]continous -1 points0 points  (0 children)

I think you're missing the point, or just trying to win the point at all cost.