as a sysadmin this so much.
-
greeeeen :blobcatpresentgreen: (christmas edition)replied to Amber 🌸 last edited by
@[email protected] looking at you, firefox
-
@puppygirlhornypost2 honestly i don't even agree with that approach. regular users do need to know what the nature of the error is (not necessarily the exact technical details but SOME concrete explanation beyond "an error occured") so they can actually determine whether or not it's their fault and what steps they can take to fix it. these days with the useless error messages people just have to Guess and try various absurd rituals for 30 minutes, getting more and more frustrated, until they trip and fall on the right solution by mistake (or more likely, just give up)
-
Gwen, the kween fops :neofox_flag_trans: :sheher:replied to All-Purpose Cultural Catgirl Vari-Vari 🌸 last edited by
@[email protected] @[email protected] windows does this specifically to obfuscate the errors so that hackers get as little info as possible and have a harder time creating attacks. Which isn't good for the end user but it's at least a reason...
-
@puppygirlhornypost2 @bonaventuresoft Also if error messages provide diagnostic codes like that it can be a security vulnerability.
Error messages should tell a user what to do next (like who to contact), but not give clues about the error which could provide information for developing an exploit.
-
@[email protected] @[email protected] true! I've seen countless times where things like session tokens were in plaintext logs, where users unfamiliar with that sensitive information posted them on a public pastebin and got their accounts compromised. There’s a reason most operating systems don’t allow unprivileged users to use dmesg.
-
hellhound gaymingreplied to hellhound gayming last edited by
@puppygirlhornypost2 but the WORST ones are where they have a generic error message WITH troubleshooting steps. like. "Sorry, couldn't sign you in. Please check your Internet connection or try rebooting your PC" and the actual problem is that you put a space in the username field or something
-
@puppygirlhornypost2 @bonaventuresoft Also why the thing about error messages is a NIST control (I look those up a lot).
-
@puppygirlhornypost2 Even complete novices. You don't have to understand the message. You just need to be able to type it into a search engine and see how other ppl solved it.
Sometimes I think this is WHY they removed the messages. Enshittifucation of (or just feeling out of control over) search and the threat of malicious hits leading users to download malware.
-
@MekahimeAkari @puppygirlhornypost2 It means "installing preloaded junkware".
-
@MisuseCase @puppygirlhornypost2 @bonaventuresoft Not if the message is not sent to a channel that belongs to the attacker (or someone other than the legitimate user). This kind of wrong thinking is endemic, that just because you're not supposed to output php or python errors in the http data stream, this also means you're not supposed to show error messages on the user's monitor.
-
@[email protected] @[email protected] @[email protected] damn we should tell the pfsense team they aren’t supposed to use printf debugging in regards to cryptographic secrets related to their plagiarized wireguard implementation that lost them write access to FreeBSD’s repository…
-
@[email protected] @[email protected] @[email protected] entire thing is insane to me so many levels of "how did this happen". It all started when the guy who made wireguard told pfsense he’d love to help and they hired two shady devs instead that plagiarized GPL code from the Linux implementation… god I laugh every fucking time what a genuine shitshow
-
DiscreetSecurityreplied to hellhound gayming last edited by
@pup @puppygirlhornypost2 Windows S mode literally has "visit something else" and "restart your pc" as the entire compliment of "why won't my website work/load?" 'solutions'.
-
-
@puppygirlhornypost2 I think we need a 3rd option where you get an error message and its like "damn shit is real fucked right now lmao".
-
-
@[email protected] that’s my error messages