as a sysadmin this so much.

puppygirlhornypost2@transfem.social

@[email protected] @[email protected] true! I've seen countless times where things like session tokens were in plaintext logs, where users unfamiliar with that sensitive information posted them on a public pastebin and got their accounts compromised. There’s a reason most operating systems don’t allow unprivileged users to use dmesg.

pup@wolfdo.gg

@puppygirlhornypost2 but the WORST ones are where they have a generic error message WITH troubleshooting steps. like. "Sorry, couldn't sign you in. Please check your Internet connection or try rebooting your PC" and the actual problem is that you put a space in the username field or something

misusecase@twit.social

@puppygirlhornypost2 @bonaventuresoft Also why the thing about error messages is a NIST control (I look those up a lot).

me@social.elizabeth.cat

@puppygirlhornypost2

dalias@hachyderm.io

@puppygirlhornypost2 Even complete novices. You don't have to understand the message. You just need to be able to type it into a search engine and see how other ppl solved it.

Sometimes I think this is WHY they removed the messages. Enshittifucation of (or just feeling out of control over) search and the threat of malicious hits leading users to download malware.

dalias@hachyderm.io

@MekahimeAkari @puppygirlhornypost2 It means "installing preloaded junkware".

dalias@hachyderm.io

@MisuseCase @puppygirlhornypost2 @bonaventuresoft Not if the message is not sent to a channel that belongs to the attacker (or someone other than the legitimate user). This kind of wrong thinking is endemic, that just because you're not supposed to output php or python errors in the http data stream, this also means you're not supposed to show error messages on the user's monitor.

puppygirlhornypost2@transfem.social

@[email protected] @[email protected] @[email protected] damn we should tell the pfsense team they aren’t supposed to use printf debugging in regards to cryptographic secrets related to their plagiarized wireguard implementation that lost them write access to FreeBSD’s repository…

puppygirlhornypost2@transfem.social

@[email protected] @[email protected] @[email protected] entire thing is insane to me so many levels of "how did this happen". It all started when the guy who made wireguard told pfsense he’d love to help and they hired two shady devs instead that plagiarized GPL code from the Linux implementation… god I laugh every fucking time what a genuine shitshow

dss@infosec.exchange

@pup @puppygirlhornypost2 Windows S mode literally has "visit something else" and "restart your pc" as the entire compliment of "why won't my website work/load?" 'solutions'.

familiaralien@plush.city

@puppygirlhornypost2 I think we need a 3rd option where you get an error message and its like "damn shit is real fucked right now lmao".

puppygirlhornypost2@transfem.social

@[email protected] that’s my error messages