1957: "2018 CVE List"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
flicky1991
Like in Cinderella?
Posts: 738
Joined: Fri Feb 11, 2011 3:36 pm UTC
Location: London

1957: "2018 CVE List"

Postby flicky1991 » Mon Feb 19, 2018 8:13 am UTC

Image
Title text: CVE-2018-?????: It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.

----
CVE-2018-?????: Bill Gates's password is really easy to guess.

(Also, ouch, "mischevious".)

User avatar
Quercus
Posts: 1731
Joined: Thu Sep 19, 2013 12:22 pm UTC
Location: London, UK
Contact:

Re: 1957: "2018 CVE List"

Postby Quercus » Mon Feb 19, 2018 8:18 am UTC

This is the best comic in years. Well played Randell

Wise Ferret
Posts: 1
Joined: Mon Feb 19, 2018 8:16 am UTC

Extploit?

Postby Wise Ferret » Mon Feb 19, 2018 8:18 am UTC

This extploit might be postponed to CVE 2019.

User avatar
jonhaug
Posts: 28
Joined: Fri Jan 02, 2015 12:44 pm UTC

Re: 1957: "2018 CVE List"

Postby jonhaug » Mon Feb 19, 2018 8:24 am UTC

Too bad the text in blue isn't clickable.

User avatar
SpitValve
Not a mod.
Posts: 5128
Joined: Tue Sep 26, 2006 9:51 am UTC
Location: Lower pork village

Re: 1957: "2018 CVE List"

Postby SpitValve » Mon Feb 19, 2018 9:25 am UTC

Oh hey, numpy!

I feel like I use very different tools and languages to most people on the interwebs, so while I understand most of the programming jokes, I don't really identify with them because they're not really stuff I've used much. So it's fun to see numpy mentioned here.

Quppa
Posts: 3
Joined: Mon Feb 19, 2018 9:26 am UTC

Re: 1957: "2018 CVE List"

Postby Quppa » Mon Feb 19, 2018 9:27 am UTC

I love this, but is that a stray full stop in the 9th item?

speising
Posts: 2266
Joined: Mon Sep 03, 2012 4:54 pm UTC
Location: wien

Re: 1957: "2018 CVE List"

Postby speising » Mon Feb 19, 2018 9:28 am UTC

interesting that the only really problematic vulnerabilities are apple's.
well, those and the CVE ~~ CiALiS ~~.

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 3490
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 1957: "2018 CVE List"

Postby Soupspoon » Mon Feb 19, 2018 10:42 am UTC

flicky1991 wrote:(Also, ouch, "mischevious".)

("Extploit" too.)

I thought CVE-2018-????? was funniest.

User avatar
rhomboidal
Posts: 788
Joined: Wed Jun 15, 2011 5:25 pm UTC
Contact:

Re: 1957: "2018 CVE List"

Postby rhomboidal » Mon Feb 19, 2018 11:07 am UTC

Worrying about sexual dysfunction is a major INsecurity vulnerability.

User avatar
CopiousWaistcoats
Posts: 6
Joined: Mon Oct 17, 2016 6:14 pm UTC
Location: Scotland

Re: 1957: "2018 CVE List"

Postby CopiousWaistcoats » Mon Feb 19, 2018 12:12 pm UTC

CVE-2018-????? Linux users can only talk about linux's "obvious superiority" over other OS'
Obstinately Scottish.

User avatar
orthogon
Posts: 2936
Joined: Thu May 17, 2012 7:52 am UTC
Location: The Airy 1830 ellipsoid

Re: 1957: "2018 CVE List"

Postby orthogon » Mon Feb 19, 2018 12:52 pm UTC

You can factorise primes in O(1) if you know they're primes. Non-primes are trickier to factorise.
xtifr wrote:... and orthogon merely sounds undecided.

DanAxtell
Posts: 53
Joined: Mon May 07, 2012 9:59 am UTC
Location: USA (Vermont)

Re: 1957: "2018 CVE List"

Postby DanAxtell » Mon Feb 19, 2018 1:27 pm UTC

orthogon wrote:You can factorise primes in O(1) if you know they're primes. Non-primes are trickier to factorise.

The "factor primes" item is the slip up that I first noticed, too. I didn't notice "Extploit" in the second line or "mischievious" in the title text. I'm surprised that Randall doesn't have spell checking in whatever app he uses to type the title text.

qvxb
Posts: 139
Joined: Mon Sep 19, 2016 10:20 pm UTC

Re: 1957: "2018 CVE List"

Postby qvxb » Mon Feb 19, 2018 1:34 pm UTC

Randall, please fix the link in the comic. People's egos are at stake!

User avatar
cellocgw
Posts: 1915
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1957: "2018 CVE List"

Postby cellocgw » Mon Feb 19, 2018 1:38 pm UTC

jonhaug wrote:Too bad the text in blue isn't clickable.


.... "Asking for a friend" are you? :mrgreen:
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

Tub
Posts: 382
Joined: Wed Jul 27, 2011 3:13 pm UTC

Re: 1957: "2018 CVE List"

Postby Tub » Mon Feb 19, 2018 2:03 pm UTC

orthogon wrote:You can factorise primes in O(1) if you know they're primes. Non-primes are trickier to factorise.

Well, a prime number n has O(log(n)) bits. If numpy makes a copy somewhere, then the algorithm is O(log(n)) as stated in the comic.

User avatar
squall_line
Posts: 169
Joined: Fri Mar 20, 2009 2:36 am UTC

Re: 1957: "2018 CVE List"

Postby squall_line » Mon Feb 19, 2018 3:09 pm UTC

As someone whose boss has been on a Quixotic and misguided tear about "security" lately (really, just "security theater"... to the point of asking a locksmith to quote a price to replace lock cylinders that are welded into some of our equipment, behind "Warranty void if removed" stickers), I genuinely appreciate the absurdity of this comic.

And I especially like the MySQL bit. :)

DanAxtell
Posts: 53
Joined: Mon May 07, 2012 9:59 am UTC
Location: USA (Vermont)

Re: 1957: "2018 CVE List"

Postby DanAxtell » Mon Feb 19, 2018 3:13 pm UTC

speising wrote:interesting that the only really problematic vulnerabilities are apple's...

Apple is the biggest system software company, so it's now the juiciest target for fun-poking. It's been a while since AAPL was a charming underdog. And it would be unkind to ridicule IBM since it's been feeling a "little blue."
This is a table. Ignore the word 'CODE'.

Code: Select all

           Market
Company    Capitalization

  AAPL      $875 B
  MSFT      $762 B
  GOOG      $708 B
  ORCL      $210 B
  IBM       $145 B
 

Also, I bought an Apple III 36 years ago, so some of this fun-poking feels way overdue, especially about overheating.

User avatar
orthogon
Posts: 2936
Joined: Thu May 17, 2012 7:52 am UTC
Location: The Airy 1830 ellipsoid

Re: 1957: "2018 CVE List"

Postby orthogon » Mon Feb 19, 2018 3:28 pm UTC

Tub wrote:
orthogon wrote:You can factorise primes in O(1) if you know they're primes. Non-primes are trickier to factorise.

Well, a prime number n has O(log(n)) bits. If numpy makes a copy somewhere, then the algorithm is O(log(n)) as stated in the comic.

IIRC, last time we discussed big-O notation, it got nastier quicker than the Nazi-punching thread. Still, I contend that in analysis of algorithmic complexity, the n is usually the length of the input, so n is already the log of the input value, i.e. the prime itself. On that basis, by your argument, the algorithm for factorising a known prime would be O(n). However, that's mainly because the length of the output is O(n) in that case, and it seems a bit unfair to include printing out the answer in the complexity of the algorithm. Only problems with constant-length output could ever be O(1), and I'm not convinced that all the examples here that are simpler than O(n) have that property.

ETA: by "we", I mean the denizens of the fora, not you and me in particular.
xtifr wrote:... and orthogon merely sounds undecided.

User avatar
strix99
Posts: 17
Joined: Wed Feb 13, 2008 2:28 pm UTC

Re: 1957: "2018 CVE List"

Postby strix99 » Mon Feb 19, 2018 3:51 pm UTC

MYSQL SERVER 5.5.45 SECRETLY RUNS TWO PARALLEL DATABASES FOR PEOPLE WHO SAY "S-Q-L" AND "SEQUEL"


But does one return results that are subtlety off?

airdrik
Posts: 238
Joined: Wed May 09, 2012 3:08 pm UTC

Re: 1957: "2018 CVE List"

Postby airdrik » Mon Feb 19, 2018 4:10 pm UTC

I think the Apple vulnerabilities are less about poking fun at the random top-dog-du-jure and more about poking fun at some of the vulnerabilities or bugs we've seen from Apple in recent years which amount to receiving a text with certain URLs, images or even characters (or combinations thereof) causing either the messaging app or the OS itself to crash; which make you scratch your head in wonder about what's going on with the code they're producing in order to achieve some of these vulnerabilities at all.
On the other hand, there's really little fun left to poke at the likes of MS or IBM as bugs and vulnerabilities in their products are nothing new.

User avatar
cellocgw
Posts: 1915
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1957: "2018 CVE List"

Postby cellocgw » Mon Feb 19, 2018 4:37 pm UTC

strix99 wrote:
MYSQL SERVER 5.5.45 SECRETLY RUNS TWO PARALLEL DATABASES FOR PEOPLE WHO SAY "S-Q-L" AND "SEQUEL"


But does one return results that are subtlety off?


As opposed to turning "on" the SUBTLETY flag?
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

User avatar
Reka
Posts: 199
Joined: Thu Sep 20, 2012 10:21 pm UTC

Re: 1957: "2018 CVE List"

Postby Reka » Mon Feb 19, 2018 5:13 pm UTC

cellocgw wrote:
strix99 wrote:
MYSQL SERVER 5.5.45 SECRETLY RUNS TWO PARALLEL DATABASES FOR PEOPLE WHO SAY "S-Q-L" AND "SEQUEL"


But does one return results that are subtlety off?


As opposed to turning "on" the SUBTLETY flag?

Mmm, subtleties...
Image

User avatar
Pfhorrest
Posts: 4795
Joined: Fri Oct 30, 2009 6:11 am UTC
Contact:

Re: 1957: "2018 CVE List"

Postby Pfhorrest » Mon Feb 19, 2018 5:20 pm UTC

Soupspoon wrote:
flicky1991 wrote:(Also, ouch, "mischevious".)

("Extploit" too.)

I thought CVE-2018-????? was funniest.

Period after "this one" when sentence is clearly meant to continue through "computer" on next line.
Forrest Cameranesi, Geek of All Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
The Codex Quaerendae (my philosophy) - The Chronicles of Quelouva (my fiction)

Mikeski
Posts: 1019
Joined: Sun Jan 13, 2008 7:24 am UTC
Location: Minnesota, USA

Re: 1957: "2018 CVE List"

Postby Mikeski » Mon Feb 19, 2018 5:31 pm UTC

Pfhorrest wrote:Period after "this one" when sentence is clearly meant to continue through "computer" on next line.

I thought that was half-typo, half-buffer-overflow-joke. (Or meta-joke, since it would mean the exploit list was exploitable.)

cryptoengineer
Posts: 129
Joined: Sun Jan 31, 2010 4:58 am UTC

Re: 1957: "2018 CVE List"

Postby cryptoengineer » Mon Feb 19, 2018 8:18 pm UTC

DanAxtell wrote:
orthogon wrote:You can factorise primes in O(1) if you know they're primes. Non-primes are trickier to factorise.

The "factor primes" item is the slip up that I first noticed, too. I didn't notice "Extploit" in the second line or "mischievious" in the title text. I'm surprised that Randall doesn't have spell checking in whatever app he uses to type the title text.


Its a common error. Bill Gates made it many years ago in 'The Road Ahead'.

Now, factorizing semiprimes is another matter.

Tub
Posts: 382
Joined: Wed Jul 27, 2011 3:13 pm UTC

Re: 1957: "2018 CVE List"

Postby Tub » Tue Feb 20, 2018 8:29 am UTC

orthogon wrote:Still, I contend that in analysis of algorithmic complexity, the n is usually the length of the input, so n is already the log of the input value, i.e. the prime itself. On that basis, by your argument, the algorithm for factorising a known prime would be O(n).

I usually expect to read O(b) if we're talking about bits of an input number. Due to a lack of qualifiers in the comic, both interpretations are possible. Let's wait for the actual CVE and read the full article.
orthogon wrote:However, that's mainly because the length of the output is O(n) in that case, and it seems a bit unfair to include printing out the answer in the complexity of the algorithm.

You can implement the identity function in O(1) on the usual definition of a turing machine. If the input starts below the head, just HALT, and the output starts under the head as required.

But that doesn't mean that an implementation in numpy is O(1) as well. There may be platform requirements that introduce additional work, or there may be bugs in the implementation. A simple copy somewhere would increase the complexity to O(log n) for a prime n, which would explain the given complexity in the comic, that's all I was trying to say.
orthogon wrote:Only problems with constant-length output could ever be O(1), and I'm not convinced that all the examples here that are simpler than O(n) have that property.

Rigorous, that list is not. A pedant would have multiple edits to make.

User avatar
cellocgw
Posts: 1915
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1957: "2018 CVE List"

Postby cellocgw » Tue Feb 20, 2018 12:02 pm UTC

Tub wrote:Rigorous, that list is not. A pedant would have multiple edits to make.


I think you meant to write, " Multiple edits to make, would have a pedant"
Signed, Yoda's 5th-grade teacher.
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

User avatar
orthogon
Posts: 2936
Joined: Thu May 17, 2012 7:52 am UTC
Location: The Airy 1830 ellipsoid

Re: 1957: "2018 CVE List"

Postby orthogon » Tue Feb 20, 2018 12:41 pm UTC

cellocgw wrote:
Tub wrote:Rigorous, that list is not. A pedant would have multiple edits to make.


I think you meant to write, " Multiple edits to make, would have a pedant"
Signed, Yoda's 5th-grade teacher.

I would have gone for "Multiple edits to make, a pedant would have". I base this on my favourite utterance "Trained as a Jedi, you wish for him", though I admit that it's not a perfect parallel. But it feels like it's more like OSV than OVS: The complement comes first, but the subject comes before the verb.

(I like this sentence because it explores subordination, possibly in some kind of subjunctive mood).

*avoids googling for academic studies on word-order in Yodan grammar*
xtifr wrote:... and orthogon merely sounds undecided.

Tub
Posts: 382
Joined: Wed Jul 27, 2011 3:13 pm UTC

Re: 1957: "2018 CVE List"

Postby Tub » Tue Feb 20, 2018 12:53 pm UTC

I'm glad the pedants decided to step forward. Now go start working on that list!

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 3490
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 1957: "2018 CVE List"

Postby Soupspoon » Tue Feb 20, 2018 4:22 pm UTC

Would edits, pedant have to a multiple make!

(More Odya than Yoda.)

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26440
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 1957: "2018 CVE List"

Postby gmalivuk » Tue Feb 20, 2018 4:39 pm UTC

orthogon wrote:
cellocgw wrote:
Tub wrote:Rigorous, that list is not. A pedant would have multiple edits to make.


I think you meant to write, " Multiple edits to make, would have a pedant"
Signed, Yoda's 5th-grade teacher.

I would have gone for "Multiple edits to make, a pedant would have". I base this on my favourite utterance "Trained as a Jedi, you wish for him", though I admit that it's not a perfect parallel. But it feels like it's more like OSV than OVS: The complement comes first, but the subject comes before the verb.

(I like this sentence because it explores subordination, possibly in some kind of subjunctive mood).

*avoids googling for academic studies on word-order in Yodan grammar*

Not academic studies (there's not really enough data for a "study" per se), but there are lots of articles.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

User avatar
Sableagle
Ormurinn's Alt
Posts: 1809
Joined: Sat Jun 13, 2015 4:26 pm UTC
Location: The wrong side of the mirror
Contact:

Re: 1957: "2018 CVE List"

Postby Sableagle » Tue Feb 20, 2018 4:58 pm UTC

speising wrote:interesting that the only really problematic vulnerabilities are apple's.
well, those and the CVE ~~ CiALiS ~~.

I noticed that. I was expecting the mouse-over to be "Apple devices spontaneously combust if sent kitten pictures with Cyrillic captions" or something like that.

Apple devices do not survive unshielded atmospheric re-entry.
Oh, Willie McBride, it was all done in vain.

speising
Posts: 2266
Joined: Mon Sep 03, 2012 4:54 pm UTC
Location: wien

Re: 1957: "2018 CVE List"

Postby speising » Tue Feb 20, 2018 6:00 pm UTC

Sableagle wrote:
speising wrote:interesting that the only really problematic vulnerabilities are apple's.
well, those and the CVE ~~ CiALiS ~~.

I noticed that. I was expecting the mouse-over to be "Apple devices spontaneously combust if sent kitten pictures with Cyrillic captions" or something like that.

Apple devices do not survive unshielded atmospheric re-entry.

but neither do Tesla cars, i assume.

User avatar
Old Bruce
Posts: 126
Joined: Tue Jun 28, 2016 2:27 pm UTC

Re: 1957: "2018 CVE List"

Postby Old Bruce » Tue Feb 20, 2018 7:05 pm UTC

speising wrote:
Sableagle wrote:
speising wrote:interesting that the only really problematic vulnerabilities are apple's.
well, those and the CVE ~~ CiALiS ~~.

I noticed that. I was expecting the mouse-over to be "Apple devices spontaneously combust if sent kitten pictures with Cyrillic captions" or something like that.

Apple devices do not survive unshielded atmospheric re-entry.

but neither do Tesla cars, i assume.

We all hope that will prove to be true.

User avatar
Eternal Density
Posts: 5547
Joined: Thu Oct 02, 2008 12:37 am UTC
Contact:

Re: 1957: "2018 CVE List"

Postby Eternal Density » Wed Feb 21, 2018 6:52 am UTC

CVE-2018-?????: Everyone know's if you're a pedant on the internet.

Clever and funny: good comic. I like the mixture of real things (the first), made up things, silly things, and things that are true but not really vulnerabilities or not the sort that belong on this list. Also the apostrophe above was a typo that I decided to leave in.
Play the game of Time! castle.chirpingmustard.com Hotdog Vending Supplier But what is this?
In the Marvel vs. DC film-making war, we're all winners.

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 3490
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 1957: "2018 CVE List"

Postby Soupspoon » Mon Mar 12, 2018 9:58 pm UTC

Eternal Density wrote:CVE-2018-?????: Everyone know's if you're a pedant on the internet.

[…] Also the apostrophe above was a typo that I decided to leave in.

You mean the apostrophe and letter 'e' in the word "your", of course.

:P

User avatar
Sableagle
Ormurinn's Alt
Posts: 1809
Joined: Sat Jun 13, 2015 4:26 pm UTC
Location: The wrong side of the mirror
Contact:

Re: 1957: "2018 CVE List"

Postby Sableagle » Wed Jul 04, 2018 4:45 pm UTC

orthogon wrote:*avoids googling for academic studies on word-order in Yodan grammar*

David Adger, from Queen Mary University of London, has investigated the language of the iconic Star Wars character, who was born 900 years before the events in the Star Wars films.

‘Yoda comes from a mysterious planet and (Star Wars creator) George Lucas never tells us anything about Yoda … he’s meant to be this mysterious Jedi Master.

‘But he’s obviously speaking English as a second language … His real language, which I’ve called Yodish, we don’t know anything about.’

Professor Adger added: ‘He’s speaking English but changed the structure of it to be like his native language.

‘We can find out something about Yoda’s native language by looking at how he speaks English, in the same way as I can find out about a French person’s native language by looking at how that French person speaks English.’

The professor reckons Yoda ‘grew up speaking’ Hawaiian.
Oh, Willie McBride, it was all done in vain.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: No registered users and 32 guests