Dear @usenixassociation Security: this is a security conference.
Uncategorized
14
Posts
11
Posters
0
Views
-
Dear @usenixassociation Security: this is a security conference. Are you seriously asking folks to download and run a 500+ Python program downloaded from a random site I've never heard of? If you really want people to use a PDF format-checker, install it as a web app on your web site.
@SteveBellovin @usenixassociation maybe they’re interviewing for a new head of CISA?
-
Dear @usenixassociation Security: this is a security conference. Are you seriously asking folks to download and run a 500+ Python program downloaded from a random site I've never heard of? If you really want people to use a PDF format-checker, install it as a web app on your web site.
@SteveBellovin @usenixassociation They're just checking to make sure you're paying attention, right?
Right?
<sigh>
-
Dear @usenixassociation Security: this is a security conference. Are you seriously asking folks to download and run a 500+ Python program downloaded from a random site I've never heard of? If you really want people to use a PDF format-checker, install it as a web app on your web site.
@SteveBellovin Please contact the program co-chairs directly with any questions related to the papers submission process.
-
@SteveBellovin Please contact the program co-chairs directly with any questions related to the papers submission process.
@usenixassociation @SteveBellovin Hey, good folks of @usenixassociation, you really should take Steve more seriously than that.
-
@SteveBellovin Please contact the program co-chairs directly with any questions related to the papers submission process.
@usenixassociation I already did…
-
Dear @usenixassociation Security: this is a security conference. Are you seriously asking folks to download and run a 500+ Python program downloaded from a random site I've never heard of? If you really want people to use a PDF format-checker, install it as a web app on your web site.
@SteveBellovin @usenixassociation Your tweet raises a lot of questions answered by my paper "Building practical security sandboxes for untrusted python code" which reviewer 2 called "Overly practical and lacking in LaTeX flair." Reviewer 3 said it "needed more math" and questioned "It works in practice, but does it work in theory?"
-
@SteveBellovin Please contact the program co-chairs directly with any questions related to the papers submission process.
@usenixassociation @SteveBellovin
This conversation, and the above @usenixassociation response IN PARTICULAR, is giving me the impression that someone involved in the conference organization doesn't know what they are doing and should not be trusted around security matters.
You'd better do something substantive to correct that impression, 'cause you're leaking credibility.
-
@SteveBellovin Please contact the program co-chairs directly with any questions related to the papers submission process.
@usenixassociation I'm impressed that this account actually replies! Kudos! That's so much more than most organizations do! ❤️
-
@usenixassociation @SteveBellovin Hey, good folks of @usenixassociation, you really should take Steve more seriously than that.
@SteveBellovin - Note that running the tool isn't required. The chairs are trying to be helpful and transparent. There are A LOT of submissions and there were lot of questions about administrative rejections in Cycle 1.
I encourage you to read Elissa and Ben's between-cycle transparency report: https://docs.google.com/document/d/e/2PACX-1vSnHpeTFReelMZ124SzmgObXrHDN_B-UgxhOaE2RKfnfHn_qWuobI7kPg4TKBMhhZy_qxYtggCo7vjK/pub
For what it's worth, the Python program is hosted on the co-chair's research group's website at CISPA. If this is something USENIX wants to use going forward, we will definitely host it directly.
-
@SteveBellovin @usenixassociation Your tweet raises a lot of questions answered by my paper "Building practical security sandboxes for untrusted python code" which reviewer 2 called "Overly practical and lacking in LaTeX flair." Reviewer 3 said it "needed more math" and questioned "It works in practice, but does it work in theory?"
@adamshostack @SteveBellovin @usenixassociation ahhh, Reviewer 2.
-
@SteveBellovin - Note that running the tool isn't required. The chairs are trying to be helpful and transparent. There are A LOT of submissions and there were lot of questions about administrative rejections in Cycle 1.
I encourage you to read Elissa and Ben's between-cycle transparency report: https://docs.google.com/document/d/e/2PACX-1vSnHpeTFReelMZ124SzmgObXrHDN_B-UgxhOaE2RKfnfHn_qWuobI7kPg4TKBMhhZy_qxYtggCo7vjK/pub
For what it's worth, the Python program is hosted on the co-chair's research group's website at CISPA. If this is something USENIX wants to use going forward, we will definitely host it directly.
@willenck Yes, I've heard back from the chair. It also is not obvious to me that cispa.saarland — the hosting site — is the same as cispa.de.
Look—I know Python well enough that I can probably spot (most) dangerous things. But that isn't the point. A security conference should not be training people to run random stuff that an apparently authoritative email address sent them. I just finished writing something that includes the following two adages:Never trust a URL in an inbound email or text message: It’s extremely hard, and sometimes impossible, to tell if it’s legitimate or not.
Trust nothing you receive: If you’re concerned about information you’ve received, use information you already have to contact the organization. -
@SteveBellovin Please contact the program co-chairs directly with any questions related to the papers submission process.
@usenixassociation as the a public point of contact, you really should be able to forward that up the chain yourself
-
undefined oblomov@sociale.network shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@pfefferle@mastodon.social okay, so good and bad news:
Mastodon has no current capability to undelete a status (it assumed perma deletion and ignores future activities to protect from replay attacks) @claire@social.sitedethib.com noted that the Mastodon team would be interested in updating this behaviour as there is desire to undo moderation actions She has signalled intent that Update(Note) is preferred We need to open an issue on the Mastodon issue tracker
-
Ma il “dopo” è il vero problema. Anche supponendo di aver risolto il problema del mantenimento (trovare come campare fuori dalla macina del lavoro salariale, per capirci), è lí che intervengono tutte le questioni psicoemotive, a partire dall'effimerità (relativa alla tua vita) degli affetti che per altri potrebbero essere “eterni” (“finché morte non vi separi”).
-
-
@oblomov ma hai provato a chiedere all'INPS o alla Fornero?
-
@aeva nope I visited the Linux mines years ago, it was very informative and my mailbox still hasn't recovered.
(I subscribed to and read lkml for about a year)
-
@repubblica @economia-la-repubblica-repubblica grossa crisi ferroviaria in Catalogna
-
@julian@activitypub.space @julian@fietkau.social I do send an update!
-
Dico “interessante” perché molte delle questioni sollevate sul modo in cui l'immortalità potrebbe influenzare il comportamento della persona decadono, soprattutto nella prima parte della tua vita. Se non sai fino a che punto sei immortale, penso che non correresti piú rischi di quanti ne correresti normalmente, e continueresti a cercare di vivere la tua vita come chiunque altro, magari con un occhio di riguardo in piú sul “dopo”.
