Main Page

Explain xkcd: It's 'cause you're dumb.
Revision as of 11:39, 11 August 2012 by Waldir (Talk | contribs)

Jump to: navigation, search


Welcome to the explain xkcd wiki! We already have 11 comic explanations!

(But there are still 1946 to go. Come and add yours!)

Latest comic

Go to this comic

2018 CVE List
CVE-2018-?????: It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.
Title text: CVE-2018-?????: It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.

Explanation

Ambox notice.png This explanation may be incomplete or incorrect: Created by a HACKING THIS WIKI VIA THE EDIT BOX - The explanation looks like a list. Explain the comic and put the security vulnerabilities in a table. Do NOT delete this tag too soon.
Security vulnerability Notes
Apple products crash when displaying certain Telugu or Bengali letter combinations. This refers to a current vulnerability in MacOS and iPhones. This new text bomb crashes most Mac and iOS apps with a single Unicode symbol (techcrunch.com FEb 15, 2018).
An attacker can use a timing attack to extploit[sic] a race condition in garbage collection to extract a limited number of bits from the Wikipedia article on Claude Shannon. Timing Attack to explit a race condition in garbaje collection refers to Meltdown and Spectre CPU flaws that can be exploited in cloud server like the ones in wikipedia
At the cafe on third street, the post-it note with the wifi password is visible from the sidewalk. This could refer to the hawaian missile alert incident
A remote attacker can inject arbitrary text into public-facing pages via the comments box. Describes a common feature on news sites or social media sites like Facebook. The possibility for users to "inject" text into the page is by design. This is a humorous reference to the relatively common security vulnerability "persistent cross-site scripting", where input provided by the user is displayed to other users in a dangerous fashion that allows attackers to inject arbitrary HTML or Javascript code into e.g. a comment section. It might also be a humorous reference to the events before, during and after the 2016 US Presidential elections where Internet Research Agency employees based remotely in St. Petersburg, Russia, but disguised as US citizens, "injected" arbitrary text in the form of political propaganda into comments on multiple web sites, according to an indictment returned by a federal grand jury on February 16, 2018.
MySQL server 55.45 secretly runs two parallel databases for people who say "S-Q-L" and "sequel." Some people pronounce "SQL" like "sequel", after SQL's predecessor "SEQUEL (Structured English Query Language)". MySQL is an open-source relational database management system, the latest version is MySQL 5.6.
A flaw in some x86 CPUs could allow a root user to de-escalate to normal account privileges. This vulnerability refers to DOM0 attacks on Virtualization CPUs, regulary escalate from normal(few privileges) to root (full privileges), this is the inverse.
Apple products catch fire when displaying emoji with diacritics. This is taking the first CVE to an extreme conclusion by combining it with the Samsung exploding phones
An oversight in the rules allows a dog to join a basketball team. This likely refers to the movie Air Bud. It's a movie about a dog playing basketball Air Bud. This has been a common theme in xkcd comics, see 115: Meerkat, 1439: Rack Unit, 1819: Sweet 16, 1552: Rulebook
Haskell isn't side-effect-free after all; the effects are all just concentrated in this one. Computer in Missouri that no one's checked on in a while. Haskell is a functional programing language, funcional programing is characterized by using functions that dont have side effects in other parts of the program.
Nobody really knows how hypervisors work. Virtualization programing is hard, Meltdown and Specter are related to this
CRITICAL: Under Linux 3.14.8 on System/390 in a UTC+14 time zone, a local user could potentially use a buffer overflow to change another user's default system clock from 12-hour to 24-hour. Jokes about arcane systems that are running linux, that have bugs that nobody can replicate because there are no more machines on this type where reproduce the bug to fix it.
x86 has way too many instructions. This is a joke account for random acronyms of processor assembled language many of them are overspecialized version of general ones
Numpy 1.8.0 can factor primes in O(log n) time and must be quietly deprecated before anyone notices. NumPy is the fundamental package for scientific computing with Python. If something can factor primes that fast, there are attacks to break many crypto functions used in internet security, then must be deprecated because there are not replacements
Apple products grant remote access if you send them words that break the "I before E" rule. another joke on the first CVE and a common english writing rule. That's weird.
Skylake x86 chips can be pried from their sockets using certain flathead screwdrivers. Skylake x86 chips are a line of microprocesors, yes, you can remove forcefully any procesador from his socket with a screwdriver , there are many reports from people not using common sense.
Apparently Linus Torvalds can be bribed pretty easily. Linux Torvals is the benebolent dictator of the Linux kernel codebase, normally is hard to pass a change because he has the last word about what merge to the code base because that code is replicated in all linux instalations, but apparently is easy to bribe, that is a severe creitical vulnerability to all linux server and machines
An attacker can execute malicious code on their own machine and no one can stop them. This is a common CVE description
Apple products execute any code printed over a photo of a dog with a saddle and a baby riding it. This could refer to a CVE vulnerability of JPG files where javascript is executed by some application, only this time is in a printed photo instead of a file .
Under rare circumstances, a flaw in some versions of Windows could allow Flash to be installed. This is another common CVE description, Flash was discontinued because is abismal security record. All security experts advise against install.
Turns out the cloud is just other people's computers. This refers to a computer meme where replace "cloud" with "another people's computer" must be used in all marketing presentation to CEOs and not computer literate persons to evaluate the security impact of using "Cloud services"
A flaw in Mitre's CVE database allows arbitrary code insertion.[~~CLICK HERE FOR CHEAP VIAGRA~~] Mitress CVE database is the database where all CVE are listed, this is a joke between the 4th CVE in this list pointing that the site is also vulnerable
It turns out Bruce Schneier is just two mischevious kids in a trenchcoat. (title text)

Transcript

Ambox notice.png This transcript is incomplete. Please help editing it! Thanks.

LEAKED LIST OF MAJOR 2018 SECURITY VULNERABILITIES

CVE-2018-????? Apple products crash when displaying certain Telugu or Bengali letter combinations.

CVE-2018-????? An attacker can use a timing attack to extploit[sic] a race condition in garbage collection to extract a limited number of bits from the Wikipedia article on Claude Shannon.

CVE-2018-????? At the cafe on third street, the post-it note with the wifi password is visible from the sidewalk.

CVE-2018-????? A remote attacker can inject arbitrary text into public-facing pages via the comments box.

CVE-2018-????? MySQL server 55.45 secretly runs two parallel databases for people who say "S-Q-L" and "sequel."

CVE-2018-????? A flaw in some x86 CPUs could allow a root user to de-escalate to normal account privileges.

CVE-2018-????? Apple products catch fire when displaying emoji with diacritics.

CVE-2018-????? An oversight in the rules allows a dog to join a basketball team.

CUE-2018-????? Haskell isn't side-effect-free after all; the effects are all just concentrated in this one. Computer in Missouri that no one's checked on in a while.

CVE-2018-????? Nobody really knows how hypervisors work.

CVE-2018-????? CRITICAL: Under Linux 3.14.8 on System/390 in a UTC+14 time zone, a local user could potentially use a buffer overflow to change another user's default system clock from 12-hour to 24-hour.

CVE-2018-????? x86 has way too many instructions.

CVE-2018-????? Numpy 1.8.0 can factor primes in O(log n) time and must be quietly deprecated before anyone notices.

CVE-2018-????? Apple products grant remote access if you send them words that break the "I before E" rule.

CVE-2018-????? Skylake x86 chips can be pried from their sockets using certain flathead screwdrivers.

CVE-2018-????? Apparently Linus Torvalds can be bribed pretty easily.

CVE-2018-????? An attacker can execute malicious code on their own machine and no one can stop them.

CVE-2018-????? Apple products execute any code printed over a photo of a dog with a saddle and a baby riding it.

CVE-2018-????? Under rare circumstances, a flaw in some versions of Windows could allow Flash to be installed.

CVE-2018-????? Turns out the cloud is just other people's computers.

CVE-2018-????? A flaw in Mitre's CVE database allows arbitrary code insertion.[~~CLICK HERE FOR CHEAP VIAGRA~~]



New here?

Feel free to sign up for an account and contribute to the explain xkcd wiki! We need explanations for comics, characters, themes, memes and everything in between. If it is referenced in an xkcd web comic, it should be here.

  • List of all comics contains a complete table of all xkcd comics so far and the corresponding explanations. The red links (like this) are missing explanations. Feel free to help out by creating them!

Rules

Don't be a jerk. There are a lot of comics that don't have set in stone explanations, feel free to put multiple interpretations in the wiki page for each comic.

If you want to talk about a specific comic, use its discussion page.

Please only submit material directly related to—and helping everyone better understand—xkcd... and of course only submit material that can legally be posted (and freely edited.) Off-topic or other inappropriate content is subject to removal or modification at admin discretion, and users posting such are at risk of being blocked.

If you need assistance from an admin, feel free to leave a message on their personal discussion page. The list of admins is here.

Explain xkcd logo courtesy of User:Alek2407.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools

It seems you are using noscript, which is stopping our project wonderful ads from working. Explain xkcd uses ads to pay for bandwidth, and we manually approve all our advertisers, and our ads are restricted to unobtrusive images and slow animated GIFs. If you found this site helpful, please consider whitelisting us.

Want to advertise with us, or donate to us with Paypal?