Talk:1957: 2018 CVE List

Explain xkcd: It's 'cause you're dumb.
Revision as of 00:45, 20 February 2018 by 162.158.88.164 (talk) (I before E: new section)
Jump to: navigation, search

First post!!!!!!!!!!!!!!!!!!!!!!!!!!! Anyway, the explanation looks like a train wreck, and I'm not sure if a rearranging it into a table or just adding bullet points to everything is better. I'm guessing that a table would be better, but I don't know how I can rearrange it. Can somebody help? Herobrine (talk) 06:35, 19 February 2018 (UTC)

Added a table layout to the sandbox. Might be of some use to another editor. 162.158.74.45 07:32, 19 February 2018 (UTC)
Edit: Looks like it's been adapted in; I've cleared the sandbox for future use. 162.158.74.45 11:53, 19 February 2018 (UTC)
Thanks, I think a table is a good way to go. I'm adding it to the article as a place to start. Rather than format the original explanation into the table, I'm leaving the cells blank. The original poorly formatted text can be a starting point, but isn't directly adaptable. --Quantum7 (talk) 09:55, 19 February 2018 (UTC)

Never ever have I heard anyone pronounce SQL as "sequel" - Is that a reqional dialect? 162.158.93.15 07:41, 19 February 2018 (UTC)

I heard it's common among MS-SQL users.--162.158.91.137 08:02, 19 February 2018 (UTC)
Oh BTW, look at our IPs. Are you an easybell customer? :-) --162.158.91.137 08:09, 19 February 2018 (UTC)
I somewhat doubt we are using easybell, from the looks of it it's not suited for the size of our company. But I can neither verify nor deny that claim as I am not responsible for the WAN connection at our company. 162.158.93.9 15:09, 19 February 2018 (UTC)
Some people pronounce it that way, yes. Don't know if it is "common among MS-SQL users", though. The only person I encountered saying "sequel" never used MS-SQL. LordHorst (talk) 09:54, 19 February 2018 (UTC)
Not sure if it's regional or not. I personally say "sequel" and I'd say anecdotally that it's about 50/50 among people that I've worked with. I went to school and work in the Midwest US. 108.162.216.94 15:40, 19 February 2018 (UTC)
I've also seen references to Oracle users saying "sequel" rather than S-Q-L. That would make sense as it's the DB I'm primarily working with. http://patorjk.com/blog/2012/01/26/pronouncing-sql-s-q-l-or-sequel/ 108.162.216.94 15:43, 19 February 2018 (UTC)
When I was in college a couple decades back I have memory of the professor that taught SQL saying that pronouncing it "sequel" had been registered as a trademark of Micosoft. He instructed us to avoid that pronunciation whenever possible because of this. I have not fact-checked this statement. Odysseus654 (talk) 22:00, 19 February 2018 (UTC)
I like to pronounce it "squeel" because that's equally correct phonetically & it never fails to raise eyebrows. ProphetZarquon (talk) 00:33, 20 February 2018 (UTC)

I want to take a moment to congratulate the dedication of whomever wrote the original explanation. Second languages are hard, bro. 108.162.215.10 07:48, 19 February 2018 (UTC)

Has someone tried contacting Randall about "extploit"? If not, what would be the best way? Fabian42 (talk) 08:22, 19 February 2018 (UTC)

Hack his computer to display a message demanding he fix it if he wants his hard drive decrypted.162.158.155.26 09:24, 19 February 2018 (UTC)
Thanks, will do.
how to hack complooter
why does google not work
how to delete text
Fabian42 (talk) 09:44, 19 February 2018 (UTC)
If anyone is getting this changed to correct silly errors, removing the full stop in “…one. Computer…” would be nice. 141.101.99.197 15:22, 19 February 2018 (UTC)
Urban Dictionary suggestion: EXTploit - A trojan (usually bearing a harmless looking icon) which takes advantage of the idiotic practice of hiding filename extensions by default within major operating systems. This increases the likelihood that a user will execute the trojan, thinking it is a media file because they cannot see the actual file-extension. ProphetZarquon (talk) 00:33, 20 February 2018 (UTC)

Regarding "Factor a prime": Factoring a prime is easy: The prime itself is the only factor, so it's sufficient to use AKS or whatever to check that. Public-key encryption relies on how hard it is to factor the product of two primes, which is a much harder problem. Maybe this is a typo in the comic? -- Comment Police (talk) (please sign your comments with ~~~~)

I don't think it is a typo. It's exactly the type of "inside-joke" I would expect from XKCD. :) --162.158.134.214 10:09, 19 February 2018 (UTC)
AFAIK, there aren't any primality tests known to run in O(log n). For instance, AKS runs in O(log n ^ 7.5). So for numpy to actually achieve factoring as stated would require assuming the input is prime and just returning (1,n). --Quantum7 (talk) 12:45, 19 February 2018 (UTC)
Doesn't testing for primality (just) require a list of all primes up to sqrt(n)? So the best possible time is sqrt(however fast you can calculate primes up to a number). That time can at most be square (divide every number by every other number below it), so a primality test only needs O(n) time. Or do I understand something wrong? Fabian42 (talk) 13:46, 19 February 2018 (UTC)
Oh yes, I missed that log(n) is less than n. Nevermind then. Fabian42 (talk) 13:50, 19 February 2018 (UTC)
On the other hand, consider the following phrases that describe a process using the end result of the process as their direct object: "cook scrambled eggs", "bake a cake", "chop firewood", "encode an MP3", and "factor primes". One would "factor primes" out of the semiprime associated with an RSA key. --Tepples (talk) 15:58, 19 February 2018 (UTC)

Can I edit some spelling errors? There seems to be some spelling errors here and there.Boeing-787lover 10:19, 19 February 2018 (UTC)

Of course, that's what a Wiki is for. Fabian42 (talk) 12:10, 19 February 2018 (UTC)

I think the explanation of the one about injecting arbitrary text onto a page with the comments box is overthinking the joke. I think it really is just about the fact that you can write whatever you like in a comment. Look, I just hacked this page to display the word "penguin". Jeremyp (talk) 10:26, 19 February 2018 (UTC)

Since when is Bruce Schneier not real? 162.158.93.75 13:05, 19 February 2018 (UTC)

He never was - it's a cleverly executed art project. 141.101.99.209 14:20, 19 February 2018 (UTC)

I've added some clarification to the "CRITICAL" item. I know there are several xkcd comics referencing similar problems but I unfortunately don't have the time to look them up, can someone do that and link them appropriately in the table? Domino (talk) 13:11, 19 February 2018 (UTC)domino

Isn't the joke really in the hilarious severity assessment? The vulnerability is supposedly CRITICAL!!!!11!1!!one!, while description shows both a ridiculously small vulnerable population and ridiculously low impact. Population: a single, very old kernel version on a rare, outdated architecture, in one timezone only - and WHICH timezone! UTC+14 means just a couple of islands in the Pacific (Tonga, Kiribati...) - the probability of even one vulnerable system actually existing seems almost zero. Impact: the only possible consequence is switching from 12h to 24h (only in this direction)? This whole entry is very creative - just TRY to come up with a possible vulnerability (yes, it would classify as an actual vulnerability, why not?) that would have a LOWER severity than that...--162.158.91.89 13:41, 19 February 2018 (UTC)
Agree Elektrizikekswerk (talk) 15:45, 19 February 2018 (UTC)

I think the article should start with an explanation of what is the CVE. From https://cve.mitre.org/

"CVE® is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.
CVE Entries are used in numerous cybersecurity products and services from around the world, including the U.S. National Vulnerability Database (NVD)."

- -- Comment Police (talk) (please sign your comments with ~~~~)

"MySQL server 55.45" it is 5.5.45 if you zoom in a bit. 162.158.91.161 13:41, 19 February 2018 (UTC)Blocki

"An attacker can execute malicious code on their own machine and no one can stop them" might be a jab at the trend toward more closed systems, where even the owner of a device is limited in what they can do on it.
"A flaw in Mitre's CVE database allows arbitrary code insertion" could be meant as an explanation for the whole comic, i.e. those joke vulnerabilities were added to the CVE database using this flaw. 141.101.69.225 13:52, 19 February 2018 (UTC)

Monty (BDFL for MySQL) always pronounces it as "My ess cue ell". RandalSchwartz (talk) 18:22, 19 February 2018 (UTC)

It's my first comment here, so I may be wrong. I see the "CRITICAL" as a "differential” joke exhibiting that the requirement standards may be very different from a constructor to another. In fact, it seems that the apple’s bugs described here (crash, fire, remote access granted) are the mosst critical ones. The only two concerning Linux are the one labeled as critical and the one about bribery. I don’t know what to think about the almost complete absence of windows though. Feriaman.

Could we get an Air Bud category? It seems to be a recurring theme in his comics. 162.158.246.88 18:50, 19 February 2018 (UTC)

List of direct mentions of "air bud" in the explanations: 115:_Meerkat, 1439:_Rack_Unit, 1506:_xkcloud/Table_of_Permalinks, 1552:_Rulebook, 1819:_Sweet_16, 1957:_2018_CVE_List
List of direct mentions of "air bud" in the transcripts: [None]
Beep, boop, I'm not a bot. Fabian42 (talk) 20:41, 19 February 2018 (UTC)

I before E

Anyone happen to notice that instead of writing "mischievous," Randall opted for the non-standard spelling "mischevious?" The standard form would have been an I-before-E word... --162.158.88.164 00:45, 20 February 2018 (UTC)