I often visit news sites such as Hacker News. Can I use this "multi-account container" addon + something to get an experience like "iPhone Screen Time" and track my viewing time on news sites?
Which did method supports rotation? did:key Not Supported did:web ??? Do only Proof-of-work methods (e.g. blockchains) support rotation? did:ion Are there no did method based on keybase like tech?…
I found a page by Duo Labs listing Noise in Production. https://duo.com/labs/tech-notes/noise-protocol-framework-int... Noise is used today in several high-profile projects: WhatsApp uses the "Noise Pipes" construction…
What are real world implementations of the Noise Protocol? https://github.com/noiseprotocol/noise_spec/blob/v34/noise.m... Quick search shows WireGuard protocol, but I am not sure if how much of the WireGuard protocol…
For those who are not familiar with the term DRL in "SOC2 DRL line item", it is document request list (DRL).
Thanks. Going through the docs now. https://www.vaultproject.io/docs/concepts/seal#shamir-seals Shamir seals The default Vault config uses a Shamir seal. Instead of distributing the unseal key as a single key to an…
Good guide to shell in general. Google shell style guide [0] was also a good read. I thought that the "When to use Shell" section is a section that is good for any kind of guide, not just for bash / shell. Also, maybe…
Thanks! Also checked the github site. https://github.com/evildmp/diataxis-documentation-framework
"Strict Identifier Verification" look kind of like CWE-304. CWE-304: Missing Critical Step in Authentication <https://cwe.mitre.org/data/definitions/304.html> Looking at the CWE-304 wording, this does not look like the…
For all five classes of attacks, the paper states that the root cause & mitigation is "Strict Identifier Verification". 6.2 Root Cause & Mitigation 6.2.1 Strict Identifier Verification The root cause of all of the…
possibly CWE-306? CWE-306: Missing Authentication for Critical Function <https://cwe.mitre.org/data/definitions/306.html> Looking at the CWE-306 wording, this does not look like the right CWE, but OWASP ASVP 3.7.1…
- Unexpired Email Change (UE)
What would the CWEs be for the five classes of attacks? - Classic-Federated Merge (CFM) - Unexpired Session (US) - Trojan Identifier (TID) - Unexpired Email Change (UE) - Non-verifying IdP (NV)
When using the shale gem, how would you avoid the mass assignment problem? Is there a configuration, or a way of using the shale gem to avoid it? CWE-915: Improperly Controlled Modification of Dynamically-Determined…
Also to understand the problem correctly, what is the class of weakness of the two CVEs (CVE-2022-22965, CVE-2010-1622)? The following look like good candidates. - CWE-915: Improperly Controlled Modification of…
Are there any data binding libraries (deserialization, marshaling, pickling libraries) that do not have the class of weaknesses as the two CVEs (CVE-2022-22965, CVE-2010-1622)? My understanding is as follows. - Spring…
Are there any data binding libraries (deserialization, marshaling, pickling libraries) that do not have the class of weaknesses as the two CVEs (CVE-2022-22965, CVE-2010-1622)? If there are any for Java, can they be…
> Complexity : When interviewing candidates the most common answer to "any pitfalls to Spring?" is that it has a steep learning curve. Whether or not that's true is another discussion for another day, This article was…
Slightly off-topic digression: Would WAS compilation help solve the ruby / rails timeout problem? https://devcenter.heroku.com/articles/h12-request-timeout-in... > H12 - Request Timeout in Ruby (MRI) > Rack-timeout…
Slightly off-topic digression: This article discussed "enterprise" grade "silent data corruptions". What are some recommendations for "personal data storage" grade "silent data corruptions"? "personal data storage" for…
Thank you. I will look at the sites.
Is there a list issued by eff.org, nist or a similar organization, that is maintained and updated?
I often visit news sites such as Hacker News. Can I use this "multi-account container" addon + something to get an experience like "iPhone Screen Time" and track my viewing time on news sites?
Which did method supports rotation? did:key Not Supported did:web ??? Do only Proof-of-work methods (e.g. blockchains) support rotation? did:ion Are there no did method based on keybase like tech?…
I found a page by Duo Labs listing Noise in Production. https://duo.com/labs/tech-notes/noise-protocol-framework-int... Noise is used today in several high-profile projects: WhatsApp uses the "Noise Pipes" construction…
What are real world implementations of the Noise Protocol? https://github.com/noiseprotocol/noise_spec/blob/v34/noise.m... Quick search shows WireGuard protocol, but I am not sure if how much of the WireGuard protocol…
For those who are not familiar with the term DRL in "SOC2 DRL line item", it is document request list (DRL).
Thanks. Going through the docs now. https://www.vaultproject.io/docs/concepts/seal#shamir-seals Shamir seals The default Vault config uses a Shamir seal. Instead of distributing the unseal key as a single key to an…
Good guide to shell in general. Google shell style guide [0] was also a good read. I thought that the "When to use Shell" section is a section that is good for any kind of guide, not just for bash / shell. Also, maybe…
Thanks! Also checked the github site. https://github.com/evildmp/diataxis-documentation-framework
"Strict Identifier Verification" look kind of like CWE-304. CWE-304: Missing Critical Step in Authentication <https://cwe.mitre.org/data/definitions/304.html> Looking at the CWE-304 wording, this does not look like the…
For all five classes of attacks, the paper states that the root cause & mitigation is "Strict Identifier Verification". 6.2 Root Cause & Mitigation 6.2.1 Strict Identifier Verification The root cause of all of the…
possibly CWE-306? CWE-306: Missing Authentication for Critical Function <https://cwe.mitre.org/data/definitions/306.html> Looking at the CWE-306 wording, this does not look like the right CWE, but OWASP ASVP 3.7.1…
- Unexpired Email Change (UE)
What would the CWEs be for the five classes of attacks? - Classic-Federated Merge (CFM) - Unexpired Session (US) - Trojan Identifier (TID) - Unexpired Email Change (UE) - Non-verifying IdP (NV)
When using the shale gem, how would you avoid the mass assignment problem? Is there a configuration, or a way of using the shale gem to avoid it? CWE-915: Improperly Controlled Modification of Dynamically-Determined…
Also to understand the problem correctly, what is the class of weakness of the two CVEs (CVE-2022-22965, CVE-2010-1622)? The following look like good candidates. - CWE-915: Improperly Controlled Modification of…
Are there any data binding libraries (deserialization, marshaling, pickling libraries) that do not have the class of weaknesses as the two CVEs (CVE-2022-22965, CVE-2010-1622)? My understanding is as follows. - Spring…
Are there any data binding libraries (deserialization, marshaling, pickling libraries) that do not have the class of weaknesses as the two CVEs (CVE-2022-22965, CVE-2010-1622)? If there are any for Java, can they be…
> Complexity : When interviewing candidates the most common answer to "any pitfalls to Spring?" is that it has a steep learning curve. Whether or not that's true is another discussion for another day, This article was…
Slightly off-topic digression: Would WAS compilation help solve the ruby / rails timeout problem? https://devcenter.heroku.com/articles/h12-request-timeout-in... > H12 - Request Timeout in Ruby (MRI) > Rack-timeout…
Slightly off-topic digression: This article discussed "enterprise" grade "silent data corruptions". What are some recommendations for "personal data storage" grade "silent data corruptions"? "personal data storage" for…
Thank you. I will look at the sites.
Is there a list issued by eff.org, nist or a similar organization, that is maintained and updated?