If anyone is wondering what the actual change was: It looks like the npm registry used to have a certificate signed by npm's own CA, and existing npm clients only trust that CA by default, not the normal list of…
Core dev here -- I've been doing some work here and there on framework security and I'd love to talk about the security problems you're running into, if you wouldn't mind shooting me an email sometime.
So why should the deaths of those in Boston be more prolific to me than those that died in Texas? I don't think prolific is the word you mean, but I'll assume you meant "meaningful" or "emotional." No one is telling you…
This main point is ridiculous. Our response to deaths should scale exactly proportionately to the number? I shouldn't let the death of a friend upset me disproportionately more than the death of a stranger? A reasonable…
I think you're misinterpreting my comment. I found it odd that we were advised to stay indoors all day and then told that we no longer needed to stay indoors at the exact point at which danger seemed to be more likely.…
I really don't see what this has to do with the Boston bombing or people's reactions to the events of today. I took a different argument to the Holocaust extreme in another comment and it applies just as well here: why…
I heard/read that for homes with inhabitants present, the inhabitants were asked if they would like their homes searched. I'm not sure if they searched empty homes, but if they did, then they probably believed it to be…
I thought it was really odd that they told people they could go about their business after completing the Watertown search without finding him. It seemed to me at that point the probability of us being injured had just…
Not to mention inconsistent with his own reactions. I don't think rms spent all day today mourning the Holocaust or the fallen soldiers of the Civil War.
The feed is no longer working for me, maybe too much traffic? Does anyone know of a live transcript?
Maybe. Also based on a photo of the crime scene that was sent out, it looks the officer was shot right outside Stata, so the robber could have been running through campus.
It sounds like the suspect fled in an unknown direction.
Also might have been unrelated incidents... Scanner traffic just reported shooting in Stata, and I don't know why a 7-11 robber would go inside Stata.
"There was a shooting at 32 Vassar St... No suspect description... No direction of flight..." MIT officer was shot and weapon stolen, I think they said the weapon was recovered. Officer is at MGH. Witness in lobby of…
Just heard on the police scanner that it was an armed robbery at the 7-11.
In a similar vein, Usenix Security 2012 had a session called "The Brain" with these two papers: https://www.usenix.org/conference/usenixsecurity12/neuroscie...…
Yes, I would hope that the author wouldn't include "sausage party" in a letter to her real niece. :) So let me rephrase: I don't see the point in making broad statements about the presence of discrimination in our…
Well said. If I had read something like this when I was eight years old, I probably would have almost immediately backtracked and started looking for something else to do with my life. The author could instead tell her…
Related: Mozilla's sameDomain proposal https://bugzilla.mozilla.org/show_bug.cgi?id=795346 Some research browser architectures like Atlantis (http://research.microsoft.com/pubs/154698/Atlantis-SOSP.pdf) go the opposite…
It's a good question, discussed a bit in the PETS paper: https://crypto.stanford.edu/flashproxy/flashproxy.pdf (section 6). The short answer is that communicating a small amount of information outside of the censored…
The plan is to first nail down this low-level API, and then specify a high-level interface wrapping the low-level one that makes it much easier for most developers to get things right.…
They did, but it seems that those certificates had some extensions that made the code-signing attack difficult to carry out on some versions of Windows, so the collisions were used to generate certs without those…
Rivest's class is usually described as the "applied crypto" class (I haven't taken it, this is just what I've heard). The "systems security" class is 6.858: http://pdos.csail.mit.edu/6.858/2011/ And there's another…
This would be easy to implement via a secret sharing scheme, where shares of the secret are maybe stored in local storage until enough of them are collected in the browser to recover the encryption key. But I can't…
Sort of off-topic, but on the subject of using fragment identifiers to pass around secrets, Ben Adida used them to secure session cookies from eavesdroppers: https://github.com/benadida/sessionlock…
If anyone is wondering what the actual change was: It looks like the npm registry used to have a certificate signed by npm's own CA, and existing npm clients only trust that CA by default, not the normal list of…
Core dev here -- I've been doing some work here and there on framework security and I'd love to talk about the security problems you're running into, if you wouldn't mind shooting me an email sometime.
So why should the deaths of those in Boston be more prolific to me than those that died in Texas? I don't think prolific is the word you mean, but I'll assume you meant "meaningful" or "emotional." No one is telling you…
This main point is ridiculous. Our response to deaths should scale exactly proportionately to the number? I shouldn't let the death of a friend upset me disproportionately more than the death of a stranger? A reasonable…
I think you're misinterpreting my comment. I found it odd that we were advised to stay indoors all day and then told that we no longer needed to stay indoors at the exact point at which danger seemed to be more likely.…
I really don't see what this has to do with the Boston bombing or people's reactions to the events of today. I took a different argument to the Holocaust extreme in another comment and it applies just as well here: why…
I heard/read that for homes with inhabitants present, the inhabitants were asked if they would like their homes searched. I'm not sure if they searched empty homes, but if they did, then they probably believed it to be…
I thought it was really odd that they told people they could go about their business after completing the Watertown search without finding him. It seemed to me at that point the probability of us being injured had just…
Not to mention inconsistent with his own reactions. I don't think rms spent all day today mourning the Holocaust or the fallen soldiers of the Civil War.
The feed is no longer working for me, maybe too much traffic? Does anyone know of a live transcript?
Maybe. Also based on a photo of the crime scene that was sent out, it looks the officer was shot right outside Stata, so the robber could have been running through campus.
It sounds like the suspect fled in an unknown direction.
Also might have been unrelated incidents... Scanner traffic just reported shooting in Stata, and I don't know why a 7-11 robber would go inside Stata.
"There was a shooting at 32 Vassar St... No suspect description... No direction of flight..." MIT officer was shot and weapon stolen, I think they said the weapon was recovered. Officer is at MGH. Witness in lobby of…
Just heard on the police scanner that it was an armed robbery at the 7-11.
In a similar vein, Usenix Security 2012 had a session called "The Brain" with these two papers: https://www.usenix.org/conference/usenixsecurity12/neuroscie...…
Yes, I would hope that the author wouldn't include "sausage party" in a letter to her real niece. :) So let me rephrase: I don't see the point in making broad statements about the presence of discrimination in our…
Well said. If I had read something like this when I was eight years old, I probably would have almost immediately backtracked and started looking for something else to do with my life. The author could instead tell her…
Related: Mozilla's sameDomain proposal https://bugzilla.mozilla.org/show_bug.cgi?id=795346 Some research browser architectures like Atlantis (http://research.microsoft.com/pubs/154698/Atlantis-SOSP.pdf) go the opposite…
It's a good question, discussed a bit in the PETS paper: https://crypto.stanford.edu/flashproxy/flashproxy.pdf (section 6). The short answer is that communicating a small amount of information outside of the censored…
The plan is to first nail down this low-level API, and then specify a high-level interface wrapping the low-level one that makes it much easier for most developers to get things right.…
They did, but it seems that those certificates had some extensions that made the code-signing attack difficult to carry out on some versions of Windows, so the collisions were used to generate certs without those…
Rivest's class is usually described as the "applied crypto" class (I haven't taken it, this is just what I've heard). The "systems security" class is 6.858: http://pdos.csail.mit.edu/6.858/2011/ And there's another…
This would be easy to implement via a secret sharing scheme, where shares of the secret are maybe stored in local storage until enough of them are collected in the browser to recover the encryption key. But I can't…
Sort of off-topic, but on the subject of using fragment identifiers to pass around secrets, Ben Adida used them to secure session cookies from eavesdroppers: https://github.com/benadida/sessionlock…