The DNS solution has the benefit of working regardless of how the session is initiated. But only for domains. Whereas the browser handling could say that the trusted-web-server on (common name) told me that X is a valid…
but that they can't afford a $10 domain name The reason they would spend the money on the ownership of the IP and cert isn't because they can't afford the domain name. It's generally done for "mission critical" reasons…
explain a real world scenario where you have a web server with a valid certificate but you don't have a DNS entry for the server? For example, if the certificate is assigned to an IP address. Not extremely common, but…
Sorry, I re-worded "solution" to the lighter "suggestion" after posting, and I agree that there is likely a more fool-proof architecture (e.g. one not vulnerable to XSS; even HTTP headers would be an improvement, I…
The parent's suggestion would work if accessing the server by IP address directly, rather than DNS lookup. Assuming that the integrity of the data has been verified by the transport, I don't see the downside to the…
Does your university actually block all other wireless networks near / on campus? This is prohibited by the FCC. At my university, the wireless APs would scan for others and try to detect if they were on-network using a…
glibc 2.18 and greater were already patched, but it wasn't recognized as an RCE vulnerability at the time. See the first bullet under the "Mitigating factors" section in the link. You can check your libc version with:…
It isn't the format string syntax that is the problem that they're trying to solve. I see this as being an iterative, backwards-incompatible improvement on the existing format convention. Changes in convention don't…
Hi again, No. Copyright can be used to protect moral rights, [...]. In places where moral rights are in the law, they are not subject to copyright at all. It doesn't matter. [...] Whether there are legal systems without…
For example, here in civil law countries, there's commonly no "copyright" as such; there's Moral Rights (which protect stuff like attribution) and Economic Rights. Therefore, there's no implication that abolishing…
Also in a previous comment by the author, before the DMCA: I also believe that it's not in Trello Inc. interest to try to censure us because of the Streisand effect, and it would be overly complex (I live in France,…
It depends on your meaning behind "free distribution", but arguably most open source licenses don't exist to provide that specifically -- they exist to permit it while abiding by the other conditions on the license. For…
The argument that I recall for Chrome not having an optional master password was that it was often less secure than using the system's encrypted data store for their account, if available. Requiring a master password to…
Reddit does intend to have the /r/blog posts on the front page, but they don't necessarily need to rig the votes. As mentioned in the article, the algorithm for selecting which posts appear on the homepage seems to…
The LGPL references the terms of the GPL in the context of the library released under the license. For both versions 2 and 3 of the GPL, it states that build instructions must be made available [1]. [1]…
In addition, the overzealous, erratic clicking originating from an obscure extension could make it pretty easy to detect these users. The only result would be filtering out their traffic from counting towards any PPC…
Thanks for the second example. It's a more clear use-case than the mischievous do_damage() function I had in mind. I think intent would definitely play a role in establishing liability for damaged equipment (i.e. the…
A NAS box "only compatible with brand X drives" is nowhere near a NAS box that intentionally bricks non-brand X drives when attached. As a side note, are there any known cases where a vendor has released open source…
While it may not be much of a stretch, it still hampers his point. If the goal is to convince an audience of people who are evaluating the technical aspects of systemd that there is a viable alternative to using it, the…
Pretty cool hack, but not one I'd hope to run across in any real code. Between the nondescript function header and the inability to differentiate between an unset argument and a zero-set one, this macro would too…
I disagree. When you use a password manager and separate passwords for each website, you're effectively eliminating an entire class of potential attacks, because any leaks from the website will not affect your accounts…
The great-grandparent suggested: echo "Testing status update" >> /facebook/me/posts I think appending content to a file path (with or without the trailing slash) is clearer than the analogy of a truncating write to a…
It took me a couple seconds to figure out there was content below the auto-resizing header image. I tried to click on both the "Documentation is easy" and "FLATDOC" text to see if either were links to the content before…
The DNS solution has the benefit of working regardless of how the session is initiated. But only for domains. Whereas the browser handling could say that the trusted-web-server on (common name) told me that X is a valid…
but that they can't afford a $10 domain name The reason they would spend the money on the ownership of the IP and cert isn't because they can't afford the domain name. It's generally done for "mission critical" reasons…
explain a real world scenario where you have a web server with a valid certificate but you don't have a DNS entry for the server? For example, if the certificate is assigned to an IP address. Not extremely common, but…
Sorry, I re-worded "solution" to the lighter "suggestion" after posting, and I agree that there is likely a more fool-proof architecture (e.g. one not vulnerable to XSS; even HTTP headers would be an improvement, I…
The parent's suggestion would work if accessing the server by IP address directly, rather than DNS lookup. Assuming that the integrity of the data has been verified by the transport, I don't see the downside to the…
Does your university actually block all other wireless networks near / on campus? This is prohibited by the FCC. At my university, the wireless APs would scan for others and try to detect if they were on-network using a…
glibc 2.18 and greater were already patched, but it wasn't recognized as an RCE vulnerability at the time. See the first bullet under the "Mitigating factors" section in the link. You can check your libc version with:…
It isn't the format string syntax that is the problem that they're trying to solve. I see this as being an iterative, backwards-incompatible improvement on the existing format convention. Changes in convention don't…
Hi again, No. Copyright can be used to protect moral rights, [...]. In places where moral rights are in the law, they are not subject to copyright at all. It doesn't matter. [...] Whether there are legal systems without…
For example, here in civil law countries, there's commonly no "copyright" as such; there's Moral Rights (which protect stuff like attribution) and Economic Rights. Therefore, there's no implication that abolishing…
Also in a previous comment by the author, before the DMCA: I also believe that it's not in Trello Inc. interest to try to censure us because of the Streisand effect, and it would be overly complex (I live in France,…
It depends on your meaning behind "free distribution", but arguably most open source licenses don't exist to provide that specifically -- they exist to permit it while abiding by the other conditions on the license. For…
The argument that I recall for Chrome not having an optional master password was that it was often less secure than using the system's encrypted data store for their account, if available. Requiring a master password to…
Reddit does intend to have the /r/blog posts on the front page, but they don't necessarily need to rig the votes. As mentioned in the article, the algorithm for selecting which posts appear on the homepage seems to…
The LGPL references the terms of the GPL in the context of the library released under the license. For both versions 2 and 3 of the GPL, it states that build instructions must be made available [1]. [1]…
In addition, the overzealous, erratic clicking originating from an obscure extension could make it pretty easy to detect these users. The only result would be filtering out their traffic from counting towards any PPC…
Thanks for the second example. It's a more clear use-case than the mischievous do_damage() function I had in mind. I think intent would definitely play a role in establishing liability for damaged equipment (i.e. the…
A NAS box "only compatible with brand X drives" is nowhere near a NAS box that intentionally bricks non-brand X drives when attached. As a side note, are there any known cases where a vendor has released open source…
While it may not be much of a stretch, it still hampers his point. If the goal is to convince an audience of people who are evaluating the technical aspects of systemd that there is a viable alternative to using it, the…
Pretty cool hack, but not one I'd hope to run across in any real code. Between the nondescript function header and the inability to differentiate between an unset argument and a zero-set one, this macro would too…
I disagree. When you use a password manager and separate passwords for each website, you're effectively eliminating an entire class of potential attacks, because any leaks from the website will not affect your accounts…
The great-grandparent suggested: echo "Testing status update" >> /facebook/me/posts I think appending content to a file path (with or without the trailing slash) is clearer than the analogy of a truncating write to a…
It took me a couple seconds to figure out there was content below the auto-resizing header image. I tried to click on both the "Documentation is easy" and "FLATDOC" text to see if either were links to the content before…