Replace "climb the social ladder and have power and influence" with "be able to afford a home, have kids, and go on vacation occasionally." It's become very difficult to have even a middle class lifestyle without a…
Even if example.com is unsigned, the delegation from .com to example.com will still be signed (including an attestation that example.com is unsigned). So lack of DNSSEC adoption by users of the TLD wouldn't save them…
It's not like the long-haul fiber not owned by FAANG is a public utility, at least not in most places. Traffic that goes over "the Internet" traverses some mix of your ISP's fiber, fiber belonging to some other ISP they…
Possibly naive question, why should Wikimedia do anything at all? Do they have a legal presence in the UK? If not, why not just say "we aren't a UK based organization so we have no obligations under this law" Let the UK…
Assuming that RFC1918 addresses mean "local" network is wrong. It means "private". Many large enterprises use RFC1918 for private, internal web sites. One internal site I spend hours a day using has a 10.x.x.x IP…
I don't think OP was specifically stating we need to save these specific jobs, rather they were pointing out the interconnected nature of the economy. Less importing hurts the workers in those industries. Taking that…
I'm fine with this as long as they include the tariff in the listed price. I'm worried businesses are going to use tariffs as an excuse to have a fake list price, then hit you with massive hidden fees at the point of…
When the first-gen iPhone was out there was a TIFF vulnerability so bad that you could jailbreak an iPhone just by visiting a specific web site. I remember going to Best Buy and seeing all of the display phones had been…
I would also say don't run ghostscript with the same permissions as the web server, especially not if you can just hand it your PDF through stdin and take a PNG through stdout. Sandbox it as much as possible. PDF is a…
There are portable SCIFs, basically specially designed trailers, to allow senior staff to communicate securely on the road. It's very likely Vance had one of these nearby.
In the early days of the iPhone, there was a vulnerability that allowed you to jailbreak your phone by visiting a specific web site. IIRC it was some vulnerability in the TIFF handling code. The same vulnerability could…
Treating a proprietary API as a standard is risky - this is a good example of why. From Amazon's point of view there's no reason to keep the S3 SDK backwards compatible with old versions of the S3 service, because they…
Who is this actually for? It seems like most people who need private security need it on an ongoing basis, not just for a one-off thing. Even if the need arises suddenly (i.e. a stalker starts threatening a celebrity),…
Chrome launched their own root program a couple years ago: https://blog.chromium.org/2022/09/announcing-launch-of-chrom...
And it's worth noting that you can't just ignore this problem if you're using websockets - websockets disconnect sometimes for a variety of reasons. It may be less frequent than a long-polling timeout, but if you don't…
The next long-polling request can include a list of the ID(s) returned in the previous request. You keep the messages in the queue until you get the next request ack'ing them.
The problem is people don't really see wage increases and inflation as things that balance each other out. They think of raises as something earned that will improve their lifestyle - when inflation cancels that out, it…
> if LLM training involves merely reading a dataset, but it is not strictly necessary to copy, or even store it verbatim to be useful, then does it even fall under copyright protection at all? Copyright includes the…
Would that matter if the company wants to do business in countries with more restrictive laws? I.E. if I wrote my own spin-off of a popular book series, which was somehow considered fair use in country A, but considered…
I'm honestly surprised that the US doesn't have a legal framework to force ISPs to block IPs / DNS hostnames. I've been expecting that for 10+ years now, but it hasn't happened.
`sudo tcpdump port 53` says yes, they do use unencrypted DNS. AFAIK Chrome has a hardcoded list of DNS servers which offer encrypted DNS. I.E. if your DHCP server tells your PC to use 8.8.8.8, 1.1.1.1, 9.9.9.9, (or the…
> As much hassle as things like DoH can be for securing and enforcing policy on a network, it’s about time it became ubiquitous enough that governments can’t leverage DNS for their own purposes anymore. A caveat of…
I used Jira at my old job and didn't care for it. At my new job I have to use Procore half the time. I can't tell you how much I miss Jira.
A particular .gov domain using Cloudflare (although from my DNS lookups, that one is not) is unrelated to Cloudflare managing the authoritative DNS servers for the .gov TLD. The fact that only a specific .gov domain -…
> registrar business They're the registry, not the registrar. CISA is the registrar for .gov domains, Cloudflare just handles the backend. (DNS and whois infrastructure) Government employees likely never see anything…
Replace "climb the social ladder and have power and influence" with "be able to afford a home, have kids, and go on vacation occasionally." It's become very difficult to have even a middle class lifestyle without a…
Even if example.com is unsigned, the delegation from .com to example.com will still be signed (including an attestation that example.com is unsigned). So lack of DNSSEC adoption by users of the TLD wouldn't save them…
It's not like the long-haul fiber not owned by FAANG is a public utility, at least not in most places. Traffic that goes over "the Internet" traverses some mix of your ISP's fiber, fiber belonging to some other ISP they…
Possibly naive question, why should Wikimedia do anything at all? Do they have a legal presence in the UK? If not, why not just say "we aren't a UK based organization so we have no obligations under this law" Let the UK…
Assuming that RFC1918 addresses mean "local" network is wrong. It means "private". Many large enterprises use RFC1918 for private, internal web sites. One internal site I spend hours a day using has a 10.x.x.x IP…
I don't think OP was specifically stating we need to save these specific jobs, rather they were pointing out the interconnected nature of the economy. Less importing hurts the workers in those industries. Taking that…
I'm fine with this as long as they include the tariff in the listed price. I'm worried businesses are going to use tariffs as an excuse to have a fake list price, then hit you with massive hidden fees at the point of…
When the first-gen iPhone was out there was a TIFF vulnerability so bad that you could jailbreak an iPhone just by visiting a specific web site. I remember going to Best Buy and seeing all of the display phones had been…
I would also say don't run ghostscript with the same permissions as the web server, especially not if you can just hand it your PDF through stdin and take a PNG through stdout. Sandbox it as much as possible. PDF is a…
There are portable SCIFs, basically specially designed trailers, to allow senior staff to communicate securely on the road. It's very likely Vance had one of these nearby.
In the early days of the iPhone, there was a vulnerability that allowed you to jailbreak your phone by visiting a specific web site. IIRC it was some vulnerability in the TIFF handling code. The same vulnerability could…
Treating a proprietary API as a standard is risky - this is a good example of why. From Amazon's point of view there's no reason to keep the S3 SDK backwards compatible with old versions of the S3 service, because they…
Who is this actually for? It seems like most people who need private security need it on an ongoing basis, not just for a one-off thing. Even if the need arises suddenly (i.e. a stalker starts threatening a celebrity),…
Chrome launched their own root program a couple years ago: https://blog.chromium.org/2022/09/announcing-launch-of-chrom...
And it's worth noting that you can't just ignore this problem if you're using websockets - websockets disconnect sometimes for a variety of reasons. It may be less frequent than a long-polling timeout, but if you don't…
The next long-polling request can include a list of the ID(s) returned in the previous request. You keep the messages in the queue until you get the next request ack'ing them.
The problem is people don't really see wage increases and inflation as things that balance each other out. They think of raises as something earned that will improve their lifestyle - when inflation cancels that out, it…
> if LLM training involves merely reading a dataset, but it is not strictly necessary to copy, or even store it verbatim to be useful, then does it even fall under copyright protection at all? Copyright includes the…
Would that matter if the company wants to do business in countries with more restrictive laws? I.E. if I wrote my own spin-off of a popular book series, which was somehow considered fair use in country A, but considered…
I'm honestly surprised that the US doesn't have a legal framework to force ISPs to block IPs / DNS hostnames. I've been expecting that for 10+ years now, but it hasn't happened.
`sudo tcpdump port 53` says yes, they do use unencrypted DNS. AFAIK Chrome has a hardcoded list of DNS servers which offer encrypted DNS. I.E. if your DHCP server tells your PC to use 8.8.8.8, 1.1.1.1, 9.9.9.9, (or the…
> As much hassle as things like DoH can be for securing and enforcing policy on a network, it’s about time it became ubiquitous enough that governments can’t leverage DNS for their own purposes anymore. A caveat of…
I used Jira at my old job and didn't care for it. At my new job I have to use Procore half the time. I can't tell you how much I miss Jira.
A particular .gov domain using Cloudflare (although from my DNS lookups, that one is not) is unrelated to Cloudflare managing the authoritative DNS servers for the .gov TLD. The fact that only a specific .gov domain -…
> registrar business They're the registry, not the registrar. CISA is the registrar for .gov domains, Cloudflare just handles the backend. (DNS and whois infrastructure) Government employees likely never see anything…