Wrong. Prejudice is pre judging a specific situation. You may have general information or experience that makes doing that reasonable, rational, and logical. You can still be wrong. You can't be prejudiced until there's a specific thing to judge.
If you hear constant barking from your neighbor's house you might think their dog is an incessant yapper. You may later find out it's actually their parrot messing with you, the dog, and everyone else. Or their retarded child being retarded.
You can be prejudiced, completely reasonable, and completely wrong. You're far more likely to be prejudiced, completely reasonable, and completely correct. You just don't think of such things as prejudice, you just think of them as common sense.
If someone was fired for stealing from their former job, and you refuse to interview them for a stockroom position, cashier position, etc. you're being prejudicial. If someone has been stealing on the job, and you suspect the person who got fired from their last job for stealing, you're being prejudicial.
If you want to stop terrorism and child abuse, just mandate all children be named Mohamed until they hit 18 years old. Anyone abusing them will get an instant fatwa on their heads. Terrorists will be too busy going after the child abusers to terrorize anyone else.
The hole is big enough to contain two thirds of Manhattan?! EVERYONE has to admit this is pretty fucking bad. The hole needs to be at least 50% larger!
The hubbub about the Stanford Prison Experiment is bogus. You know that, right?
All participants could have left at any time. All they had to do was say "I want to end the experiment.". They all knew it. The truth is they all wanted to get paid, and when the diabetic dude died they needed to concoct a story that absolved them of any guilt in the matter.
The bankruptcy follows the failed company, not the people at the top. The creditors follow the failed company, not the people at the top. Yet the people at the top enjoy being at the top while it lasts, then get to safely glide over to sit at the top of the next venture.
You seem to want corporations to hire CXOs based on merit and results, not politics, image, and nepotism. Good luck with that.
"I know a way to harm many, many people. There's an action I could take, requiring very little time or effort, which could mitigate that. But I choose not to do it unless I get paid."
I know a way to secure our products. There's an action I could take, requiring a little bit of capital and time, to do that. But I choose to release buggy, insecure shit."
Don't pass the buck downstream. Withholding disclosures is doubly dumb because you don't know who else has found the same flaw.
They exist only to benefit companies. They get the PR points for "caring" about security, they get the benefit of people doing their job for them for pennies on the dollar, and they get the control they truly crave. If you want that pittance you need to abide by their terms, meaning you've got to expose your real identity and wait for months for a response, and even longer for a fix (if one ever comes). If you change your mind and think it's better to go public, you get no pittance AND the company will sue you AND try to get you thrown in jail. You're no longer a security researcher, you're a HACKER!! You didn't follow RESPONSIBLE DISCLOSURE (which is entirely defined by the company and entirely ignored)!! Under the CFAA, you can go to jail for the rest of your life (every single packet you send counts as one illegal act)!! Etc.
Fuck that shit.
If you're white hat, go public on day 0 every single time. Sure, it might be a bit chaotic, but that's the ONLY way companies will start caring about security. If you want to get paid, set up a Bitcoin wallet and ask for donations. But your real bread and butter will come from consulting fees as scared people will flock to you.
If you're black hat, just sell the exploits as usual.
It's probably just some retard who doesn't know their own email address. I've got a myname@outlook.com address that someone, presumably with the same name as me, thinks they own (probably because they use outlook and think that means outlook.com is their address).
I regularly get emails destined for him. He's some old coot in the UK and has daughters / granddughters who play youth soccer.
One day he bought a Kindle Fire and registered it to my email address. Amazon doesn't care to validate it, so I was getting constant emails for everything he downloaded. And I had a shiny new amazon.co.uk account with an attached Kindle Fire to play with. I promptly took over his Amazon account, and started emailing images to the Kindle email address that Amazon creates.
I gave it a while to make sure he had a chance to see the things I was sending (they appear in the Kindle library and show on the main screen when delievered, I believe). Then I disassociated the Kindle from the account and changed the account password. I'm sure the old coot thought he was HACKED. He managed to wipe and reassociate the Kindle with the same account, and reset the password himself.
At that point I knew I had him. The only way the geezer could have managed that one is by phoning support. So I then sent in a support ticket to Amazon and told them that they need to fucking clue this guy in to the fact that he doesn't own my email address, and that I have no way of contacting him but they do (from the previous support ticket he certainly filed). After a bit of escalation to the security team, someone with a brain (not a script-reading Indo-bot) got involved and told the fool that he was using the wrong email, then nuked the amazon.co.uk account associated with my email address.
I still get occasional emails meant for this guy, but no fucking Kindle bullshit.
Of course it is. I'm on a prepaid monthly plan that costs $30 (total, no added taxes/fees) for unlimited data and text and 100 minutes of voice (which I never use).
However many people still buy their phones through a carrier or at a carrier-infested retailer like Best Buy.
Nope. If you buy it from a carrier you get their custom image on it, and locked bootloader. And if the hardware manufacturer allows it, you get shitty radio firmwares that restrict the use of the phone on networks that use other bands. You'd need to unlock it, flash a custom ROM, and flash a custom radio firmware.
I had to do this when taking my Note II from ATT to TMobile. Putting just the stock TMobile ROM on the device would limit you to 3G bands, even though the hardware was fully capable of 4G LTE.
Just don't go Verizon, AT&T, TracPhone, etc. Those bastards don't let you unlock your own hardware even when the hardware manufacturer allows it. Fuck them. I will never pay for service from them for that reason alone.
They're required by law to SIM/carrier unlock the device upon request, provided you own it.
Bootloader unlocking? None of the people at Verizon, ATT, etc. know how to do that, even if the manufacturer allows it on a stock device. Verizon, ATT, etc. farm out their "customization" (bloatware and spyware) to China and locked down firmware and bootloaders come as part of the deal. Unless you're a three letter agency, you'll never get Verizon, ATT, etc. to contact and try to communicate with the people in China who worked on that shit a year or more ago and forgot everything.
It's because the Snapdragon SoCs in these things are shit, and Android's scheduling is shit.
When the SoC throttles (and it will), it clocks down so fucking hard that you can't fucking do anything. I believe Android's "project butter" change from 4 years back or so essentially just gave rendering the UI (which is always a graphical thing in Android) the highest absolute priority over anything. Your fucking typing goes to the back of the bus until the SoC, now running at a snail's pace, has now finished processing whatever it thinks it needed to draw (even if it's no longer the foreground application). THEN your characters come out in a sudden burst, assuming the processor is free.
The slow typing issue is ALWAYS there, it's just much more apparent when your phone throttles. When you're throttled, it's exponentially worse since the shit that takes precedence over your typing keeps coming in and cutting in line ahead of your typing. That keeps the processor loaded and throttled.
This will just result in broken pages. And broken pages that are broken differently based on each device's specs and load from other applications at the time.
clobbers sync XHR
Some people like to design things such that events and procedures happen one after the other, you know. Some people need consistent and deterministic logic and data. Some people care about race conditions.
They're probably stealing HIBP's work. https://haveibeenpwned.com/Pas... Though they're also probably stealing your passwords. It is Google, after all.
HIBP maintains a DB of credentials they find exposed in dumps. HIBP hashes them with SHA1. HIBP provides an API. You hash your password with SHA1. You send the first 5 characters of that hash to HIBP's API. HIBP looks up all of its SHA1 password hashes and finds all the ones starting with those 5 characters. HIBP returns those matching hashes (excluding the first 5 characters, which you already know) and a count of how many times each was found in a dump. You search through that list of SHA1 hashes and find the one that's a complete match. You then know your password (or something that produces a SHA1 collision with it) has been exposed X times, or not at all.
Go to https://haveibeenpwned.com/Pas... and open your network console. Put "sexy" in the field. The SHA1 hash of "sexy" is BF5AFC18DFBCA6FF28E36AC47BDA8AB40D47C990. Your browser sends a GET request for https://api.pwnedpasswords.com.... The response includes C18DFBCA6FF28E36AC47BDA8AB40D47C990:104937.
Passwords with a SHA1 hash of BF5AFC18DFBCA6FF28E36AC47BDA8AB40D47C990 (such as "sexy") have been found in credential dumps 104937 times.
If you don't trust HIBP with even a partial hash of your PW, you can download the 30+ GB text file and do it your damned self. Or use a program locally. Several password managers offer functionality (natively or via plugins) for this.
Slashdot Mirror
32GB in my laptop. Chrome is using 600MB and ive done nothing special. It hardly consumes all available ram.
Yeah, but once you OPEN Chrome it'll use 6 GB.
Should have done it 100,000 at a time.
Wrong. Prejudice is pre judging a specific situation. You may have general information or experience that makes doing that reasonable, rational, and logical. You can still be wrong. You can't be prejudiced until there's a specific thing to judge.
If you hear constant barking from your neighbor's house you might think their dog is an incessant yapper.
You may later find out it's actually their parrot messing with you, the dog, and everyone else. Or their retarded child being retarded.
You can be prejudiced, completely reasonable, and completely wrong.
You're far more likely to be prejudiced, completely reasonable, and completely correct. You just don't think of such things as prejudice, you just think of them as common sense.
If someone was fired for stealing from their former job, and you refuse to interview them for a stockroom position, cashier position, etc. you're being prejudicial.
If someone has been stealing on the job, and you suspect the person who got fired from their last job for stealing, you're being prejudicial.
Go banana!
Most USB-C devices operate at USB 2 speeds. USB C is a port, cable, and butt shaving spec. "USB 3.2 Gen 2x2" is the latest USB protocol spec.
If you want to stop terrorism and child abuse, just mandate all children be named Mohamed until they hit 18 years old.
Anyone abusing them will get an instant fatwa on their heads. Terrorists will be too busy going after the child abusers to terrorize anyone else.
The hole is big enough to contain two thirds of Manhattan?! EVERYONE has to admit this is pretty fucking bad.
The hole needs to be at least 50% larger!
The hubbub about the Stanford Prison Experiment is bogus. You know that, right?
All participants could have left at any time. All they had to do was say "I want to end the experiment.". They all knew it.
The truth is they all wanted to get paid, and when the diabetic dude died they needed to concoct a story that absolved them of any guilt in the matter.
The bankruptcy follows the failed company, not the people at the top.
The creditors follow the failed company, not the people at the top.
Yet the people at the top enjoy being at the top while it lasts, then get to safely glide over to sit at the top of the next venture.
You seem to want corporations to hire CXOs based on merit and results, not politics, image, and nepotism. Good luck with that.
"I know a way to harm many, many people. There's an action I could take, requiring very little time or effort, which could mitigate that. But I choose not to do it unless I get paid."
I know a way to secure our products. There's an action I could take, requiring a little bit of capital and time, to do that. But I choose to release buggy, insecure shit."
Don't pass the buck downstream. Withholding disclosures is doubly dumb because you don't know who else has found the same flaw.
Bug bounty programs are a fucking scam.
They exist only to benefit companies. They get the PR points for "caring" about security, they get the benefit of people doing their job for them for pennies on the dollar, and they get the control they truly crave. If you want that pittance you need to abide by their terms, meaning you've got to expose your real identity and wait for months for a response, and even longer for a fix (if one ever comes). If you change your mind and think it's better to go public, you get no pittance AND the company will sue you AND try to get you thrown in jail. You're no longer a security researcher, you're a HACKER!! You didn't follow RESPONSIBLE DISCLOSURE (which is entirely defined by the company and entirely ignored)!! Under the CFAA, you can go to jail for the rest of your life (every single packet you send counts as one illegal act)!! Etc.
Fuck that shit.
If you're white hat, go public on day 0 every single time. Sure, it might be a bit chaotic, but that's the ONLY way companies will start caring about security. If you want to get paid, set up a Bitcoin wallet and ask for donations. But your real bread and butter will come from consulting fees as scared people will flock to you.
If you're black hat, just sell the exploits as usual.
It's probably just some retard who doesn't know their own email address. I've got a myname@outlook.com address that someone, presumably with the same name as me, thinks they own (probably because they use outlook and think that means outlook.com is their address).
I regularly get emails destined for him. He's some old coot in the UK and has daughters / granddughters who play youth soccer.
One day he bought a Kindle Fire and registered it to my email address. Amazon doesn't care to validate it, so I was getting constant emails for everything he downloaded. And I had a shiny new amazon.co.uk account with an attached Kindle Fire to play with. I promptly took over his Amazon account, and started emailing images to the Kindle email address that Amazon creates.
For example, this one: https://i.imgur.com/eWJsKZx.jp...
I gave it a while to make sure he had a chance to see the things I was sending (they appear in the Kindle library and show on the main screen when delievered, I believe). Then I disassociated the Kindle from the account and changed the account password. I'm sure the old coot thought he was HACKED. He managed to wipe and reassociate the Kindle with the same account, and reset the password himself.
At that point I knew I had him. The only way the geezer could have managed that one is by phoning support. So I then sent in a support ticket to Amazon and told them that they need to fucking clue this guy in to the fact that he doesn't own my email address, and that I have no way of contacting him but they do (from the previous support ticket he certainly filed). After a bit of escalation to the security team, someone with a brain (not a script-reading Indo-bot) got involved and told the fool that he was using the wrong email, then nuked the amazon.co.uk account associated with my email address.
I still get occasional emails meant for this guy, but no fucking Kindle bullshit.
Of course it is. I'm on a prepaid monthly plan that costs $30 (total, no added taxes/fees) for unlimited data and text and 100 minutes of voice (which I never use).
However many people still buy their phones through a carrier or at a carrier-infested retailer like Best Buy.
Odds are it was the fentanyl that got him.
Nope. If you buy it from a carrier you get their custom image on it, and locked bootloader. And if the hardware manufacturer allows it, you get shitty radio firmwares that restrict the use of the phone on networks that use other bands. You'd need to unlock it, flash a custom ROM, and flash a custom radio firmware.
I had to do this when taking my Note II from ATT to TMobile. Putting just the stock TMobile ROM on the device would limit you to 3G bands, even though the hardware was fully capable of 4G LTE.
And they should see the UI constantly adjusting as data is updated out of order.
Just don't go Verizon, AT&T, TracPhone, etc. Those bastards don't let you unlock your own hardware even when the hardware manufacturer allows it. Fuck them. I will never pay for service from them for that reason alone.
They're required by law to SIM/carrier unlock the device upon request, provided you own it.
Bootloader unlocking? None of the people at Verizon, ATT, etc. know how to do that, even if the manufacturer allows it on a stock device.
Verizon, ATT, etc. farm out their "customization" (bloatware and spyware) to China and locked down firmware and bootloaders come as part of the deal. Unless you're a three letter agency, you'll never get Verizon, ATT, etc. to contact and try to communicate with the people in China who worked on that shit a year or more ago and forgot everything.
sanic is that u?
It's because the Snapdragon SoCs in these things are shit, and Android's scheduling is shit.
When the SoC throttles (and it will), it clocks down so fucking hard that you can't fucking do anything. I believe Android's "project butter" change from 4 years back or so essentially just gave rendering the UI (which is always a graphical thing in Android) the highest absolute priority over anything. Your fucking typing goes to the back of the bus until the SoC, now running at a snail's pace, has now finished processing whatever it thinks it needed to draw (even if it's no longer the foreground application). THEN your characters come out in a sudden burst, assuming the processor is free.
The slow typing issue is ALWAYS there, it's just much more apparent when your phone throttles. When you're throttled, it's exponentially worse since the shit that takes precedence over your typing keeps coming in and cutting in line ahead of your typing. That keeps the processor loaded and throttled.
This will just result in broken pages. And broken pages that are broken differently based on each device's specs and load from other applications at the time.
clobbers sync XHR
Some people like to design things such that events and procedures happen one after the other, you know. Some people need consistent and deterministic logic and data. Some people care about race conditions.
Do they? Has it been tested? Google isn't exactly known for their rigor.
Ah yes, change the encryption key for the passwords, then send that key to Google so they can update the encryption on your other devices.
Anyone using that shit is so fucking stupid.
They're probably stealing HIBP's work. https://haveibeenpwned.com/Pas...
Though they're also probably stealing your passwords. It is Google, after all.
HIBP maintains a DB of credentials they find exposed in dumps.
HIBP hashes them with SHA1.
HIBP provides an API.
You hash your password with SHA1.
You send the first 5 characters of that hash to HIBP's API.
HIBP looks up all of its SHA1 password hashes and finds all the ones starting with those 5 characters.
HIBP returns those matching hashes (excluding the first 5 characters, which you already know) and a count of how many times each was found in a dump.
You search through that list of SHA1 hashes and find the one that's a complete match.
You then know your password (or something that produces a SHA1 collision with it) has been exposed X times, or not at all.
Go to https://haveibeenpwned.com/Pas... and open your network console.
Put "sexy" in the field.
The SHA1 hash of "sexy" is BF5AFC18DFBCA6FF28E36AC47BDA8AB40D47C990.
Your browser sends a GET request for https://api.pwnedpasswords.com....
The response includes C18DFBCA6FF28E36AC47BDA8AB40D47C990:104937.
Passwords with a SHA1 hash of BF5AFC18DFBCA6FF28E36AC47BDA8AB40D47C990 (such as "sexy") have been found in credential dumps 104937 times.
If you don't trust HIBP with even a partial hash of your PW, you can download the 30+ GB text file and do it your damned self. Or use a program locally. Several password managers offer functionality (natively or via plugins) for this.
it doesn't need the cash or publicity of an IPO
Yet here they are, going public, courting big players, floating a $7 billion estimation, and feeding these reports to the shill media.
Seems to me the current investors want OUT.
Even better. Your pay increase is increasing at a rate of $2000/day/day/day. In just a few short weeks, you'll be money.