SSL protects the point to point link. But unless the web site requires you to have a client certificate or other security credential, anyone can download over https and see the plaintext.
From my reading of the Mega response, the crypto applied to the static content was to ensure the integrity of the files as transmitted, not the privacy.
They are free to add an arbitrary amount of additional integrity checking of the static files, both of the cryptographic and non cryptographic nature. I wouldn't be surprised if they already do because it is trivial and a normal thing to do.
If you mean the private keys, I can assure you that they don't. There are at least two root CA private keys that I was involved in instantiating that the US government does not have.
So you accept that they lied when they said it was beef, but they certainly wouldn't lie about this "beef" being unhealthy. My confidence wouldn't be so high.
Intel's Digital Random Number Generator has a Dilbert mode (not available to mortals) in which it only outputs 9. I had to choose between xkcd mode and Dilbert mode. Dilbert mode won.
Any resemblance between the actions of the European Commission and due process is entire coincidental.
The European Commission gets to act as investigator, prosecutor, judge, jury and executioner, with no oversight. It's then left to the courts to clean up, years after the self serving commissioner has moved on from his or her round robin appointment at the commission.
>You don't understand software security, do you Actually I do. It's my job. Well mostly hardware security, but they overlap.
SQL injections are a problem of untrusted data being mistaken for trusted code. When data cannot be mistaken for code it makes it very difficult for traditional SQL injection to happen. SQL promotes the problems of data/code confusion because it is a text string that contains both and constructing and handling that string correctly has provided lots of scope for error.
Keeping your data data and code code is great for mitigating SQL injection. It does nothing for a vast collection of other aspects of software security (E.G. xss, buffer overflow, side channels etc.), but for SQL injection, type safety in language and database API is just the ticket.
I don't think you got my point. I'm suggesting that SQL is contributing to the problem. Queries in is strings is not strongly typed. Function calls to BDB are. If you need an ORM to construct string queries, then you are trusting both yourself and the writers of the ORM framework writers to not screw up.
It safest to trust the fewest people not to screw up and then not screw up yourself.
And this, children, is why you actually need to know and understand SQL before you go off and start writing database applications, without depending on a "framework" to do it for you.
To know and understand SQL is to know and understand that it is a steaming pile and other interfaces should be used.
Using a strongly typed language with a strongly typed database API, instead of that ugly hack called SQL will also mitigate SQL injections. Completely.
This stuff has been filtered out of the basic high school package in the states. Calculus is an 'AP' topic. I.E. Advanced Placement. They let the white kids take AP classes. When someone tried to sneak non lily whites into an AP exam and succeeded, it was so shocking that they made it a film about it: http://en.wikipedia.org/wiki/Stand_and_Deliver
I went to school in Britain. No calculus => no college entrance.
Failing to collect the final payment and then blaming the (non)payer seems to be a common slime-ball trick. The rental agency through which we rented our previous house tried this one.
He or she is not smoking anything. If you are poor and you take advantage of what is out there, you can get a college education paid for. There are thousands of state, federal, charitable and private programs that help pay for education. A good academic adviser can help you get access.
Indeed. One of my professors invented the tagged delay line and the invisible cache, back when you had to build it out of discrete ECL.
SSL protects the point to point link. But unless the web site requires you to have a client certificate or other security credential, anyone can download over https and see the plaintext.
From my reading of the Mega response, the crypto applied to the static content was to ensure the integrity of the files as transmitted, not the privacy.
They are free to add an arbitrary amount of additional integrity checking of the static files, both of the cryptographic and non cryptographic nature. I wouldn't be surprised if they already do because it is trivial and a normal thing to do.
If you mean the private keys, I can assure you that they don't.
There are at least two root CA private keys that I was involved in instantiating that the US government does not have.
Maybe they're feeling the heat of competition from square and feel the need to do something to stop the exodus.
Our little business finds square a lot easier to deal with.
Oh alright then.
So you accept that they lied when they said it was beef, but they certainly wouldn't lie about this "beef" being unhealthy. My confidence wouldn't be so high.
What makes you think that meat is unhealthy?
Let's dig up some research on the matter: http://www.jbc.org/content/87/3/651.full.pdf
That doesn't mean we need them. They may or may not be a better option. Other countries get by without a monarch.
Of course, being American I consider the idea of royalty itself to be absurd and wonder why my British cousins need them?
We don't *need* them. We have them anyway. A bit like a fancy car or an iphone.
>In either case, applications are also free to use material from /dev/random or /dev/urandom to seed their own PRNGs.
Just because they can, it doesn't mean they should.
Intel's Digital Random Number Generator has a Dilbert mode (not available to mortals) in which it only outputs 9.
I had to choose between xkcd mode and Dilbert mode. Dilbert mode won.
Any resemblance between the actions of the European Commission and due process is entire coincidental.
The European Commission gets to act as investigator, prosecutor, judge, jury and executioner, with no oversight.
It's then left to the courts to clean up, years after the self serving commissioner has moved on from his or her round robin appointment at the commission.
>You don't understand software security, do you
Actually I do. It's my job. Well mostly hardware security, but they overlap.
SQL injections are a problem of untrusted data being mistaken for trusted code. When data cannot be mistaken for code it makes it very difficult for traditional SQL injection to happen. SQL promotes the problems of data/code confusion because it is a text string that contains both and constructing and handling that string correctly has provided lots of scope for error.
Keeping your data data and code code is great for mitigating SQL injection. It does nothing for a vast collection of other aspects of software security (E.G. xss, buffer overflow, side channels etc.), but for SQL injection, type safety in language and database API is just the ticket.
I don't think you got my point. I'm suggesting that SQL is contributing to the problem. Queries in is strings is not strongly typed. Function calls to BDB are. If you need an ORM to construct string queries, then you are trusting both yourself and the writers of the ORM framework writers to not screw up.
It safest to trust the fewest people not to screw up and then not screw up yourself.
Hint to brogrammers: /dev/random
Which will either block or give you data with no entropy unless you really know what you're doing.
And this, children, is why you actually need to know and understand SQL before you go off and start writing database applications, without depending on a "framework" to do it for you.
To know and understand SQL is to know and understand that it is a steaming pile and other interfaces should be used.
Using a strongly typed language with a strongly typed database API, instead of that ugly hack called SQL will also mitigate SQL injections. Completely.
You are free to take your kid out of school and homeschool them if you're scared of government intrusion blah blah blah shut up
You're also free to pull your kid out of school because the teaching is incompetent, the school environment is crap.
I was exaggerating for comedic effect. The wife was a teacher, then an ed PhD, then an education prof. She knows all the dirt on testing.
This stuff has been filtered out of the basic high school package in the states. Calculus is an 'AP' topic. I.E. Advanced Placement. They let the white kids take AP classes. When someone tried to sneak non lily whites into an AP exam and succeeded, it was so shocking that they made it a film about it: http://en.wikipedia.org/wiki/Stand_and_Deliver
I went to school in Britain. No calculus => no college entrance.
Not my problem. I'm British.
Just move country.
You will be an interesting foreigner. With or without the internet, this gives you an edge.
Failing to collect the final payment and then blaming the (non)payer seems to be a common slime-ball trick.
The rental agency through which we rented our previous house tried this one.
But in 64 years, they will undergo gravitational collapse and turn into a neutron star.
What are you smoking?
He or she is not smoking anything. If you are poor and you take advantage of what is out there, you can get a college education paid for. There are thousands of state, federal, charitable and private programs that help pay for education. A good academic adviser can help you get access.