But they could inject local CSS and local scripts into the page, so if you trust the current hostname by default (which many do for basic functionality) then NoScript won't help you here.
He seems to have accounting skills and a business plan to develop. Focus on those skills -- leave development decisions to the developers.
Take time to create some wire frame (pen on paper) mockups of workflows and business rules. Find similar layouts and "look & feel" from existing sites that he can give as examples to the dev team.
If he's worried the developers won't understand his requirements and he's wasting money, hire you (the friend) to interface with them. Build mock-ups as iteratively as possible without connecting any back-end logic so he is "comfortable" with the UX before spending time on the back-end.
If he already had web skills, he'd just implement the idea himself; hiring others is when you know you cannot do everything yourself. Hire fewer, but better, people. Good luck.
If the.band files are audio-only, such as.aiff, then Audacity can play them. If they have MIDI files, you'll need to first export to wav/mp3/aiff/m4a/etc, then play them on anything.
The domain is registered with GoDaddy and is hosted on GoDaddy's nameservers (ns*.domaincontrol.com). Complain to them and they'll take it down, just like they do with legitimate sites people complain about. Their quick takedown process might work in our favor this time...
I use the same setup, but you cannot schedule conference rooms with Lightning, nor examine anyone's calendar. At least in OWA you can schedule conference rooms, so I still haven't used Outlook in 10 years!
... six months later you've built the prototype of those ironed-out-requirements and detailed-design to find it is not what the customer actually wanted.
And you've verified you have the same kernel modules and binaries running described in TFA?
Is there a slight chance if the VM can't access the hardware IDs needed to watermark, that it does not apply one? You have an old box you can run Red Star on natively?
I don't think encryption would help here. Assume the user is still using Red Star Linux which in addition to watermarking, has tweaked the prngs so that all private keys (including symmetric keys and session keys) are created with a known set of values, thus making the user think they are secure but allows the government to still eavesdrop on all communication.
How about a tall office chair? Instead of moving a big desk with 3 monitors up and down, keep it a fixed height for standing (customized per individual when assembled) and then sit in a tall chair instead of on a hard stool.
I agree that 4 -> 5 was difficult, 5 -> 6 and 6 -> 7 was easy, but 7 -> 8 is difficult again. Mostly due to app server containers like Tomcat and JBoss -- specifically the JSP compiling part needs a lot of love for Java 8 in servlet containers.
We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.
Salting is nice, but when the attacker gets both the hash and the salt, they can attack specific users. Still, the 100k rounds of SHA256 seem decent.
Is there a market in the world for strong cryptographic file sharing? Meaning only the end users control their private keys and the "network" just connects users -- it never knows the keys.
Or does that only work on the small scale such as one user sharing some files with a few friends. If that same user shared those files with ten thousand friends, then would the sharing would be public as the keys would be "leaked" by nature of lots of people having them? (And thus those files could be examined for copyright infringement.)
And since some characters have different lengths, even counting characters might not be good enough. (Can't use max_bytes=80, nor max_chars=40.)
The message could be "displayed" in memory with the chosen font and size to calculate it's length, then truncate the string in character mode to fit within the limited area.
Slashdot Mirror
Thanks, inline CSS and javascript was what I meant.
Why aren't all those requests going over HTTPS?
But they could inject local CSS and local scripts into the page, so if you trust the current hostname by default (which many do for basic functionality) then NoScript won't help you here.
Yup. Encryption isn't just for people who have something to hide, it's for integrity of all communications, even if it's cat gifs.
The web traffic incident was VeriSign, manager of the .com & .net TLDs.
He seems to have accounting skills and a business plan to develop. Focus on those skills -- leave development decisions to the developers.
Take time to create some wire frame (pen on paper) mockups of workflows and business rules. Find similar layouts and "look & feel" from existing sites that he can give as examples to the dev team.
If he's worried the developers won't understand his requirements and he's wasting money, hire you (the friend) to interface with them. Build mock-ups as iteratively as possible without connecting any back-end logic so he is "comfortable" with the UX before spending time on the back-end.
If he already had web skills, he'd just implement the idea himself; hiring others is when you know you cannot do everything yourself. Hire fewer, but better, people. Good luck.
If the .band files are audio-only, such as .aiff, then Audacity can play them. If they have MIDI files, you'll need to first export to wav/mp3/aiff/m4a/etc, then play them on anything.
Here is a list of alternatives for composing on Linux.
The domain is registered with GoDaddy and is hosted on GoDaddy's nameservers (ns*.domaincontrol.com). Complain to them and they'll take it down, just like they do with legitimate sites people complain about. Their quick takedown process might work in our favor this time...
Good luck with that
Is this why peaty scotch whiskey tastes so good?
I use the same setup, but you cannot schedule conference rooms with Lightning, nor examine anyone's calendar. At least in OWA you can schedule conference rooms, so I still haven't used Outlook in 10 years!
And how is wild algae more sustainable than farmed?
... six months later you've built the prototype of those ironed-out-requirements and detailed-design to find it is not what the customer actually wanted.
Shift+Delete when selecting the incorrect entry in nearly every autocomplete dropdown will remove that entry.
And you've verified you have the same kernel modules and binaries running described in TFA?
Is there a slight chance if the VM can't access the hardware IDs needed to watermark, that it does not apply one? You have an old box you can run Red Star on natively?
I don't think encryption would help here. Assume the user is still using Red Star Linux which in addition to watermarking, has tweaked the prngs so that all private keys (including symmetric keys and session keys) are created with a known set of values, thus making the user think they are secure but allows the government to still eavesdrop on all communication.
Think of the productivity increase if we all took a nap each day! I bet that guy did some great work in the afternoons.
How about a tall office chair? Instead of moving a big desk with 3 monitors up and down, keep it a fixed height for standing (customized per individual when assembled) and then sit in a tall chair instead of on a hard stool.
pdsh FTW
You forgot to add "winmodems" -- the software-defined modem that only shipped with flaky Windows drivers.
I agree that 4 -> 5 was difficult, 5 -> 6 and 6 -> 7 was easy, but 7 -> 8 is difficult again. Mostly due to app server containers like Tomcat and JBoss -- specifically the JSP compiling part needs a lot of love for Java 8 in servlet containers.
On that note, fasting can be good for you.
We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.
Salting is nice, but when the attacker gets both the hash and the salt, they can attack specific users. Still, the 100k rounds of SHA256 seem decent.
Would bcrypt be any better than PBKDF2 here?
Is there a market in the world for strong cryptographic file sharing? Meaning only the end users control their private keys and the "network" just connects users -- it never knows the keys.
Or does that only work on the small scale such as one user sharing some files with a few friends. If that same user shared those files with ten thousand friends, then would the sharing would be public as the keys would be "leaked" by nature of lots of people having them? (And thus those files could be examined for copyright infringement.)
And since some characters have different lengths, even counting characters might not be good enough. (Can't use max_bytes=80, nor max_chars=40.)
The message could be "displayed" in memory with the chosen font and size to calculate it's length, then truncate the string in character mode to fit within the limited area.