The "appropriate use" filter on the classroom network forbids access to YouTube, or the national firewall forbids access to all services provided by Google.
And if it for some reason can't be from YouTube, wouldn't it be sufficient to simply download it from YouTube first?
Downloading the video is copyright infringement. A professor can't officially recommend this.
I think you have to honestly look at yourself and if you are not educating or failing these incompetents, you are a bad professor and a part of the problem.
If the administration gives a professor only one semester to cover what ought to be two semesters' worth of information security material, as gweihir described, is a professor who doesn't quit in protest "a bad professor and a part of the problem"?
It doesn't matter: half of them still write injectable queries, even though using "prepared statements" isn't any more complex.
In the majority of cases, I agree that "using 'prepared statements' isn't any more complex." The biggest exception is operator IN, as none of the popular free database engines that I tested support an array as a parameter. Instead, they require each value in the list on the right side of operator IN to be its own parameter, and the application is responsible for building both the (variable-length) list of question mark placeholders and the array of values to be substituted into the equation. It also has to ensure that the order of the question mark placeholders, particularly those that occur before or after the use of operator IN, doesn't fall out of sync with the order of the elements in the array of values, or else the inadvertent use of values intended for operator IN for other parts of the statement or vice versa will end up itself causing a security hole. At some point, if the engine you're using doesn't support named placeholders, a well-tested routine to escape a single array of values for the right side of operator IN becomes safer than using question mark placeholders because of less risk of accidentally mismatching the order of placeholders with the order of values.
I think *all* code should go through at least peer review by a senior team member.
If there are more than one programmer at a company, yes. But when (say) a small toy retailer in the Midwest has the budget to hire only one programmer to build its order fulfillment back end, who would review his code? Fortunately, this company's programmer at least takes care to escape HTML, parameterize or whitelist anything going into an SQL query, and require all POSTs to include the session's CSRF token.
You can generate domains all day: Pay 4 'em - they better have some SERIOUS "$" to pay for 1,000's to millions of them (not practical or EVEN POSSIBLE for most doing it).
True, you have to pay for a registered domain. But once you own a registered domain, you don't have to pay more for additional subdomains under that domain.
I haven't built any DNS filtering tools myself, but I understand how Pi-hole works. It's similar to your solution in that it filters DNS, but it's more flexible than a hosts file because it allows wildcards for subdomains.
Malware using a "domain generation algorithm" contains a formula to deterministically calculate registrable domains* that the botnet operator will register in the near future. Those can be predicted through the method described in the paper, and it's rate-limited by the non-zero price of registering a domain, so you might see a new domain every day or so.
The same cannot be said of subdomains,* such 94c22ef3.bigbucksads.example, 08e7061d.bigbucksads.example, 3c068f47.bigbucksads.example, and 0327f573.bigbucksads.example. These are generated in real time and resolved using wildcard DNS, as it costs effectively nothing to register 4.2 billion distinct subdomains of an already existing domain. In fact, the Sandstorm framework uses the subdomain to hold a randomly generated session ID.
* A "public suffix" is one of the labels in Mozilla's Public Suffix List, such as org. A "registrable domain" is defined as a domain name that contains exactly one more label than a public suffix, such as slashdot.org. A "subdomain" is a domain name that contains at least one more label than a registrable domain, such as hardware.slashdot.org.
Most of the major Extensions have a version compatible with FF 57, there are a few holdouts still
Some of the WebExtension replacements for legacy extensions that I use are waiting for Mozilla to make equivalent functionality available. For example, I use Keybinder to disable the Ctrl+Q shortcut that I sometimes press by accident when aiming for Ctrl+W or Ctrl+Tab. The developers of equivalent WebExtensions are waiting on a fix for bug 1325692, which a Mozilla engineer has marked as wontfix for Firefox 57.
A dial, paddle, knob, or wheel is the primarily circular handle of a rotary encoder used as a 1-dimensional input device. The terms "dial" and "paddle" appear to be associated with an encoder that returns absolute position, as opposed to encoders that produce "mickeys", or relative movement counts.
How does a hosts file work once ad networks and ad exchanges start pseudorandomly generating subdomains? Unlike filtering resolvers such as Pi-hole, a hosts file can't use wildcards.
if the permission [to photograph a barcode representing a user account] is refused the other features of the app should continue to work normally.
What would the companion app do without being logged in? If the user refuses the means by which the user logs in, how are the "other features of the app" supposed to authenticate in order to "continue to work normally"? Or would you prefer to require players to key in a 32-digit UUID displayed on the screen?
You were actually saying this somehow encourages people to view video on a smaller device rather than a larger screen.
Or just as importantly, to shift large-screen viewing away from Verizon Wireless to a wired ISP.
I mostly always want a sharp picture.
Though you are a mobile videophile, I imagine that there are few enough other subscribers like you that a service aimed at mobile videophiles would be considered a specialty service. And it's commonplace in the industry to charge extra for specialty services.
In other words, we've narrowed the set of use cases affected by this restriction to where (i) only one person is watching (ii) a short video for which (iii) fine detail is important. We narrow to one viewer because multiple viewers would use a larger display connected to a wired home ISP. We narrow to a short video because long videos make close focus tiring. We narrow to videos for which fine detail is important because 480p is acceptable for other videos.
So I imagine the restriction is caused by congestion on the cell towers, combined with the narrowness of the affected use case as previously established. Would you prefer that phone bills double to cover the purchase of additional land on which to erect more towers?
Email over Internet is exactly as expensive as the Internet connection over which it runs.
That would only be true if all you ever did on the Internet was emailing, making that the sole reason for you to get said internet connection.
It's also true if the user is fully using his cap for purposes other than email. In that case, adding email increases the overage proportional to the data volume of email.
Oh and "unmetered SMS" is something you usually pay extra for.
I am not disputing this. But in the same way, "unmetered data" is also something you usually pay extra for. I was under the impression that more smartphone users in the United States were already paying extra for unmetered SMS than paying extra for unmetered data.
Feel free to believe SMS is as free and decentral therefore resilient as Email is
Feel free to suggest a way to use the service that you call "free and decentral" without incurring additional monthly data use.
And many conservatives would be fine with the Sharia of Moses being the law in the US.
I'd like to see how they'd attempt to answer the following questions to their constituents:
Does God require a low-fat diet? (Lev 3:17) Does eating blood sausage merit exile? (Gen 9:4; Lev 17:10) Is it wrong to wear mixed-fiber clothing? (Lev 19:19) Is it wrong for a man to trim his beard? (Lev 19:27) Jesus has a tattoo (Rev 19:16) in violation of God's law. (Lev 19:28) On what grounds does he get an exception? Is sex with a woman on her period an abomination? (Lev 20:18) Does working on Sunday merit the death penalty? (Num 15:32) If a virgin woman's hymen doesn't bleed her first time she has sex, should she be punished? (Deut 22:20) If a man rapes a woman who's engaged, and it happens in a city, should she be punished too? (Lev 19:20; Deut 22:24) My parents were not married. Am I excluded from participation in public discourse? (Deut 23:2)
And even the atheists would agree that some of the commandments are good laws.
Agreed.
Except for that bit about the Sabbath, the Ten Commandments strongly resemble the Seven Laws of Noah given in the Talmud. As Noah Lamechsson is the Y-chromosomal most recent common ancestor in the mythology of Judaism and Christianity, the laws of Noah are seen as binding on all humankind, even though the 613 commandments of Moses are binding only on the Jewish people. I guess similarity to the laws of Noah might be good reason to separate the Ten from the other 603.
Hmmm... "Jewish"... I seem to remember a past controversy where "Jewish" and "Jews" were rated as more positive than "Jew", causing Google to have to place an ad at the top of certain search results disclaiming responsibility for the views of third parties.
Not if more than one person is in the living room. How convenient is it for the SO, kids, or house guests to watch a video on your phone over your shoulder? In addition, focusing that close for long periods of time is tiring.
What fraction of smartphones have been sold in 2015 through 2017 in a bundle with "a connected full-sized foldable keyboard" or "bluetooth connected full-sized foldable keyboard"? Even if something is available if you know to look for it, most cellular subscribers either don't know to look for it or aren't willing to pay ADA-extortion prices ($595 for a Half Keyboard anyone?) for it.
Why does it have to be not from YouTube?
The "appropriate use" filter on the classroom network forbids access to YouTube, or the national firewall forbids access to all services provided by Google.
And if it for some reason can't be from YouTube, wouldn't it be sufficient to simply download it from YouTube first?
Downloading the video is copyright infringement. A professor can't officially recommend this.
I think you have to honestly look at yourself and if you are not educating or failing these incompetents, you are a bad professor and a part of the problem.
If the administration gives a professor only one semester to cover what ought to be two semesters' worth of information security material, as gweihir described, is a professor who doesn't quit in protest "a bad professor and a part of the problem"?
It doesn't matter: half of them still write injectable queries, even though using "prepared statements" isn't any more complex.
In the majority of cases, I agree that "using 'prepared statements' isn't any more complex." The biggest exception is operator IN, as none of the popular free database engines that I tested support an array as a parameter. Instead, they require each value in the list on the right side of operator IN to be its own parameter, and the application is responsible for building both the (variable-length) list of question mark placeholders and the array of values to be substituted into the equation. It also has to ensure that the order of the question mark placeholders, particularly those that occur before or after the use of operator IN, doesn't fall out of sync with the order of the elements in the array of values, or else the inadvertent use of values intended for operator IN for other parts of the statement or vice versa will end up itself causing a security hole. At some point, if the engine you're using doesn't support named placeholders, a well-tested routine to escape a single array of values for the right side of operator IN becomes safer than using question mark placeholders because of less risk of accidentally mismatching the order of placeholders with the order of values.
Why do companies keep making the same mistakes hiring recent college grads
Might they have been bribed to do so by universities seeking to improve their post-graduation employment percentages?
Companies have champagne taste and a beer budget.
For which they think the rational solution is to seek out equally tasty, equally intoxicating sparkling wines produced outside Champagne.
I think *all* code should go through at least peer review by a senior team member.
If there are more than one programmer at a company, yes. But when (say) a small toy retailer in the Midwest has the budget to hire only one programmer to build its order fulfillment back end, who would review his code? Fortunately, this company's programmer at least takes care to escape HTML, parameterize or whitelist anything going into an SQL query, and require all POSTs to include the session's CSRF token.
You can generate domains all day: Pay 4 'em - they better have some SERIOUS "$" to pay for 1,000's to millions of them (not practical or EVEN POSSIBLE for most doing it).
True, you have to pay for a registered domain. But once you own a registered domain, you don't have to pay more for additional subdomains under that domain.
I haven't built any DNS filtering tools myself, but I understand how Pi-hole works. It's similar to your solution in that it filters DNS, but it's more flexible than a hosts file because it allows wildcards for subdomains.
Malware using a "domain generation algorithm" contains a formula to deterministically calculate registrable domains* that the botnet operator will register in the near future. Those can be predicted through the method described in the paper, and it's rate-limited by the non-zero price of registering a domain, so you might see a new domain every day or so.
The same cannot be said of subdomains,* such 94c22ef3.bigbucksads.example, 08e7061d.bigbucksads.example, 3c068f47.bigbucksads.example, and 0327f573.bigbucksads.example. These are generated in real time and resolved using wildcard DNS, as it costs effectively nothing to register 4.2 billion distinct subdomains of an already existing domain. In fact, the Sandstorm framework uses the subdomain to hold a randomly generated session ID.
* A "public suffix" is one of the labels in Mozilla's Public Suffix List, such as org. A "registrable domain" is defined as a domain name that contains exactly one more label than a public suffix, such as slashdot.org. A "subdomain" is a domain name that contains at least one more label than a registrable domain, such as hardware.slashdot.org.
As of this writing, all four of those intel.malwaretech.com pages display in their entirety "Back soon."
Most of the major Extensions have a version compatible with FF 57, there are a few holdouts still
Some of the WebExtension replacements for legacy extensions that I use are waiting for Mozilla to make equivalent functionality available. For example, I use Keybinder to disable the Ctrl+Q shortcut that I sometimes press by accident when aiming for Ctrl+W or Ctrl+Tab. The developers of equivalent WebExtensions are waiting on a fix for bug 1325692, which a Mozilla engineer has marked as wontfix for Firefox 57.
Loss of Ctrl+Q blocking causes data loss.
A dial, paddle, knob, or wheel is the primarily circular handle of a rotary encoder used as a 1-dimensional input device. The terms "dial" and "paddle" appear to be associated with an encoder that returns absolute position, as opposed to encoders that produce "mickeys", or relative movement counts.
How does a hosts file work once ad networks and ad exchanges start pseudorandomly generating subdomains? Unlike filtering resolvers such as Pi-hole, a hosts file can't use wildcards.
if the permission [to photograph a barcode representing a user account] is refused the other features of the app should continue to work normally.
What would the companion app do without being logged in? If the user refuses the means by which the user logs in, how are the "other features of the app" supposed to authenticate in order to "continue to work normally"? Or would you prefer to require players to key in a 32-digit UUID displayed on the screen?
The other part is to define what mechanics make Battlefield different from the dozen other active FPSes with tolerated fan-run servers.
Color the blood the same color as the attacking team's uniform color, and it'll look more like paintball. How is paintball hate speech?
Well, what would you do?
Build a free as in speech FPS game in the same genre from the ground up.
You were actually saying this somehow encourages people to view video on a smaller device rather than a larger screen.
Or just as importantly, to shift large-screen viewing away from Verizon Wireless to a wired ISP.
I mostly always want a sharp picture.
Though you are a mobile videophile, I imagine that there are few enough other subscribers like you that a service aimed at mobile videophiles would be considered a specialty service. And it's commonplace in the industry to charge extra for specialty services.
Jewish homosexuals.
If the Bible is part of its training set, the result is likely to be "Detestable, deserving death."--Leviticus 18:22, 20:13.
In other words, we've narrowed the set of use cases affected by this restriction to where (i) only one person is watching (ii) a short video for which (iii) fine detail is important. We narrow to one viewer because multiple viewers would use a larger display connected to a wired home ISP. We narrow to a short video because long videos make close focus tiring. We narrow to videos for which fine detail is important because 480p is acceptable for other videos.
So I imagine the restriction is caused by congestion on the cell towers, combined with the narrowness of the affected use case as previously established. Would you prefer that phone bills double to cover the purchase of additional land on which to erect more towers?
Email over Internet is exactly as expensive as the Internet connection over which it runs.
That would only be true if all you ever did on the Internet was emailing, making that the sole reason for you to get said internet connection.
It's also true if the user is fully using his cap for purposes other than email. In that case, adding email increases the overage proportional to the data volume of email.
Oh and "unmetered SMS" is something you usually pay extra for.
I am not disputing this. But in the same way, "unmetered data" is also something you usually pay extra for. I was under the impression that more smartphone users in the United States were already paying extra for unmetered SMS than paying extra for unmetered data.
Feel free to believe SMS is as free and decentral therefore resilient as Email is
Feel free to suggest a way to use the service that you call "free and decentral" without incurring additional monthly data use.
That's why I mentioned close focus. It's tiring to keep your eyes focused a foot from your face for two hours.
And many conservatives would be fine with the Sharia of Moses being the law in the US.
I'd like to see how they'd attempt to answer the following questions to their constituents:
Does God require a low-fat diet? (Lev 3:17)
Does eating blood sausage merit exile? (Gen 9:4; Lev 17:10)
Is it wrong to wear mixed-fiber clothing? (Lev 19:19)
Is it wrong for a man to trim his beard? (Lev 19:27)
Jesus has a tattoo (Rev 19:16) in violation of God's law. (Lev 19:28) On what grounds does he get an exception?
Is sex with a woman on her period an abomination? (Lev 20:18)
Does working on Sunday merit the death penalty? (Num 15:32)
If a virgin woman's hymen doesn't bleed her first time she has sex, should she be punished? (Deut 22:20)
If a man rapes a woman who's engaged, and it happens in a city, should she be punished too? (Lev 19:20; Deut 22:24)
My parents were not married. Am I excluded from participation in public discourse? (Deut 23:2)
And even the atheists would agree that some of the commandments are good laws.
Agreed.
Except for that bit about the Sabbath, the Ten Commandments strongly resemble the Seven Laws of Noah given in the Talmud. As Noah Lamechsson is the Y-chromosomal most recent common ancestor in the mythology of Judaism and Christianity, the laws of Noah are seen as binding on all humankind, even though the 613 commandments of Moses are binding only on the Jewish people. I guess similarity to the laws of Noah might be good reason to separate the Ten from the other 603.
Hmmm... "Jewish"... I seem to remember a past controversy where "Jewish" and "Jews" were rated as more positive than "Jew", causing Google to have to place an ad at the top of certain search results disclaiming responsibility for the views of third parties.
really, Slashdot? One instance of [the N word] and I hit the lameness filter?
It has more to do with past trends of $#!+posting by the fan club for a 1992 Danish blaxplotation film.
Physically smaller, physically closer.
Not if more than one person is in the living room. How convenient is it for the SO, kids, or house guests to watch a video on your phone over your shoulder? In addition, focusing that close for long periods of time is tiring.
What fraction of smartphones have been sold in 2015 through 2017 in a bundle with "a connected full-sized foldable keyboard" or "bluetooth connected full-sized foldable keyboard"? Even if something is available if you know to look for it, most cellular subscribers either don't know to look for it or aren't willing to pay ADA-extortion prices ($595 for a Half Keyboard anyone?) for it.