For many events, the demographics lean toward age groups where people have jobs with work schedules that aren't known more than a few weeks in advance. The initially planned friend group (e.g., four people) can have little overlap with who is actually free on the event date and actually attends. Also, if the event has assigned seating, people buying their own tickets typically has the adverse outcome that you can't sit together.
Most flights are available at high frequencies (on the order of days, weeks) compared to concerts (once a year or so). You also don't care as much about sitting together on a plane.
I disagree, if you can't get seats with your friends in a concert, you might just not go because the social aspect is part of the experience, but if you can't get neighboring seats on a plane, you'd (or at least I would) just tolerate it since you would still get to be together at the main event (the destination).
feature request: AI-based risk analysis, with a model of which types of commercial vehicles at that location are likely to be controlled by organized crime
It is discuused here: https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-De... - the HPN-SSH maintainer says "I do have an issue with [the OpenSSH 9.6] release in that it breaks interaction with HPN-SSH. The client seems to be window limited to 2MB sending regardless of what is being advertised by the receiver."
for "Thats exactly what we will be doing initially! Our tablets taste much better than Bite!" I might go with the brand "habitablets" and the tagline "where self-care meets planet-care"
the idea is that "habitablets" are a type of "tablets" that (when widely adopted to reduce packaging waste and shipping waste) will ultimately make our planet more "habitable"
Suppose you have office space in the jail, and give him (or anyone else) the opportunity to apply for remote jobs at anyplace willing to hire him - with the caveat that he loses office access unless he demonstrates that he's maximizing his potential to earn money, all of which will go directly to compensating victims. (Assume that he can't have Zoom calls with arbitrary colleagues of his choice. He can only have Zoom calls with Bill Lumbergh.)
I appreciated the links to the audit, but your quote was misleading to me when taken out of context like you did. I interpreted it as basically saying that the author couldn't or wouldn't address the issues identified. The full quote was:
> The upstream
author doesn't have enough resources to address them on its own and wants to
develop fixes in the open. Therefore I have created GitHub issues in the
upstream project and publish the full report today.
I.e. the "and wants to
develop fixes in the open" part left me with a very different interpretation from when I first read your comment.
These issues are pretty recent. I would greatly appreciate sponsorship to address issues faster: https://github.com/sponsors/schollz or just help with PRs.
Just wanted to say that Croc is one of the most reliable and straightforward file transfer tools I’ve ever used. It worked so well that I used it for Android (via Termux) to Windows transfers regularly. I only wish there was a way to use it on iOS but I imagine that’s challenging.
Thanks for the kindness :) I use it the same way actually! I don't use any Apple products so that's the major roadblock for me to develop against iOS...
Yes, I subscribe to Daniel Stenberg's RSS feed and have seen his many articles bemoaning excessive classification of bugs as vulnerabilities. One of these bugs, however, show serious cryptographic deficiencies. Unfortunately there are a lot of cryptography amateurs making stuff without a proper understanding ond making grandiose claims, so my default stance is one of skepticism unless reputable cryptographers have looked at it.
I use wormhole-william, the Go version of the Python magic wormhole, and age, mostly because of this Latacora endorsement:
What data is stored about an employee's justification for viewing a customer account? Is there an enumerated set of justifications such as "direct customer inquiry" versus "to be used for upselling other banking products" versus "IT debugging" etc. or is it free-form text? Is the justification process more complex if the bank knows that the customer is a public figure, celebrity, or maybe anyone who meets Wikipedia'a notability requirements?
Years ago, many decisions to hide error details were a cargo cult reaction to CVE-2012-4929. To review, CVE-2012-4929 works like this:
1. the attacker can see (but not decrypt) the victim's TLS traffic to example.com
2. an attacker-controlled website makes the victim send many different invalid requests to example.com, each of which gets an error message
3. some data in each request is attacker-controlled, but authentication data in headers is filled in by the victim's browser
4. example.com compresses response data before encrypting it
5. because repetitions affect compression, the response size is smallest when the authentication data matches part of the attacker-controlled data
6. after enough requests, the attacker knows the authentication data to login to example.com as the victim
One workaround for CVE-2012-4929 was to set up the server so that an error message never depended on the request data. Before CVE-2012-4929 was announced, people thought it was sufficient to sanitize the error message (i.e., avoid XSS) but CVE-2012-4929 prompted a shift toward producing exactly the same error message for all invalid requests. (Not sure, but I think this was the original motivation for Google's famous "That's an error. That's all we know." messages.)
There were better CVE-2012-4929 defenses later, but the cargo cult had already formed. (Some subset of) a generation of developers believed that customized error messages were Very Bad because they enabled account takeover.
