> Due to the use of static keys, an authenticated attacker can trick the server into deserializing maliciously crafted ViewState data.
Many years ago I was shocked that ASP.net will deserialize arbitrary (potentially unsafe) objects from the client and relies on signatures to ensure that parameters sent by the client were in fact round-tripped via HTTP POST from the same server.
> First day of first grade, I found out no one could competently read a sentence.
Isn't the standard expectation that children enter first-grade completely illiterate? I remember learning how to read and write letters one per lesson in first grade.
I'd guess that maybe 5% are taught to read by parents?
> > SpaceX Is Lobbying Against Amazon’s Internet-Beaming Satellites
> Amazon is trying to get a waiver to FCC rules that companies like SpaceX and OneWeb had to follow.
Title is more than a little misleading. Space is a highly regulated business (for many good reasons) and forcing your competitors to comply with the rules is a very valid strategy.
> You can't force a shop owner to sell his products to you if he doesn't want to.
Yes you can, for example in cases of racial segregation.
But this refusal seems to be based on anti-trust regulation and it seems that Turkey won't be able to further penalize Google for this. People seem to be upset that a company can refuse to comply with the law and showing a sovereign government the finger.
But there is even a precedent for this: Google also refused to cooperate with Chinese search censorship and retreated from that market.
> Picking an arbitrary limit less than 232 is certainly safer for many reasons, and very unlikely to impact real usage. We already have some real limits well below 106 (such as if/else depth and recursion limits).
> A range of -1,000,000 to 1,000,000 could fit in 21 bits and that three of those values could be packed into a 64-bit word.
In theory this could bring security and performance benefits. In practice if you claim to be limited by MAX_UINT you're likely to encounter issues if you try to close to that limit without very careful coding around overflow.
I'm pretty sure that twitter also tracks what you read even if you don't publish anything. I also remember there was no way to hide the list of people you follow?
> It’s economically productive for the 1% to maintain a trade relationship with China.
This leading argument is not specific to China at all and would equally apply to India and most poor countries. Severing trade with all those countries would severely hurt their economies and their citizens.
It's the same logic behind "dey terk er jerbs" but somehow made reasonable by throwing accusations of fascism.
> A Google spokeswoman said the company is investigating the employees who were placed on leave. One of them had searched for and shared confidential documents outside the scope of their job, while the other tracked the individual calendars of staff working in the community platforms, human resources, and communications teams, she said. The tracking had made the staff in those departments feel unsafe, the spokeswoman said.
This sounds like actual harassment of individual employees who happen to work in a department that is seen as "the enemy".
> We were lulled into letting him make key architecture decisions in isolation, because no one else was awake or online at the same time to discuss them.
That sounds like a process rather than schedule issues: important architectural decisions shouldn't be performed "on the spot" but only after some sort of discussion. Preferably in writing.
> If he refactored the codebase in the middle of the night to make his job easier, the other team members were all forced to work around his refactor.
Don't you do code review? People shouldn't be able to push code without another person looking over it.
These issues would also apply to remote or off-shore workers.
> And yes - the list quoting rules are weird! No doubt about that.
Lists might be "native" in the sense that the interpreter knows how to deal with them but in the data model there is no distinction between a "string" and a "list of strings". A list is just a space-separate string with quoting rules and the difference is entirely in manipulation.
It's easy to make quoting mistakes so a program might start breaking when arguments contains spaces: this almost never happens in languages other than shell.