HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kaimalcolm

no profile record

Submissions

CDNs don't work -Vercel CEO

twitter.com
3 points·by kaimalcolm·2 anni fa·1 comments

Managing Latency Is Like Workplace Risk Mitigation

kaimalcolm.com
4 points·by kaimalcolm·2 anni fa·0 comments

Some cloud-agnostic thoughts

kaimalcolm.com
2 points·by kaimalcolm·2 anni fa·0 comments

[untitled]

2 points·by kaimalcolm·3 anni fa·0 comments

TikTok appears to have been breached

twitter.com
2 points·by kaimalcolm·4 anni fa·1 comments

comments

kaimalcolm
·2 anni fa·discuss
Though the re-construction of the pattern is effectively impossible, I think you raise a good point regarding the use of NFC. The article mentioning a cloud database was a red flag for me as it introduces another attack vector. Sure, it's not as simple as replacing the tag as you can with RFID, but we know the counterfeiters will go to impressive lengths to replicate the real deal. If verification can be all-local that's ideal, imo. The issue there, though, is that you then need to trust either the scanned or scanning device with a private key. A private key that, if obtained, could be used to create infinite counterfeits. Either way, I think this glue-based method is a great solution, even if it does rely on a cloud service which is dependent on the company that maintains it.
kaimalcolm
·4 anni fa·discuss
Has this not been the case for a while? I think I've been getting /maps for at least the past year.
kaimalcolm
·4 anni fa·discuss
Then if that’s the case, the author should have been paid a full payout, not a “thanks for making us fix this” payment.
kaimalcolm
·4 anni fa·discuss
Appalling handling on Google’s end here. The duplicate issue part I can understand, but why should it take two reports of a critical vulnerability to take action? Surely when the first one comes through it’s something you jump on, fix and push out ASAP, not give delay to the point where a second user can come along, find the bug, and report it.

The refactor that’s mentioned towards the end of the article is great, but would you not just get a fix out there as soon as possible, then work on a good fix after that? For a company that claims to lead the way in bug bounty programs this is a pretty disappointing story.
kaimalcolm
·4 anni fa·discuss
My question then is, would/will the same fact-checking apply to a different government that Musk does support? He’s been pushing for this equal fact checking and equal platform for both parties, but as far as I can tell we’re not seeing these banners anywhere on politics Twitter besides official government accounts.
kaimalcolm
·4 anni fa·discuss
Unconfirmed at this point - more info: https://twitter.com/troyhunt/status/1566565409939427328?s=21...
kaimalcolm
·4 anni fa·discuss
To say the author "intentionally created" an environment where cheating is commonplace I think may be a little unfair to them. Whether they run a given course online or in person is almost certainly well above their pay grade. While the situation was far from ideal and I believe he may have been too lenient in some situations (the plagiarism on the academic integrity assignment for one), at the end of the day he made the best of a very bad situation. No doubt, in-person exams as you described are the most cheat-proof way, but in a scenario where the author has no say in this, it's not a terrible outcome. Look at the semester following the one with widespread cheating - he made significant changes based on the past issues and in the process managed to eliminate a lot of the issues.