HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kaimalcolm

no profile record

Submissions

CDNs don't work -Vercel CEO

twitter.com
3 points·by kaimalcolm·2 года назад·1 comments

Managing Latency Is Like Workplace Risk Mitigation

kaimalcolm.com
4 points·by kaimalcolm·2 года назад·0 comments

Some cloud-agnostic thoughts

kaimalcolm.com
2 points·by kaimalcolm·2 года назад·0 comments

[untitled]

2 points·by kaimalcolm·3 года назад·0 comments

TikTok appears to have been breached

twitter.com
2 points·by kaimalcolm·4 года назад·1 comments

comments

kaimalcolm
·2 года назад·discuss
Though the re-construction of the pattern is effectively impossible, I think you raise a good point regarding the use of NFC. The article mentioning a cloud database was a red flag for me as it introduces another attack vector. Sure, it's not as simple as replacing the tag as you can with RFID, but we know the counterfeiters will go to impressive lengths to replicate the real deal. If verification can be all-local that's ideal, imo. The issue there, though, is that you then need to trust either the scanned or scanning device with a private key. A private key that, if obtained, could be used to create infinite counterfeits. Either way, I think this glue-based method is a great solution, even if it does rely on a cloud service which is dependent on the company that maintains it.
kaimalcolm
·4 года назад·discuss
Has this not been the case for a while? I think I've been getting /maps for at least the past year.
kaimalcolm
·4 года назад·discuss
Then if that’s the case, the author should have been paid a full payout, not a “thanks for making us fix this” payment.
kaimalcolm
·4 года назад·discuss
Appalling handling on Google’s end here. The duplicate issue part I can understand, but why should it take two reports of a critical vulnerability to take action? Surely when the first one comes through it’s something you jump on, fix and push out ASAP, not give delay to the point where a second user can come along, find the bug, and report it.

The refactor that’s mentioned towards the end of the article is great, but would you not just get a fix out there as soon as possible, then work on a good fix after that? For a company that claims to lead the way in bug bounty programs this is a pretty disappointing story.
kaimalcolm
·4 года назад·discuss
My question then is, would/will the same fact-checking apply to a different government that Musk does support? He’s been pushing for this equal fact checking and equal platform for both parties, but as far as I can tell we’re not seeing these banners anywhere on politics Twitter besides official government accounts.
kaimalcolm
·4 года назад·discuss
Unconfirmed at this point - more info: https://twitter.com/troyhunt/status/1566565409939427328?s=21...
kaimalcolm
·4 года назад·discuss
To say the author "intentionally created" an environment where cheating is commonplace I think may be a little unfair to them. Whether they run a given course online or in person is almost certainly well above their pay grade. While the situation was far from ideal and I believe he may have been too lenient in some situations (the plagiarism on the academic integrity assignment for one), at the end of the day he made the best of a very bad situation. No doubt, in-person exams as you described are the most cheat-proof way, but in a scenario where the author has no say in this, it's not a terrible outcome. Look at the semester following the one with widespread cheating - he made significant changes based on the past issues and in the process managed to eliminate a lot of the issues.