Realistically tens of millions at best. Assuming the Bloomberg campaign hires 200 people for this strategy (the article states "hundreds") it would take 167 years for him to spend $1 billion on it.
I'm familiar with the off-label discussion, but what number of these off-label uses were discovered by treating coinciding conditions in patients? How many were last ditch attempts when other treatment options either don't exist or failed?
I'm not suggesting that current regulation by the FDA isn't flawed, or that it doesn't need an overhaul, but I think it's clear that there should be some proof that efficacy studies were done before a drug becomes widely available, especially when the potential damage done by a failed treatment is so high. The current opioid crisis has completely eroded any faith that the pharmaceutical industry is capable or willing to regulate itself.
Are you suggesting when a new drug hits the market doctors should just try it out on a few patients to see if actually does what it says it does? If only there was some way this sort of trial and error could be performed before a drug was widely available, in a controlled environment...
This has to be some of the thinnest gruel I've read in a while. The entire premise of the article is that the "dark side" of WebAssembly is that "security" products can't do string matching against compiled code.
Case 1: People can write scams that "security" products can't block because WebAssembly somewhat obfuscates the code. The comparison to scanning WASM in a "security" product is like opening an executable in a text editor is laughable.
Case 2: People can write website keyloggers in WASM and it will be obfuscated against "security" products. Alternatively the bad guys could just obfuscate plain old JavaScript, or any number of other techniques to exfiltrate data. If people are executing malicious WASM on your website you're already owned.
The only one of their points that has any merit is that WASM implementations increase the attack surface of the browser. This is ostensibly true, as do all new features. Fortunately the major browser vendors have competent engineers dedicated to testing their software for vulnerabilities.
Like perhaps a gauge that could indicate how much fuel is remaining in your tank? They could even include a little light next to the gauge that comes on when you're really low.
Except, as others have pointed out, there are documented cases of ISPs hijacking DNS traffic, even for people who have configured their client to use resolvers other than their ISP, which is possible because of DNS's lack of authentication or encryption.
Besides, I don't see how adding an option for DoH to Firefox is centralizing anything, you're free to set the DoH URL to whatever you like, and you're free to run your own DoH resolver, just like you're free to run your own vanilla DNS resolver.
Reading the first article I was left with the impression that the author's team switched to Kotlin just for the sake of switching to Kotlin, tried their darndest to write it like it was Java, and then was just upset that it wasn't Java.
That's just stupid. Obviously the product has some value for you or you wouldn't be using it, and telemetry is a practically zero effort way for you to help improve it.
Note, when we're talking about telemetry we're not talking about tracking your time on a site to show you ads, we're talking about tacking bugs you encounter so they can be fixed.
I've left a comment on your github issue, but the tl;dr is that the encryption document doesn't seem to reflect the code. The comment in the ruby test case suggests that the actual step is 'E = hash( Z2 + R )' instead of 'E = hash( Z2 + D )' where 'R' is the user's randomly generated 'AssignedKey' and 'D' is the masked HSM ciphertext 'KMS(R) ^ Z2'.
Perhaps somewhere during implementation someone realized the document doesn't make sense as written.
Let's not forget that the commentor is named 'dmcahelper' with a profile description which reads 'Help all parties understand and resolve DMCA issues efficiently and effectively to minimize file and repository impacts.' And as far as I can tell the account's only activity has been to comment on EasyList.
Doesn't seem very borderline to me, looks like a blatant attempt to confuse the issue by pretending to be some sort of authority.
Before you get too defensive consider that they said they'd 'recommend' the author remove the joke, not that it has to go. That's how constructive criticism works.
I think the comment can be better interpreted as 'the tone of the article could be improved, in my opinion, if the author would remove the joke about sexual harassment at the end'