You don't need prepared statements. The fix is parameter binding: submitting parameters separate from the SQL statement itself, separating code from (user) data.
> The analogous mitigation for agents is to have fixed behaviors they can perform, such as “read repo 1” “read repo 2”, etc., and the user input is used as data to select which of these fixed behaviors to execute.
No, that only deals with some special issues. It also doesn't separate code and (user) data, so it's not the same issue.
Having only limited actions is akin to using more restrictive database permissions. That also makes SQL injection no longer relevant: only SQL statements can be executed that the user is allowed to run either way.
> yet with enough developer elbow grease they can do all the same things an LLM can do, with much higher reliability
Where can I access such a Lisp expert system?
If I cannot because they don't exist: then they cannot do the same things an LLM can do. And of course one can assert anything and everything about what a non-existing thing could do.
> In practice the only place it shows up is if you are using "ssh -X". That uses the security extension by default. Which is why there is also a "ssh -Y" that disables it for applications that it breaks.
Unless your distro changes the default to make "ssh -X" and "ssh -Y" behave the same which popular distributions do.
> But granting full rights to distro-provided programs like vim or xeyes is perfectly sane.
You mean run everything distro-provided as root?
There are reasons systems don't do that any more. Even distro-provided services are often setup in a way to no run with full rights. Can you imaging reasons why this is done?
What was neglected is doing the same on user level, which should be done for pretty much the same reasons.
> Ok, but what about those shady sites that resell Windows education keys?
Yes, they are fine? They might no longer include full first party support by Microsoft for not being "new". Same as buying a used car (also comes with the "shady sites" for a far longer time).
Though this not making any difference by Microsoft not doing any support either way to make more money is a business decision by Microsoft.
> China aren't offering a cheaper solution. They are subsidizing an existing one
So basically like US companies subsidizing offerings with selling user data, ads for crypto scams, manipulation for elections, making people addicted to gambling and so on?
Seems fair and an improvement as you can choose between that and not. Unlike say offerings from Meta where the data selling and efforts to further gambling addiction is always included.
> all system calls had to go through libc (or perhaps a big ntdll.dll-like
Which makes containers crap on Windows and *BSD as they have to run the currect libc or equivalent. Thus you need to build a different container per OS version which sucks compared to Linux.
Yes, many developers give nothing about even basic security.
That's why we still have every basic security issue like hardcoded passwords, SQL or other injections, XSRF and so on repeated on an endless loop. Even if they are trivial to avoid.
> CORS is threat model used for when you can't trust your self.
No. But many lack basic understanding of web technologies or facts like that a browser can be used to access more than a single site. This leads to not understanding what problems cross-site requests can cause and thus the impossibility of understanding what CORS is for.
You don't need prepared statements. The fix is parameter binding: submitting parameters separate from the SQL statement itself, separating code from (user) data.
> The analogous mitigation for agents is to have fixed behaviors they can perform, such as “read repo 1” “read repo 2”, etc., and the user input is used as data to select which of these fixed behaviors to execute.
No, that only deals with some special issues. It also doesn't separate code and (user) data, so it's not the same issue.
Having only limited actions is akin to using more restrictive database permissions. That also makes SQL injection no longer relevant: only SQL statements can be executed that the user is allowed to run either way.