A security company should prioritize investments (I.e. development time) depending on a threat model and risk management, not based on what random people think.
sudneo
joined 8 months ago
I am a security professional. I would personally not care less to make the distinction, as both are very generic terms that are used very liberally in the industry.
So I don't see any reason not to call this hacking. This was not an intended feature. It was a gap, which has been used to perform things that the application writer did not intended (not in this form). If fits with the definition of hacking as far as I can tell. In any case, this is not an academic discussion, it is a security advisory or an article that talks about it.
Lack of rate limiting is a code vulnerability if we are talking about an API endpoint.
Not that discussion makes any sense at all...
Also, "not securing" doesn't mean much. Security is not a boolean. They probably have some controls, but they still have a gap in the lack of rate limiting.
Public financing of the press, newspapers stopping being garbage and selling subscriptions like they have always done, pay per article (cents), donations. Just some ideas of economically viable alternatives. There are good niche newspapers which survive with such models, it's not like I am making it up.
I would say the opposite: advertising alone is not sustainable for the press because it creates wrong incentives (grab attention, clicks). This is why 90% of newspapers have the same garbage, short, generic articles. This is why you get rage baits, fake news etc. too, to some extent. So yes, you get websites online, but you get no information...
Also in Italy, but I think once the data protection agencies will get on it, it will be forbidden. It will take some time, but there is no way that's a legitimate use of consent.
The GDPR says that if you use consent as the legal basis for processing data, such consent must be free. This means that there cannot be consequences if you give or not give the consent. If there are, then the consent is not free anymore. Paying money for a service is absolutely legal, obviously, what probably is not legal is extracting your consent by offering you a discount (which is the flipside of "pay to avoid tracking").
I just wanted to specify a bit, not that you said anything incorrect.
No sorry, you said name as in the person's name, I did not understand "username".
I am not sure I understood. You called some mod by name and they removed the comment? If that's the case, I perfectly understand and agree with the decision tbh.
That said, this is a general argument, not referred to any particular mod. I think that many people get angry when their content is moderated and they might want to harass/argue/avenge against the mod who took that action.
You need to learn what abstraction is, my friend. I am not speculating. Quite the opposite. I am saying that you like to think the world works according to precise laws that you can use to predict the future. This is why you are arguing in multiple comments that "they would have...", as if people are NPCs with 3 different behaviors and the outcomes are predetermined so it's just a matter of choosing.
The reality is simple: you, me, nobody can know for sure what " would have happened" if history happened differently. This is a methodological issue, not a discussion on the merits of your speculation.
I don't know if nuclear bombs caused less deaths than the millions of other potential courses of actions, and neither do you, neither does anybody else. I don't know if Israel wiping off Gaza from the map potentially saved thousands of lives in future conflicts. You see the problem?
Now, before assuming that everyone else is an idiot and that you are the only smart one in the room, you might want to try a little harder to understand the point of your interlocutor, considering we are also discussing in what (I assume) is your native language but not mine. If you didn't understand so far that my critique is in the method, not in the merits, of your claim, then I agree, there is nothing to talk about.
I just made an example of speculating on future occurrences to justify concrete actions that instead happened. In fact, the entire comment was about the general idea of considering history deterministic, not about the specific atomic bomb event...
And where is the count of deaths in the different timeline?
Look, my point is simple: human history is not deterministic and we simply can't know what happens tomorrow like if we were predicting the laws of phisics. Maybe there were other 100 different course of actions leading to as many outcomes.
You can analyze what happened, but it's foolish to say "this was better because the alternative would have led to". You can only analyze and discuss what happened, otherwise anything can be justified with "it wouldn't have been worse".
"this genocide was good, because without it the oppressed population would have led to civil war and many more deaths".
Privacy is not anonimity though. Privacy simply means that private data is not disclosed or used to parties and for purposes that the data owner doesn't explicitly allow. Often not collecting data is a way to ensure no misuse (and no compromise, hence security), but it's not necessarily always the case.