Ah yes, “divests” when the stock is at an all-time high price point. I’m sure that hurt them so much.

And then, because you were never in a classroom and never took a class on security, you probably have no idea what a buffer overflow attack is or how to use tools like valgrind to check for them.

Then you put your C code on the internet and get your server pwned inside of an hour.

Slightly hyperbolic? Yes definitely. But there is a reason we don’t teach C to beginners anymore. Generally you want them to understand the mindset of coding before throwing them in the deep end. And I would bet nothing has caused more people to quit programming then Segmentation fault: core dumped

Pick a popular online service with a public API and write some scripts that integrate with them. Learn by doing.

In my (non-expert) opinion, there are a few reasons

1. NPM is more popular than those other services by an order of magnitude, especially among new developer and startups.
2. NPM allows for code to be executed while you install the package which is different from maven or nuget and allows for easy exploitation paths

This works until you scale the team beyond 1 person and someone else needs to decipher the 30 line awk | sed | xargs monstrosity you created. Give me a real programming language any day.

Mods of communities can already see votes in communities they moderate. Admins of instances can already see votes on all content.

Incorrect. The app was baked into the Pixel firmware from Google, not a manufacturer specific OEM.

There are a few ways that the court can get this money. Disclaimer I am not an expert in bankruptcy law.

The most obvious one is what you said. The court can order the company’s assets to be liquidated and then the proceeds of the sales would be distributed proportionally among the creditors.

Next they can go after the perpetrators like Sam Bankman-Fried and his crew. If they have any personal assets that they acquired as a result of their criminal activity at FTX, the court may be able to take some of that money to pay creditors.

Lastly is “clawbacks”. Let’s say you invested $1,000,000 in FTX and you were one of the lucky ones and happened to withdraw $10,000,000 in proceeds during the height of the scam. The court could claw back up to $9,000,000 from you since all of those proceeds were the result of a scam, even if you had no idea that FTX was shady. This is typically how the courts recover money from ponzi schemes like Bernie Madhoff

For small apps, generating it in the backend, trying to insert it, and then catching the exception should be totally fine. The odds of collision are quite small.

I personally feel UUIDs are overused unless you happen to be running truly distributed systems that are all independently generating IDs.

In this case where the ID is also going to be in the URL, you’ve just added 32 characters to the URL that don’t need to be there. Since OP is apparently concerned with the look and feel of the URLs, I thought that UUIDs wouldn’t be the best option.

You could also just use a random non-numeric primary key. For example you could generate a string of 8 random characters + numbers. That would give you well over 2 billion possible IDs.

That mismatch between DMARC verification domain and the domain of the “from” header is called DMARC Alignment. Any modern spam filter is going to mark unaligned messages as spam. Especially if one of the domains is completely non-routable like .onion.

And even if you sent the email and it got through with your .onion address, no one would be able to reply to you because the replying mail server can’t even look up the MX record for your .onion domain.

TL;DR you can send emails from .onion addresses if you want, but no clearnet server is going to accept them.

So when you send an email, you can actually put whatever you want in the from header. I could send an email that says from “[email protected]”. The protocol doesn’t care.

Do you know who does care? The email server you’re sending messages to, because spammers and scammers love to try and send email with fake from addresses.

So, there’s an entire verification system in place that involves looking up public keys from the website that the email claims to be from. (this is a gross over simplification. Look up SPF, DKIM, and DMARC for more info). The problem is you can’t even reach .onion sites from the clearnet to do the lookups. So no email servers would be able to validate your address is legitimate and so would drop it as spam.

This has nothing to do with email as a protocol. The court order discussed in the article asked for the recovery email address of an account. No actual email data was transferred.

For most transmissions of digital information (even those here on earth) there’s a concept of a “checksum”. Basically at the end of every message, there’s a special number, and you can do some math on the rest of the message to get that same number. If anything happened to change or damage the message in transit, the math doesn’t work out and so the checksum fails.

I would assume Voyager works in a similar way so every time it receives a message it will compute the checksum and see whether it matches

Removed by mod

It’s perfectly normal for your computer to have daemons.

You should definitely set up a DMARC record to prevent other people from using your email domain to send spam. If you don’t have DMARC configured, other email servers will give any senders the benefit of the doubt and accept mail that claims to be from your domain.

You can just set the DMARC record to reject 100% of unverified mail and call it a day. Since you aren’t sending anything it won’t affect you.

The ideal solution is to have one identity provider and then use Single Sign-On (SSO) to authenticate your users to all of their other apps. All of the big identity providers (Microsoft, Google, Okta, etc) support security keys.

I recognize that it might not be feasible to use SSO for all of your apps as a small business; a lot of SaaS platforms unfortunately charge extra for SSO. That being said my advice would be use SSO whenever possible for your apps and include SSO availability in your decision-making process for purchasing new software.

For those apps that do not support SSO, my advice would be to either compensate employees for using their personal devices for work or give them corporate devices that are only used for work things.

“Embargo” sure is a funny way to say “launching pirate raids and missiles”.