80 Matching Annotations
  1. Feb 2024
    1. Harold Abelson, Ross Anderson, Steven M Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G Neumann, Ronald L Rivest, Jeffrey I Schiller, Bruce Schneier, Vanessa Teague, Carmela Troncoso, Bugs in our pockets: the risks of client-side scanning, Journal of Cybersecurity, Volume 10, Issue 1, 2024, tyad020, https://doi.org/10.1093/cybsec/tyad020

      Abstract

      Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.

      Right off the bat, these authors are highly experienced and plugged into what is happening with technology.

  2. Dec 2023
    1. Note that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled. It is important that your app secret is never shared with anyone. Therefore, this API call should only be made using server-side code.
  3. Oct 2023
  4. Jul 2023
  5. Jun 2023
    1. In Deutschland werden durch das LNG-Gesetz Überkapazitäten für den Import von Flüssiggas geschaffen, wobei gleichzeitig bisher geltende Regeln für Umweltprüfungen außer Kraft gesetzt werden. Francesca Mascha Klein kommentiert diese Entwicklung und weist darauf hin, dass der LNG-Ausbau den Klimazielen deutlich widerspricht und auch durch seine erheblichen internationalen Auswirkungen, z.b auf das fracking den Weg in die klimakrise beschleunigt

      https://taz.de/Streit-ueber-LNG-Terminals/!5934569/

  6. May 2023
  7. Apr 2023
  8. Mar 2023
  9. Feb 2023
    1. The official Bambora Ruby library is not thread-safe. This means you will run into errors when using it with Sidekiq or Puma. This gem is a thread-safe client for the Bambora and Beanstream APIs.
  10. Jan 2023
  11. Dec 2022
    1. Postgres itself is a database “server.” There are several ways to connect to Postgres via “clients,” including GUIs, CLIs, and programming languages often via ORMs
    1. Dilemma: Do I use this unofficial library with its really nice idiomatic API or the official library (https://github.com/mailgun/mailgun-ruby) with its inferior API?

      I wish this one was still/better maintained because I'd much rather use this API, like: @mailgun.lists.create "devs@your.mailgun.domain" @mailgun.lists.list @mailgun.lists.find "devs@your.mailgun.domain"

      but it's not maintained, and looks like it doesn't have the word events in the source at all, so it's missing any way to use the Events API. :(

  12. Nov 2022
    1. It seems to me that they hide behind progressive social stances and say "see we're nice guys!" when they're just as rude and indignant than any other group.
    1. generate Prisma Client which provides a programmatic and type-safe API to read and write data in the shape of your application models
  13. Aug 2022
    1. I'm building a Rails API with a separate web frontend app as "just another API client" (various smartphone apps to follow as well). In the previous "monolithic" version of the service, where all the server side was rolled into one Rails app
  14. May 2022
  15. Feb 2022
    1. Sending secure email is one of the questions we hear more and more. This is a result of an increasing number of email security risks, hacks and other threats. So you're not the only person wondering, "How to send secure email in Gmail? (or any other public email service for that matter?") You'll find the answer in this article. This article concludes with a link to a free encrypted email service First check whether you meet the conditions.

      How to send secure email (in Outlook)? Sending secure email is one of the questions we hear more and more. This is a result of an increasing number of email security risks, hacks and other threats. So you're not the only person wondering, "How to send secure email in Gmail? (or any other public email service for that matter?") You'll find the answer in this article. This article concludes with a link to a free encrypted email service First check whether you meet the conditions.

  16. Jan 2022
  17. Jun 2021
  18. May 2021
  19. Mar 2021
    1. The HTML5 form validation techniques in this post only work on the front end. Someone could turn off JavaScript and still submit jank data to a form with the tightest JS form validation.To be clear, you should still do validation on the server.
    1. Therefore client side validation should always be treated as a progressive enhancement to the user experience; all forms should be usable even if client side validation is not present.
    2. It's important to remember that even with these new APIs client side validation does not remove the need for server side validation. Malicious users can easily workaround any client side constraints, and, HTTP requests don't have to originate from a browser.
    3. Since you have to have server side validation anyways, if you simply have your server side code return reasonable error messages and display them to the end user you have a built in fallback for browsers that don't support any form of client side validation.
  20. Jan 2021
    1. Save time with AutomationsAutomate the repetitive work in seconds so you can avoid human error and focus on what matters

      It gives the impression of software that its highly automated which implies that it is good for client for who want to save time and manage team members easily.

  21. Nov 2020
  22. Oct 2020
    1. I want to run docker daemon with TLS enabled but client certificate authentication disabled so that clients can verify authenticity of docker daemon but docker daemon doesn't need to verify clients.
  23. Sep 2020
    1. urql/packages/svelte-urql/ Go to file Add file Go to file Create new file Upload files urql/packages/svelte-urql/
  24. Jul 2020
  25. Jun 2020
  26. May 2020
    1. When is your site not built with the Jamstack? Any project that relies on a tight coupling between client and server is not built with the Jamstack.
  27. Apr 2020
    1. There are, indeed, at least two projects independent of us, which are developing software that can read 1Password data (once you’ve given them your Master Password.). James Brown (@RogueLazer) has developed some Python libraries which can – given the Master Password – read both the Agile Keychain Format (1Password 2 and 3 for Mac, 1Password for Windows) and the Cloud Keychain Format (1Password 4). Indeed, RogueLazer’s efforts and queries have led to substantial improvements in our documentation.
  28. Feb 2020
  29. Dec 2019
    1. This is a browser execution environment. It may provide additional built in objects exposed in the global namespace. It is a specialized execution environment which provides builtin capabilities beyond the base javascript language spec.
    2. Consider that the client environment as the special case as it exposes objects into the global space to provide certain features and limits others.

      Doesn't the server ever expose objects into the global space??

    1. If your only reason for using Axios is backward compatibility, you don’t really need an HTTP library. Instead, you can use fetch() with a polyfill like this to implement similar functionality on web browsers that do not support fetch(). To begin using the fetch polyfill, install it via npm command: npm install whatwg-fetch --save
    1. If you are using a JavaScript library, chances are it comes with a client HTTP API. jQuery’s $.ajax() function, for example, has been particularly popular with frontend developers. But as developers move away from such libraries in favor of native APIs, dedicated HTTP clients have emerged to fill the gap.
  30. Sep 2019
  31. Oct 2018
  32. Mar 2016
    1. Client<->Server API - defines how Matrix compatible clients communicate with Matrix homeservers. Server<->Server API - defines how Matrix homeservers exchange messages and synchronise history with each other.

      Given the data model (which allows merges) forkdb could be a close candidate to substitute a Client <-> Client API (also called peer to peer).

      Play with it.

  33. Nov 2015
    1. Mbembe points out that often thefunction of awarding infrastructural projects has far more to do with gaining access to governmentcontracts and rewarding patron-client networks than it has to do with their technical function.This is why roads disappear, factories are built but never operated, and bridges go to nowhere.

      Sounds like scheming for political gains.. This is easy to see in the work place or society when one befriends another or joins a certain group for political/hierarchal benefits rather than for the pure purpose of the action. African societies cannot be the only ones who follow these functional implementations of these infrastructural projects.

  34. Nov 2014
    1. the interface currently works quite slowly, much slower than regular web content.

      This may be browser-side speed. Most of the heavy lifting of the application is done in the client.