HackerOne provides disclosure assistance [0] for uncooperative companies. Not sure how they handle it from there.
Hackerone and some issues with it are brought up in the article.
Readit Newsgreggman commented on Adventures in vulnerability reporting googleprojectzero.blogspo... · Posted by u/el_duderino
Chrome itself doesn't have these issues. In particular it doesn't support features that would raise these kinds of issues. For one it's not supporting all of desktop opengl it's only supporting the subset that needed for WebGL. All of if is massively validated , shaders are rewritten, bound checked, memory cleared, clamps added, etc...
love the ignorant downvotes. I wrote the chrome GPU subsystem. if you have evidence that I'm wrong post it. otherwise your just spreading FUD
Frankly, might not be such a bad idea.
https://www.contextis.com/blog/webgl-more-webgl-security-fla... etc
your post is FUD. that issus was solved immediately and the actually bug listed had nothing special to do with graphics and is just a bug like a bug in javascripy or the browser in general. a bug that was fixed. If you're going to off WebGL based on that bug then you'd better turn off your entire browser
If this worries you go ahead and disable WebGL too.
Chrome itself doesn't have these issues. In particular it doesn't support features that would raise these kinds of issues. For one it's not supporting all of desktop opengl it's only supporting the subset that needed for WebGL. All of if is massively validated , shaders are rewritten, bound checked, memory cleared, clamps added, etc...
greggman commented on Some Amazon Reviews Are Too Good to Be Believed – They're Paid For npr.org/2018/07/30/629800... · Posted by u/EnderWT
I hate it too but rather than just complain is it a solvable problem?
Reply All had an resent episode about it
https://www.gimletmedia.com/reply-all/124#episode-player
first they had fake reviews. Amazobn required actual purchases so companies would pay people to purchase and return. you can't ban returns otherwise there would be no negative reviews.
how can this be solved? some kind of reputation system? how would you lose rep?
I love to hear your ideas?
greggman commented on A new security header: Feature Policy scotthelme.co.uk/a-new-se... · Posted by u/detaro
Yes, defense in depth. Do your due diligence, vet what you can, and then lock it down where trust isn't even required. Sites get hacked, whether its CDNs, ad networks, or any other trusted 3rd party.
A great example would be a website with webcam and audio abilities like a conferencing site. You might have 3rd party tools embedded like newrelic or sentry.io for client-side error detection and performance monitoring. Those scripts should NEVER access the webcam or microphone. But what if one of those sites get hacked? Your users have already approved the webcam and mic access to your site, after all its a conferencing tool. But now the hacked sentry script can also link into the webcam and microphone and send that data wherever they like. The client won't see anything different. They approved the access to their microphone and mic already, they won't see anything different. If you used this new header, you have another layer of defense against the hacked scripts. You can define that only scripts from your domains should have access to the microphone and mic, and the browser will deny access to the 3rd party. Beyond that, it also supports reporting, so you can get notifications that newrelic was trying to access users webcams and can enable your incident response team to begin their work responding to the hacked 3rd party.
I actually wish it was the default to have to ask for permission for mic and camera everytime. one extra click doesn't seem overly burdensome to me. I'd even prefer that for native apps.
greggman commented on A History of Individually Wrapped Cheese Slices (1979) [pdf] www56.homepage.villanova.... · Posted by u/magda_wang
> some major major concerted national PR effort against it, getting celebrities, politicians, etc all on board pushing for months or years
Why do you need PR when the parties responsible for all this wrapping are corporations? It’s not the dagashi down the street giving you six layers of wrapping.
When big corporations are doing something you don’t like, you don’t use PR to fix it. We’ve had plenty of PR about recycling in the US and it’s affected consumers plenty and corporations not—at—all (except where the responsibility ends up in the hands of individual consumers, like office managers.)
No, the way to make corporations change their behaviour, is to just make a law about it. For example, a “consumer waste reduction corporate tax incentive.” It’s the bottom line that says that extra wrapping is good (for some reason); so it’s the bottom line that needs to be convinced otherwise.
the issue is culture. customers want this. it seems fancy/nice/luxury/high-class. so companies are not going to gut their own sales. If you want it to change imo you need to change the customers' minds so they actually want less wrapping.
corps have changed by PR. no demand = no sales = change.
greggman commented on A History of Individually Wrapped Cheese Slices (1979) [pdf] www56.homepage.villanova.... · Posted by u/magda_wang
This topic brings up the issue of wrapping in Japan. Japan is notorious for having excessive wrapping. Individually wrapped cookies in a box with a plastic tray to hold each cookie. The bottom half of the box is sealed with a plastic tear off cover. The top of the box slides over. Then the entire box is wrapped in paper. If you purchase if they will then put it in a branded paper bag. If it's raining they will then put that paper bag in a plastic bag to protect it from the rain. That's 6 levels of wrapping.
It's a cultural thing AFAICT. Sure people speak out once in while but it seems unlikely to change without some major major concerted national PR effort against it, getting celebrities, politicians, etc all on board pushing for months or years and possibly even organizing boycotts until things change. But, if someone wants to do their part of make a small dent here well, here's a project you can try to take on.
greggman commented on The Blockchain Bubble Will Pop, What Next? approximatelycorrect.com/... · Posted by u/baxtr
You need that text file signed by your previous doctors, and your new doctor needs to be able to verify the public keys of your previous doctors using some type of PKI. You also need to locally manage your health records data, its storage can't be easily automated and paid for. Blockchain solves all of those problems in one nice bundle, it provides PKI, signed log of changes, and distributed automated storage. That's one hell of a feature set.
As far as I understand the point is supposed to be the blockchain is distributed trust. The longest chain = proof of most work = the truth. The only reason someone can't basically change the entire history of the blockchain is because no one has 51% control of the chain. The only reason no one has 51% control of the chain in bitcoin is because so many people are mining it to earn coins.
But, for medical records there is no such incentive. Therefore anyone can easily change the records or add new ones and claim everyone else who has a shorter chain has the wrong chain (which will be like no one since there is no incentive to mine).
So I'm probably just informed how blockchain is supposed to help here. Without the distributed trust there's no plus to blockchain. And without the incentive to mine that generates millions of miners there is way to have the distributed trust.
I'm happy to be wrong but I haven't see an explanation how this issue is solved for all these non virtual currency uses cases.
It's far better if you have the time and resources to develop your own software from as low a level as possible. Each layer of abstraction that you can shed is an opportunity to tailor your solution more closely to your problem and to have expertise in-house. Big tech companies know this and it's why they do a lot of stuff in-house. The key is in knowing what to develop in-house and what to punt on, and when.