For those interested, these videos are worthwhile to listen to: https://www.youtube.com/user/wholesystems
Maybe starting with: https://www.youtube.com/watch?v=ab463aw0AWM
Readit Newswickedlogic commented on Introduction to Permaculture (1994) archive.org/details/intro... · Posted by u/gdubs
Bots are going to be the way we interact with the web (and really all systems) heading forward, this 'real people' at just 'browsers' is quite a misunderstanding of what a 'user-agent' really means in this day and age.
If I launch a new tab in the background and tell it go establish some set of factors for me, or locate price points and details for me, or buy something for me (and right now as me)... or just have it let me browser and interactively direct it but have it block ads as I go.
I know the law, and lawmakers, are looking at this from a fraudulent content perspective, but they are going to be hard pressed to do anything in long run to quell this.
Their business model is quite unethical, removing the page's monetization and replacing it with their own.
Is it though? As long the person running the browser understands the tradeoffs? I mean, the browser is supposed to be your user-agent after all.
To render and provide interactions as you deem fit...
Deleted Comment
wickedlogic commented on The Untold Story of Silk Road (2015) wired.com/2015/04/silk-ro... · Posted by u/miki123211
I honestly don’t know how people can hand-waive away the murder for hire charges like this site does.
https://coingeek.com/us-attorney-wants-ross-ulbrichts-murder...
"hand-waive" seems inaccurate here, a lot of Ross's supporters flat out disagree with these charges in particular.
wickedlogic commented on Zuckerberg on Cambridge Analytica situation facebook.com/zuck/posts/1... · Posted by u/runesoerensen
Deletion (or confirmed re-deletion) of the data is irrelevant at this point, it is the models created from that data, and their use, which will now persist in usefulness to Analytica. Armed with these models, and future refined/iterated versions, they likely will capture the data more directly from users in the future. Once the genie is out, it doesn't readily go back in.
wickedlogic commented on The Nightmare Letter: A Subject Access Request Under GDPR linkedin.com/pulse/nightm... · Posted by u/jjp
What provisions are there in place for a company receiving this type of request to confirm the identity of the requesting party? Are companies expected to be able to properly identify a citizen, in order to not disclose possibly very sensitive information to someone else impersonating them? In a lot of cases the company might not even have enough information stored in order to know who the owner of a given account is. How do you prove "abc123@example.com" is Mr. Smith, if your service doesn't ask them for names? Or if it does, which Mr. Smith do you have on record? Email original senders can be spoofed.
The first thing I'd do if I was a black hat type attacker would be to submit GDPR information requests to all internet companies I could think of in behalf of all my targets.
I haven't seen this reasonably addressed in any of the discussions, or org-based-presentations thus far. GDPR compliance itself basically ensures you cannot collect enough information to even defend against this type of attack vector.
wickedlogic commented on How Ethereum can be stolen through DNS rebinding ret2got.wordpress.com/201... · Posted by u/DyslexicAtheist
And how would one do this?
See the details in my comment. The same way you would require authentication and/or signing on any request, on any modern platform. Not doing this is poor form.
wickedlogic commented on How Ethereum can be stolen through DNS rebinding ret2got.wordpress.com/201... · Posted by u/DyslexicAtheist
If you are utilizing json-rpc anywhere in your stack, you should be authenticating every request via your transport(s), or the payload itself with JWT (or the like). To not do this, is to trust the world.
This is true over http and browsers, as well as internal servers, sockets, and cross frame communication. There are no such things as trusted internal services, just services that have not yet been breached (looking at you hardware vendors).
Please dont do this... I even clicked on the follow through link, then you want me to sso... still no price. Save us all some time, it is in short supply.