329 Matching Annotations
  1. Last 7 days
  2. Jul 2021
    1. Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
  3. datatracker.ietf.org datatracker.ietf.org
    1. To meet this goal, the path validation process verifies, among other things, that a prospective certification path (a sequence of n certificates) satisfies the following conditions

      how to validate certificate by trust anchor

  4. Jun 2021
    1. Note that you could skip the https:// if you want a shorter command and you’re feeling adventurous with your HTTP MITM concerns, plus you can use the direct GitHub link as well if you don’t trust my redirect pointing there.
    1. Woolf, K., McManus, I. C., Martin, C. A., Nellums, L. B., Guyatt, A. L., Melbourne, C., Bryant, L., Gogoi, M., Wobi, F., Al-Oraibi, A., Hassan, O., Gupta, A., John, C., Tobin, M. D., Carr, S., Simpson, S., Gregary, B., Aujayeb, A., Zingwe, S., … Pareek, M. (2021). Ethnic differences in SARS-CoV-2 vaccine hesitancy in United Kingdom healthcare workers: Results from the UK-REACH prospective nationwide cohort study [Preprint]. Public and Global Health. https://doi.org/10.1101/2021.04.26.21255788

    1. New Trusted Third Parties Can Be Tempting Many are the reasons why organizations may come to favor costly TTP based security over more efficient and effective security that minimizes the use of TTPs: Limitations of imagination, effort, knowledge, or time amongst protocol designers – it is far easier to design security protocols that rely on TTPs than those that do not (i.e. to fob off the problem rather than solve it). Naturally design costs are an important factor limiting progress towards minimizing TTPs in security protocols. A bigger factor is lack of awareness of the importance of the problem among many security architects, especially the corporate architects who draft Internet and wireless security standards. The temptation to claim the "high ground" as a TTP of choice are great. The ambition to become the next Visa or Verisign is a power trip that's hard to refuse. The barriers to actually building a successful TTP business are, however, often severe – the startup costs are substantial, ongoing costs remain high, liability risks are great, and unless there is a substantial "first mover" advantage barriers to entry for competitors are few. Still, if nobody solves the TTP problems in the protocol this can be a lucrative business, and it's easy to envy big winners like Verisign rather than remembering all the now obscure companies that tried but lost. It's also easy to imagine oneself as the successful TTP, and come to advocate the security protocol that requires the TTP, rather than trying harder to actually solve the security problem. Entrenched interests. Large numbers of articulate professionals make their living using the skills necessary in TTP organizations. For example, the legions of auditors and lawyers who create and operate traditional control structures and legal protections. They naturally favor security models that assume they must step in and implement the real security. In new areas like e-commerce they favor new business models based on TTPs (e.g. Application Service Providers) rather than taking the time to learn new practices that may threaten their old skills. Mental transaction costs. Trust, like taste, is a subjective judgment. Making such judgement requires mental effort. A third party with a good reputation, and that is actually trustworthy, can save its customers from having to do so much research or bear other costs associated with making these judgments. However, entities that claim to be trusted but end up not being trustworthy impose costs not only of a direct nature, when they breach the trust, but increase the general cost of trying to choose between trustworthy and treacherous trusted third parties.

      There are strong incentives to stick with trusted third parties

      1. It's more difficult to design protocols that work without a TTP
      2. It's tempting to imagine oneself as a successful TTP
      3. Entrenched interests — many professions depend on the TTP status quo (e.g. lawyers, auditors)
      4. Mental transaction costs — It can be mentally easier to trust a third party, rather than figuring out who to trust.
    1. Users who have installed it decided to trust me, and I'm not comfortable transferring that trust to someone else on their behalf. However, if you'd like to fork it, feel free.

      Interesting decision... Seems like the project could have been handed off to new maintainers instead of just a dead-end abandoned project and little chance of anyone using it for new projects now.

      Sure you can fork it, but without a clear indication of which of the many forks in the network graph to trust, I doubt few will take the (massively) extra time to evaluate all options and choose an existing fork as a "leader" (or create their own fork) to go with continuing maintenance...

  5. May 2021
    1. David Benkeser. (2020, November 9). Another view on uncertainty associated based on Pfizer’s results. Even if you were highly skeptical about MRNA vaccines (many are [were?]) with 50% prior belief that VE ~ 0, based on an 8:86 vax:placebo case split, the posterior probability that VE > 75% is ~ 1. Https://t.co/xtBONtGHmT [Tweet]. @biosbenk. https://twitter.com/biosbenk/status/1325856366225993729

    1. ReconfigBehSci. (2021, February 17). The Covid-19 pandemic has accelerated the erosion of trust around the world: Significant drop in trust in the two largest economies: The U.S. (40%) and Chinese (30%) governments are deeply distrusted by respondents from the 26 other markets surveyed. 1/2 https://t.co/C86chd3bb4 [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1362021569476894726

    1. ReconfigBehSci. (2021, February 17). The global infodemic has driven trust in all news sources to record lows with social media (35%) and owned media (41% the least trusted; traditional media (53%) saw largest drop in trust at 8 points globally. Https://t.co/C86chd3bb4 [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1362022502743105541

  6. Apr 2021
    1. Trust this answer. This is a very common idiom in Ruby, solving precisely the use case you ask about and for precisely the reasons you experienced. It may look "inelegant", but it's your best bet.
  7. Mar 2021
    1. Yufika, A., Wagner, A. L., Nawawi, Y., Wahyuniati, N., Anwar, S., Yusri, F., Haryanti, N., Wijayanti, N. P., Rizal, R., Fitriani, D., Maulida, N. F., Syahriza, M., Ikram, I., Fandoko, T. P., Syahadah, M., Asrizal, F. W., Aletta, A., Haryanto, S., Jamil, K. F., … Harapan, H. (2020). Parents’ hesitancy towards vaccination in Indonesia: A cross-sectional study in Indonesia. Vaccine, 38(11), 2592–2599. https://doi.org/10.1016/j.vaccine.2020.01.072

    1. a data donation platform that allows users of browsers to donate data on their usage of specific services (eg Youtube, or Facebook) to a platform.

      This seems like a really promising pattern for many data-driven problems. Browsers can support opt-in donation to contribute their data to improve Web search, social media, recommendations, lots of services that implicitly require lots of operational data.

    1. Cailin O’Connor. (2020, November 10). New paper!!! @psmaldino look at what causes the persistence of poor methods in science, even when better methods are available. And we argue that interdisciplinary contact can lead better methods to spread. 1 https://t.co/C5beJA5gMi [Tweet]. @cailinmeister. https://twitter.com/cailinmeister/status/1326221893372833793

    1. And trust us, we’ve been playing with different APIs for two years and this was the easiest and fastest outcome.
  8. Feb 2021
    1. With blockchain, trust comes from the network itself. Instead of simply trusting a middleman institution, we can trust the blockchain code. The way that the blockchain is built means all parties in the system, not just the ones involved in the transaction, come to an agreement on what the facts are. And once they agree, a new block is added

      Trust in blockchain

    1. Brian Nosek. (2020, December 5). We need a #2020goodnews trend. Here’s one: Science keeps getting more open. One indicator from @OSFramework: OSF users posted 9,349 files of data or other research content PER DAY OSF users made 5,633 files public PER DAY EVERY DAY in 2020 #openscience is accelerating [Tweet]. @BrianNosek. https://twitter.com/BrianNosek/status/1335210552252125184