Client-side defenses caught 89% of injections. But real protection needs providers to sign responses.

This system iteratively formulates scientific hypotheses, designs and executes experiments, analyzes and visualizes data, and autonomously authors scientific manuscripts.

Paris Peace Accords

The goal of Lucia v3 was to be the easiest and cleanest way to implement database-backed sessions in your projects. It didn't have to be a library. I just assumed that a library will be the answer. But I ultimately came to conclusion that my assumption was wrong. I don't see this change as me abandoning the project. In fact, I think it's a step forward. If implementing sessions wasn't easy, I wouldn't be deprecating the package. But why wouldn't a library be the answer? It seems like a such an obvious answer. One word - database. I talked about how database adapters were a significant complexity tax to the library. I think a lot of people interpreted that as maintenance burden on myself. That's not wrong, but the bigger issue is how the adapters limit the API. Adapters always felt like a black box to me as both an end user and a maintainer. It's very hard to design something clean around it and makes everything clunky and fragile, especially when you need to deal with TypeScript shenanigans.

unless we can use our capacities for thought in an arena of rational discourse there's no hope of closing the dread Gap in time to savor ourselves

four things

Culture as the ‘genetic code’ of the next leap

Adrian Poisson grew up studying science and math by day and art after hours beginning at the age of five

The constructal law of design and evolution in nature

Some observers say law enforcement’sinvestigative capabilities may be outpaced by the speed oftechnological change, preventing investigators fromaccessing certain information they may otherwise beauthorized to obtain. Specifically, law enforcement officialscite strong, end-to-end encryption, or what they have calledwarrant-proof encryption, as preventing lawful access tocertain data.

If we assume students want to learn - and I do - we should show our interest in their learning, rather than their performance.

Value the process, rather than the product.

In your Svelte component, you can then use your store with the special $ prefix syntax, to access the value of the store ('cause the temperature variable is a reference to the store itself, it's just a mean to our end, the result we need is the value):

I am firmly convinced that asserting on the state of the interface is in every way superior to asserting on the state of your model objects in a full-stack test.

Zoom told its users that their video calls were end-to-end encrypted when actually they were protected by TLS encryption. Zoom generated and stored the keys to its users’ encrypted information on its servers rather than on its users’ devices, meaning anyone with access to those servers could monitor the unencrypted video and audio content of Zoom meetings. These servers are located around the world, often in countries where companies can be forced to share user data with law enforcement organizations. What’s worse is that, according to the most recent lawsuit, Zoom’s response made it clear that it “knew that it did not use the industry-accepted definition of E2E encryption and had made a conscious decision to use the term ‘end-to-end’ anyway”.

Thus, by adding system tests, we increase the maintenance costs for development and CI environments and introduce potential points of failures or instability: due to the complex setup, flakiness is the most common problem with end-to-end testing. And most of this flakiness comes from communication with a browser.

This is why for a recent Angular+Rails project we chose to use a testing stack from the backend technology’s ecosystem for e2e testing.

When it came to testing the whole product, end-to-end, owning both sides gave us not only more options to consider, but also more tools to choose from.

We used testing tools that were in the same ecosystem as our backend technology stack for primrily three reasons: We owned both ends of the stack Team experience Interacting with the database

For features like websocket interactions, a single full-stack smoke test is almost essential to confirm that things are going as planned, even if the individual parts of the interaction are also covered by unit tests.

Black-box tests at the system level (aka end-to-end or QA tests)

The most important guideline to give is the following: Write clean unit tests if there is actual value in testing a complex piece of logic in isolation to prevent it from breaking in the future Otherwise, try to write your specs as close to the user’s flow as possible

(Yes, I realize from a technical, end-user perspective this really doesn't matter.)

It’s so simple that I sometimes wonder why it took years to develop it!

Writing the uniqueness validations yourself is easy so I felt it was better to leave this up to the developer

In principle, this information is already available through other means, but it is actually a fair amount of work to gather it in this form, and I think it could be useful to open it up to programmatic consumption.

People want to be able to choose which service they use to communicate with people. However, today if you want to message people on Facebook you have to use Messenger, on Instagram you have to use Direct, and on WhatsApp you have to use WhatsApp. We want to give people a choice so they can reach their friends across these networks from whichever app they prefer.We plan to start by making it possible for you to send messages to your contacts using any of our services, and then to extend that interoperability to SMS too. Of course, this would be opt-in and you will be able to keep your accounts separate if you'd like.

Focus on your application: forget about forms details like I'm dirty, field touched...

You can try to build a solution to tackle these issues on your own, but it will cost you time and money... why not use a battle-tested solution to handle all this complexity?

If you want to implement a form with a superb User Experience, you have to take care of many variables:

Form validation can get complex (synchronous validations, asynchronous validations, record validations, field validations, internationalization, schemas definitions...). To cope with these challenges we will leverage this into Fonk and Fonk Final Form adaptor for a React Final Form seamless integration.

Managing Form State (holding field information, check if a control has been touched, if the user has clicked the submit button, who owns the current focus...) can be tedious and prone to errors. We can get help from React Final Form to handle these challenges for us.

But it sounds like the library could use some way to setTouched()

Mr Dutton will renew his attack on Facebook and other companies for moving to end-to-end encryption, saying it will hinder efforts to tackle online crime including child sexual abuse.This month, Australia joined its "Five-Eyes" intelligence partners – the United States, Britain, New Zealand and Canada – along with India and Japan, in signing a statement calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted messages.

Wondering how to get field state from multiple fields at once? People coming from Redux-Form might be wondering where the equivalent of Redux Form's Fields component is, as a way to get state from several fields at once. The answer is that it's not included in the library because it's so easy to write one recursively composing Field components together.

It provides several capabilities that are difficult to achieve with React alone, while being compatible with the newest features of React.

There are work arounds, but nothing clean. I just feel like this should be functionality that should be part of the slot feature.

You must: reference each element you are extending using refs or an id add code in your oncreate and ondestroy for each element you are extending, which could become quite a lot if you have a lot of elements needing extension (anchors, form inputs, etc.)

As billions of conversations transition online over the coming weeks and months, the widespread adoption of end-to-end encryption has never been more vital to national security and to the privacy of citizens in countries around the world.

Proponents of this bill are quick to claim that end-to-end encryption isn’t the target. These arguments are disingenuous both because of the way that the bill is structured and the people who are involved.

For a political body that devotes a lot of attention to national security, the implicit threat of revoking Section 230 protection from organizations that implement end-to-end encryption is both troubling and confusing. Signal is recommended by the United States military. It is routinely used by senators and their staff. American allies in the EU Commission are Signal users too. End-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide.

The EARN IT act turns Section 230 protection into a hypocritical bargaining chip. At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee “best practices” that are extraordinarily unlikely to allow end-to-end encryption. Anyone who doesn’t comply with these recommendations will lose their Section 230 protection.

Matrix provides state-of-the-art end-to-end-encryption via the Olm and Megolm cryptographic ratchets. This ensures that only the intended recipients can ever decrypt your messages, while warning if any unexpected devices are added to the conversation.

More than two billion users exchange an unimaginable volume of end-to-end encrypted messages on WhatsApp each day. And unless an endpoint (phone) is compromised, or those chats are backed-up into accessible cloud platforms, neither owner Facebook nor law enforcement has a copy of those encryption keys.

“End-to-end encryption,” NSA says, “is encrypted all the way from sender to recipient(s) without being intelligible to servers or other services along the way... Only the originator of the message and the intended recipients should be able to see the unencrypted content. Strong end-to-end encryption is dependent on keys being distributed carefully.” So, no backdoors then.

On April 24, the U.S. National Security Agency published an advisory document on the security of popular messaging and video conferencing platforms. The NSA document “provides a snapshot of best practices,” it says, “coordinated with the Department of Homeland Security.” The NSA goes on to say that it “provides simple, actionable, considerations for individual government users—allowing its workforce to operate remotely using personal devices when deemed to be in the best interests of the health and welfare of its workforce and the nation.” Again somewhat awkwardly, the NSA awarded top marks to WhatsApp, Wickr and Signal, the three platforms that are the strongest advocates of end-to-end message encryption. Just to emphasize the point, the first criteria against which NSA marked the various platforms was, you guessed it, end-to-end encryption.

And while all major tech platforms deploying end-to-end encryption argue against weakening their security, Facebook has become the champion-in-chief fighting against government moves, supported by Apple and others.

While this debate has been raging for a year, the current “EARN-IT’ bill working its way through the U.S. legislative process is the biggest test yet for the survival of end-to-end encryption in its current form. In short, this would enforce best practices on the industry to “prevent, reduce and respond to” illicit material. There is no way they can do that without breaking their own encryption. QED.

One thing that would certainly be a game-changer would be some form of standardized RCS end-to-end encryption that allows secure messages to be sent outside Google Messages.

You should not use a messaging platform that is not end-to-end encrypted, it really is as simple as that.

The answer, of course, is end-to-end encryption. The way this works is to remove any “man-in-the-middle” vulnerabilities by encrypting messages from endpoint to endpoint, with only the sender and recipient holding the decryption key. This level of messaging security was pushed into the mass-market by WhatsApp, and has now become a standard feature of every other decent platform.

Despite its opposition, EARN-IT is the clearest threat yet to end-to-end encryption, given this clever twist in pushing the onus onto the platforms to avoid transmitting illegal content, rather than mandating a lawful interception approach.

“End-to-end encryption” sounds nice — but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them.

Just like Blackberry, WhatsApp has claimed that they are end to end encrypted but in fact that is not trueWhatsApp (and Blackberry) decrypt all your texts on their servers and they can read everything you say to anyone and everyoneThey (and Blackberry) then re-encrypt your messages, to send them to the recipient, so that your messages look like they were encrypted the entire time, when in fact they were not

The only messaging app that has been proven, by an independent authoritative agency, is Apple’s Messages app (which uses Apple’s iMessage protocol that is truly end to end encrypted, Apple cannot read any of your texts which means that no one can read any of your texts)

The point of political protest is to change the world. And yet the process matters, too.

To live in the present is not to avoid hard work or strife. Alongside the projects that occupy you in your profession, or in your political life, the telic activities that matter to you, is the atelic process of protesting injustice or doing your job. To value the process is not to flee from work or political engagement. That is why living in the present is not an abdication of ethical responsibility or a recipe for detachment.

To live in the present is not to deny the value of telic activities, of making a difference in the world. That would be a terrible mistake. Nor can we avoid engaging in such activities. But if projects are all we value, our lives become self-subversive, aimed at extinguishing the sources of meaning within them. To live in the present is to refuse the excessive investment in projects, in achievements and results, that sees no inherent value in the process.

“If you are learning, you have not at the same time learned.” When you care about telic activities, projects such as writing a report, getting married or making dinner, satisfaction is always in the future or the past. It is yet to be achieved and then it is gone. Telic activities are exhaustible; in fact, they aim at their own exhaustion. They thus exhibit a peculiar self-subversion. In valuing and so pursuing these activities, we aim to complete them, and so to expel them from our lives.