The verifier does not have the information which sites you use. That’s the point of the setup. All communication goes through you, never the site to the verifier directly. You only pass cryptographic values between them that does not include identifiable information (neither about you to the website, nor about the website to the verifier). The verifier knows who you are, the website knows that you are old enough. Nothing else.
This system does nothing to protect against an allowed user helping a not allowed user to gain access
There is no system in the world that can fully prevent an authorized user to grant access to an unauthorized user. Even with an all time on camera and screensharing I can still find ways to have someone else control my computer while I “authorize” the connection with my face in the camera
Super easy. Technology has existed for quite some time and was already used in the encrpytion of web traffic.
Basically: you sign up with your “age verification institution” (ideally a service of your government because they have your ID anyway and no profit motive). This involves createing a private key (reaaaaaaaaaaly long password that is saved in a file on your device) and saving the public key with that institution. They also check your ID to ensure your identity and your age.
When you want to visit a 18+ website, the website sends you a nonce (loooooong random number). You take that nonce and send it to the verifier, along with a signature of your private key (and the age they want you verified against). The verifier verifies your signature using your public key. They then sign the nonce with their own private key, thereby verifying, that you, the owner of your private key (whos identity and age they have verified) are above the asked age theshould. You then send the signed nonce back to the 18+ website and they can verifiy the signature to confirm that a trusted age verifier has verified your age.
The site never has access to your identity and the verifier never knows which site you visited, only that you wanted to visit a website that wants to know if you are of a certain age.
(The corresponding technology was used for OCSP Stapling in TLS verification … and has been discontinued last year because nobody was using it …)
The cosmologies are difficult to compare because “power” in middle earth is just kinda … power. Sauron doesn’t need to have a “chain lightning lvl 10, 100.000 damage per second” ability. He can just … exist, and all the evil (or just lesser willed) creatures around will just fully accept him as their leader and do whatever he says. It a cosmic force or aura that is never quantified in any way. Same with ganfalf. He does very little magic. His power is also mostly in his presence that compels the good guys to do good things.
You can read right?
Führer = Hitler
Something-Führer / Führer-Something = not Hitler
The word Führer is 99% used for Hitler. There are many variants that are OK to use though. Most notably Anführer (if Führer is leader, Anführer would be “the one who leads ahead”) which is the common word to use for leader. Others are composites like Bergführer (mountain guide).
The swastica also existed before the nazis but is now forever tainted.
A memory pointer? So it must have been a program sending a pointer using an API to itself so it ends up in the same process again?
I wouldnt blame that on stupidity as much as on ignorance and naivety. Many people simply don’t think about anybody deliberately misusing their design. The idea that somebody could even want to access somebody elses receipts didn’t occur to them. And if they were still doing their studies they might not have known that you can “combine” SQL queries and ask for two things at once.
I don’t blame the girl, but whoever chose her to design a system with sensitive information.
Skyrim has a collectible item that is found in a main story area that is only accessible once. Its a very early mission and in one of the last thief’s guild quests they will tell you to get that item. That might be 200h after you did that main quest …
Good thing modding exists
I think in cyberpunk its because cars use a separate control set that can/has to be separately rebound. Its so you can use a joystick for driving and a gamepad for walking
If it shows up in gparted correctly it sounds like you did it correctly but just to make sure, don’t dd the iso to the mounted partition, you don’t want to have a filesystem with a .iso file on it. dd directly to the device (like /Dev/sda1 or whatever). BTW you don’t need dd just use cp.
Infinities don’t care about the actual numbers in the set, but about the cardinality (size). Obviously the numbers between 0,1 and 1,2 are different but have the same size.
But 0,1 and 0,2? Size is unintuitive for infinities because they are … infinite. So the trick is to look for the simplest mathematical formula that can produce a matching from every number of one set to every number in the second. And as somebody has said, every number in 0,2 can be achieves by multiplying a number in 0,1 by 2. So there is a 1 to 1 relation between 0,1 and 0,2. Ergo they are the same size.
I think the “men evil”, “woman good” is just worded to strongly but is generally true (not actually true, but people considered it to be true).
Its more “men dangerous”, “men threatening” and not “evil”. A man in a women’s bathroom is a threat. A women in a mans bathroom is there because there was a line for the woman’s bathroom. The actual reason for those scenarios does not matter, the man will be seen as an invasion and a perpetrator. I have personally experienced examples of neutral situations as well (going to the woman’s bathroom as a man without negative reactions) but the general discourse about the topic is pretty clear.
You don’t get hacking protection from bots
I disagree. I don’t know the details of cloudflares bot detecion, but there are many automated vulnerability scanners that this could protect against.
I said that instead of crashing the system they should have something that takes an intentional decision and informs properly about what’s happening.
I agree. Every crash is a failure by the designers. Instead it should be caught by the program and result in a useful error state. They probably have something like that but it didn’t work because the crash was to severe.
What’s the point of your complaint if you do agree?
I am not complaining. I am informing you that you are missing an angle in your consideration. You can never prevent every crash ever. So when designing your product you have to consider what should happen if every safeguard fails and you get an uncontrolled crash. In that case you have to design for “fail open” or “fail closed”. Cloudflare fucked up. The crash should not have happened and if it did it should have been caught. They didn’t. They fucked up. But, i agree with the result of the fuck up causing a fail closed state.
it shouldn’t crash the whole thing: if the bot detection module crahses, control it, fire an alert but accept the request until fixed.
Fail open vs fail closed. Bot detection is a security feature. If the security feature fails, do you disable it and allow unchecked access to the client data? Or do you value Integrity over Availability
Imagine the opposite: they disable the feature and during that timeframe some customers get hacked. The hacks could have been prevented by the Bot detection (that the customer is paying for).
Yes, bot detection is not the most critical security feature and probably not the reason someone gets hacked but having “fail closed” as the default for all security features is absolutely a valid policy. Changing this policy should not be the lesson from this disasters.
Yes but no. If you use a different service for the same purpose as you would use cloudflare you will be just as offline if they make a mistake. The difference is just that with a centralized player, everyone is offline at the same time. For the individual websites that does not matter.
This is what the shareholders buy with their profits
Except that is not how it works and courts have in the past ruled for the website and against people who took “secret” information out of web responses that were “not supposed to be displayed” in the browser.
But that is also the worst part of boarderlands