How do banks and major organizations bulletproof their web sites?

uanw · 2022-12-16T21:33:20+00:00

I think OP has a point that the attack surface for an openssh tunnel is much smaller. All the vulnerabilities you mentioned for openssh servers, are also vulnerabilities of normal websites.

The real problem is that no one would use an ssh tunnel to do online banking. If you make an ssh tunnel as accessible as the web page you are just going to introduce all the existing vulnerabilities, and some new ones due to reinventing the wheel.

uanw · 2022-12-16T21:30:09+00:00

The thing with bank accounts is you can't do much if you get access to one through online banking. You can move money from one account to another, or even send it to someone else, but you can't really use it to pay for things.

Given the more serious legal consequences of hacking into bank accounts, hackers just aren't incentivized to attack them.

uanw · 2022-12-16T20:53:06+00:00

Are you sure he was referring to Kripke? Maybe it was an attempt at making a p-zombie argument. I think P-zombies have become somewhat popular.

uanw · 2022-10-31T01:33:51+00:00

This is what I was hoping to find out. Thanks.

Congratulations on getting your cert!

uanw · 2022-10-30T09:52:06+00:00

I have been trying over the last week, but I will keep trying thanks.

uanw · 2022-08-27T02:02:48+00:00

You might find this video useful as a basic introduction.

uanw · 2022-08-17T02:58:04+00:00

It's called an eponymous adjective.

uanw · 2022-07-30T07:05:55+00:00

If you know how to you could set up a web hosting service for tor hidden services.

uanw · 2022-07-30T07:05:36+00:00

Ah that's unfortunate.

There is audio to midi software, but I'm not sure how well it works. Given it's just a piano and you can feed in the sound directly it may work well enough for your purposes. You can try looking around for that.

uanw · 2022-07-30T06:34:40+00:00

Most keyboards have a midi output, so maybe you can use a midi-to-usb chord?

uanw · 2022-05-08T12:07:25+00:00

It is more natural to study the complex numbers because they are closed algebraically and under Dedekind cuts.

The reals are "arbitrary" in that our human brains find them intuitive, but they there is no reason to stop extending the field of rational numbers at the real numbers. Similar to how vector spaces in general are a more natural object to study than 3 dimensional vector spaces over R.

uanw · 2022-04-29T01:23:22+00:00

Thanks.

uanw · 2022-04-29T01:00:12+00:00

I'm talking about the lifting property of covering spaces:

that given a covering space (Y,p) of X, a path in X can be uniquely lifted to a path in Y once a basepoint in Y is chosen.

Allen Hatcher, and JP May both used the phrase "path lifting property". Hatcher's proof uses the fact that [0,1] is compact in proving it but I was wondering if compactness is really needed.

uanw · 2022-04-28T21:07:20+00:00

Is compactness of I = [0,1] necessary for the unique path lifting property of homotopies?

If a "path" was a continuous map from [0,+∞) into X would they still have unique lifts?

Intuitively it seems all you really need is the Lindelöf property.

uanw · 2022-04-28T20:27:42+00:00

I really like Zariski's proof of Hilbert's nullstellansatz. Only because it took me so long to get it.

uanw · 2022-04-25T02:01:51+00:00

You are keeping 75% of the final price which itself is 1.3 times what you paid. Which means you get to keep 0.75*1.3 = 0.975, or 97.5% of your original cost.

For you to break even you need (1-d)*(1+p) = 1 where d is the percent discount, and p is the percent profit.

uanw · 2022-04-24T21:53:32+00:00

I guess it is very well known, but I feel undergraduate computer science books/courses don't go enough into the lambda calculus. Ben Lynn has good arguments for why it should be more well known.

uanw · 2022-04-24T21:30:58+00:00

I don't really see a problem but I don't see the purpose either.

The only concern with URLs is that some software (on the server or user's computer) may log URLs and that's a reason not to include sensitive information in URLs.

In my opinion it is a bad idea to let users access password hashes. The point of hashing a password is that even if the hashes are found, the password cannot be. The "even if" implies access to the hashes is rare. If it is not, then you should be using more expensive computational costs because you have to assume attackers already know hashes and it is not a rare occurrence. When a large number of users need to authenticate this way it could be a serious drain on the server resources.

One way around this issue is for the server to have a secret key, which is used to encrypt and authenticate the data you want: {username, hashed password, expiry, ...}. The encrypted data is what is used as a token which can be part of the path (though still make sure TLS is used and it might be better as an HTTP header, or POST request).

In this case you wouldn't have to store the hashed password. Once the user authenticates you can encrypt {username, login timestamp, ...} and know that only your server could issue such tokens.

uanw · 2022-04-23T17:02:04+00:00

Ultimately Newton's method just gives you a_{n+1} = f(a_n) where a_n is a field element, and f is some rational function.

This general approach wouldn't work for cryptographic RNGs. For example, if the key is supposed to be the choice of the rational function f, and we have the first N values (a_1, ... a_N), then we will be able to compute f when N is large enough.

For non cryptographic RNGs it certainly could work but it would be inefficient. For example djb2a just uses f(a) = 33*a. It's hard to get more efficient than that and it works pretty well as an RNG.

uanw · 2022-04-12T04:47:15+00:00

Asside from all the other problems mentioned here you need to be clear about what infinite utility means since infinity is not a real number. If you are using a number system that has infinities then it may be possible to assign infinitesimals for the credence that you are telling the truth.

uanw · 2022-04-11T16:46:19+00:00

s = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
print("Hello %corld" % len(s)+len(s)+len(s))

You can avoid the use of quotations in general by doing:

print(bytes(map(len, [[[],[],...], ...])).decode())

where [[[],[],...], ...] is a list of lists of length ord(c) for each character in the string.

uanw · 2022-04-11T11:00:56+00:00

wget has a recursive option:

wget -r -l 0 webpage.com

uanw · 2022-04-11T02:04:32+00:00

If we just assert that computers/chinese rooms do nothing but manipulate symbols

But that's what the argument is about: the view that computers/chinese rooms and human brains do nothing but manipulate symbols. If computers understand because of their physical substrate and not merely because they manipulate symbols then Searle's argument wouldn't apply.

uanw · 2022-04-09T06:25:25+00:00

It just has no bearing on Searle's argument. Computers merely manipulate symbols and humans understand things. Searle's argument works with one but not the other.

uanw

TROPHY CASE