You can trick the user into copying the same malicious link, but browsers have generally already implemented the same mitigation that is Microsoft's fix for this issue inside Notepad (specifically, prompting before opening outside applications after the user enters or clicks a URL that isn't one of the built-in schemes).
It is also possible to use a different application as the http and file: url handler at the os level;
Write an app to display the (URL) argument passed and require the user to confirm or reject before running the browser using any of one or more default and configurable command line templates.
Add a "Install as default http, https, file:// uri handler" button in the settings gui. Prompt the user to install the app as default handler on first run.
Add opt-in optional debug logging of at least: {source_app_path:, url:, date_opened: } to a JSON lines log file
`git add -f` will add ignored files. Once you've done that, any files you've added will be part of your commit regardless of the contents of .gitignore.
Also, files that are added to .gitignore after they’ve already been committed will still appear as modified. To stop tracking them, you need to remove them from the index (staging area):
Bose's original plan was to remove all WiFi-dependent functionality (no AirPlay and no Spotify Connect)-- while they wouldn't quite be "dumb speakers" at that point (since Bluetooth would've still worked), it would've turned them into pretty much just overcomplicated Bluetooth speakers.
There's even a clear example of this in the non-legendary teams: both of them include Slaking, presumably because it has a particularly high base stat total (the highest of any non-legendary, and matching some legendaries).
But Slaking doesn't get that for free-- it has an ability (Truant) that means it can only use moves every other turn. That limits its usefulness outside of a couple very specific scenarios, and means that it'll usually be outperformed by significantly "weaker" Pokemon (going purely by numbers).
And that's just one of the factors you'd need to take into account to build a team optimizer that's actually useful. Actually building a team has to take into account a massive number of factors: roles for each Pokemon (not just what types they can counter), available movesets, any advantages or disadvantages provided by abilities, your opponents' team composition, etc... it's a big problem to try to solve.
My understanding is that LPL is not still practicing (he says he's retired, to focus on security work), but I'd guess he knows someone, if McNally didn't already have his own lawyer.
I mean, it's not exactly a secret. If you really want to know you can look it up online. He even has a whole talk he gives about why he generally doesn't reveal his identity. People send him packages with trackers hidden in them, hire private investigators to follow him with bogus stories, etc.
This approach (using a separate domain for content that isn't part of their service itself) has security advantages-- for example, this way a compromise of their news site CMS can't expose users' PayPal session tokens.
It's decently common for websites to do this-- this is the same reason why Github Pages is hosted at github.io rather than github.com, and why static blobs are at githubusercontent.com. Those have a somewhat different threat model than PayPal's news site (hopefully PayPal isn't letting any random person add news stories...), but the premise is the same: if the thing does not need authentication tokens for the main service, make it so that it's impossible for it to get them.
(You could get some of the same effect by scoping your cookies to a specific subdomain rather than allowing them to apply to all subdomains, but (1) that's not always how you want to structure your site, and (2) it's really easy to mess up and inadvertently scope a cookie too broadly (or for the browser to misbehave and send to subdomains anyways, which was the default behavior of one very prominent browser for a really long time). Using a different domain entirely sidesteps all of this completely.)
Maybe I'm missing something but you can't separate you're session and authentication with a different subdomain? Eg. My session on corp.paypal.com would be locked down to solely corp.paypal.com.
From a practical sense, what different does a subdomain and a dedicated domain offer if you're managing your certs correctly?
You can, but a lot of people lack the discipline to do so correctly. I'd prefer them to use corp.paypal.com, but as a security guy it's easier to just get them a separate domain and let them have their less-secured stuff completely isolated.
You can, but is difficult and prone to errors. Separate domains solve the root cause of the issue. The alternative is an entry on the public suffix list.
From my point of view, a possible compromise of their news site CMS sees like a much less serious threat than phishing, so this seems like a bad tradeoff. If you're worried that cookie scoping will get broken, maybe you could have the news site CMS raise an alert if it sees PayPal-session-token cookie names.
Because the game already also runs on Xbox and, given MS's recent gaming strategy (which is putting less emphasis on Xbox exclusives), could conceivably come to Playstation or maybe even Switch 2 in the future.
On the Windows side of things, there's also a push towards ARM hardware (with current Snapdragon-based hardware actually performing pretty well). Not sure if Flight Simulator is currently ARM-native, but having the ability to go ARM-native is probably desirable at least as a long-term goal.
Scrolls written in a single column and "scrolled" vertically (like a modern text editor or web browser) weren't completely unheard of, particularly for liturgical or legal documents. See http://grbs.library.duke.edu/article/viewFile/9191/4607
But, yeah, the horizontal format would've been more common.
reply