Delete   Set public   Set private   Add tags   Delete tags
  Add tag   Cancel
  Delete tag   Cancel
Daily Weekly Monthly

Daily Shaarli

Previous day
All links of one day in a single page.
Next day

February 1, 2022

Tentative de censure de la part du ministère - Paris-luttes.info

Le ministère de la transition écologique a envoyé une mise en demeure pour les listes de logements vides des bailleurs sociaux en France...

Les listes en question:
https://paris-luttes.info/liste-et-adresses-des-logements-15206
https://paris-luttes.info/erratum-mise-a-jour-de-la-liste-15319

effetStreisand
Trojan Source: Invisible Vulnerabilities | Light Blue Touchpaper

Oh boy... that's pretty scary.
To deliberately introduce security holes, sometimes minor changes are enough. For example replace "==" (comparison sign) by "=" (assignment). These "attacks" are visible to a trained eye.

But what happens if the eye can't see anymore? With Unicode, it is possible to use characters that look like our Latin alphabet, but are not, or worse change the writing order (left-right) so that the text is displayed one way in the text editor, while the compiler will interpret it differently. This opens up the possibility of inserting security holes that are almost impossible to see, even if you have the source code in front of you in your text editor.
(For an example of left-right inversion, go to this page: https://sebsauvage.net/wiki/ and look for my email address in the page: It shows up normally, but if you look at the html source, it shows up as a different text).

I think it would be interesting if text editors had an option to display in a particular color everything that is not purely "Latin text" (0000-024F), as well as Unicode characters that cause changes (backspace, change of direction).

Proof-of-concept of this attack in different languages can be seen here: https://github.com/nickboucher/trojan-source

(from https://sebsauvage.net/links/?QRVnDw)

We can develop an extension for each editor that highlights these characters easily !

security unicode
Aurélie Vache on Twitter: "First contribution on @gitpod merged 🎉 I know, it's "just" on the documentation/website. Just? In my point of view, there is no small contribution. Even If you think you're not a 🎸"rockstar"⭐️, don't hesitate to contribute 🙂 Using Open Source is good, Donate is better ❤️ https://t.co/UDRBIVoxaP" / Twitter

First contribution on @gitpod
merged 🎉
I know, it's "just" on the documentation/website.
Just?
In my point of view, there is no small contribution. Even If you think you're not a 🎸"rockstar"⭐️, don't hesitate to contribute 🙂

Using Open Source is good, Donate is better

A better documentation leads to better products leading to better UX or DX ♻️👍‍

onTwitter citation dev
Data denormalization is broken. Why it’s impossible to write good… | by Liron Shapira | Medium

And that’s the characteristic problem with the normalized approach: In exchange for the simplicity of working exclusively with normalized data, you have to write queries that don’t scale.

With denormalization, there is so much to think about, so much edge cases that needs to be handled !

SQL database
A UX designer walks into a Tesla Bar – Scott Jenson

Critics about the design of the Tesla :)
And how to improve it.

ux tesla voiture