British woman among five killed in Chile snowstorm
Nov. 19th, 2025 12:33 pm![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
bbc_feedVictoria Bond, from Cornwall, is named as one of those who died in Torres del Paine National Park.
bbc_feedScotland is going to the World Cup, should you book a flight now?
Nov. 19th, 2025 12:30 pmbbc_feedThere are a lot of unknowns for fans hoping to see Scotland play in the 2026 World Cup - here's how to plan.
At least 20 killed in one of Russia's deadliest strikes on western Ukraine
Nov. 19th, 2025 11:25 ambbc_feedAmong the victims were two children in the attack on the western city of Ternopil.
dinosaur_comics_feed| archive - contact - sexy exciting merchandise - search - about |
| ← previous | November 19th, 2025 | next |
November 19th, 2025: If you want to imagine a horse in motion HAVE I GOT AN ANIMATED GIF FROM TWO CENTURIES AGO FOR YOU (SO LONG AS ARE LIBERAL WITH YOUR DEFINITION OF "ANIMATED GIF" AND YOU COUNT CENTURIES BY THE NUMBER AT THE FRONT; IT'S A ROUGH METRIC) – Ryan | ||
Good for mortgages, bad for the food shop - how inflation dip affects you
Nov. 19th, 2025 12:21 pmbbc_feedThe rate of inflation has fallen prompting hopes of lower mortgage rates, but food prices are still rising.
Train stabbing suspect charged with further offences including attempted murder
Nov. 19th, 2025 12:16 pmbbc_feedAnthony Williams is charged with two counts of attempted murder along with other alleged offences.
How has world changed since Scotland were last at men's finals?
Nov. 19th, 2025 12:11 pmbbc_feedWhen Scotland last reached a men's World Cup, the Scottish parliament didn't exist, Google wasn't a thing and a pint of lager was roughly £1.90.
Russian spy ship on edge of UK waters uses lasers at RAF pilots, Healey says
Nov. 19th, 2025 12:10 pmbbc_feedJohn Healey says the Russian ship is in waters north of Scotland and is being monitored by UK forces.
Nicki Minaj supports contested Trump claim Christians being persecuted in Nigeria
Nov. 19th, 2025 12:00 pmbbc_feedThe US-based Trinidadian rapper addressed the UN in New York alongside Trump administration officials, making claims that lack evidence.
Wednesday, 19 November 2025 : the Stoat Distribution of the Day.
Nov. 19th, 2025 12:00 pmmarkov_stoats_feed
Day 4454. There are 317 red stoats, 185 blue stoats, and 498 green stoats.
Legal Restrictions on Vulnerability Disclosure
Nov. 19th, 2025 12:04 pmbruce_schneier_feedKendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.
Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren’t getting fixed and wouldn’t get fixed if companies that made insecure software wasn’t called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We’ve lived happily ever after since.
Or have we? The move towards paid bug bounties and the rise of platforms that manage bug bounty programs for security teams has changed the reality of disclosure significantly. In certain cases, these programs require agreement to contractual restrictions. Under the status quo, that means that software companies sometimes funnel vulnerabilities into bug bounty management platforms and then condition submission on confidentiality agreements that can prohibit researchers from ever sharing their findings.
In this talk, I’ll explain how confidentiality requirements for managed bug bounty programs restrict the ability of those who attempt to report vulnerabilities to share their findings publicly, compromising the bargain at the center of the CVD process. I’ll discuss what contract law can tell us about how and when these restrictions are enforceable, and more importantly, when they aren’t, providing advice to hackers around how to understand their legal rights when submitting. Finally, I’ll call upon platforms and companies to adapt their practices to be more in line with the original bargain of coordinated vulnerability disclosure, including by banning agreements that require non-disclosure.
And this is me from 2007, talking about “responsible disclosure”:
This was a good idea—and these days it’s normal procedure—but one that was possible only because full disclosure was the norm. And it remains a good idea only as long as full disclosure is the threat.
Train stabbing suspect charged with further offences including attempted murder
Nov. 19th, 2025 11:46 ambbc_feedAnthony Williams is charged with two counts of attempted murder along with other alleged offences.
Nicki Minaj supports contested Trump claim Christians being persecuted in Nigeria
Nov. 19th, 2025 11:34 ambbc_feedThe US-based Trinidadian rapper addressed the UN in New York alongside Trump administration officials, making claims that lack evidence.
Russian spy ship on edge of UK waters, defence secretary says
Nov. 19th, 2025 11:30 ambbc_feedJohn Healey says the Russian ship is in waters north of Scotland and is being monitored by UK forces.
Epstein files bill to be sent to Trump after approval from Congress
Nov. 19th, 2025 11:07 ambbc_feedOnce the US president signs the measure, the justice department will have 30 days to release the materials.
Reading Wednesday
Nov. 19th, 2025 06:44 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sabotabbyJust finished: Kalivas! Or, Another Tempest by Nick Mamatas. This was excellent—basically what I said last week, then it gets super weird at the end (much like Girls Against God did, except that unlike that one, I enjoyed the more narratively straightforward first three quarters of the book). I'm not educated enough to know if there are other authors besides, say, Silvia Federici, who really explore Prospero-as-colonizer, but I do think Nick might be the only one to tie that to a cyberpunk future, in particular our cyberpunk present where dystopia is driven primarily by billionaires' fear of death and fantasies of immortality. Which is to say there's a lot going on in this little book and you should check it out.
Currently reading: To Leave a Warrior Behind: The Life and Stories of Charles R. Saunders, the Man Who Rewrote Fantasy by Jon Tattrie. You ever read a bio of someone you've never heard of? It's an interesting experience. It's kind of shameful that I hadn't heard of Charles R. Saunders until his induction into the Canadian Science Fiction and Fantasy Hall of Fame this year, but that's kind of the point—he died broke and unknown and was buried in an unmarked grave before his friends and fans figured out where he was and crowdfunded a memorial. He was a Black author and journalist from the US who fled the draft and eventually settled in Halifax, and he pioneered the genre of sword and soul, which is Conan-inspired stories set in fantasy Africa. Again. Hadn't heard of it. Tattrie worked with and was friends with Saunders (he was one of the aforementioned crowdfunders) so Saunders' life story is interwoven with Tattrie's investigation into what happened to him and why. He also gets a big assist from Charles de Lint (!!) who kept all of the many letters that Saunders wrote to him. I am reading this for podcast-related reasons but I'm genuinely fascinated by this story and will probably check out Saunders' novels based on this if I can find them.
Currently reading: To Leave a Warrior Behind: The Life and Stories of Charles R. Saunders, the Man Who Rewrote Fantasy by Jon Tattrie. You ever read a bio of someone you've never heard of? It's an interesting experience. It's kind of shameful that I hadn't heard of Charles R. Saunders until his induction into the Canadian Science Fiction and Fantasy Hall of Fame this year, but that's kind of the point—he died broke and unknown and was buried in an unmarked grave before his friends and fans figured out where he was and crowdfunded a memorial. He was a Black author and journalist from the US who fled the draft and eventually settled in Halifax, and he pioneered the genre of sword and soul, which is Conan-inspired stories set in fantasy Africa. Again. Hadn't heard of it. Tattrie worked with and was friends with Saunders (he was one of the aforementioned crowdfunders) so Saunders' life story is interwoven with Tattrie's investigation into what happened to him and why. He also gets a big assist from Charles de Lint (!!) who kept all of the many letters that Saunders wrote to him. I am reading this for podcast-related reasons but I'm genuinely fascinated by this story and will probably check out Saunders' novels based on this if I can find them.
Train stabbing suspect charged with further offences including attempted murder
Nov. 19th, 2025 11:21 ambbc_feedAnthony Williams is charged with two counts of attempted murder along with other offences.
Nicki Minaj supports contested Trump claim Christians being persecuted in Nigeria
Nov. 19th, 2025 11:13 ambbc_feedThe US-based Trinidadian rapper addressed the UN in New York alongside Trump administration officials, making claims that lack evidence.
Epstein files release to await Trump's signoff after Congress gives approval
Nov. 19th, 2025 11:07 ambbc_feedOnce the US president signs the measure, the justice department will have 30 days to release the materials.
Russian spy ship on edge of UK waters, defence secretary says
Nov. 19th, 2025 11:05 ambbc_feedJohn Healey says the Russian ship is in waters north of Scotland and is being monitored by UK forces.