Thanks for clarifying. I agree with the points made in your elaboration.

I'll just note, my experience has involved allowlist-based sanitization of HTML content entered via a rich-text editor or loaded server-side from RSS or Twitter feeds. The sanitized HTML was stored in a database and later loaded via AJAX and injected into the DOM via jQuery's problematic DOM methods. The original code was written by colleagues and my fix was to switch to JsonML using a library I wrote that uses safe DOM methods and avoids unsafe techniques such as innerHTML.

CVE-2020-11023 is specifically about passing untrusted HTML — even after sanitizing it — to jQuery. This is supposed to be a safe operation and was fixed by the jQuery developers in version 3.5.0 <https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/>.

My point is: CVE-2020-11023 is an example of a valid security issue and your summary is misleading. Of course, one should not blindly use untrusted content, but it should be safe once mitigated by good practices such as sanitization.

Quoting from https://www.eetimes.com/how-se...

The following snippet is a snapshot of one the technical papers from Seagate titled "128-bit versus 256-bit AES encryption" to explain why 128-bit AES is sufficient to meet future needs.

If you assume:

        Every person on the planet owns 10 computers.
        There are 7 billion people on the planet.
        Each of these computers can test 1 billion key combinations per second.
        On average, you can crack the key after testing 50% of the possibilities.

Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!

Its damned near impossible to BSOD a Windows 7 system with a bad driver, it will just silently kill and restart the driver (as a system should) and make a little note in Action Center about it.

Is there any online documentation on this feature where the OS can silently kill and restart the driver? I can't find any references to that other than for "VPU Recover", which is supported as far back as Windows XP.

I have recently been configuring a webserver running Windows Server 2008 R2, which uses the same kernel, NT 6.1, as Windows 7. It frequently gives a BSOD with error code "STOP: 0xD1". The minidump suggests the problem is due to an interaction between the network card driver and the kernel network libraries. This problem occurs with two different network card adaptors (with different drivers). It would be an huge improvement if Windows would simply restart the drivers rather than BSOD.

Socket AM2 (first out in 2006) can still run the latest Bulldozer based AMD processors.

Neither socket AM2 nor AM2+ can run Bulldozer.

btw, I'm very happy with my AM2+ motherboard running a Phenom II.

Better colour gamut, no flicker, always perfectly sharp, no distortion, etc...

The adjustable brightness of LCD displays is normally implemented using pulse width modulation that can cause visible flicker. This is apparently much more visible with LED backlights than with the CCFL backlights.

Flicker from LED backlights is typically much more visible than for CCFL backlights at the same duty cycle because the LED's are able to switch on and off much faster, and do not continue to "glow" after the power is cut off. This means that where the CCFL backlight showed rather smooth luminance variation, the LED version shows sharper transitions between on and off states. This is why more recently the subject of PWM has cropped up online and in reviews, since more and more displays are moving to W-LED backlighting units now.

@see Pulse Width Modulation

I was John Doe #34.

I was quite worried when we received the email from Weil, Gotshal & Manges LLP but they had put all recipients in the CC field so someone quickly set up a mailing list.

I was in the UK and at that time, had never been to the US, so I figured the Californian court wouldn't have jurisdiction.

From TFA:

The shift from "talk therapy" to drugs as the dominant mode of treatment coincides with the emergence over the past four decades of the theory that mental illness is caused primarily by chemical imbalances in the brain that can be corrected by specific drugs.

I don't understand this theory as it seems, to me, that "mental illness" and "chemical imbalances in the brain" are the same thing with no cause/effect relationship between them. It also seems that psychotherapy and drug therapy are attempts to treat the symptoms via the two respective faces of the same metaphorical coin.

Is there anything online that explains this cause/effect theory?

Many login systems create random salt for EACH account, and store it with the hash.

This is one reason why unique salt for each account is preferable.

It's better to generate a new salt for each password; i.e., a new salt should be generated whenever a password is modified. That way it is pointless to generate rainbow tables for a chosen account.

Yeah. So XML is great, once I read the six thousand page spec. Why is this better than a binary format again?

I don't know that I'd suggest a business keep their data in ODF, either, but it's a hell of a lot better than OOXML as far as having actual migration paths and being reasonable for third-party software to read and manipulate. The last time I actually tried working with this stuff (just extracting stuff from MS Office and converting it to more-reasonable HTML), I tried parsing the OOXML, only to realize that it was suicide without a library, no matter how small the data I needed was.

I expect you're completely correct regarding migration and multiple implementations. I have to disagree regarding typical export/conversion routines.

A few years ago, I wrote an MS Office Open XML to XHTML converter. It ignored some of the original layout as it was just an initial step in converting Word documents to websites. Most of my time was spent on converting complex tables (multi-row headers; row & col spans) to semantically correct and fully accessible XHTML tables (thead, tbody, th, & td elements; id & headers attributes; etc).

The main reference I used was "Office Open XML Part 4 - Markup Language Reference.pdf" which is 5,220 pages. As I was only dealing with Word documents I only needed the material in the first two chapters (1. Part Overview; 2. WordprocessingML Reference Material), and that's 1,629 pages. Even then I didn't need much beyond 2.9 Numbering, so that's down to 816 pages.

So, while the specification totals around 6,000 pages, for many business applications far fewer pages will be applicable.

The vast majority of people have no NEED to use IE6, and the vast majority of web developers have no need to support IE6. In fact, I's say there is ZERO requirement for ANY web developer to EVER support IE6 at this point. Anyone who says otherwise is making excuses or lying.

That's nice, but back in the real world many of my client's clients* use IE6. I'm currently enhancing their web-based application and dropping IE6 support is not an option.

* Including one particularly large client.

(did I just feed a troll?)

Thanks for the information. I'm blocked from torrent and websites like TPB. I'll see if I can find a crack elsewhere.

My problem is that I'll buy the game before I can find out if I can play it! At least it's much cheaper now than when it was first released.

I purchased GTA3, Vice City and San Andreas and played them all to completion, so I was really looking forwards to GTA IV. Problem is that I don't have a home Internet connection*. Now, over two years later, I haven't brought or played it. Every now and then I take a look online for cracks, but I haven't found any that will allow installation and play without an Internet connection.

I had also purchased and enjoyed Half Life and was looking forwards to Half-Life 2. Over six year later, because of DRM, I have not brought or played it.

I hope that one day these games will be re-released without the DRM. The publishers really should do this as anyone who wants to pirate them will have already done so by now.

* I work long hours, have a fast Internet connection at work; and can transfer files as needed. A home Internet connection would cost me about 300GBP (500USD) for the first year, which is too much just to activate a few computer games.