> Machine Learning (e.g. CS221, CS229, CS230, CS124, CS224N) You should be comfortable with the basics of machine learning and deep learning.

Anyone have a good implementation-heavy self-study resource for those topics, or experience with the recorded lectures for those Stanford courses?

Relevant quotes:

> ... we will likely start by treating certain high-risk downloads initiated from secure contexts as active mixed content and block them.

> We're not planning to focus on non-secure downloads initiated from non-secure contexts at the moment, because users at least see the "Not Secure" omnibox badge on those pages.

(To save you a click, they look like aa_COMPANY+SHORTHASH@mydomain.com, with shorthash being based on COMPANY and a secret)

Downside is the address ends up absurdly long, and I’ve had to manually create some aliases for companies that won’t accept the plus.

I don’t recommend this setup, it’s kind of a pain to maintain, but I wish one of the mainstream providers would implement something similar.

Of course, this only works on machines you're the admin of, which is why it's allowed.

Or even worse, what if company B is mistaken as to who attacked them? If they "hack back" as advocated, but against the wrong target, are they liable?

The problem there is that captive portals don't add any extra link-layer security. The network is open, so literally anyone can sniff packets.

It's uncommon, but a network using WPA2-Enterprise and user/pass uses different keys for each person (not sure if per device or per user), so you don't have to trust everyone in the room.

To directly answer GP's question:

I took a differential equations class last semester, where the easy part of quite a few problems was to solve a quadratic equation. And it was easy, because my algebra classes had correctly required me to practice that skill (and memorize the quadratic formula).

So, you say, I'm never going to take differential equations. And you very well might not. I have two responses to that:

1) That's true, you might not, but the guy sitting next to you will, and he doesn't even know it yet. If you were allowed to opt out of that subject, you both would, and he wouldn't even have a chance to make up for it later.

2) There are plenty of other subjects where the easy part is an algebra concept, and it's only easy because you practiced it years before.

While they're not as big of a deal AFAIK, we do have the Pwnie Awards: https://pwnies.com/

Disassembly is a much easier task than decompilation, since it's a mostly mechanical process. Decompilation requires you to undo the optimizations/transformations the compiler did as it generated the binary, which is much harder.

That said radare2 is still cool, and a GUI (Cutter) is in the works.

I could never get it to work as well as it does with VirtualBox.

I guess maybe it was to enable touch on some websites?

The rest of it looks like fairly standard user-agent string antics.

I'm pretty sure C keywords require a space on either side...

I don't think it would.

Dynamic linking allows a library to be patched once and have the patch apply to all the programs using it. If every program was statically linked, you would have to update each one individually.

Not to mention the waste of space.

I'm guessing much of that is moot these days, but IMHO it's still something to aim for.

Whereas to exploit a desktop app that doesn't interface with the browser (written in a decent way), you'd need code execution already.

Thoughts?

Somewhat off topic, but is this actually possible?

Given hashing is inherently lossy, I'm inclined to assume it's not possible for anything must longer than a password, but commits are text, which I suppose is low entropy per character, so I don't know.

No, the bug is definitely in the browser. Web code is untrusted and should not be able to adversely affect the browser.

You can't. These apps don't federate, and not everyone uses all of them.

As I wrote this comment, I realized I use more apps than I thought.

I use SMS for some folks, Messenger for others, and Slack, Hangouts, and GroupMe for specific groups.

If I'm in a 5+ person group chat, I can't really ask everyone to move to something else. And I want to hear what's going on, so I keep the app around.