> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.
I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.”
This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.
Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.
I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.
Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder.
I assume the scanner is a separate library/service that receives the contents and returns a boolean safe/malicious result, and the implementation using MD5 to avoid expensive re-scans is an internal detail hidden from the caller.
They simply got blow-back and retracted that new AUP and replaced it with a blank single-page PDF, but very specific, legal language doesn't just get inserted "by mistake". AUP changes, especially incredibly controversial and possibly existential changes, will obviously go through multiple levels of approval and legal at a company the size of PayPal. They just got caught.
I made my own CA for this because nothing else could provide transparency regarding certificate issuance (whether an attacker issued a "spare" backdoor certificate)
It's called PSD2 and it applies EU-wide since September 2019. Banks have to make _some_ form of API available to third parties. However, these third parties must meet certain criteria and get a license in one of the member states. This makes sense since they can access financial data, and they only have to do it once. So a fintech licensed in e.g. Belgium can access the APIs of a bank in France and vice versa. Since banks already have most of the necessary rules and paperwork in place, I've seen many banks themselves become PSD2 clients as well, offering customers the ability to manage "foreign" bank accounts through their app as well.
Not sure about VLC, but ffmpeg has great support for Blackmagic, you just have to download the Blackmagic SDK, compile ffmpeg with Blackmagic support (and the SDK in path) and then you'll have a separate input/output device available in ffmpeg. The other great thing about this approach is that this way audio also takes a dedicated, integrated path, bypassing OS layers and maintaining sync with much less effort.
Erlang supports hot reloading by design with no limitations. There can even be some threads using the old and some using the new version simultaneously. It was designed for phone exchanges where they aimed for 9 nines of availability. You can install it on most mainstream operating systems.
