Mathematics, Quantum Error Correction, Cosmology, and the Hidden Hand of Evil (wisewolffinancial.substack.com)

The first lesson in cybersecurity (and I would imagine in real physical security as well) is that "protect your [asset]" is not well defined in a vacuum. You need to develop a threat model before you can sanely ask any questions about what actions you do or don't need to take.

HTTPS protects against one specific scenario: a third party is intercepting the communication. So it protects your users against those third parties (who might never forward the request to your site, and instead pretend to be your site; or they might spy on what they say to you or what you say back to them).

It does not protect against malicious users trying to hack your site directly, in any number of ways. Nor does it protect against people trying to hack into your server directly (bypassing the site entirely, although they might have the purpose of damaging your site). And it definitely doesn't protect against people trying to trick your users off-site, for example by sending them an email pretending to be from you.

jsheard · 6h ago

Huh? You're gonna have to elaborate a bit.

01-_- · 6h ago

why do we have to sanitize the input fields? why do we have to configure more headers? why even if we have https configured do we still have to add many other security elements?

codingdave · 5h ago

Take a step back and think about what security is in the first place - it is reducing the risk of people engaging in behaviors that you do not want. The list of those behaviors is not consistent between apps, although there is a large base of common concerns. HTTPS resolves one of those common concerns. No more, no less. Expecting one solution to all concerns is not a reasonable expectation.

jsheard · 5h ago

Because the point of HTTPS is to prevent man in the middle attacks. It isn't supposed to do everything.

Llama2.c on the Commodore C64 (github.com)

Designing a Simple Quantum Morse Encoder Decoder Using IBM Quantum Experience (researchgate.net)

Co-dfns: High-performance, reliable, and parallel APL (github.com)

Show HN: NBAGrid, a daily NBA guessing game (nbagrid.pythonanywhere.com)

Testudo – Metadata Cleaner (github.com)

Curti put a parachute on its Zefhir helicopter (2019) (verticalmag.com)

Discover curated learning resources in any niche (zapskills.com)

RSAC wrap: AI and China on everything, everywhere, all at once (theregister.com)

A scalable, secure and fault-tolerant distributed NoSQL database architecture (researchgate.net)

I Grew from Engineer to CTO (newsletter.eng-leadership.com)

The New Control Society (thenewatlantis.com)

A Social Network for Good (pruufapp.com)

Exposing Darcula: behind the scenes of a global Phishing-as-a-Service operation (mnemonic.io)

Can Speed Radar Measure Music? [video] (youtube.com)

Ask HN: Anyone else give up on trying to get rich?

Bad Faith (Film) (en.wikipedia.org)

Make Reviewing AI Output Fun (worksonmymachine.substack.com)

Chain-of-Draft surpasses CoT with only 7.6% of tokens (arxiv.org)

The fly-tipped sofa: how an abandoned couch changed a small village -in pictures (theguardian.com)

US House Passes Bill to Assess Threats Posed by Foreign Network Routers (infosecurity-magazine.com)

Progressive Dehancement (dbushell.com)

Mathematics, Quantum Error Correction, Cosmology, and the Hidden Hand of Evil (wisewolffinancial.substack.com)

You can't prevent your last outage, no matter how hard you try (surfingcomplexity.blog)

DigitalOcean Managed Caching for Valkey (digitalocean.com)

A Trade Breakdown (lynalden.com)

Detached Observations: Dequeue Phase – What Happens After You Understand? (smolnero.substack.com)

Generative Modelling in Latent Space (sander.ai)

CORBA: Catching The Next Wave (1997) (web.archive.org)

NASA Proposal Would Shift Agency's Focus Away from Space Science (nytimes.com)

Digital Archaeology, Part II (blondihacks.com)

Why are there no thunderstorms in the UK? (onepotscience.com)

Re the Boundaries of Human Potential (project-genesis.webnode.nl)

Light-activated pacemaker is smaller than a grain of rice (physicsworld.com)

The Robotics Threshold: China's Rise, America’s Reckoning (edgeofautomation.com)

I'd rather read the prompt (claytonwramsey.com)

It's time to give the AI doomsaying a rest (greyenlightenment.com)

The complicated business of electing a Doge (theballotboy.com)

Why is Windows consistently losing market share? (2024) (medium.com)

'Dangerous nonsense': AI-authored books about ADHD for sale on Amazon (theguardian.com)

Bitcoin's Op_return War II: Code Change Could Break Bitcoin Forever? [video] (youtube.com)

Nouswise: Next-Gen of Search Interfaces (nouswise.com)

Slovenia's Unexpected Economic Success (youtube.com)

Score high on renewable energy, while reducing CO₂ emissions by 2050 (energyville.pages.dev)

Show HN: Aye.so – Send digital letters with a 10-hour delivery delay (aye.so)

TypeScript Docs – The Modern TypeScript Documentation (typescriptdocs.com)

The first code deployable biological computer (corticallabs.com)

Show HN: 100.st – Dev utilities I built for format conversions and encoding (100.st)

The Elements of Euclid (With Highlights) (elements.ratherthanpaper.com)

BBC and Agatha Christie estate respond to 'deepfake' controversy (mashable.com)

The landscape artist who makes her paint from pearls, crystals and volcanic dust (theguardian.com)

Ask HN: Why isn't HTTPS enough to protect your site?

Comments (5)