1. zendesk allows you to add users to a support issue and view the complete issue history by sending a response email to a guessable support email from a person associated with an
issue and cc'ing the person to add.
2. Zen desk depends on a spam check for inbound email validity. This check does not appear to catch instances where sender email is spoofed. Zendesk claims this is bdue to DKIM/SPF/DMARC config but I have trouble imagining that 50% of Fortune 500 would get this wrong. There are many automated checks available.
3) Apple issues an Apple ID account to anyone who can receive a verification email
Sent to the mailing address (support@company.com)
4) Slack allows you to sign in to a workspace using any Apple ID associated with the workspace domain (e.g. support@company.com)
This researcher reported #2 to hackerone and was declined. Researcher later discovered full exploit with
3 and 4. Did not update hackerone, contacted affected companies directly.
it would have been prudent to update hackerone on the additional finding, but it feels like an easy oversight for a 15 year old after getting rejected on the first round.
Zendesk should take the higher ground and recognize the mistake and correct it. Not get all "ethical mumbo jumbo."
Based on the Oct 12 change log, "changed flight 4 to "starship super heavy" -- this reads that they can perform multiple flights with the same mission profile. So they can do a few quick test catches and avoid relicensing?
unlikely. They'd already created the prototype decks. They had the fabrication know-how in house. Sure they have in house VFX experience, but rigging the scene and trying to match lighting to reality and ultimately disappointing customers? It's a no brainer to use the real deal when you can.
Many would hire an agency to create an ad for you but that would 10x the cost, not to mention dealing with the opinions of an outsourced creative director...
Which itself is based on an earlier RFC for not-specifically-Geo-JSON, RFC 7464. Both do things a little different than the others: they use the "record separator" character at the start of each line and actually split on that separator when parsing.
The GeoJSON one pretty much seems to exist just to hang an "application/geo+json-seq" media type registration off of. Part of me wants to say this really should have been more of a "all json subtypes are also json-seq subtypes" situation but maybe that's not really feasible with the standards/registration processes.
This is only an issue with plain numbers, however. If you'd have the number in an object or array, you'd detect the truncation just as well. Since using jsonl for a plain list of numbers is... overkill, I'd say it's not an issue.
On the other hand, requiring line terminators in the standard would inevitably lead to incompatibility issues. Most software would accept unterminated files, because text libraries do; and so some files will not be terminated. Some applications do not line-terminate files even on Linux (hello VSCode), and it would be even more problematic on Windows
It makes it incompatible with concatenative streaming, requires O(n^2) reparsing on every new chunk instead of just scanning for \n.
And if you have to parse values to detect end of record anyway, there’s no point in having jsonl standard at all, since you can just try to parse until the matching brace and repeat on success.
What’s the difference between terminators and separators here? The ndjson spec [0] doesn’t say anything like that, and it seems that ndjson and jsonlines are identical in what documents they accept.
A separator separates two records, where as a terminator terminates a record.
You can detect and error out if you see an unterminated record at end of transmission. With separators, the producer might not put a separator after the last record, because there's nothing to separate it from there.
There's no justification for not using terminators, it's just a bad spec. Unsurprising story: the variant with better marketing has less technical chops.
If designed well, this type of motor could do regenerative braking too. It's a matter of proper control of current in the stator and rotor and their phase difference, thus mostly electronics.
My best friends are those I play catan with regularly. There is no other game so enjoyable, which can inspire such anger towards friends for their transgressions, yet allow such easy forgiveness. Rest in peace, Klaus.
This is hardly the "passing lane," it's just following a left lane exit onto treasure island. the entire bridge is a splits into three different freeways when it touches down in Oakland. You pass in whatever lane is moving fastest.
Touchscreen designs can be fast. I'd still prefer physical controls because of tactile recognition -- you can find the control without looking, but I ended up choosing a new Volvo over other makes partially because I prefer the simplicity of the interface.
1. zendesk allows you to add users to a support issue and view the complete issue history by sending a response email to a guessable support email from a person associated with an issue and cc'ing the person to add.
2. Zen desk depends on a spam check for inbound email validity. This check does not appear to catch instances where sender email is spoofed. Zendesk claims this is bdue to DKIM/SPF/DMARC config but I have trouble imagining that 50% of Fortune 500 would get this wrong. There are many automated checks available.
3) Apple issues an Apple ID account to anyone who can receive a verification email Sent to the mailing address (support@company.com)
4) Slack allows you to sign in to a workspace using any Apple ID associated with the workspace domain (e.g. support@company.com)
This researcher reported #2 to hackerone and was declined. Researcher later discovered full exploit with 3 and 4. Did not update hackerone, contacted affected companies directly.
it would have been prudent to update hackerone on the additional finding, but it feels like an easy oversight for a 15 year old after getting rejected on the first round.
Zendesk should take the higher ground and recognize the mistake and correct it. Not get all "ethical mumbo jumbo."