> And it made me wonder what else would change, if we kept watching. Would Google keep adding detail? And would Apple, like Google, also start making changes? So I wrote a script that takes monthly screenshots of Google and Apple Maps. And thirteen months later, we now have a year’s worth of images:
> All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
> Merging repeated slashes is such a common behavior that we had to disable it in three separate places.
> We got their customer service on the phone, at which point we learned about the DDoS scrubbing and requested they turn it off. They did, but our connectivity problem continued. After more phone calls and escalations, we learned that there was actually a second DDoS mitigation in place, at their upstream ISP.
Too many slashes, too many mitigations, too many turtles.
> At the settlement time of the VIX Volatility Index, volume spikes on S&P 500 Index (SPX) options, but only in out-of-the-money options that are used to calculate the VIX, and more so for options with a higher and discontinuous influence on VIX.
> AES-GCM with some forgiveness. It uses the same primitives as AES-GCM, and thus enjoys the same hardware support, but it doesn’t fail catastrophically if you repeat a nonce. Thus you can use random, 96-bit nonces with a far larger number of messages, or withstand a glitch in your nonce distribution scheme.
> So it’s important to emphasise that AES-GCM-SIV (and nonce-misuse resistant modes in general) are not a magic invulnerability shield.