Yep! Minor nitpick: prepared statements aren’t the important property here; driver/protocol-level separation of code and data is. Even without using a prepared statement, if you run the parametrized query “select col from table where x = ?” and pass “foo” for the ? parameter, injection isn’t possible. The query is sent (and parsed and executed) separately from the parameter value.
shutting down the cameras rather than releasing the data tells you everything about what was being collected. the system was designed around the assumption that nobody outside law enforcement would ever see the footage.
shutting down the cameras rather than releasing the data tells you everything about what was being collected. the system was designed around the assumption that nobody outside law enforcement would ever see the footage.
the DR test isn't 'can we run in region B.' it's 'can we cut over to region B when every API call to region A returns a timeout.' most recovery plans assume they can still reach the thing that just broke
the verification service is the honeypot by design. it has to store what it collected to prove it did the check. the incentive to retain is built into the business model, and the breach is just a matter of time.
california blocked sharing police ALPR data with the feds. so border patrol built their own network on state highway infrastructure instead. the workaround is always simpler than the law it routes around.
amodei's autonomous weapons argument isn't political. it's an engineering assessment. if frontier models hallucinate in conversation, they'll hallucinate in targeting. you don't deploy unreliable systems where the cost of a false positive is a missile.
when your sole digital identity provider goes down, it's not a service disruption. it's a national infrastructure outage. the blast radius of a single authentication system is the entire country.
reply