For our corporate API, we the Apiary markdown with aglio to convert into nice documentation. I've tried RAML (I didn't like the giant YAML file) and apidoc (I didn't like to put 100 lines of user documentation next to 20 lines of implementation). I use protagonist to convert the md file to JSON which my Python code can load and compare with the decorated API endpoints -- I can then verify they and all their parameters are properly documented. I don't use the fancy Apiary features yet.
Encryption isn't the same as hashing. Encryption is two-way.
The previous comment did make the encryption / hash distinction - though I can totally understand how his post might have been misread that he was recommending the same mechanisms for both sets of data.
OK, so slack stores a username, name and email address for each user. This is visible to everyone else in the same Slack team at minimum. You also need it for e.g. password resets, perhaps billing.
We can assume they aren't total idiots and there's a Internet facing application server that connects to a internal-only database server that has this data. Also, assume SQL injection is not the attack vector.
How would you apply encryption to protect the username, name and email from an attacker that has gained access to the application server? I've gained some shell on the server and have 24 hours minutes to extract data. I can see all the files on the server but maybe as non-root but just the user that runs the application. How can you, as a security sensitive application developer, stop me if I've gotten so far?
I find the /etc/httpd/logs symlink more annoying. If you want to grep through your Apache configuration you have to explicitly grep through conf and conf.d otherwise just going to /etc/httpd and doing a grep -r you're searching through gigs of Apache logs.
grep -r shouldn't follow symlinks, -R does however:
-d, --directories=ACTION how to handle directories;
ACTION is 'read', 'recurse', or 'skip'
-D, --devices=ACTION how to handle devices, FIFOs and sockets;
ACTION is 'read' or 'skip'
-r, --recursive like --directories=recurse
-R, --dereference-recursive likewise, but follow all symlinks
Having tried that out, I didn't find it particular user friendly compared to the various fancy NoSQL database where it's just something like... database-server --connect the_master:12324 -- and you've got your cluster even with automatic replication of data depending on your sharding rules.
I suppose that ACID-SQL makes it harder to set this up reliably.
Is there one of the commercial things like EnterpriseDB that fixes that? Effortless, reliably clustering with a nice status that says: slave2 is 95% sync'ed with master1 ETA 2 hours.
Interestingly enough, while it looks bizarre in a video game, this is functionally how left/right turn bays work in some large urban one-way streets in real-life. See, for example, this NYC intersection: https://goo.gl/maps/SCFrQ . The left turn lane is a parking lane until one is within half a block of the intersection in question. While it isn't as extreme as 2 lanes to 6, it's very similar. So... is it a hack for the game, or is it a hack for real-life, or neither?
I walk through that intersection most days. What they've done in NYC is interesting. That part of First Avenue used to be, like most in mid and upper Manhattan, six (or sometimes more) undifferentiated lanes.
The first change was the addition of dedicated bus lanes (right-most lane, painted reddish), complete with violation cameras and automated ticketing. This reduced competition among buses and cars -- in favor of buses, leading to somewhat better bus throughput. Cars now had five lanes -- although with parking in at least the left-most lane, and delivery trucks double-parked adjacent to the cars, more like three.
Then came the big bike lane initiative. In the book Traffic, by Tom Vanderbilt, some of the takeaways are that parked cars can form a buffer between flowing traffic and bike lanes, and that narrowing roads at intersections through the addition of islands with trees on them increases pedestrian safety (in no small part by reducing the speed of turning cars at intersections). To varying degrees they've applied these ideas -- the left-most lane is now entirely a bike lane (painted green, complete with its own traffic signals). Next to that is a dedicated parking lane -- yes, in lane two -- often buffered by concrete islands at intersections, with a tree or two. You can see this here 
Cars now have three or perhaps four lanes for general travel. For left turns, the bike and parking lanes are cut by a dedicated left-turn waiting lane  (usually with its own left turn signal, so left turners are not fighting pedestrians in the crosswalk).
On some avenues they then added "Select Buses", which work on a "trust-but-verify" honor system so riders can enter and exit quickly through any of three wide doors without queueing to dip a Metrocard.
Finally, they cut the city-wide speed limit to 25 miles per hour, adjusting the timing of avenue traffic signals accordingly.
The result of all this has been much gnashing of teeth and rending of garments, but as a whole it's made the city substantially better for bikers and pedestrians, and in many cases left turns are much easier for drivers.
Stuff like that is pretty common in suburban Northern Virginia (for example). There are lots of busy roads with two lanes in each direction which expand to three, four, five, or even six lanes at intersections with dedicated turn lanes. I think the only reason that "proposed hack" screenshot looks so weird is because the distance between intersections is much, much shorter than it would be in real life, relative to the width of the road. For example, you can see it in action in various amounts for all four directions of this intersection:
It sounds like the game is inaccurate in how it models traffic, because in real life people do move out to make use of empty inner lanes (outer lanes? I can never remember). NB: I've not played the game so I'm not 100% on what the traffic problem is, exactly.
The problem stems from the car AI being crazy aggressive in it's lane switching. They will switch to the lane for their exit the instant they can, even if they still have to travel around the entire city to get to it. Leading to middle lanes not getting as much use (At least without careful planning to ensure there is something they can exit the road from the middle lanes with) and potentially large backups of a single line of cars waiting to turn right (Even when the lane right next to it is also a right turn lane). They also cannot merge properly so I end up placing exits on both side of my highways (For both incoming and outgoing traffic) with one side coming up and over the road to join into the other sides exit to limit congestion.
Not that any of these things are completely unrealistic but it is occasionally annoying when your traffic is backed up solely because they're ignoring the adjacent lane.
For every other location BUT Africa you can get a speed test from this site: http://www.webpagetest.org/ -- this also lets you different browsers and run an initial + repeated (with something cached) test.
Well, it's a client side library. By that reasoning, jQuery can be said to be vulnerable to XSS if you call .html() with untrusted user input. It seems reasonable to me that the label of each bubble can contain HTML code, it's up to the user to ensure any user input is escaped.
Agreed. In fact, to build on 'Erwin's example, jquery makes note of the potential for XSS when calling .html(), .append(), .after(), etc.
> Do not use these methods to insert strings obtained from untrusted sources such as URL query parameters, cookies, or form inputs. Doing so can introduce cross-site-scripting (XSS) vulnerabilities. Remove or escape any user input before adding content to the document.
When I call that library, I shouldn't have to worry about the fact that it uses HTML. It is a leaky abstraction since a field that is, intuitively, supposed to be text for the label, is actually just treated as HTML for plain insertion into the page.