All the ORMs I have used can easily do the equivalent of this
select count(*) from cars where condition;
If programmers are doing what you say that they are then the programmers are the problem not the library.
Furthermore most ORMs (certainly any that I would consider using!) allow escaped SQL to be used - and if the query gets much more complicated than a couple of where clauses I consider using this feature.
A decent ORM used well allows programmers to program faster on the simple stuff but still write fast code for the complex stuff.
Yes but the unscrupulous ones will be happy to give and receive fake reviews. The more honest ones won't. So it will be hard to tell the difference between a bad recruiter (fake positive and real negative reviews) and a good recruiter (real positive and fake negative reviews).
It's actually really easy. My standard test for potential recruiters: Tell me something about myself. This takes a tiny amount of work -- anybody who has my email address can google me and find a huge amount of stuff. A recruiter who is not bothered to do that will not be bothered to find a job that's good for me.
When I find a good recruiter, I stick with them (as long as I'm shopping in the area that they deal with). I make sure they know that. If a recruiter is good enough that they can value a long term relationship as opposed to frantically trying to meet their sales targets every month, then they are a good recruiter.
The downside is that there are practically no good recruiters ;-). If I'm seriously looking for a job, I look as hard for recruiters as I do for a job. Often I find the job before the recruiter.
>The general rule is that arrest records are public records. However, each state can determine whether they wish for such records to be readily available to the public. [1]
>Arrest records are generally open to the public unless they concern an active or ongoing investigation.[2]
>Since the arrest record is public, anyone can access the information by going to the jurisdiction’s government website. Also, anyone can obtain the arrest record by going to the county clerk’s office in person.[3]
When traveling to e.g. the USA arrests have to be declared on the online visa waiver. Similar for other countries. I have no idea what happens if you have any arrests but I assume it is not totally convenient. Even if your record might be sealed/not public in your countries does not mean you can ignore this section of the form.
Answering the updated question regarding the security of running what is described in the post, but using Xephyr and not the desktop's existing X11 session.
It is as secure as the individual components, that is whether there are security vulnerabilities in LXD, and in Xephyr. There are currently no pending security vulnerabilities to fix in either (as far as I know).
So including Xephyr this is a reasonable way to sandbox a browser? To the same level of reasonable as browsing in any virtual machine is.
Is this sort of thing possible with Wayland? If so does Wayland already enforce the necessary process isolation or does something like Xephr for Wayland need to be developed first?
The X11 protocol has been around several decades. The Wayland protocol has been around several years. There are more tools available for X11 and it's used extensively in all distributions. Even in those that are based on Wayland, those have XWayland as well meaning that X11 works there as well.
Gradually, the Linux desktop will be moving towards Wayland and it's a good thing that this happens.
Xephyr is the appropriate tool for what we do (it's a display server for the X11 protocol, can reuse the acceleration of the desktop). There are equivalent tools for Wayland, it's just not required yet. It is possible though to do these things with Wayland as well and probably there is already a tool that I am not aware of.
There is already process isolation with the containers. The lingering issue is with the graphical output on either X11 or Wayland. That needs some extra care. With X11, choice is Xephyr. With Wayland, there should be something equivalent and is probably simpler.
In terms of security of Xephyr, there is an issue. It is a tool that is not used very much and may have some unreported security vulnerabilities. But the same goes with qemu, the hardware emulator. qemu is big and has too much functionality which makes it likely to have yet unreported security vulnerabilities. Have a look at https://cloudplatform.googleblog.com/2017/01/7-ways-we-harde... which specifically mentions the risk in points 2 and 3.
Nevertheless, it should be very important to also implement an option of using Xephyr as part of the application isolation efforts.
This is a convenience tool, that uses your existing X11 session. You would not use it when testing malicious programs because they would be able to attack the X11 session (but not your host's filesystem).
If you want to test programs that might be malicious, then you would set up a separate X11 server like Xephyr and get the output to get directed over there. In that way, both the filesystem and X11 session would be separate from those of your host.
I mention the use of Xephyr in the Conclusions of the post. There is some new functionality in LXD that is being released soon that will make it very easy to use Xephyr as well.
This is the advice given by banks and anti-fraud agencies. NB in some countries landlines can remain on a call for several minutes after the call receiver has hung up. A phisher will play a dial tone etc to make it seem realistic. The advice is to either wait 10 minutes (longer?) or preferably call back on another line if you receive a suspicious call.
> NB in some countries landlines can remain on a call for several minutes after the call receiver has hung up.
Source for this? I find it highly suspect from a technical perspective (1-3 seconds, maybe, but not several minutes) and nothing I can find online even remotely seems legitimate / real.
'tis true - the caller has call release control on the PSTN i.e. the call doesn't end until the caller puts down the phone. There's special handling for e.g. 911 calls so that call release control is given to the callee i.e. the PSAP.
This doesn't work for e.g. SIP because the SIP client is not a dumb slave to the network. If I click end call, even if the network doesn't 'want' to end the call, my phone thinks the call has ended.
This used to be true but I really doubt it’s the case anymore.
Most of the “PSTN” nowadays has a bunch of SIP or other digital stuff in the middle, so this breaks down. Not to mention, this was never possible for mobiles to begin with.
It really is the case. VOIP in the middle isn't a problem. MGCs can translate between the callee's phone being on-hook to a SIP re-INVITE with inactive media. In fact, I've worked on projects in the last few years to do just this.
Telcos move slowly.
You're right about mobile networks though - that's a different kettle of fish.
Just wondering, why is that? It seems like a lot of effort instead of just sending a BYE when the phone is hanged up. I don’t see any legitimate reason for this “feature” to exist - if anything it makes scams & eavesdropping by a malicious remote caller easier.
Per one of the articles I found on it, British Telecom apparently set the delay to 3min. The rational (if article is to be trusted) is that customers wanted the ability to hang up one phone and pick up another phone in the same home without disconnecting the call.
My argument was that even if you did have an “actual” copper line it would eventually be terminated at a device that speaks analog phone line on one end and spits out SIP on the other end.
This specific hanging-up behaviour was an artifact of older analog switches and I didn’t think they would emulate it in the software-based SIP switches but according to the comment above it’s still the case.
I definitely knew this was the case back when analog COs were the norm, but didn't realize this was still true. Seems it is very dependent on PSTN provider (I know SWBell didn't do this for normal lines when I worked there) as some do, some don't.
I’ve personally experienced this, probably 30 years ago, in Canada.
I’d call a friend, we’d finish talking, then I’d hang up and as a joke he’d leave his phone off the hook. I couldn’t make another phone call until he hung up or some timeout of unknown length passed.
When I was younger in the US the situation was similar, but I thought it was up to the originator of the call to disconnect. Been too long to be certain of my recollection.
I never determined the timeout, and I haven't had a land line in at least 15 years to experiment with.
You could be right, I can’t remember if the times that happened were when I originated the call or my friend did. I know it didn’t work all the time, and I think it stopped working at some point too.
This was back in the days when you could tell roughly where someone lived by their phone number - 43x—xxxx was south Edmonton (but not Mill Woods or Riverbend), 2xx-xxxx was Calgary, area codes didn’t matter because the whole province was 403, etc. The phone system is a lot different now - you can port a landline to a cell phone (and vice-versa). The original phone number where that happened has been ported to the cable company and now goes through coax (the equipment that handles it is basically a cable modem with a phone jack).
Actually, I’m coming around to your point of view. I think it was the recipient who controlled the “transaction”.
The world was so very different. Waiting for that 0 to finally work its way around the dial, good grief. Especially since as a kid I was perpetually afraid any phone number that included a 0 might lead me to somehow get connected to a phone operator, so I wanted to dial the following number as quickly as possible.
One of the things that radio hosts here joke about is how kids with a zero in their phone number had fewer friends. “Oh, I don’t want to call Bobby, he’s got two zeroes in his phone number, it takes so long to dial”. Between that and risking talking to An Adult and getting In Trouble, I wonder how true that is.
