rhyselsmore's comments

FBI deals with a lot of different fields. Not all field offices handle the same types of investigations. Alaska has this capability.

Just turn it into a single query using CTEs.

Needs compensating controls to get it right.

* Dependencies are managed in a similar way to Go - where hashes of installed packages are stored and compared client side. This means that a hijacker could only serve up the valid versions of packages that I’ve already installed.

* This is still a “centralized” model where a certain level of trust is placed in PyPi - a mode of operation where the “fingerprint” of the TLS key is validated would assist here. However it comes with a few constraints.

Of course the above still comes with the caveat that you have to trust pypi. I’m not saying that this is an unreasonable ask. It’s just how it is.

“a substance (not being a prohibited drug) which, for the purpose of its being supplied, is represented (whether verbally, in writing or by conduct) as being a prohibited drug or a specified prohibited drug, for the purposes of this Act and the regulations, be deemed to be a prohibited drug or the specified drug, as the case requires.”

Nope. Claiming that the 3g of powdered sugar is cocaine? You’re getting done with supply.

In Australia, no.

Let’s say you’re an undercover cop, and I sell you what I say is 3g of cocaine, but turns out there is only 0.1g in there. I’ll still be charged and convicted on the 3g.

the (log) streams all run into the (data) lake

Certificate Transparency Logging allows you to view the issuances of certificates.

CAA records provide some extra defence (https://en.m.wikipedia.org/wiki/DNS_Certification_Authority_...).

It’s not perfect, but it’s getting better.

As an ex-paramedic this really hits home.

I may have some spare copies of the first 2 volumes in storage at my parents place. Want to shoot me an email (me at rhys dot io), and I can have a look next time I am there?