If I understand correctly, I see all your points as potential rewards.
These rewards are useful to the US if they accomplish regime change to a friendly regime or at least military occupation of a good strip of land.
The article is about how these two preconditions for obtaining the rewards are unlikely to be fulfilled and, at the same time, non-accomplishment might achieve the opposite:
- Iran (and by necessity, other Gulf states if they want to export oil) align more with China
- US-partnership will not provide security (Arab states, South Korea and other allies are now less secure and the US can't protect them)
- US and allies are in a worse position to secure South America
Huge risk with little chances of a reward. That's the article.
Modifying the rewards does not change the game unless the probability of obtaining them increases or that of the risks decreases.
Honestly I didn't even realize Bing hasn't yet been rebranded as Copilot. And honestly who needs a "search engine" anymore when you can just ask Friend Copilot?
DNS naming rules for non-Unicode are letters, numbers, and hyphens only, and the hyphens can't start or stop the domain. Unicode is implemented on top of that through punycode. It's possible a series of bugs would allow you to punycode some sort of injection character through into something but it would require a chain of faulty software. Not an impossibly long chain of faulty software by any means, but a chain rather than just a single vulnerability. Punycode encoders are supposed leave ASCII characters as ASCII characters, which means ASCII characters illegal in DNS can't be made legal by punycoding them legally. I checked the spec and I don't see anything for a decoder rejecting something that jams one in, but I also can't tell if it's even possible to encode a normal ASCII character; it's a very complicated spec. Things that receive that domain ought to reject it, if it is possible to encode it. And then it still has to end up somewhere vulnerable after that.
Rules are just rules. You can put things in a domain name which don't work as hostnames. Really the only place this is enforced by policy is at the public registrar level. Only place I've run into it at the code level is in a SCADA platform blocking a CNAME record (which followed "legal" hostname rules) pointing to something which didn't. The platform uses jython / python2 as its scripting layer; it's java; it's a special real-time java: plenty of places to look for what goes wrong, I didn't bother.
People should know that they should treat the contents of their logs as unsanitized data... right? A decade ago I actually looked at this in the context of a (commercial) passive DNS, and it appeared that most of the stuff which wasn't a "valid" hostname was filtered before it went to the customers.
Great article with lots of practical ways to implement it. In my view this is a superpower and I find I can usually do it if I'm not stressed or tired.
As follow-up thoughts:
- It's important whom you listen to. Consider it a gift you're giving and give it only to those who you think deserve and not abuse it or make you consistently feel bad about something.
- Those listeners are also very healthy in/for a group,e.g., at work.
- Listening is a big part of managing a team. People's thoughts are often all over the place and it's your job (partly) to structure these, within a person and a across a team. People that feel heard are much more inclined to listen.
- For starters: Just make an effort to ask five open-ended questions in every conversation you have. You will see how people open up after some time. This also works for family, dates, colleagues, ...
It takes energy, attention, and emotional bandwidth, so it's reasonable (and healthy) to be selective about where you spend it. Otherwise you end up being an unpaid therapist for people who never reciprocate.
And this is with no income tax or VAT on sold electricity.
reply