I thought the unintended acceleration issues had been largely disproven as user error.
That is, many other brands of cars had been reported to have the same issues by drivers. And basically a driver was put into a stressful situation, thought they were hitting the brakes, but were actually hitting the gas. Then, panicking that they can't stop the car, hit the "brakes" harder, exacerbating the problem.
I don't think this is true. If you google for toyota and misra (a C coding standard for safety-critical systems) you can find many reports on an audit that was performed on their code and the _many thousands_ of violations that were found.
There may be a bit of both at work here, because I remember seeing a lot of issues with hacking the Prius at Defcon[0], but I vaguely recall the SUA incidents being mostly related to as pedal misapplication.
I know Wikipedia isn't exactly a great primary source here, but:
> From 2002 to 2009 there were many defect petitions made to the NHTSA regarding unintended acceleration in Toyota and Lexus vehicles, but many of them were determined to be caused by pedal misapplication, and the NHTSA noted that there was no statistical significance showing that Toyota vehicles had more SUA incidents than other manufacturers.
In any case, I believe companies can definitely be guilty of criminal negligence (and Toyota did a lot of bad things during their SUA crisis). But I think the use of SUA in the comment I originally responded to sort of misrepresents the situation and mostly spreads a lot of FUD around self-driving cars.
IIRC Toyota did have a real problem with clearance between the accelerator pedal and (their own aftermarket parts) floor mats. It was possible for the pedal to be wedged against the floor mat.
I don't think that was conclusively shown to the cause of any of the incedents though.
The idea of exclusively using only a few applications definitely seems limiting. I understand in this case it's probably because of licensing and morals, but I can't imagine many businesses caring much about your principles on software licenses when everyone's passing around their ".sketch" files.
As far as I've experienced working only with floss, none of my clients ever cared about what tools I was using. Not only that but I haven't found much community that share/support/talk about running a creative business on floss only. But now I have hone my skills and I can produce the same results for the market/product I am working with, and enjoy the stability and flexibility of linux.
From what I can tell, this is a useful first step towards credential stuffing.
Requests against endpoints like this are going to be unauthenticated, since by their very nature they happen before the user is actually authenticated against the system. So you can burn through a few thousand (or hundred thousand) possibles and find out which ones actually have accounts.
From there, you can use one of many other email/password dumps and try authenticating. Hitting an endpoint where you can use an email and password is (hopefully) going to be much more guarded and will start blocking IPs when the rate or variance is too high.
That being said, I don't really know how you can stop the first step. There are plenty of answers here that say you should just let them "sign up" and then send them an email if they already have an account. But what happens if your signup process includes something like accepting payment? Obviously you don't want the user filling out all of that information again.
With as many accounts on these services that actually exist, it still doesn't answer the question of whether or not the person actually owns the email.
A corporation has no freedom of speech rights. It's important to remember that a corporation is not considered to the same rights as a person in these cases, nor should they ever be allowed to be.
A bit unrelated, but it's weird that Medium doesn't seem to support embedded code, and instead only seems to work with gists.
It made the mobile experience pretty bad (all I get are links to the gists) and it would definitely "pollute" my gist history with a lot of little code snippets.
On the note of the topic itself, though, this was a fun read for building fractals in JavaScript!
Instead of two things, you just need one. They're saying that instead of a USB-A-to-Lightning cable and a USB-A-to-USB-C adapter, you can just use the one cable.
That is, many other brands of cars had been reported to have the same issues by drivers. And basically a driver was put into a stressful situation, thought they were hitting the brakes, but were actually hitting the gas. Then, panicking that they can't stop the car, hit the "brakes" harder, exacerbating the problem.