Paul M. Jones

Here is a SubReddit on Defensive Gun Use.

On the pages for rand() and uniqid(), as well as looking at the C code, they specifically state that these functions should not be used for generating secure tokens.  They tend to generate predictable values.  And the documentation for md5() states that it should not be used for password hashing.  Granted we’re not hashing passwords when creating a CSRF token, but with the tooling available shouldn’t we be using functions that are more cryptographically secure?

...

The goal here is the random value.  As such the hashing using hash_hmac() does not buy you a whole lot extra.  The number of possible values in a 32 byte random string is 1.1579208923731619542357098500869e+77.  That alone would seem to be enough for a CSRF prevention token.  mt_rand() returns an integer which gives you  about 4 billion possible numbers.  While that will probably protect you, the other value will offer you better protection.  There’s no sense in gambling with a smaller value if you have the ability to generate a larger value with virtually no additional cost.

So it would seem that, for generating a proper token the code that you would really need is this:

$token = base64_encode( openssl_random_pseudo_bytes(32));

The only reason for the base64_encode() call is to make sure that the value provided will not break your HTML layout.

Looks like we need to update Aura.Session to use openssl when available and fall back to mt_rand() when it's not. Via Generating secure cross site request forgery tokens (csrf).

Repeat after me: the police have no legal duty to protect or defend you.

A madman kills four, NYPD manhunt follows. Two officers are in a subway cab when the madman enters the car, and they do nothing to stop him. He stabs a passenger right next to them, who in turn wrestles him down, at which point the NYPD folks finally emerge. Now he sues the city, and it of course argues that it has no legal duty to protect the citizenry.

You are you your on to defend what's yours. Via Of Arms and the Law: Don't worry, the city will protect you.

Gun control for the Federal government, anyway:

When financial questions arose regarding the Mountain Pure Water Company, Washington did not send a few staffers to inspect documents. Instead, last spring, some 50 armed Treasury agents breached Mountain Pure’s headquarters in Little Rock, Ark. They seized 82 boxes of records, herded employees into the cafeteria, snatched their cell phones, and refused to let them consult attorneys.

“We’re the federal government,” Mountain Pure’s comptroller, Jerry Miller, says one pistol-packing fed told him. “We can do what we want, when we want, and there’s nothing you can do about it.”

Power-mad bureaucrats and administrators with guns from departments of the FDA, Education, Health & Human Services? By all means, restrict their access to and use of guns. Via And Your Little Dog, Too - National Review Online.

Maker’s Mark just got a little less stiff. The bourbon brand, known for its bottles sealed with red wax, told customers today that it’s reducing the amount of alcohol in the beverage in order to meet rising global demand.

The horror. The horror. Via Maker’s Mark waters down its bourbon to meet rising demand - Quartz.

DHS has been silent about its need for numerous orders of bullets in the multiple millions. Indeed, Examiner writer Ryan Keller points out Janet Napolitano's agency illegally redacted information from some ammunition solicitation forms following media inquiries.

According to one estimate, just since last spring DHS has stockpiled more than 1.6 billion bullets, mainly .40 caliber and 9mm. That's sufficient firepower to shoot every American about five times. Including illegal immigrants.

To provide some perspective, experts estimate that at the peak of the Iraq war American troops were firing around 5.5 million rounds per month. At that rate, DHS is armed now for a 24-year Iraq war.

*You* shouldn't have guns and ammo. The *government* should have them. Via Why are the feds loading up on so much ammo? by Andrew Malcolm - Investors.com.

UPDATE: See here for why the count is way off.

Up until now, Argentinas descent into a hyperinflationary basket case, with a crashing currency and loss of outside funding was relatively moderate and controlled. All this is about to change. Today, in a futile attempt to halt inflation, the government of Cristina Kirchner announced a two-month price freeze on supermarket products. The price freeze applies to every product in all of the nation’s largest supermarkets -- a group including Walmart, Carrefour, Coto, Jumbo, Disco and other large chains. The companies’ trade group, representing 70 percent of the Argentine supermarket sector, reached the accord with Commerce Secretary Guillermo Moreno, the government’s news agency Telam reported. As AP reports, "The commerce ministry wants consumers to keep receipts and complain to a hotline about any price hikes they see before April 1."Perhaps they will. What consumers will certainly do is scramble into local stores to take advantage of artificially-controlled prices knowing very well they have two short months to stock up on perishable goods at todays prices, before the countrys inflation comes soaring back, only this time many of the local stores will not be around as their profit margins implode and as owners, especially of foreign-based chains, make the prudent decision to get out of Dodge while the gettings good and before the next steps, including such measures as nationalization, in the escalation into a full out hyperinflationary collapse, are taken by Argentinas female ruler.

Anyone paying attention is about to see basic economic principles in action. The Gods of the Copybook Headings will deliver the lesson in person: when you set a price ceiling, you get a shortages. Via Argentina Freezes Supermarket Prices To Halt Soaring Inflation; Chaos To Follow | Zero Hedge.

A student opened fire at his middle school Thursday afternoon, wounding a 14-year-old in the neck before an armed officer working at the school was able to get the gun away, police said.

...

Investigators believe the shooting was not random and that something occurred between the two students that may have led to it.

Schools Superintendent Erroll Davis said the school does have metal detectors.

"The obvious question is how did this get past a metal detector?" Davis asked about the gun. "That’s something we do not know yet."

The armed resource officer who took the gun away was off-duty and at the school, but police didn’t release details on him or whether he is regularly at Price.

We all want to prevent or mitigate mass shootings at schools. To those of you who want to do so via increased controls: even if such laws pass through the political system, it will take years to implement. Putting armed guards in schools, or allowing teachers/administrators/staff who have CCW permits to actually carry their weapons on school property, is something we can do *right now*. It works, and it has the benefit of not further restricting civil rights. Via Armed guard disarmed teen in Atlanta school shooting, says police chief | The Salt Lake Tribune.

Whom does the following quote describe: athletes or developers?

The attainment of certain skills unavoidably gives rise to an urge to show them off. At a higher level of mastery, the performer no longer wishes merely to display his virtuosity--for the true connoisseur can easily distinguish between the performer who plays to the crowd and the superior artist who matches himself against the full rigor of his art itself--but to ratify a supremely difficult accomplishment; to give pleasure; to forge a bond between himself and his audience, a shared appreciation of a ritual executed not only flawlessly but with much feeling and with a sense of style and proportion.

The author is talking about professional sports, but it strikes me that the same thing is true of programmers who although being intraverted still have a desire to speak in front of an audience. Via A Hail Mary, A Deep Connection « Gucci Little Piggy.

For example, "assault weapons" are a made-up category of weapons that is based solely on cosmetic features that make them look like the fully automatic weapons used by the military. Banning them leaves other rifles that are functionally identical in their lethality and rate of fire completely legal. Moreover, far more powerful hunting rifles are left untouched by the law, as are shotguns. This is simply irrational and therefore unconstitutional.

The same can be said for New York's law limiting handguns to seven rounds, while allowing both active and retired police officers to keep their handguns that hold up to 15 rounds. If retired cops need 15 rounds to effectively protect themselves and others, then so do other citizens. Arbitrarily discriminating among Americans in this way is irrational and unconstitutional.

via Op-Ed: Gun control fails rationality test | WashingtonExaminer.com.