Last Spring in particular there were a bunch of student protests against the genocide being done by Israel with material support from the US. Many of these protestors were themselves Jewish. Organizations such as the Jewish Voice for Peace [1] were heavily involved. Jewish people in the US have a long history of being active in civil rights movements. Notably, 3 of the 4 of the students who were killed by the National Guard at Kent State in 1968 were Jewish.
Genocide (and apartheid) supporters try and silence dissent by claiming anti-Zionism (that is, opposition to Israel as a settler-colonial state) is anti-Semitism, which it is not. For every Jewish Zionist in the US there are 20-30 Christian Zionists who are motivated by bringing on the Rapture [2]. It's worth pointing out that if this prophecy were to actually come true, all the Jews in Israel would be killed. The point here is that many Zionists are actually anti-Semitic.
The state came down hard on such protestors. There have been something like ~3500 arrests of college protestors (compared to ~1300 for January 6, an actual coup attempt). There's lots of lies disseminated to demonize the protestors. For example, false claims that Columbia protestors blocked Jewish students from going to classes.
The administration has used research funding as a weapon to bring colleges into line to expel or otherwise punish studnets who protested, implement policies to say that criticism of the state of Israel was anti-Semitism and so on. Columbia, in particular, has already completely capitulated.
All of this is a direct attack on free speech to silence any protest or critcism of US foreign policy in the Middle East. Columbia is being made an example of but it's odd that this is potentially going forward to a consent decree since Columbia has already fallen in line.
But it goes so much further than this. Protestors and organizers have been targeted for unlawful deportation. They have in some cases been black-bagged and illegally kidnapped 1000 miles away without due process and then deported without seeing an immigration judge to have a deportation hearing, under the ludicrous "state of emergency" related to a Venezuelan gang.
So where is ICE, who is the Gestapo in this scenario, getting these names? From places like the Canary Mission [3]. Canary Mission had already engaged in doxxing protestors. Now they seemingly have the ear of the administration to point the finger and have opponents black-bagged and sent to El Salvadore to a prison on a seemingly indefinite sentence.
For the last few years, I've been saying the following regularly (to friends, family and coworkers): communication is the hardest thing humans will ever do. Period.
Going to the moon, launching rockets, building that amazing app... the hardest thing of all is communicating with other people to get it done.
As a founder (for 40+ years and counting) I manage a lot of different type of people and communication failures are the largest common thread.
Humans have a very, very tough time assuming the point of view of another. That is the root of terrible communication, but assumptions are right up there as a big second.
On the Marcan thing... I just want to say, control what you can and forget the rest (yes, this is direct from stoicism). Users boldly asking for features and not being grateful? Just ignore them. Getting your ego wrapped up in these requests (because that's what it is, even if he doesn't want to admit it), is folly.
I contributed to Marcan for more than a year. I was sad to see the way it ended. I wish him well.
- Evil tries to make an HTTP request to bank.com/transfer.php
- The browser happily performs the request, authenticated with your cookies, and the bank, having a CSRF vulnerability, happily sends your money to the attacker.
- Since 'evil.com' and 'bank.com' are different origins, Browser refuses to provide the response to evil.com, but the attacker doesn't care, he got the money.
CORS allows you to relax these restrictions, not tighten them.
Now, bank doesn't like these attacks. So they make the legitimate application send an additional custom header, "X-Totally-Secure: true". Despite being a really bad idea, if (big if) the browser follows the standards, this prevents the attack:
- evil.com tries to make the HTTP request as before
- Browser lets it through, as before
- Bank rejects the request because it's missing the magic header
So the attacker adds the header to the request:
- evil.com tries to make a non-standard HTTP request to bank.com/transfer.php, with the header attached
- BECAUSE IT'S A NON-STANDARD REQUEST, browser asks bank.com (as you described, OPTIONS)
- Bank.com replies "wtf do you want I don't know what OPTIONS is"
- Browser refuses to make the request
Unfortunately, the bank forgot that they have a marketing department, that runs ournewbankapp.com, and shows your current balance in the fake screenshot of the app to show how awesome it is. And your bosses' bosses' boss has yelled at the IT department that rolled out the security measure to make it work again. They make ournewbankapp.com send the magic header (including access-control-allow-credentials), but now the OPTIONS request fails. So they teach the web server to respond with "everyone is allowed" (with "access-control-allow-origin: *" as you described) because they're lazy and dumb.
But because browser vendors know that developers are lazy and dumb, the browser completely ignores this: If access-control-allow-credentials is set, the allowed origin must be listed explicitly. The developers give in, and explicitly add ournewbankapp.com to the header, and now it works, but the attack doesn't work.
Last Spring in particular there were a bunch of student protests against the genocide being done by Israel with material support from the US. Many of these protestors were themselves Jewish. Organizations such as the Jewish Voice for Peace [1] were heavily involved. Jewish people in the US have a long history of being active in civil rights movements. Notably, 3 of the 4 of the students who were killed by the National Guard at Kent State in 1968 were Jewish.
Genocide (and apartheid) supporters try and silence dissent by claiming anti-Zionism (that is, opposition to Israel as a settler-colonial state) is anti-Semitism, which it is not. For every Jewish Zionist in the US there are 20-30 Christian Zionists who are motivated by bringing on the Rapture [2]. It's worth pointing out that if this prophecy were to actually come true, all the Jews in Israel would be killed. The point here is that many Zionists are actually anti-Semitic.
The state came down hard on such protestors. There have been something like ~3500 arrests of college protestors (compared to ~1300 for January 6, an actual coup attempt). There's lots of lies disseminated to demonize the protestors. For example, false claims that Columbia protestors blocked Jewish students from going to classes.
The administration has used research funding as a weapon to bring colleges into line to expel or otherwise punish studnets who protested, implement policies to say that criticism of the state of Israel was anti-Semitism and so on. Columbia, in particular, has already completely capitulated.
All of this is a direct attack on free speech to silence any protest or critcism of US foreign policy in the Middle East. Columbia is being made an example of but it's odd that this is potentially going forward to a consent decree since Columbia has already fallen in line.
But it goes so much further than this. Protestors and organizers have been targeted for unlawful deportation. They have in some cases been black-bagged and illegally kidnapped 1000 miles away without due process and then deported without seeing an immigration judge to have a deportation hearing, under the ludicrous "state of emergency" related to a Venezuelan gang.
So where is ICE, who is the Gestapo in this scenario, getting these names? From places like the Canary Mission [3]. Canary Mission had already engaged in doxxing protestors. Now they seemingly have the ear of the administration to point the finger and have opponents black-bagged and sent to El Salvadore to a prison on a seemingly indefinite sentence.
This is the 1930s Nazi Germany playbook.
[1]: https://www.jewishvoiceforpeace.org/
[2]: https://www.theguardian.com/world/2023/oct/30/us-evangelical...
[3]: https://www.thenation.com/article/world/canary-mission-israe...