I haven't really looked at alternative carvers (but I am aware that many great options exist). I didn't know unblob yet. Thanks for the suggestion!
Looking at the code, they use the same methodology as I describe in the post [0]. They do, however, also check for the end of the last segment, which is interesting.
I think I did something like `nc -l -p 1234 | gunzip | dd status=progress of=/dev/nvme0n1` on the receiving end and `dd if=/dev/nvme0n1 bs=40M status=progress | gzip | nc 10.1.2.3:1234` on the sending end, after plugging an ethernet cable into both devices. In theory I could've probably also used the WiFi cards to set up a point to point network to speed up the transmission, but I couldn't be bothered with looking up how to make nc use mptcp like that.
In a single page application it is necessary to access the JWT with JavaScript. Thats why it is so common to save it in the code directly or in the local storage. It is dangerous though, since a XSS vulnerability can be used to access the JWT. This would be totally different with a cookie that is stored with HttpOnly.
No, why? It is very often not necessary to make this accessible to JavaScript, except you are working with refresh tokens. But this is mostly not necessary and overused.
In a single page application you have to access the JWTs with JavaScript. When we use cookies to implement sessions we have attributes like HttpOnly to prevent the cookie from being referenced by JavaScript code. In this case a XSS vulnerability would not be able to simply access the cookie and take over another users session.
What I am trying to say here is that JWTs used in single page applications are dangerous because you have no layer of protection against XSS attacks.
Ross Ulbricht, the developer of Silk Road, is serving a double life sentence plus 40 years, without the possibility of parole. There is no doubt that it was illegal. However, a lot of people think that the sentence is overblown compared to other crimes. Sign the petition if you agree with that.
Certainly seems high when you look at the other white-collar criminals and the damage they can do, and what they receive for it (bankers for instance).
On the flip side, he enabled (hard) drug-dealing on an Internet scale, with all that would entail, and all the damages done to the 'victims', for profit. It's tough to muster sympathy.
