The problem is not XML by itself. XML adds a considerable amount of complexity to JSON[1] and when writing security-oriented software complexity matters quite a bit[2]. But this is still a level of complexity that can be managed. Most other XML-based protocols aren't as bad as SAML.
No, the main problem with SAML is that it relies on XML Signatures (XMLDSig). And the main problem with XML Signatures is that the signature needs to be embedded inside the XML it's signing, instead of being attached to it, like every other signature standard on the planet.
[1] The added complexity is not just attributes and namespace, but also entities, DTD and processing instructions. If you want even the most basic type checking, XML schema becomes mandatory. This is important, since JSON doesn't need a schema for handling basic types, and in fact OAuth 2.0 and Open ID Connect do not rely on JSON Schema at all.
> If you want even the most basic type checking, XML schema becomes mandatory. This is important, since JSON doesn't need a schema for handling basic types
Huh?
> the main problem with SAML is that it relies on XML Signatures (XMLDSig). And the main problem with XML Signatures is that the signature needs to be embedded inside the XML it's signing, instead of being attached to it, like every other signature standard on the planet.
You are correct that is the hardest part of SAML, but to be clear, there's a SignatureValue element that is separate from SignedInfo.
And you can use a library to sign. I don't see many implementing their own JWT signatures either.
General question when running a single member LLC: how do you determine how much to take as salary versus business profit, and how does that affect your taxes?
I'm guessing tax liability is mostly a wash, as if you are taxed as an S-Corp, you pass through the profit into personal income and pay income tax on that.
That’s very much a talk to your CPA question - because it speaks to audit risk. The IRS wants to see you pay yourself a fair salary so you are paying the appropriate payroll taxes, social security, medicare, etc. The problem is “fair” is somewhat subjective and depends on the profitability of the business as well. I’m sorry this isn’t a clear answer, but it’s just not a clear matter. Seek advice and ask “how would you defend this stance in an audit”.
There is no difference in a single member LLC. All profits from the LLC pass though as income which is ultimately taxed at the same rate as salary (including SSI, Medicare, etc).
As opposed to the current system, where people without much money can't risk suing a company with deep pockets because they don't have the money for a lawyer.
If you have a solid case any good lawyer will take the case for a share of what you win - they won't win all such cases, but they have enough confidence in winning most that they can afford to accept a cases will be done without getting paid. However if there is loser pays lawyers cannot do this unless they either take a much larger share for the winnings (thus making it not worth anyone's time) so they can cover the lawyer fees when they lose a case they thought was obvious, or they need to warn potential clients there is risk they have to pay a lot of money on a loss.
Either way loser pays makes it more risky for a poor person to sue.
Money obviously is a factor in any case. But, if you hire a lawyer, you at least have control of the costs. "Loser pays" means you pay for the company's Big Law outside counsel if you lose.
It could just be capped at the lower of what the two legal teams charge. Both should have to submit their bills to the court, whichever charged less is the cap on what the loser has to pay for the other party's legal fees. That way each party is at most on the hook for twice what they paid their own legal team, assuming no other damages or penalties.
This is gameable (for instance by disclosing millions of unrelated pages of content during discovery). All you really need is for the judge to look at how much each legal team charged for what and make a ruling on what's reasonable for the loser to pay and what isn't.
> This is a huge burden on the electrical grids, and Tesla or EV's get to hand that problem to someone else.
They don't exactly get to push it onto someone else. Large loads like this come with demand charges. In some areas, they might be $5/KW, in others I've heard of >$10. A single megacharger would be $5-10k on top of the actual energy used.
It is high enough that I'd expect them to start thinking about battery buffers at charging sites to mitigate the cost.
That already happens at a smaller scale, with things like Freewire.
I’m curious to know what everyone thinks of this trend. Do you view it as a good thing, bringing efficiency and economy of scale, competition and so forth? Or do you consider it a bad thing, another salvo in the War on General Purpose Computing [1] so vividly described by Cory Doctorow?
I, personally, am interested in retrocomputing, amateur/hobbyist electronics, and hobbyist computing (including semiconductors [2]). While these techniquess and devices may be light years away from anything resembling a computer that can compete with SotA commercial offerings, they do offer the promise of “keeping the candle lit” as it were. I will note that if you follow Sam Zeloof’s chronicles, he progressed through the earliest phases of semiconductor development far faster than the industry did back when it was pioneering the technology. Of course, he had the benefits of knowing it was already possible and access to the written knowledge of the experts who went before him.
Sure it does. It allows dang to search posts for his name without getting results that conflict with the actual word dang. Plus it's pretty common usage in places and your eye is drawn to that allowing you to recognize it's a name and not just a word. Pretty useful where people use handles and not actual names. I mean yeah, HN isn't a "smart" website, but I wouldn't say the @ doesn't do anything
These are similar metal composition to cast iron, where you can season them with oils, but are forged (ie pressed) into shape, rather than cast. So you get a smooth surface, which is easier for non-stick use and lighter weight.
Carbon steel are better for eggs, omelettes, etc, but cast iron are often better for steaks/meats, because they retain heat better. There are tons of videos on Youtube if you are curious.
This is akin to selling a calibrated 1 kilogram cube of lead, with a precision of 1 nanogram and specified purity, for $1000. You are not just buying an overpriced $3 block of lead, but one that can be precisely used for calibrating machines, equipment, or processes.
