They already had admitted the wrongdoing, and said they'd make amends... then they didn't follow through. That's what triggered the last round of sanctions, adding a US business ban on top of their existing billion-dollar fine.
In a functional administration, this wouldn't be something the White House would interfere with at all. The DOJ would make their recommendations, following any directional guidance the White House would establish in policy. That's a nice and predictable process, where one can review the law and policy before committing crimes, and know with a good degree of certainty how things will turn out.
Now we've defenestrated the rule of law. The policy doesn't actually matter. If you think you have enough money, you can go ahead and break the laws, and just buy an ad on Fox or host a party for Kanye, and you won't need to worry about anything the DOJ says.
In case you missed the news, Hillary isn't our president, and neither is Obama any more. I complained plenty when the Democrats were in charge, but now it's the Republicans who are undermining the Constitution, so they get the complaints.
I know it's shocking, but it is actually possible to criticize an authority without caring what party they represent. It's called "having strong principles", and it appears to be an utterly foreign concept to this administration. I don't necessarily agree with the Democrats' principles, but at least they have them.
The message seems pretty clear: laws don't matter if you pay enough money.
This is essentially an open invitation for other businesses to bribe the Trump administration. Just pay the right "fine" to the right department, and any violation of those pesky rules will just be forgiven. Either Trump will start negotiating on your behalf, or he'll just pardon the liable people. Either way, "consequences" will be left for those poor people who lack the business skill to blatantly ignore morality.
One of the interesting trends with winter storms especially is that we just don't care as much. An equal storm does less apparent damage.
A few short decades ago, even a minor snowstorm would knock out power for a few hours. One I woke up and realized my alarm clock wasn't working, I'd have to call and report the outage, and eventually somebody would come around and fix the one service line coming through my area.
Now, the service network can detect its own faults and dispatch repairs automatically. My alarm clock is now my phone, and it runs on its own battery - along with the cell tower. My LED lights and high-efficiency heating don't add nearly so much load to the electrical grid, so when my now-redundant area is automatically switched over to a backup line, that equipment can handle the additional load without any problem.
Of course, building codes have also improved, so a storm of equal power is less likely to damage a newer building. Digital communications don't noticeably degrade as quickly as analog, either. With resilient electrical systems powering streetlights and widespread communications enabling coordination through the storm, the snowplows teams can run better with less risk, so by the time I need to actually travel, the roads are clear. With clear roads, businesses stay open, and life moves on as normal.
It seems to me that most of the big storms that are predicted now are actually big storms... they just don't impact my life so much.
That's always been the case, though. Those "3 or 4 probable paths" are the most likely out of the thousands of predictions from a dozen different models. Those models, however, have been getting more accurate over the past decade, significantly narrowing the cone of probable locations several days in advance of the storm.
However, slower-moving storms still bring higher risk. Yes, people should have more time to evacuate, but the damage left behind will still be significantly worse, due to the increased flooding and longer duration of high wind, which in turn means more debris impacts. Those who won't (or can't) evacuate face the prospect of surviving not just a day of hiding in a shelter, but days or weeks of canned food, boiling water, and battery power... and years of work to repair the damage.
Potentially. We have some folks paying hundreds of thousands of dollars for other peoples' old trash, just because they say it's "the archaeological find of the century".
I understand those sort of folks also say things like "that belongs in a museum" and "no ticket".
Technically, the judge has not ruled that the EPA must prove the claim. The judge has ruled that the evidence must be released under the FOIA request. Even if the EPA only releases one rough non-reviewed report and says "that's all we have", they're in compliance with the court.
Then it's up to the American public to recognize this is ridiculous, and vote for something better. Good luck with that.
Ah, but that destroys the value in collecting such a thing in the first place. If indeed these games were considered completely lost, then finding a new copy to sell somewhere would be quite valuable indeed.
Sure, it's a selfish model, but capitalist economies kinda work that way.
That is one of the moral arguments behind requiring registration (with a fee) for copyrighted works. The counterpoint is that copyrights are something that is justified by default, and it's only the enforcement that the government provides. As with other enforcement, it should be funded from the general treasury.
It boils down to whether "certain works" or "all works" are expected to be copyrighted, and in turn that becomes a debate between whether "certain people" or "all people" can afford to produce protected works. While it's tempting to support charging Disney for every new book, movie, or character they spew out, the same laws would impact every new version of open-source software, every author's latest short story, and every photographer's perfect shot. It would be a poetic injustice to fight commercialized art by forcing all art to be commercialized.
In the world of game emulation, the binaries are known as "ROMs", regardless of their original medium.
The term originates as "ROM dumps", which is exactly what you'd expect - extracted contents of the ROM from old console systems and cartridges. Notably, that's the part that is actually covered by copyright laws, with the actual execution details (originally in coprocessors, and now handled by the emulator itself) more often covered by patents, trade secrets, and simple secrecy.
As distribution technology has progressed such that games no longer have their data on read-only memory, and more importantly as those games have entered the emulation scene, the term hasn't changed. Now, "ROMs" include any game data not directly part of the emulation.
It's worth noting that legally there is very little risk from developing or distributing an emulator, but significant risk in distributing the ROM data. There have actually been some open-source or public-domain ROMs produced from scratch, but of course the biggest trade in them is in redistributing commercial software.
The collector uploaded them to a group of associates, who presumably all face similar legal risks. They're safe as long as nobody outside knows they infringement happened, so they want that group of associates to stay closed and small. Once the group leaks, however, news articles like this one happen, and others will come poking at the group to see what else falls out... then everyone's fears are realized, and they're left scrambling to erase any evidence of illegal activities.
As Ben Franklin is supposed to have said, "three can keep a secret, if two of them are dead."
There is a certain appeal to being one of a small group with secrets. For a game collector, it's not about being the last to ever play the game, but simply to have something that nobody else does. That's why "collectibles" are numbered and often have limited production runs. That rarity is what the collectors value, not necessarily the game itself. That's also why having collections in unopened boxes is valued - being unopened is a rare feature that can't be restored once lost.
As for re-uploading, throwing around a 67GB file is still not trivial, especially when it carries a (small) legal risk for being copyright infringement. Somebody still owns the copyright on those games, whether they realize it or not, and it's entirely within their (legal) rights to sue someone for redistributing the games, when they'd rather see them completely disappear - perhaps to re-release a "discovered" copy found in a corporate vault.
CSS and JS are pretty much just patches added on top of HTML because HTML isn't a suitable document format to describe web pages the way page creators want them to be.
HTML, CSS, and JS all do completely different things, if used correctly.
HTML should describe the content of the page. It should be the words spoken by a screen reader, or the information a search engine should index. In essence, it is just the meaningful information, in its most-native structure, and nothing more.
CSS is the presentation of that information. There should be CSS definitions for how that screen reader should pronounce particular words or emphasize particular phrases. There should be CSS definitions for how the page appears at all different display sizes, or if it's being printed to a static medium, or even being sent to Braille output hardware.
Scripts should describe the page's behavior. Beyond the built-in behaviors of the browser (which IMHO should themselves be defined in built-in scripts, just like the browsers have built-in default CSS), scripts are responsible for building interaction between elements of the page and back-end server.
If the document format was better suited for what it is used for...
...then accessibility and dynamic presentation would be horribly broken, as it was back in the bad old days before CSS.
JS should be the outer layer and generate/modify the document in those cases JS is needed.
...which means that everything that wants to access the informational content of a web page would need an embedded script engine, and enough watchdogs and security to mitigate the risks inherent in executing remotely-generated code on your system. This is a huge problem for browsers already, but making a script be a mandatory layer would mean using the Web is far more expensive for caching proxies and embedded devices.
I have an idea... Let's start a company like Uber, but focused on safety. We start with a limited fleet with known-safe drivers, and vehicles that are maintained and inspected by the company itself. Put company-standard equipment in that fleet, like video cameras, hands-free communications, and GPS receivers, and have the whole thing coordinated by a central location, with actual humans that know what's going on at all times. It'll be more costly than Uber or Lyft, but it'll avoid a lot of the problems they have.
All it needs is a good catchy name. Since we'll take people to places, I suggest "Takesy"!
To put it another way, Netflix will have to compete directly with DirecTV, rather than making exclusivity deals with cell providers. Right now, Netflix (to pick a party at random) gets a chunk of customers (in turn improving its negotiating power and company value) just by having a deal with T-mobile, and they don't have to actually improve service for it. Long-term, consumers still lose, even though it's promoted as being a "free" deal.
It is also precisely because of alchemy that the modern fields of chemistry and molecular (and below) physics exist. The alchemists were meticulous (if cryptic) about documenting their processes, and the belief that any useful process must be repeatable led directly to our modern concept of the scientific method. That, in turn, led to continually refining the experiments to discern slightly-more-precise results, which eventually showed that the theories of alchemy were altogether incorrect.
Once alchemy was disproven in intellectual circles, a campaign to discredit it was quickly led by the more science-minded individuals, separating alchemy from the new field of chemistry. That's actually the reason we now laugh at the "LOL LEAD INTO GOLD?" idea, which was essentially all that remained once the chemistry was separated.
That schism happened in the mid-1700s, a few decades after Newton's death. He only saw the beginning of alchemy's downfall, so I won't speculate on which side of that division he would have fallen.
Twitter, Facebook, et al regularly block users, label outgoing links "dangerous", etc. for their own political purposes.
...and that's fine. They aren't public officials, aren't acting in a government capacity, and aren't actually restricted by the First Amendment.
If Trump (or any other official) isn't satisfied with the commercial service that the private enterprises are providing, there's a whole.gov TLD available from which they can host their own platform supporting full and open discussions without any warnings or political bans.
Apparently only anti-Trump discussion is "protected"...
That's not actually true. If, say, a Democrat office had blocked someone pro-Trump, this ruling would make a lawsuit against that official much easier, as well.
It would probably be easily extended to an official hosting a public rally, then only allowing guests to speak if they support the official. Saying the ruling would have any impact on one-way media would be less likely, since an open discussion wouldn't be expected (or even possible) in that format.
I don't think that means the ruling depends on the specific technology, as you said, but rather that it would apply based on the medium's capabilities, which a particular technology may or may not support. A static official website wouldn't be required to support open discussion, but a hosted forum might be impacted.
That's true, but one issue is that Trump has used his personal account as though it were an official forum, and it's the officials who take the action to block someone - not Twitter. The other issue in the judgement is that the downstream responses to Trump's comments are protected political discussion, and denying someone the ability to participate in that is harmful.
Put together, a government official is using his office to stop the free discussion of politics, and the court has determined that's not right. It's a very limited scope to the argument, and I congratulate the lawyers who made it.
Salting really just makes rainbow tables nearly-useless, but does not impact security against brute-force attacks. A long and unique password is still exponentially more secure than a short one.
For example, let's say I have "1234" as a password. It's wonderfully simple, and shows up in every rainbow table and password list.
I go put that in a service, which adds its own salt of "ABC". Effectively, my password is now "ABC1234", and the salt is stored alongside my password hash.
If an attacker gets that database dump, they can identify that the salt is "ABC", and they can see the password hash. However, they can't use the rainbow table, because the hash for "ABC1234" is wildly different from the hash for "1234". With a salt, the attacker must brute-force the password, but adding "ABC" to the start of all their test strings.
Once an attacker has begun brute-forcing, they're facing a task that very well might not complete before the universe dies. To have any chance of success, they must reduce the scope of work. That means using dictionaries, common password lists (which would definitely include "1234"), and algorithmic weaknesses... but interestingly, collisions don't help terribly much. Since hashing algorithms operate on the whole string, the attacker would need to find a collision for "ABC1234" that also starts with "ABC". That's far less likely, to the point where it is only considered possible for thoroughly broken hash algorithms like MD5.
On top of all that, a salt should be different for each user. My salt might be "ABC", but yours could be "ZYX". All the work the attackers are doing to break my password is totally useless for cracking your password. Even if, while working on my password, they stumble on a hash that matches your password hash, it's useless, because their candidate plaintext will start with my "ABC" salt, not your "ZYX" salt. Now instead of merely having enough work to outlast the universe, they have that much work for each user.
Now, what about length? If all the salt does is force the brute-force approach, the analysis is no different than for an unsalted password where dictionaries and other "cheats" aren't considered. For those cases, there's a simple estimation: For each additional character in the search space, the effort required to exhaustively search is roughly 100 times greater. That means that in the time it takes to brute-force all of the 15-or-less-character passwords, you could try every 14-or-less-character password 100 times.
Now, recall that with salted password hashes, the work must be repeated for each user. For a salted database of 10,000 users, it's roughly the same amount of work to try all 13-or-less-character passwords for every user as it is to try all of the 15-or-less-character passwords for one user. If the passwords were unsalted, the total scale of work would be just that of one user, but it's still easier (and thus more likely) to find shorter passwords.
The other problem is that if your computer is compromised the attacker can install a keylogger and get your master key.
You're conflating two different threat models. If your computer is compromised, everything you do from it is already vulnerable, because the malware can adjust what you're seeing and hijack activities as it likes. The attacker can already access your email account, reset service passwords, and do what they like without caring about your old passwords.
To protect against malware, my advice is an antivirus suite (even Windows Defender), pulling updates from the vendor as frequently as possible. Ad-blockers also can preemptively reduce your attack surface, but they are not a substitute for having antivirus running and up-to-date.
Similarly, while an airgap will certainly protect against threats from the other side of the gap, it does not make you immune to threats against your particular threat model. For example, keeping passwords in your wallet means you risk exposure every time you take out your credit card, which has your name on it and is often then handed to someone. If your password card sticks to your credit card, it's a pretty short jump to try that password on Facebook and GMail.
A password manager isn't that more secure than a text file with the passwords in plain text.
A text file is unencrypted, so anyone who gets a copy of the file (such as a PC technician, dumpster-diver, hardware thief, etc.) will have your passwords, with no keylogger or brute-force needed. Even if their intrusion if easily detected (such as your computer no longer being where it was), you have no opportunity to protect your data.
Having an encrypted file also protects you from inadvertent disclosure. Even if, in a hypothetical fit of human stupidity, you email your ex-wife your password database instead of divorce paperwork, there's no chance of (further) damage.
If you want real security you keep the passwords on a device without internet access like a post-it note or a notebook.
A good security system fulfills the C-I-A triad: confidentiality, integrity, and availability. A written password fails all three areas, though it's a less-horrible failure in the "confidentiality" section.
While a notebook is safe from malware or online vulnerabilities, it's not safe from thieves (who are now often just as tech-savvy as you are), curious house guests, evil maids, or snooping coworkers. If you're in a rush for a piece of paper, you could grab that notebook and go out in public carrying your vital passwords openly. Being a physical asset, the notebook itself has to be secured, which is problematic in itself.
A notebook does not really preserve integrity in any way. It's vulnerable to a spilled glass of water, flooding, a tree falling on the roof, fire, insects, and simply wearing out with use. In a few years, it's going to get damaged, and there's no easy way to make backups, without risking extra copies being left floating around.
Finally, a secure notebook is inconvenient. If you're traveling, it's either yet another item to potentially be lost, or it's sitting uselessly at home. It is an interruption to the workflow when you need to log in somewhere, as you have to retrieve the notebook and find the required page. If you keep the notebook in a safe, you have to open the safe to use the notebook - which itself requires its own key.
This is one of the cases where having cloud-synced backups is absolutely wonderful. Even if someone else has access to your password manager's database, it's fully encrypted, and with a decently-strong password (the only one you should ever have to memorize), it'll be safe from brute-force attacks.
I keep my database synced with Google, and open it right from the synced folder. When I change the database, it's immediately backed up, and will sync to my other computers, as well.
I'm not blaming the user. I'm advocating defense in depth.
If a password database is published, clearly the person operating that database's associated services has failed somehow and the world should be aware of it... but dragging a company through a PR nightmare isn't going to make the password hashes secret again, or undo any damage done to the users.
However, while it is still the service operator's responsibility to protect that database, the security of the password itself is almost entirely controlled by the user. The user alone has the ability to pick a long and unique password, so that even if their password hash is leaked, the risk of further damage is minimal. A long and unique password will take longer to be broken from the hash (improving the chance of outlasting the criminal enterprise), and it will be useless for credential reuse attacks against other services with potentially more value to the attackers.
To use the Slashdot-mandated car analogy, it's not your fault if you get hit by a drunk driver running a stoplight, but you should still wear a seat belt to improve your outcome if it does happen.
Slashdot Mirror
They already had admitted the wrongdoing, and said they'd make amends... then they didn't follow through. That's what triggered the last round of sanctions, adding a US business ban on top of their existing billion-dollar fine.
In a functional administration, this wouldn't be something the White House would interfere with at all. The DOJ would make their recommendations, following any directional guidance the White House would establish in policy. That's a nice and predictable process, where one can review the law and policy before committing crimes, and know with a good degree of certainty how things will turn out.
Now we've defenestrated the rule of law. The policy doesn't actually matter. If you think you have enough money, you can go ahead and break the laws, and just buy an ad on Fox or host a party for Kanye, and you won't need to worry about anything the DOJ says.
In case you missed the news, Hillary isn't our president, and neither is Obama any more. I complained plenty when the Democrats were in charge, but now it's the Republicans who are undermining the Constitution, so they get the complaints.
I know it's shocking, but it is actually possible to criticize an authority without caring what party they represent. It's called "having strong principles", and it appears to be an utterly foreign concept to this administration. I don't necessarily agree with the Democrats' principles, but at least they have them.
The message seems pretty clear: laws don't matter if you pay enough money.
This is essentially an open invitation for other businesses to bribe the Trump administration. Just pay the right "fine" to the right department, and any violation of those pesky rules will just be forgiven. Either Trump will start negotiating on your behalf, or he'll just pardon the liable people. Either way, "consequences" will be left for those poor people who lack the business skill to blatantly ignore morality.
...Where's Martin Luther gone off to now?
One of the interesting trends with winter storms especially is that we just don't care as much. An equal storm does less apparent damage.
A few short decades ago, even a minor snowstorm would knock out power for a few hours. One I woke up and realized my alarm clock wasn't working, I'd have to call and report the outage, and eventually somebody would come around and fix the one service line coming through my area.
Now, the service network can detect its own faults and dispatch repairs automatically. My alarm clock is now my phone, and it runs on its own battery - along with the cell tower. My LED lights and high-efficiency heating don't add nearly so much load to the electrical grid, so when my now-redundant area is automatically switched over to a backup line, that equipment can handle the additional load without any problem.
Of course, building codes have also improved, so a storm of equal power is less likely to damage a newer building. Digital communications don't noticeably degrade as quickly as analog, either. With resilient electrical systems powering streetlights and widespread communications enabling coordination through the storm, the snowplows teams can run better with less risk, so by the time I need to actually travel, the roads are clear. With clear roads, businesses stay open, and life moves on as normal.
It seems to me that most of the big storms that are predicted now are actually big storms... they just don't impact my life so much.
That's always been the case, though. Those "3 or 4 probable paths" are the most likely out of the thousands of predictions from a dozen different models. Those models, however, have been getting more accurate over the past decade, significantly narrowing the cone of probable locations several days in advance of the storm.
However, slower-moving storms still bring higher risk. Yes, people should have more time to evacuate, but the damage left behind will still be significantly worse, due to the increased flooding and longer duration of high wind, which in turn means more debris impacts. Those who won't (or can't) evacuate face the prospect of surviving not just a day of hiding in a shelter, but days or weeks of canned food, boiling water, and battery power... and years of work to repair the damage.
Potentially. We have some folks paying hundreds of thousands of dollars for other peoples' old trash, just because they say it's "the archaeological find of the century".
I understand those sort of folks also say things like "that belongs in a museum" and "no ticket".
Technically, the judge has not ruled that the EPA must prove the claim. The judge has ruled that the evidence must be released under the FOIA request. Even if the EPA only releases one rough non-reviewed report and says "that's all we have", they're in compliance with the court.
Then it's up to the American public to recognize this is ridiculous, and vote for something better. Good luck with that.
Ah, but that destroys the value in collecting such a thing in the first place. If indeed these games were considered completely lost, then finding a new copy to sell somewhere would be quite valuable indeed.
Sure, it's a selfish model, but capitalist economies kinda work that way.
That is one of the moral arguments behind requiring registration (with a fee) for copyrighted works. The counterpoint is that copyrights are something that is justified by default, and it's only the enforcement that the government provides. As with other enforcement, it should be funded from the general treasury.
It boils down to whether "certain works" or "all works" are expected to be copyrighted, and in turn that becomes a debate between whether "certain people" or "all people" can afford to produce protected works. While it's tempting to support charging Disney for every new book, movie, or character they spew out, the same laws would impact every new version of open-source software, every author's latest short story, and every photographer's perfect shot. It would be a poetic injustice to fight commercialized art by forcing all art to be commercialized.
In the world of game emulation, the binaries are known as "ROMs", regardless of their original medium.
The term originates as "ROM dumps", which is exactly what you'd expect - extracted contents of the ROM from old console systems and cartridges. Notably, that's the part that is actually covered by copyright laws, with the actual execution details (originally in coprocessors, and now handled by the emulator itself) more often covered by patents, trade secrets, and simple secrecy.
As distribution technology has progressed such that games no longer have their data on read-only memory, and more importantly as those games have entered the emulation scene, the term hasn't changed. Now, "ROMs" include any game data not directly part of the emulation.
It's worth noting that legally there is very little risk from developing or distributing an emulator, but significant risk in distributing the ROM data. There have actually been some open-source or public-domain ROMs produced from scratch, but of course the biggest trade in them is in redistributing commercial software.
The collector uploaded them to a group of associates, who presumably all face similar legal risks. They're safe as long as nobody outside knows they infringement happened, so they want that group of associates to stay closed and small. Once the group leaks, however, news articles like this one happen, and others will come poking at the group to see what else falls out... then everyone's fears are realized, and they're left scrambling to erase any evidence of illegal activities.
As Ben Franklin is supposed to have said, "three can keep a secret, if two of them are dead."
There is a certain appeal to being one of a small group with secrets. For a game collector, it's not about being the last to ever play the game, but simply to have something that nobody else does. That's why "collectibles" are numbered and often have limited production runs. That rarity is what the collectors value, not necessarily the game itself. That's also why having collections in unopened boxes is valued - being unopened is a rare feature that can't be restored once lost.
As for re-uploading, throwing around a 67GB file is still not trivial, especially when it carries a (small) legal risk for being copyright infringement. Somebody still owns the copyright on those games, whether they realize it or not, and it's entirely within their (legal) rights to sue someone for redistributing the games, when they'd rather see them completely disappear - perhaps to re-release a "discovered" copy found in a corporate vault.
CSS and JS are pretty much just patches added on top of HTML because HTML isn't a suitable document format to describe web pages the way page creators want them to be.
HTML, CSS, and JS all do completely different things, if used correctly.
HTML should describe the content of the page. It should be the words spoken by a screen reader, or the information a search engine should index. In essence, it is just the meaningful information, in its most-native structure, and nothing more.
CSS is the presentation of that information. There should be CSS definitions for how that screen reader should pronounce particular words or emphasize particular phrases. There should be CSS definitions for how the page appears at all different display sizes, or if it's being printed to a static medium, or even being sent to Braille output hardware.
Scripts should describe the page's behavior. Beyond the built-in behaviors of the browser (which IMHO should themselves be defined in built-in scripts, just like the browsers have built-in default CSS), scripts are responsible for building interaction between elements of the page and back-end server.
If the document format was better suited for what it is used for...
...then accessibility and dynamic presentation would be horribly broken, as it was back in the bad old days before CSS.
JS should be the outer layer and generate/modify the document in those cases JS is needed.
...which means that everything that wants to access the informational content of a web page would need an embedded script engine, and enough watchdogs and security to mitigate the risks inherent in executing remotely-generated code on your system. This is a huge problem for browsers already, but making a script be a mandatory layer would mean using the Web is far more expensive for caching proxies and embedded devices.
If people want GoogleDocs let it be a fucking native plugin.
Oh yes... because having Flash everywhere worked so well for us all.
I have an idea... Let's start a company like Uber, but focused on safety. We start with a limited fleet with known-safe drivers, and vehicles that are maintained and inspected by the company itself. Put company-standard equipment in that fleet, like video cameras, hands-free communications, and GPS receivers, and have the whole thing coordinated by a central location, with actual humans that know what's going on at all times. It'll be more costly than Uber or Lyft, but it'll avoid a lot of the problems they have.
All it needs is a good catchy name. Since we'll take people to places, I suggest "Takesy"!
To put it another way, Netflix will have to compete directly with DirecTV, rather than making exclusivity deals with cell providers. Right now, Netflix (to pick a party at random) gets a chunk of customers (in turn improving its negotiating power and company value) just by having a deal with T-mobile, and they don't have to actually improve service for it. Long-term, consumers still lose, even though it's promoted as being a "free" deal.
It is also precisely because of alchemy that the modern fields of chemistry and molecular (and below) physics exist. The alchemists were meticulous (if cryptic) about documenting their processes, and the belief that any useful process must be repeatable led directly to our modern concept of the scientific method. That, in turn, led to continually refining the experiments to discern slightly-more-precise results, which eventually showed that the theories of alchemy were altogether incorrect.
Once alchemy was disproven in intellectual circles, a campaign to discredit it was quickly led by the more science-minded individuals, separating alchemy from the new field of chemistry. That's actually the reason we now laugh at the "LOL LEAD INTO GOLD?" idea, which was essentially all that remained once the chemistry was separated.
That schism happened in the mid-1700s, a few decades after Newton's death. He only saw the beginning of alchemy's downfall, so I won't speculate on which side of that division he would have fallen.
Along similar lines, AV hooks are one of the common causes of system instability, usually blamed on something else, like browsers or Windows itself.
Twitter, Facebook, et al regularly block users, label outgoing links "dangerous", etc. for their own political purposes.
...and that's fine. They aren't public officials, aren't acting in a government capacity, and aren't actually restricted by the First Amendment.
If Trump (or any other official) isn't satisfied with the commercial service that the private enterprises are providing, there's a whole .gov TLD available from which they can host their own platform supporting full and open discussions without any warnings or political bans.
Apparently only anti-Trump discussion is "protected" ...
That's not actually true. If, say, a Democrat office had blocked someone pro-Trump, this ruling would make a lawsuit against that official much easier, as well.
It would probably be easily extended to an official hosting a public rally, then only allowing guests to speak if they support the official. Saying the ruling would have any impact on one-way media would be less likely, since an open discussion wouldn't be expected (or even possible) in that format.
I don't think that means the ruling depends on the specific technology, as you said, but rather that it would apply based on the medium's capabilities, which a particular technology may or may not support. A static official website wouldn't be required to support open discussion, but a hosted forum might be impacted.
That's true, but one issue is that Trump has used his personal account as though it were an official forum, and it's the officials who take the action to block someone - not Twitter. The other issue in the judgement is that the downstream responses to Trump's comments are protected political discussion, and denying someone the ability to participate in that is harmful.
Put together, a government official is using his office to stop the free discussion of politics, and the court has determined that's not right. It's a very limited scope to the argument, and I congratulate the lawyers who made it.
Salting really just makes rainbow tables nearly-useless, but does not impact security against brute-force attacks. A long and unique password is still exponentially more secure than a short one.
For example, let's say I have "1234" as a password. It's wonderfully simple, and shows up in every rainbow table and password list.
I go put that in a service, which adds its own salt of "ABC". Effectively, my password is now "ABC1234", and the salt is stored alongside my password hash.
If an attacker gets that database dump, they can identify that the salt is "ABC", and they can see the password hash. However, they can't use the rainbow table, because the hash for "ABC1234" is wildly different from the hash for "1234". With a salt, the attacker must brute-force the password, but adding "ABC" to the start of all their test strings.
Once an attacker has begun brute-forcing, they're facing a task that very well might not complete before the universe dies. To have any chance of success, they must reduce the scope of work. That means using dictionaries, common password lists (which would definitely include "1234"), and algorithmic weaknesses... but interestingly, collisions don't help terribly much. Since hashing algorithms operate on the whole string, the attacker would need to find a collision for "ABC1234" that also starts with "ABC". That's far less likely, to the point where it is only considered possible for thoroughly broken hash algorithms like MD5.
On top of all that, a salt should be different for each user. My salt might be "ABC", but yours could be "ZYX". All the work the attackers are doing to break my password is totally useless for cracking your password. Even if, while working on my password, they stumble on a hash that matches your password hash, it's useless, because their candidate plaintext will start with my "ABC" salt, not your "ZYX" salt. Now instead of merely having enough work to outlast the universe, they have that much work for each user.
Now, what about length? If all the salt does is force the brute-force approach, the analysis is no different than for an unsalted password where dictionaries and other "cheats" aren't considered. For those cases, there's a simple estimation: For each additional character in the search space, the effort required to exhaustively search is roughly 100 times greater. That means that in the time it takes to brute-force all of the 15-or-less-character passwords, you could try every 14-or-less-character password 100 times.
Now, recall that with salted password hashes, the work must be repeated for each user. For a salted database of 10,000 users, it's roughly the same amount of work to try all 13-or-less-character passwords for every user as it is to try all of the 15-or-less-character passwords for one user. If the passwords were unsalted, the total scale of work would be just that of one user, but it's still easier (and thus more likely) to find shorter passwords.
The other problem is that if your computer is compromised the attacker can install a keylogger and get your master key.
You're conflating two different threat models. If your computer is compromised, everything you do from it is already vulnerable, because the malware can adjust what you're seeing and hijack activities as it likes. The attacker can already access your email account, reset service passwords, and do what they like without caring about your old passwords.
To protect against malware, my advice is an antivirus suite (even Windows Defender), pulling updates from the vendor as frequently as possible. Ad-blockers also can preemptively reduce your attack surface, but they are not a substitute for having antivirus running and up-to-date.
Similarly, while an airgap will certainly protect against threats from the other side of the gap, it does not make you immune to threats against your particular threat model. For example, keeping passwords in your wallet means you risk exposure every time you take out your credit card, which has your name on it and is often then handed to someone. If your password card sticks to your credit card, it's a pretty short jump to try that password on Facebook and GMail.
A password manager isn't that more secure than a text file with the passwords in plain text.
A text file is unencrypted, so anyone who gets a copy of the file (such as a PC technician, dumpster-diver, hardware thief, etc.) will have your passwords, with no keylogger or brute-force needed. Even if their intrusion if easily detected (such as your computer no longer being where it was), you have no opportunity to protect your data.
Having an encrypted file also protects you from inadvertent disclosure. Even if, in a hypothetical fit of human stupidity, you email your ex-wife your password database instead of divorce paperwork, there's no chance of (further) damage.
If you want real security you keep the passwords on a device without internet access like a post-it note or a notebook.
A good security system fulfills the C-I-A triad: confidentiality, integrity, and availability. A written password fails all three areas, though it's a less-horrible failure in the "confidentiality" section.
While a notebook is safe from malware or online vulnerabilities, it's not safe from thieves (who are now often just as tech-savvy as you are), curious house guests, evil maids, or snooping coworkers. If you're in a rush for a piece of paper, you could grab that notebook and go out in public carrying your vital passwords openly. Being a physical asset, the notebook itself has to be secured, which is problematic in itself.
A notebook does not really preserve integrity in any way. It's vulnerable to a spilled glass of water, flooding, a tree falling on the roof, fire, insects, and simply wearing out with use. In a few years, it's going to get damaged, and there's no easy way to make backups, without risking extra copies being left floating around.
Finally, a secure notebook is inconvenient. If you're traveling, it's either yet another item to potentially be lost, or it's sitting uselessly at home. It is an interruption to the workflow when you need to log in somewhere, as you have to retrieve the notebook and find the required page. If you keep the notebook in a safe, you have to open the safe to use the notebook - which itself requires its own key.
Backups, backups, backups.
This is one of the cases where having cloud-synced backups is absolutely wonderful. Even if someone else has access to your password manager's database, it's fully encrypted, and with a decently-strong password (the only one you should ever have to memorize), it'll be safe from brute-force attacks.
I keep my database synced with Google, and open it right from the synced folder. When I change the database, it's immediately backed up, and will sync to my other computers, as well.
I'm not blaming the user. I'm advocating defense in depth.
If a password database is published, clearly the person operating that database's associated services has failed somehow and the world should be aware of it... but dragging a company through a PR nightmare isn't going to make the password hashes secret again, or undo any damage done to the users.
However, while it is still the service operator's responsibility to protect that database, the security of the password itself is almost entirely controlled by the user. The user alone has the ability to pick a long and unique password, so that even if their password hash is leaked, the risk of further damage is minimal. A long and unique password will take longer to be broken from the hash (improving the chance of outlasting the criminal enterprise), and it will be useless for credential reuse attacks against other services with potentially more value to the attackers.
To use the Slashdot-mandated car analogy, it's not your fault if you get hit by a drunk driver running a stoplight, but you should still wear a seat belt to improve your outcome if it does happen.