Google medicaid expansion. You certainly can make incremental legislative progress towards single payer, and it's the safer legislative path to take,
To say the ACA did nothing to address medical costs means you don't know what was in the ACA. It didn't go far enough, but it certainly did, and limited premium increases in states where it wasn't sabotaged or bungled... when you compare apples to apples.
Mark my words, there will be changes to health care regulations in perpetuity every time a new administration takes office.
There will always be changes to health care regulations... but you mean drastic changes. We'll see.
Any network admin worth their salt already knows that address can very well be duplicated and should have taken steps to mitigate any issues it might cause.
For modern WiFi controllers using WPA2, this is usually taken care of by the hardware... it only allows one session state per mac address. Though occasionally testing that the vendors didn't introduce a bug in this scenario is merited, because vendor QA sucks.
For wired networks, there are actually not very many good solutions to this. The best is to do dot1x EAP-TLS and embed registered MACs in the cert and teach the AAA servers to enforce that. (Really the best would be EAP-PEAP-MSCHAP with additional client certificate validation, but good luck getting the various supplicants to all sing that tune.) That's not a common setup in all but the most well-staffed IT departments due to the overhead of running an in-house CA and provisioning clients to do dot1x on wired interfaces. The next best thing is a mac-auth-bypass setup with duplicate login protection, but this can be unreliable if a user moves between wired ports and the always somewhat cretinous vendor NAS code bungles the accounting packets so the old session is not closed out promptly. Almost all wired networks should do ip source guard and arp-protect, but without some in-house magic on the DHCP server and NAS to send and process NAS/port identification attributes to cobble together an in-house duplicate prevention system, all that does is prevent multiple IPs from being used by the same MAC, not two machines using the same MAC/IP pair.
So even network admins "worth their salt" often have not taken measures to prevent wired MAC spoofing... it's extremely time consuming and hard to sell to the PHB in all but high security environments.
If a randomized MAC misbehaves I'll start banning all randomized MAC addresses.
That might be an interesting way to cut down on RF chatter in dense AP deployments, if all your clients can either connect without probes or have your network preconfigured and will do directed probes. The paper did mention 17 out of 25 devices identified as "windows 10 or linux" used a locally administered address during and after association, though. So maybe just ignore probes rather than totally ban them.
Now I'm being told that a mac address has all the meaning of a Lotto card.
MAC addresses with the "locally administered address" bit set are not assumed to be unique under normal (non-spoofed) network operation. The burned in address does not have this bit set. If a unicast MAC's second digit is 2,6,A, or E it is a locally administered address.
Supposedly even among the locally administered address, you are supposed to restrict your activity in a range in which you are registered. That horse has left the barn as all Apple devices don't respect that for address randomization... and really if they wanted people to respect that rule, they should not have named that bit as they did.
The paper did find one particular class of devices that violated the globally unique subspace within a certain OID range, which is trash behavior.
It doesn't even have to be enabled, on Android... but they need to already know your MAC address by some other means (like one of the other derandomization attacks in the paper.)
Location services turn the wifi radio back on in short blips even in airplane mode or with wifi off, long enough for their active tracking attack to work. Whether the response to the active attack can be quelched by device firmware alterations is not examined in the paper... it could very well be a silicon-encoded behavior to conserve power. Whether said location services include the e911 function is also not explicitly addressed. Whether this fact is a violation of airline policies is also beyond the scope of this paper.
Additional tests, while the target device had WiFi or Airplane-modes, enabled or disabled respectively, revealed further concerns. Namely, Android devices performing location-service enabled functions wake the 802.11 radio. Our RTS attack was thusly able to trigger a CTS response from the target, circumvent- ing even extreme privacy countermeasures
Why is the ACA up for massive revision and even repeal without a huge groundswell and grass roots outcry against changing it?
Ahh, the "why do you beat your wife?" tactic.
In fact, there is a groundswell of support for the ACA, and the of voters want it either tweaked, or more, not less, socialization of the health care system.
Republicans seem to be out there saying "we were elected to repeal the ACA." No, they were elected despite their promises to repeal it, the same way you might buy a lime green sports car over a prius with a better paint job (when you are a teenager) even though you hate the color.
My prediction far out from the election was dead on: "a larger than expected wave of hillary-hating morons will show up at the polls."
So, if all you care about is past performance, I happen to agree with GP... and a lot of economy watchers also agree... everything supposedly good about a Trump administration has been priced into the market at this point, and none of the bad side has been. It's when the realization dawns on the downside that we'll see some pullback.
Massive government infrastructure spending would be good (temporarily) for the construction business and wars would be good for the defense sector. So either would instill exuberance... there are lots of business who don't care how much debt the government is in if they can make a quick buck and then leave the country.
Since both congress and Trump are firmly in the "give consumers decisions they cannot possibly afford the time to make competently so we can bilk them and call it 'free market competition'" business model, those businesses can be assured either way they will be in the money.
I love the dumb fucks who think people who have been screwed are voting against their best interests if they don't vote Democrat.
Ample evidence of that will be soon forthcoming with the health care bill. It'll be interesting to see how the Republicans try to blame what they have wrought on Democrats, unless they plan to intentionally throw the 2018 elections.
Apparently we need to find a sustainable way to have solid Democratic economic policies while keeping the business community under the misimpression that we actually have Republican economic policies.
The main drawback is it's in a place everyone who might want your password knows to look, and generic malware to sniff out your keychain password is more likely to be manufactured given how may passwords are at stake globally. Whether that's concerning to you depends on your personal security needs.
While most sites will store crypts instead of cleartext passwords, you have no way of knowing which ones don't and those ones are likely more likely to be compromised. Cleartext can also be exposed easily by accident -- e.g. typing the password at a username prompt by accident, depending on how logging is configured on the service, or not caring to pay attention and do due diligence when ssh tells you a server key changed (really wish SSH would add a challenge response protocol, but it sadly puts 100% trust in the tunnel integrity with no plan B when used with passwords.)
So discernable patterns in cleartext is something you should only use on low-priority sites.
Hashing those patterns locally before using them can add enough security for most uses, though.
Right, you don't know what's going on behind a UI and even if you analyse the program to find out, cloud services can change that behavior between updates.
Pick even just a short password, and a consistent non-obvious way to append other data about the account. Then cat | some hashing command, type your stuff and cut/paste. Save the relevant data about the account in a text file, but not in the same format you use to append to the password and with some extra cruft. Be sure to include a rough date so you know how stale a password is.
This avoids one compromised cleartext password giving clues about others, as long as you are not so p0wned as to have someone be able to see how you generate the hash or hijack your clipboard.
But he hates not being the center of attention above all. If you want to predict when the next granpa twet storm is going to come, track how much coverage is about him. When it starts to dip... when Sessions gets the spotlight for example, we are in for another crazy rant.
...don't have that problem because all the touchpads have been moved over to annoy right-handed people (at least, the small percentage of us who can actually type) over the last 10 years.
Give it an fn-key toggle to easily turn it on and off entirely maybe.
Even better. Actually... maybe I should look into killing the left couple centimeters of my pad on software. Good idea.
When do you ever use your pinky on the inverted-T keys?
All the time on right up and down, because it keeps my other fingers closer to the keys I'm preparing to type when I get the cursor where I need it.
Slashdot Mirror
Google medicaid expansion. You certainly can make incremental legislative progress towards single payer, and it's the safer legislative path to take,
To say the ACA did nothing to address medical costs means you don't know what was in the ACA. It didn't go far enough, but it certainly did, and limited premium increases in states where it wasn't sabotaged or bungled... when you compare apples to apples.
Mark my words, there will be changes to health care regulations in perpetuity every time a new administration takes office.
There will always be changes to health care regulations... but you mean drastic changes. We'll see.
Any network admin worth their salt already knows that address can very well be duplicated and should have taken steps to mitigate any issues it might cause.
For modern WiFi controllers using WPA2, this is usually taken care of by the hardware... it only allows one session state per mac address. Though occasionally testing that the vendors didn't introduce a bug in this scenario is merited, because vendor QA sucks.
For wired networks, there are actually not very many good solutions to this. The best is to do dot1x EAP-TLS and embed registered MACs in the cert and teach the AAA servers to enforce that. (Really the best would be EAP-PEAP-MSCHAP with additional client certificate validation, but good luck getting the various supplicants to all sing that tune.) That's not a common setup in all but the most well-staffed IT departments due to the overhead of running an in-house CA and provisioning clients to do dot1x on wired interfaces. The next best thing is a mac-auth-bypass setup with duplicate login protection, but this can be unreliable if a user moves between wired ports and the always somewhat cretinous vendor NAS code bungles the accounting packets so the old session is not closed out promptly. Almost all wired networks should do ip source guard and arp-protect, but without some in-house magic on the DHCP server and NAS to send and process NAS/port identification attributes to cobble together an in-house duplicate prevention system, all that does is prevent multiple IPs from being used by the same MAC, not two machines using the same MAC/IP pair.
So even network admins "worth their salt" often have not taken measures to prevent wired MAC spoofing... it's extremely time consuming and hard to sell to the PHB in all but high security environments.
If a randomized MAC misbehaves I'll start banning all randomized MAC addresses.
That might be an interesting way to cut down on RF chatter in dense AP deployments, if all your clients can either connect without probes or have your network preconfigured and will do directed probes. The paper did mention 17 out of 25 devices identified as "windows 10 or linux" used a locally administered address during and after association, though. So maybe just ignore probes rather than totally ban them.
Now I'm being told that a mac address has all the meaning of a Lotto card.
MAC addresses with the "locally administered address" bit set are not assumed to be unique under normal (non-spoofed) network operation. The burned in address does not have this bit set. If a unicast MAC's second digit is 2,6,A, or E it is a locally administered address.
Supposedly even among the locally administered address, you are supposed to restrict your activity in a range in which you are registered. That horse has left the barn as all Apple devices don't respect that for address randomization... and really if they wanted people to respect that rule, they should not have named that bit as they did.
The paper did find one particular class of devices that violated the globally unique subspace within a certain OID range, which is trash behavior.
It doesn't even have to be enabled, on Android... but they need to already know your MAC address by some other means (like one of the other derandomization attacks in the paper.)
Location services turn the wifi radio back on in short blips even in airplane mode or with wifi off, long enough for their active tracking attack to work. Whether the response to the active attack can be quelched by device firmware alterations is not examined in the paper... it could very well be a silicon-encoded behavior to conserve power. Whether said location services include the e911 function is also not explicitly addressed. Whether this fact is a violation of airline policies is also beyond the scope of this paper.
so you have to turn off wifi for that to be true
From TFA:
Additional tests, while the target device had WiFi
or Airplane-modes, enabled or disabled respectively,
revealed further concerns. Namely, Android devices
performing location-service enabled functions wake
the 802.11 radio. Our RTS attack was thusly able to
trigger a CTS response from the target, circumvent-
ing even extreme privacy countermeasures
Of course you should not answer the questions consistently. Any person with an IQ in the top quartile can figure that out. Oh wait...
Why is the ACA up for massive revision and even repeal without a huge groundswell and grass roots outcry against changing it?
Ahh, the "why do you beat your wife?" tactic.
In fact, there is a groundswell of support for the ACA, and the of voters want it either tweaked, or more, not less, socialization of the health care system.
Republicans seem to be out there saying "we were elected to repeal the ACA." No, they were elected despite their promises to repeal it, the same way you might buy a lime green sports car over a prius with a better paint job (when you are a teenager) even though you hate the color.
My prediction far out from the election was dead on: "a larger than expected wave of hillary-hating morons will show up at the polls."
So, if all you care about is past performance, I happen to agree with GP... and a lot of economy watchers also agree... everything supposedly good about a Trump administration has been priced into the market at this point, and none of the bad side has been. It's when the realization dawns on the downside that we'll see some pullback.
More well known fact: they already had it in the first place. Which I think was the GP's point.
Massive government infrastructure spending would be good (temporarily) for the construction business and wars would be good for the defense sector. So either would instill exuberance... there are lots of business who don't care how much debt the government is in if they can make a quick buck and then leave the country.
Since both congress and Trump are firmly in the "give consumers decisions they cannot possibly afford the time to make competently so we can bilk them and call it 'free market competition'" business model, those businesses can be assured either way they will be in the money.
I love the dumb fucks who think people who have been screwed are voting against their best interests if they don't vote Democrat.
Ample evidence of that will be soon forthcoming with the health care bill. It'll be interesting to see how the Republicans try to blame what they have wrought on Democrats, unless they plan to intentionally throw the 2018 elections.
Apparently we need to find a sustainable way to have solid Democratic economic policies while keeping the business community under the misimpression that we actually have Republican economic policies.
Yes, except for length requirements.
Things you should never use as a password:
1) Your first pet's name
2) The street you grew up on
3) The model of your first car
Things banks use for "security questions":
see above.
The main drawback is it's in a place everyone who might want your password knows to look, and generic malware to sniff out your keychain password is more likely to be manufactured given how may passwords are at stake globally. Whether that's concerning to you depends on your personal security needs.
While most sites will store crypts instead of cleartext passwords, you have no way of knowing which ones don't and those ones are likely more likely to be compromised. Cleartext can also be exposed easily by accident -- e.g. typing the password at a username prompt by accident, depending on how logging is configured on the service, or not caring to pay attention and do due diligence when ssh tells you a server key changed (really wish SSH would add a challenge response protocol, but it sadly puts 100% trust in the tunnel integrity with no plan B when used with passwords.)
So discernable patterns in cleartext is something you should only use on low-priority sites.
Hashing those patterns locally before using them can add enough security for most uses, though.
they released the source of their client.
...until they change the source.
Right, you don't know what's going on behind a UI and even if you analyse the program to find out, cloud services can change that behavior between updates.
Pick even just a short password, and a consistent non-obvious way to append other data about the account. Then cat | some hashing command, type your stuff and cut/paste. Save the relevant data about the account in a text file, but not in the same format you use to append to the password and with some extra cruft. Be sure to include a rough date so you know how stale a password is.
This avoids one compromised cleartext password giving clues about others, as long as you are not so p0wned as to have someone be able to see how you generate the hash or hijack your clipboard.
Well, he didn't say the "more sex" married people have was with each other, to be fair.
My flip phone that is off except when I need to use it, seems like a good idea after all.
Just the fact that it won't hang up a call on you when your beard hits the screen made that a good idea.
But he hates not being the center of attention above all. If you want to predict when the next granpa twet storm is going to come, track how much coverage is about him. When it starts to dip... when Sessions gets the spotlight for example, we are in for another crazy rant.
And for those of us who are left handed?
...don't have that problem because all the touchpads have been moved over to annoy right-handed people (at least, the small percentage of us who can actually type) over the last 10 years.
Give it an fn-key toggle to easily turn it on and off entirely maybe.
Even better. Actually... maybe I should look into killing the left couple centimeters of my pad on software. Good idea.
When do you ever use your pinky on the inverted-T keys?
All the time on right up and down, because it keeps my other fingers closer to the keys I'm preparing to type when I get the cursor where I need it.