A highly irate letter only after they were publicly embarrassed. How self-serving. Fuck these companies.
A balanced consideration is in order: Should we warmly regard these oh. so. heroic. companies for their bold stance? Hardly, this is snivelling PR drivel of the highest order.
However, considering the relative number of important friends possessed by "The Constitution" and "Shareholder Value" respectively, is it not a convenient thing that NSA activity be perceived(and ideally actually be) bad for influential American corporations?
Isn't it extremely useful that all American 'cloud' and telecommunications companies now have a PR problem on their hands(and quite possibly a sales problem, EU privacy mandates aren't going to make moving EU customer data onto American servers any more legal if you do business on that side of the pond, and do enjoy selling foreign governments your products on a "Don't worry, it'll be just between you, us, and the American Clandestine Services..." basis)?
Outfits like the EFF and ACLU, not to mention people like Snowden and Manning who take great personal risk, have the moral high ground; but perhaps less so with the 'army of effective lobbyists and vast financial resources'. These companies, by contrast, are mere mercenaries; but may prove useful for so long as NSA spying harms their interests, rather than serves as a revenue stream(looking at you, telco wiretapping fees).
Trying to be cute is one thing, doing it when it helps the assholes restrict our rights and liberties is quite another.
I'm not sure where you find the 'helps' in that. I'm venting bitter sarcasm at the logic-chopping bullshit that has been used to justify clearly unjustifiable conduct.
Ha! A little short-sighted. We don't have to worry, but amazon, slashdot and other big guys must decide whether they can just reject future (whateverUNICODEtld) used as email addresses for registration at their sites. Imagine google.(whateverUNICODEtld)!
Oh, the proliferation of pure-shakedown TLDs is, undoubtedly, a clusterfuck in the making, that much I fully agree with. I was just unimpressed by the original poster's 'zOMG foreign!!!' concerns. With the exception of legacy systems that still can't handle unicode, being shaken down for bullshit TLDs that are latin-character nonsense isn't much different than being shaken down for bullshit TLDs that are unicode nonsense(except for wacky glyph similarity-based impersonations, of course, those will be fun!)
At this revelation, it doesn't take a libertarian to point out that this isn't based on probable cause.
Just as 'due process of law' is a process that you do that involves law in some capacity, which successfully enlegalizes all sorts of handy stuff, 'probable cause' is a cause that has an associated probability.
I think that it's abundantly clear, even provable with math, that all the NSA's activities have causes with probabilities associated.
Given the nontrivial overlap(in many reasonably common fonts) between Cyrillic and Latin glyphs, and the accompanying opportunities for wacky domain spoofing, Not. Soon. Enough.
All-Cyrillic domains(with the exception of the ones that you could construct purely from characters with serious overlap issues) aren't nearly as threatening; but, given that sprinkling in a few Cyrillic characters will let you construct visually identical(but completely different) URLs for a substantial number of Latin-character domains, I'd be inclined to treat any mixed-alphabet domains as guilty until proven innocent.
The fact that gTLDs are a trademark/typosquatting money grab for registrars isn't exactly news; but why exactly will non-english TLDs require 'more interpreters'?
If you don't do business in a given country or language area at all, just ignore them. If you have some limited interest in keeping the trademark-infringement scammers away, you don't need an interpreter to buy YOURNAME.whatever-incomprehnsible-foreign and have it point to your existing site. If you do do business in a given language area, presumably you already have somebody who is capable of doing the localization.
I think that gTLDs are moronic; but the difference between being moronic and spawning random slum domains that nobody actually wants only in English vs. being moronic and spawning random slum domains that nobody actually wants in multiple languages isn't that large.
I think you are thinking PostScript. PDF requires that all computations resolve to a well defined value based on information contained within the document (i.e. not turning complete). So then of course Adobe had to add a turing complete language back in.
I don't know if any implementations are stupid enough to implement this(at least without some very careful sanitizing); but(in addition to ramming in javascript and the ability to embed basically anything at all, thanks for nothing 'rich media annotations'), they even added: Launch Actions!
"12.6.4.5 Launch Actions A launch action launches an application or opens or prints a document. Table 203 shows the action dictionary entries specific to this type of action. The optional Win, Mac, and Unix entries allow the action dictionary to include platform-specific parameters for launching the designated application. If no such entry is present for the given platform, the F entry shall be used instead. Table 203 shows the platform-specific launch parameters for the Windows platform. Parameters for the Mac OS and UNIX platforms are not yet defined at the time of publication."
Your Standards Compliant Solution for executing arbitrary binaries with arbitrary parameters. No need for messy, version-sensitive, exploit code! Combine with javacript and web-interaction support to build documents that search the target's hard drive for interesting things upon being opened... Or(miracle of miracles!) build a PDF that runs the adobe update utility when you open it, you're sure to find something new every time!
Out of curiosity, were you dealing with enough fancy-forms-and-interactive-nonsense type PDFs that the 'just brutally rasterize it and let them eat.jpeg!' option wasn't an option, or were the attackers good enough that you didn't have a PDF renderer you could trust for the rasterizing duties?
That isn't really 'sanitizing', though: It's certainly good that you practice safe text on your computer; but if you are the mailserver guy, and may or may not have as much control as you'd like over the users and their filthy, weatherbug-encrusted, systems, you want to modify the file such that it no longer contains a potential payload, not merely use a reader that doesn't execute payloads.
OP is just pissed that without the government spending trillions of dollars on the infrastructure, private businesses aren't going to be able to come in and take over after the hard work is done and make easy profit.
Didn't that strategy experience 100% Great Success with the Latin American water systems?
Problem: Poor people can't afford power. Solution: Supply just about the most expensive form of power available... for free.
Problem: The infrastructure build-out needed to produce cheap coal-fired electricity is never going to be justified by poor people as customers,and we can't afford it as a social or populist program.
Solution: As with so many things, the marginal value of going from 'nothing' to 'something' is a whole hell of a lot higher than the marginal value of going from 'something' to 'lots of something', so we can gain many of the benefits at a fraction of the cost by choosing a system that costs a lot per kilowatt-hour; but comparatively little in capital costs, and fuck-all in ongoing maintenance.
I realize that all the best insights fit on bumper stickers; but it is occasionally possible that ideas occupying several whole sentences are actually just elitist plots against honest common sense, rather than elitist communist plots against honest common sense and economic logic.
Commie. My skepticism about the invisible hand totally fucking vanished when I learned that I could spend other people's money to pay it to give me invisible handjobs.
Clearly, you are just a envy-driven agent of class warfare and collectivism.
Of course the citizens are left to fend for themselves but the prisoners are evacuated in air conditioned buses.
California probably isn't the state to play that particular card in: their prison standards are so... exemplary... that they've been judged a violation of 8th-amendment prohibitions on cruel and unusual punishment. The not-notoriously-soft-on-crime feds have had them under oversight for a bit over 15 years trying to get the reckless negligence and massive overcrowding down to constitutionally-viable levels...
(Plus, of course, incarcerating somebody makes them your responsibility to a degree that you'd be accused of extreme nanny-stating for adopting with respect to free citizens. How popular would having the feds herd the locals out to protect them from the fungal menace be?)
It takes serious hutzpah, or a very dry sense of humor, for America's go-to guy on fun projects like 'Operation Condor' to describe academic politics as 'bitter...
He didn't go to jail because somebody gives a damn about the class president, he went to jail because he compromized hundreds of access credentials and used them to gain unauthorized access to systems(and, unless the school's IT office is fairly conservative, the odds are increasingly good that you can hardly touch their system without crossing state lines).
His pitiful attempts at hiding probably didn't endear him to anybody, either.
Architecturally, anything that scans QR codes(or accepts any other sort of input that isn't trivially human-verifiable beforehand, mag-stripes, NFC, 2d barcodes, whatever).
In terms of UI/UX constraints, I assume that 'glass' is atypically vulnerable because it has severely limited space(in terms of both screen resolution and user input options) for showing the user the details of what, exactly, a given QR code is going to do and asking them whether they want to do it, which creates an incentive to just do it automatically.
Any computer can be made to do dumb things based on valid-but-malicious input automatically; but some computers are more equal than others when it comes to being able to inform the user(though user density creates a fundamental upper limit here).
Given that, at present, 'via the legal process' seems to consist of a variety of procedures that make getting a search warrant rubber-stamped by a handpicked sycophant look positively robust, I'm not sure how reassured I'd be even by 100% ironclad evidence that all data were divulged in accordance with 'legal process'.
Even aside from the high-volume shenanigans on the NSA side, whose legal justifications themselves are rather secretive, the good old 'National Security Letter' is a 'legal' process that essentially boils down to 'Somebody at a three letter agency asserts that the information demanded is in some way related to an investigation with national security implications. Pinkie Swear!'. No judicial involvement, no need to present any evidence for that assertion, a downright farcically bad record on recordkeeping(the FBI won't even tell congress how often they use the things), and a gag order that makes the operation essentially silent.
Sure, maybe Microsoft are better people if they are always complying under penalty of law, rather than as enthusiastic little quislings voluntarily cozying up to the spooks; but from the perspective of a potential customer, rather than an observing ethicist, what difference does it make?
it says a lot for the people that bought into the DNT, they'll buy into just about anything. Uncheck your third party cookies in your browser and that should take care of them tracking you to other sites. I have a multi purpose firewall that kept finding tracking cookies until I cut out third party cookies now it doesn't find any.
Sure, cookies make things markedly easier(since data persistence is what they do, in a sort of feeble, hacky way); but there are so many more bits of information available if you want to fingerprint a user. Even better, the ones that squirm the hardest against the easy methods tend to end up with the most unusual configurations.
The astronaut is quoted as saying that it didn't taste like water from the drinking water supply. Could be that, once steeped in helmet-gunk and hair, it tastes different, could be from a coolant loop.
The one plus side is that(unlike the current "Let's harass people we don't like; because they are suspicious and dangerous!") strategy, a biological marker(well chosen or not) will have the nasty-but-hilarious habit of showing up in all kinds of places. Social discrimination can be kept pointed safely downward; but if you start swabbing for DNA, anybody could end up having it, leading to entertaining collisions of policies that are tolerated only because they happen to unimportant people with people who are normally exempt from such...
A highly irate letter only after they were publicly embarrassed. How self-serving. Fuck these companies.
A balanced consideration is in order: Should we warmly regard these oh. so. heroic. companies for their bold stance? Hardly, this is snivelling PR drivel of the highest order.
However, considering the relative number of important friends possessed by "The Constitution" and "Shareholder Value" respectively, is it not a convenient thing that NSA activity be perceived(and ideally actually be) bad for influential American corporations?
Isn't it extremely useful that all American 'cloud' and telecommunications companies now have a PR problem on their hands(and quite possibly a sales problem, EU privacy mandates aren't going to make moving EU customer data onto American servers any more legal if you do business on that side of the pond, and do enjoy selling foreign governments your products on a "Don't worry, it'll be just between you, us, and the American Clandestine Services..." basis)?
Outfits like the EFF and ACLU, not to mention people like Snowden and Manning who take great personal risk, have the moral high ground; but perhaps less so with the 'army of effective lobbyists and vast financial resources'. These companies, by contrast, are mere mercenaries; but may prove useful for so long as NSA spying harms their interests, rather than serves as a revenue stream(looking at you, telco wiretapping fees).
Trying to be cute is one thing, doing it when it helps the assholes restrict our rights and liberties is quite another.
I'm not sure where you find the 'helps' in that. I'm venting bitter sarcasm at the logic-chopping bullshit that has been used to justify clearly unjustifiable conduct.
Ha! A little short-sighted.
We don't have to worry, but amazon, slashdot and other big guys must decide whether they can just reject future (whateverUNICODEtld) used as email addresses for registration at their sites. Imagine google.(whateverUNICODEtld)!
Oh, the proliferation of pure-shakedown TLDs is, undoubtedly, a clusterfuck in the making, that much I fully agree with. I was just unimpressed by the original poster's 'zOMG foreign!!!' concerns. With the exception of legacy systems that still can't handle unicode, being shaken down for bullshit TLDs that are latin-character nonsense isn't much different than being shaken down for bullshit TLDs that are unicode nonsense(except for wacky glyph similarity-based impersonations, of course, those will be fun!)
At this revelation, it doesn't take a libertarian to point out that this isn't based on probable cause.
Just as 'due process of law' is a process that you do that involves law in some capacity, which successfully enlegalizes all sorts of handy stuff, 'probable cause' is a cause that has an associated probability.
I think that it's abundantly clear, even provable with math, that all the NSA's activities have causes with probabilities associated.
Converting to JPEG? You're a terrible human being.
I prefer to think of myself as 'The Rasterizer of the Unworthy'.
Given the nontrivial overlap(in many reasonably common fonts) between Cyrillic and Latin glyphs, and the accompanying opportunities for wacky domain spoofing, Not. Soon. Enough.
All-Cyrillic domains(with the exception of the ones that you could construct purely from characters with serious overlap issues) aren't nearly as threatening; but, given that sprinkling in a few Cyrillic characters will let you construct visually identical(but completely different) URLs for a substantial number of Latin-character domains, I'd be inclined to treat any mixed-alphabet domains as guilty until proven innocent.
The honest fellows at the Russian Business Network will need all the TLDs they can get to stay ahead of the blacklists...
The fact that gTLDs are a trademark/typosquatting money grab for registrars isn't exactly news; but why exactly will non-english TLDs require 'more interpreters'?
If you don't do business in a given country or language area at all, just ignore them. If you have some limited interest in keeping the trademark-infringement scammers away, you don't need an interpreter to buy YOURNAME.whatever-incomprehnsible-foreign and have it point to your existing site. If you do do business in a given language area, presumably you already have somebody who is capable of doing the localization.
I think that gTLDs are moronic; but the difference between being moronic and spawning random slum domains that nobody actually wants only in English vs. being moronic and spawning random slum domains that nobody actually wants in multiple languages isn't that large.
And be sure to double-check that the next update doesn't revert those settings on you...
I think you are thinking PostScript. PDF requires that all computations resolve to a well defined value based on information contained within the document (i.e. not turning complete). So then of course Adobe had to add a turing complete language back in.
I don't know if any implementations are stupid enough to implement this(at least without some very careful sanitizing); but(in addition to ramming in javascript and the ability to embed basically anything at all, thanks for nothing 'rich media annotations'), they even added: Launch Actions!
"12.6.4.5 Launch Actions
A launch action launches an application or opens or prints a document. Table 203 shows the action dictionary
entries specific to this type of action.
The optional Win, Mac, and Unix entries allow the action dictionary to include platform-specific parameters for
launching the designated application. If no such entry is present for the given platform, the F entry shall be
used instead. Table 203 shows the platform-specific launch parameters for the Windows platform. Parameters
for the Mac OS and UNIX platforms are not yet defined at the time of publication."
Your Standards Compliant Solution for executing arbitrary binaries with arbitrary parameters. No need for messy, version-sensitive, exploit code! Combine with javacript and web-interaction support to build documents that search the target's hard drive for interesting things upon being opened... Or(miracle of miracles!) build a PDF that runs the adobe update utility when you open it, you're sure to find something new every time!
Out of curiosity, were you dealing with enough fancy-forms-and-interactive-nonsense type PDFs that the 'just brutally rasterize it and let them eat .jpeg!' option wasn't an option, or were the attackers good enough that you didn't have a PDF renderer you could trust for the rasterizing duties?
That isn't really 'sanitizing', though: It's certainly good that you practice safe text on your computer; but if you are the mailserver guy, and may or may not have as much control as you'd like over the users and their filthy, weatherbug-encrusted, systems, you want to modify the file such that it no longer contains a potential payload, not merely use a reader that doesn't execute payloads.
OP is just pissed that without the government spending trillions of dollars on the infrastructure, private businesses aren't going to be able to come in and take over after the hard work is done and make easy profit.
Didn't that strategy experience 100% Great Success with the Latin American water systems?
Problem: Poor people can't afford power.
Solution: Supply just about the most expensive form of power available... for free.
Problem: The infrastructure build-out needed to produce cheap coal-fired electricity is never going to be justified by poor people as customers,and we can't afford it as a social or populist program.
Solution: As with so many things, the marginal value of going from 'nothing' to 'something' is a whole hell of a lot higher than the marginal value of going from 'something' to 'lots of something', so we can gain many of the benefits at a fraction of the cost by choosing a system that costs a lot per kilowatt-hour; but comparatively little in capital costs, and fuck-all in ongoing maintenance.
I realize that all the best insights fit on bumper stickers; but it is occasionally possible that ideas occupying several whole sentences are actually just elitist plots against honest common sense, rather than elitist communist plots against honest common sense and economic logic.
It's pretty mind blowing.
Commie. My skepticism about the invisible hand totally fucking vanished when I learned that I could spend other people's money to pay it to give me invisible handjobs.
Clearly, you are just a envy-driven agent of class warfare and collectivism.
Of course the citizens are left to fend for themselves but the prisoners are evacuated in air conditioned buses.
California probably isn't the state to play that particular card in: their prison standards are so... exemplary... that they've been judged a violation of 8th-amendment prohibitions on cruel and unusual punishment. The not-notoriously-soft-on-crime feds have had them under oversight for a bit over 15 years trying to get the reckless negligence and massive overcrowding down to constitutionally-viable levels...
(Plus, of course, incarcerating somebody makes them your responsibility to a degree that you'd be accused of extreme nanny-stating for adopting with respect to free citizens. How popular would having the feds herd the locals out to protect them from the fungal menace be?)
It takes serious hutzpah, or a very dry sense of humor, for America's go-to guy on fun projects like 'Operation Condor' to describe academic politics as 'bitter...
Pretty much nothing in the publically available information on this guy suggests that he was anything close to a 'decent person'...
He didn't go to jail because somebody gives a damn about the class president, he went to jail because he compromized hundreds of access credentials and used them to gain unauthorized access to systems(and, unless the school's IT office is fairly conservative, the odds are increasingly good that you can hardly touch their system without crossing state lines).
His pitiful attempts at hiding probably didn't endear him to anybody, either.
Architecturally, anything that scans QR codes(or accepts any other sort of input that isn't trivially human-verifiable beforehand, mag-stripes, NFC, 2d barcodes, whatever).
In terms of UI/UX constraints, I assume that 'glass' is atypically vulnerable because it has severely limited space(in terms of both screen resolution and user input options) for showing the user the details of what, exactly, a given QR code is going to do and asking them whether they want to do it, which creates an incentive to just do it automatically.
Any computer can be made to do dumb things based on valid-but-malicious input automatically; but some computers are more equal than others when it comes to being able to inform the user(though user density creates a fundamental upper limit here).
Given that, at present, 'via the legal process' seems to consist of a variety of procedures that make getting a search warrant rubber-stamped by a handpicked sycophant look positively robust, I'm not sure how reassured I'd be even by 100% ironclad evidence that all data were divulged in accordance with 'legal process'.
Even aside from the high-volume shenanigans on the NSA side, whose legal justifications themselves are rather secretive, the good old 'National Security Letter' is a 'legal' process that essentially boils down to 'Somebody at a three letter agency asserts that the information demanded is in some way related to an investigation with national security implications. Pinkie Swear!'. No judicial involvement, no need to present any evidence for that assertion, a downright farcically bad record on recordkeeping(the FBI won't even tell congress how often they use the things), and a gag order that makes the operation essentially silent.
Sure, maybe Microsoft are better people if they are always complying under penalty of law, rather than as enthusiastic little quislings voluntarily cozying up to the spooks; but from the perspective of a potential customer, rather than an observing ethicist, what difference does it make?
it says a lot for the people that bought into the DNT, they'll buy into just about anything. Uncheck your third party cookies in your browser and that should take care of them tracking you to other sites. I have a multi purpose firewall that kept finding tracking cookies until I cut out third party cookies now it doesn't find any.
Your measures are... outmoded.
Sure, cookies make things markedly easier(since data persistence is what they do, in a sort of feeble, hacky way); but there are so many more bits of information available if you want to fingerprint a user. Even better, the ones that squirm the hardest against the easy methods tend to end up with the most unusual configurations.
The astronaut is quoted as saying that it didn't taste like water from the drinking water supply. Could be that, once steeped in helmet-gunk and hair, it tastes different, could be from a coolant loop.
Neither nature nor nurture are on the side of free will(nor, indeed, is a universe that is deterministic or a universe that is stochastic).
The one plus side is that(unlike the current "Let's harass people we don't like; because they are suspicious and dangerous!") strategy, a biological marker(well chosen or not) will have the nasty-but-hilarious habit of showing up in all kinds of places. Social discrimination can be kept pointed safely downward; but if you start swabbing for DNA, anybody could end up having it, leading to entertaining collisions of policies that are tolerated only because they happen to unimportant people with people who are normally exempt from such...