To begin with, this doesn't mean that Luxottica isn't doing bad things. It's just this bullshit line of reasoning makes me a bit crazy.
Cost to produce something and get it into the hands of consumers does not equal the Bill Of Materials (BOM) cost. There are a lot of other people involved in the supply chain that - shockingly enough - don't want to work for free. This includes:
1) The designers and engineers that create the product. 2) The manufacturers that pay everyone from the people actually making the product, their managers, administrative support, etc. 3) The distributors and their overhead (this reduces the exposure of retailers to carrying excess inventory) 4) The salespeople that help you select the frames, fit them, take measurements for where your eyes are relative to the frames (critical for making the lenses focus properly on your retinas), their management, administrative support, etc. 5) The capital involved in all of this - machines to make the eyewear and lenses, buildings people work in, retail space leased, their computers, furniture, etc., etc., etc.
In most cases, BOM is maybe 10%-15% of the price you pay because everything else costs money too. I don't see of this isn't fucking obvious, but apparently the world needs constant reminders because ZOMG CONSPIRACY!!!
I see a million of these articles, none of which even mention the obscene amount of unnecessary overhead in many of these systems. The politicians bullshit about there not being enough taxes or fees, but they (and their media lapdogs) ignore the egregious amount of waste involved. A starter....
Silicon Valley has this Janus-like political stance where they behave like caricatures of the most amoral greedy sociopathic businesspeople while ostentatiously parroting progressive dogma as if it somehow balances the whole thing out anywhere outside of their twisted little minds. The left happily and hypocritically ate it up while the negative aspects of their behavior were carefully hidden away, but now that the curtain has been pulled back the infighting has begun and now it's funny to watch.
This isn't a blanket condemnation of business or progressives (there are plenty of outstanding people and organizations in both areas), but representative politics has a horrible way of bending the path of humanity towards kakistocracy (government by the worst possible people).
Strictly speaking - not defending this practice, just explaining it - merchants should decline to take your card if you've done this, per their agreement with the card issuers. The signature is there as a promise to pay, not as a means of identification. Yes, this is stupid. A better practice is the banks that allow you to put your picture on the card.
Wish I had points to mod you up - you're exactly right. And it's not all US airlines. American Airlines is among the worst at these seat games and other nickel-and-dime bullshit. So guess what? I no longer fly with them, even though they have some routes that are very convenient for me. Southwest and Alaska are both fairly reasonable for seat quality and pricing, and so I use them more.
This trend of seeking offense where none is intended is incredibly toxic to humanity. In the English language many words have different meanings based on their context. It's plainly obvious that no allusion to human slavery is meant in the context of software or hardware module relationships.
Let's be blunt about what has happened: people have been abusively harmed by others lying to them and telling them that context is meaningless. They have been given invented forms of discomfort in order to make them slaves to unpleasant emotional responses that have no underlying basis in reality. That's the irony here. The people complaining about the terminology are behaving in a herd manner, controlled by powermongers who benefit from it. Power flows from irrational group cohesion, and the cheapest and easiest form irrational group cohesion is hatred of the other. There are many ways to define the "other" and you can see it everywhere in politics: race, nationality, language, religion, gender, sexual orientation, and (seriously, humanity actually went here) word choice. Both conservatives and progressives exploit these shamelessly. Stop playing their games.
If something terrible is happening but it's not trending on social media then nobody gives a shit. The overwhelming majority of people in the US only get outraged when their peer group tells them to. Whether such outrage is sensible, proportionate, or useful is never a consideration. Being seen to "care" is what's important.
Musk made a fraudulent tweet to manipulate his stock price. It's both illegal and unethical. Now imagine if, say, an oil company executive pulled this shit. The exact same people who are defending Musk would be screeching for the oil company exec's immediate imprisonment and being fined into starvation.
Welcome to 2018, where facts don't matter and right vs. wrong are a function of political correctness. Enjoy your stay.
What do you call a government where only the proles have to obey the "laws?" Totalitarian? Yeah, I think that's it. Can we please now stop pretending our governments are in any way, shape, or form represent the peoplpe?
Yet they still try to cram Silverlight down our throats continuously on Windows Server updates (yes, I know that with enough hassle this can be turned off, but...). There are probably like six people using it for some oddball VDI application; for the rest of us it's a stupid nuisance.
Of course embassies use their own microcells - running and monitoring their own is the only way they have any assurance that somebody else isn't doing it to them. And in that line of work, you can guarantee other groups would at least be trying - and you have to worry about the host country (especially US / China / Russia / Israel / etc) tapping the cellular and telco switches.
And don't hold your breath waiting for more secure cellular communications (a reasonably straightforward exercise) - our Wise Overlords enjoy being able to snoop when they feel like it. Why do you think they're so upset about peer-to-peer encryption? They've been secretly abusing insecure standards for decades, and they want their unconsitutional toys back...
It depends on your needs and your budget. If you're a typical home user that doesn't have people specifically targeting them then your needs are very different than a corporate executive who is regularly hit with espionage attempts.
I'll answer for a typical home user: Turris Omnia. It's a bit pricey ($339 on Amazon), but it runs a modified version of OpenWRT. It's easy-to-use, reasonably powerful in terms of features and capabilities, and is updated frequently.
One of the foundations of contract law has always been that a valid agreement requires a "meeting of the minds" - that both parties essentially agree upon and desire the outcomes specified in the contract. Somehow this got thrown out the window with the "click agree to continue" mode of doing business. I'm not going to knock long lists of terms and conditions - from a technical, legal standpoint they are often necessary to protect both sides and allow business to be conducted in a reasonable manner, and there are plenty of instances they are honest and straightforward parts of the bargain.
That being said, there are also many instances companies are sneaking in stuff that has nothing to do with the other party's conception of the agreement. Courts have been upholding this bullshit, and they should not. Virtually every case where privacy issues become problematic involve these situations.
My suggestion would be to have three or four "standard forms" for Internet agreements that are reasonably easy to understand (the idea modeled very loosely on the Creative Commons concept - straightforward options, with icons indicating what is included / excluded). I would start with "free as in beer," "pay with money," "pay with ad viewing," and "pay with your life data." These can contain the overwhelming majority of the "boilerplate" and be explained fairly easily. This leaves the exceptions, which in most cases should be short enough for a person to deal with. If you can't start with this and have a humanly manageable agreement, then your product or service is probably sketchy as fuck and people should stay away.
You can't have security and backdoors. Let's just say, for the sake of argument, that Ray Ozzie's approach - assuming it worked perfectly (heh) - of vendor-held key escrow was legislated and implemented. This is a huge leap for the industry, but they could do it. It would never be reasonably secure, and it would be near impossible to fix the flaws, but let's say it was done. The next step would be Fed-held key escrow. This is an almost microscopically tiny incremental step - just moving some boxes, folks - but at that point the concept of digital privacy is as dead as the rest of the Bill of Rights. Don't kid yourself that that isn't the end game here.
So let's call this bullshit what it is: "Flat Earth Encryption." It's technically infeasible, practically infeasible, and politically infeasible to have any sort of key escrow system that won't be abused like an underage Congressional intern.
It seems to me that the only point of having an autopilot would be so that you could take your hands off the wheel and not pay attention to the road. This is sorta-kinda-an-almost-but-not-quite autopilot that works ok most of the time but has failure modes involving death and / or dismemberment. Who the hell would sell a half-assed, half-baked "feature" like this? And from the other side, it's not exactly a little-known fact that Tesla's autopilot will occasionally fail and kill people in the car if it's used as an actual autopilot. Who the hell would buy and use a half-assed, half-baked feature like this?
This whole Tesla autopilot thing is like a ramped-up version of that show "Jackass," plus crunchy flaming death. At least these idiots aren't taking many innocent people with them.
In the mean time, I frequently get asked why I haven't bought a Tesla (I'm a geek and it's in my price range). My response is always that I don't buy beta-quality capital goods.
There seems to be a thing among the progressive / neo-liberal camp that requires them to screech down at any occupation or practice that they, from their loftier economic perch, would not personally engage in. Hey, I don't want to be an Uber driver either. It's fine. I have several friends who do it for extra cash (or, in one case, because they actually enjoy it - weird, but that's their thing), and none of them are anywhere near dumb enough to do it for a net of $3 and change. That number should, literally, be unbelievable, and yet many people believed it anyway because it fit a highly (absurdly) hyperbolic narrative. There are two problems here: 1) that these people need to be more skeptical (especially when such strong confirmation bias is involved), and 2) they need to check their fucking privilege. Not everybody has the immediate option of an awesome job, has good spending / saving habits, etc. Just because you wouldn't do something doesn't mean that nobody else should, and fabricating evidence to the contrary is both dishonest and cruel.
Seriously. Most of us have cores sitting idle. Instead of being abused / tracked / annoyed / occasionally infected by advertising, why not let sites do a small amount of mining while we visit?
I don't have bad Mondays, in general. I love my job - not ever moment of it; people and situations will occasionally annoy, but in general I'm a happy camper at work. If you don't love your job, then you should either find something else or find a way to love it. There's no extra reward for going through life miserable.
If you rate yourself based on other people's outcomes compared to your own (basing your self-esteem on parity or superiority), you will always be vulnerable to depression. The only thing worse than this is equating money with happiness and / or satisfaction in life.
Want to be happy? Rate yourself on your own progress in life. Make yourself a little bit better each day. Wash, rinse, repeat.
Apple throws in a Lightning-standard headphone jack adapter with each new iPhone. That being said, having switch to Bluetooth headphones and earbuds awhile ago (V-Moda Crossfade 2 Wireless and V-Moda Forza Metallo), I would say it's like switching to a cordless mouse. You really don't want to go back.
I have some (extremely limited) sympathy for patching "deep applicaiton infrastructure" things like Struts, because it can take quite a bit of QA to make sure that the patches don't break the application or make the problem worse. That being said, it's a top priority and companies - especially in a PCI or similar compliance environments - need to budget the time and resources to deal with issues like this, because they will pop up on a regular basis.
That being said, this problem could have been blocked without patching. First of all, an application-level proxy / API that sanity checks the types and rate of requests should have been between the public web application and the database back end. All sorts of mischief can be either stopped or at least slowed down here, and the failure to have something list this is a major architectural error. Secondly, a reverse-proxy (or load balancer) could look for attacks of this nature and block them before the get to the web server. F5's products are explicitly capable of stopping this CVE, and I'm sure some of their competitors can do it as well.
Security needs to exist in layers, because at some point people will screw up at one layer or another. That's just human nature, and it will not change until AIs take over the world and enslave us, but that's a problem for 2019.
Slashdot Mirror
To begin with, this doesn't mean that Luxottica isn't doing bad things. It's just this bullshit line of reasoning makes me a bit crazy.
Cost to produce something and get it into the hands of consumers does not equal the Bill Of Materials (BOM) cost. There are a lot of other people involved in the supply chain that - shockingly enough - don't want to work for free. This includes:
1) The designers and engineers that create the product.
2) The manufacturers that pay everyone from the people actually making the product, their managers, administrative support, etc.
3) The distributors and their overhead (this reduces the exposure of retailers to carrying excess inventory)
4) The salespeople that help you select the frames, fit them, take measurements for where your eyes are relative to the frames (critical for making the lenses focus properly on your retinas), their management, administrative support, etc.
5) The capital involved in all of this - machines to make the eyewear and lenses, buildings people work in, retail space leased, their computers, furniture, etc., etc., etc.
In most cases, BOM is maybe 10%-15% of the price you pay because everything else costs money too. I don't see of this isn't fucking obvious, but apparently the world needs constant reminders because ZOMG CONSPIRACY!!!
I see a million of these articles, none of which even mention the obscene amount of unnecessary overhead in many of these systems. The politicians bullshit about there not being enough taxes or fees, but they (and their media lapdogs) ignore the egregious amount of waste involved. A starter....
https://ny.curbed.com/2017/12/...
Silicon Valley has this Janus-like political stance where they behave like caricatures of the most amoral greedy sociopathic businesspeople while ostentatiously parroting progressive dogma as if it somehow balances the whole thing out anywhere outside of their twisted little minds. The left happily and hypocritically ate it up while the negative aspects of their behavior were carefully hidden away, but now that the curtain has been pulled back the infighting has begun and now it's funny to watch.
This isn't a blanket condemnation of business or progressives (there are plenty of outstanding people and organizations in both areas), but representative politics has a horrible way of bending the path of humanity towards kakistocracy (government by the worst possible people).
Strictly speaking - not defending this practice, just explaining it - merchants should decline to take your card if you've done this, per their agreement with the card issuers. The signature is there as a promise to pay, not as a means of identification. Yes, this is stupid. A better practice is the banks that allow you to put your picture on the card.
Wish I had points to mod you up - you're exactly right. And it's not all US airlines. American Airlines is among the worst at these seat games and other nickel-and-dime bullshit. So guess what? I no longer fly with them, even though they have some routes that are very convenient for me. Southwest and Alaska are both fairly reasonable for seat quality and pricing, and so I use them more.
This trend of seeking offense where none is intended is incredibly toxic to humanity. In the English language many words have different meanings based on their context. It's plainly obvious that no allusion to human slavery is meant in the context of software or hardware module relationships.
Let's be blunt about what has happened: people have been abusively harmed by others lying to them and telling them that context is meaningless. They have been given invented forms of discomfort in order to make them slaves to unpleasant emotional responses that have no underlying basis in reality. That's the irony here. The people complaining about the terminology are behaving in a herd manner, controlled by powermongers who benefit from it. Power flows from irrational group cohesion, and the cheapest and easiest form irrational group cohesion is hatred of the other. There are many ways to define the "other" and you can see it everywhere in politics: race, nationality, language, religion, gender, sexual orientation, and (seriously, humanity actually went here) word choice. Both conservatives and progressives exploit these shamelessly. Stop playing their games.
If something terrible is happening but it's not trending on social media then nobody gives a shit. The overwhelming majority of people in the US only get outraged when their peer group tells them to. Whether such outrage is sensible, proportionate, or useful is never a consideration. Being seen to "care" is what's important.
Musk made a fraudulent tweet to manipulate his stock price. It's both illegal and unethical. Now imagine if, say, an oil company executive pulled this shit. The exact same people who are defending Musk would be screeching for the oil company exec's immediate imprisonment and being fined into starvation.
Welcome to 2018, where facts don't matter and right vs. wrong are a function of political correctness. Enjoy your stay.
... it *really* crashes.
What do you call a government where only the proles have to obey the "laws?" Totalitarian? Yeah, I think that's it. Can we please now stop pretending our governments are in any way, shape, or form represent the peoplpe?
... don't let it drive.
Just saying.
Yet they still try to cram Silverlight down our throats continuously on Windows Server updates (yes, I know that with enough hassle this can be turned off, but...). There are probably like six people using it for some oddball VDI application; for the rest of us it's a stupid nuisance.
Of course embassies use their own microcells - running and monitoring their own is the only way they have any assurance that somebody else isn't doing it to them. And in that line of work, you can guarantee other groups would at least be trying - and you have to worry about the host country (especially US / China / Russia / Israel / etc) tapping the cellular and telco switches.
And don't hold your breath waiting for more secure cellular communications (a reasonably straightforward exercise) - our Wise Overlords enjoy being able to snoop when they feel like it. Why do you think they're so upset about peer-to-peer encryption? They've been secretly abusing insecure standards for decades, and they want their unconsitutional toys back...
It depends on your needs and your budget. If you're a typical home user that doesn't have people specifically targeting them then your needs are very different than a corporate executive who is regularly hit with espionage attempts.
I'll answer for a typical home user: Turris Omnia. It's a bit pricey ($339 on Amazon), but it runs a modified version of OpenWRT. It's easy-to-use, reasonably powerful in terms of features and capabilities, and is updated frequently.
You thought pop-over ads and auto-play videos were bad before?!?? Hopefully this can be disabled...
Yeah, because if there's one thing foreign intelligence organizations are totally incapable of and stymied by, it's creating a fake ID.
One of the foundations of contract law has always been that a valid agreement requires a "meeting of the minds" - that both parties essentially agree upon and desire the outcomes specified in the contract. Somehow this got thrown out the window with the "click agree to continue" mode of doing business. I'm not going to knock long lists of terms and conditions - from a technical, legal standpoint they are often necessary to protect both sides and allow business to be conducted in a reasonable manner, and there are plenty of instances they are honest and straightforward parts of the bargain.
That being said, there are also many instances companies are sneaking in stuff that has nothing to do with the other party's conception of the agreement. Courts have been upholding this bullshit, and they should not. Virtually every case where privacy issues become problematic involve these situations.
My suggestion would be to have three or four "standard forms" for Internet agreements that are reasonably easy to understand (the idea modeled very loosely on the Creative Commons concept - straightforward options, with icons indicating what is included / excluded). I would start with "free as in beer," "pay with money," "pay with ad viewing," and "pay with your life data." These can contain the overwhelming majority of the "boilerplate" and be explained fairly easily. This leaves the exceptions, which in most cases should be short enough for a person to deal with. If you can't start with this and have a humanly manageable agreement, then your product or service is probably sketchy as fuck and people should stay away.
You can't have security and backdoors. Let's just say, for the sake of argument, that Ray Ozzie's approach - assuming it worked perfectly (heh) - of vendor-held key escrow was legislated and implemented. This is a huge leap for the industry, but they could do it. It would never be reasonably secure, and it would be near impossible to fix the flaws, but let's say it was done. The next step would be Fed-held key escrow. This is an almost microscopically tiny incremental step - just moving some boxes, folks - but at that point the concept of digital privacy is as dead as the rest of the Bill of Rights. Don't kid yourself that that isn't the end game here.
So let's call this bullshit what it is: "Flat Earth Encryption." It's technically infeasible, practically infeasible, and politically infeasible to have any sort of key escrow system that won't be abused like an underage Congressional intern.
It seems to me that the only point of having an autopilot would be so that you could take your hands off the wheel and not pay attention to the road. This is sorta-kinda-an-almost-but-not-quite autopilot that works ok most of the time but has failure modes involving death and / or dismemberment. Who the hell would sell a half-assed, half-baked "feature" like this? And from the other side, it's not exactly a little-known fact that Tesla's autopilot will occasionally fail and kill people in the car if it's used as an actual autopilot. Who the hell would buy and use a half-assed, half-baked feature like this?
This whole Tesla autopilot thing is like a ramped-up version of that show "Jackass," plus crunchy flaming death. At least these idiots aren't taking many innocent people with them.
In the mean time, I frequently get asked why I haven't bought a Tesla (I'm a geek and it's in my price range). My response is always that I don't buy beta-quality capital goods.
There seems to be a thing among the progressive / neo-liberal camp that requires them to screech down at any occupation or practice that they, from their loftier economic perch, would not personally engage in. Hey, I don't want to be an Uber driver either. It's fine. I have several friends who do it for extra cash (or, in one case, because they actually enjoy it - weird, but that's their thing), and none of them are anywhere near dumb enough to do it for a net of $3 and change. That number should, literally, be unbelievable, and yet many people believed it anyway because it fit a highly (absurdly) hyperbolic narrative. There are two problems here: 1) that these people need to be more skeptical (especially when such strong confirmation bias is involved), and 2) they need to check their fucking privilege. Not everybody has the immediate option of an awesome job, has good spending / saving habits, etc. Just because you wouldn't do something doesn't mean that nobody else should, and fabricating evidence to the contrary is both dishonest and cruel.
Seriously. Most of us have cores sitting idle. Instead of being abused / tracked / annoyed / occasionally infected by advertising, why not let sites do a small amount of mining while we visit?
I don't have bad Mondays, in general. I love my job - not ever moment of it; people and situations will occasionally annoy, but in general I'm a happy camper at work. If you don't love your job, then you should either find something else or find a way to love it. There's no extra reward for going through life miserable.
If you rate yourself based on other people's outcomes compared to your own (basing your self-esteem on parity or superiority), you will always be vulnerable to depression. The only thing worse than this is equating money with happiness and / or satisfaction in life.
Want to be happy? Rate yourself on your own progress in life. Make yourself a little bit better each day. Wash, rinse, repeat.
Apple throws in a Lightning-standard headphone jack adapter with each new iPhone. That being said, having switch to Bluetooth headphones and earbuds awhile ago (V-Moda Crossfade 2 Wireless and V-Moda Forza Metallo), I would say it's like switching to a cordless mouse. You really don't want to go back.
I have some (extremely limited) sympathy for patching "deep applicaiton infrastructure" things like Struts, because it can take quite a bit of QA to make sure that the patches don't break the application or make the problem worse. That being said, it's a top priority and companies - especially in a PCI or similar compliance environments - need to budget the time and resources to deal with issues like this, because they will pop up on a regular basis.
That being said, this problem could have been blocked without patching. First of all, an application-level proxy / API that sanity checks the types and rate of requests should have been between the public web application and the database back end. All sorts of mischief can be either stopped or at least slowed down here, and the failure to have something list this is a major architectural error. Secondly, a reverse-proxy (or load balancer) could look for attacks of this nature and block them before the get to the web server. F5's products are explicitly capable of stopping this CVE, and I'm sure some of their competitors can do it as well.
Security needs to exist in layers, because at some point people will screw up at one layer or another. That's just human nature, and it will not change until AIs take over the world and enslave us, but that's a problem for 2019.