It's New Jersey, and it seems like there's no chance they'll repeal it.
Also, both Gun control opponents And advocates have spoken out against Smart guns.
For gun groups such as NRA; there's a rights issue and concerns that anything more complex than Newtonian Physics is too unreliable, Also Smart Gun technology will be expensive and make gun ownership unduly cost-prohibitive, similar to the government just banning outright.
For anti-Gun/Gun-control advocates, there's concerns that Smart Gun technology makes guns more widespread, because then guns seem safer.
Because if even instructors aren't smart enough not to hand a kid a loaded weapon
It's not necessarily a question of intelligence; sometimes even smart people express moments of poor judgement, and they have to deal with the consequences (in this case, their own death).
People are smart enough to drive cars, but more die a year in vehicle accidents than die from non-suicide gun deaths.
A thug invades your house without notice and then what?
First of all.... improve your perimeter security. Yards should be fenced off. Get a dog who will bark if there is trouble outdoors, and/or install suitable proximity motion sensors outside, motion lighting, and burglar alarm.
One strategy is: Leave the gun where you will, chamber empty, and remove the magazine; keep it loaded, but in a separate place.
I suggest having a couple gun cabinets around the house with digital locks.
no one is seriously going to deny an Email because there isn't an SPF or DMARC record
Not yet. But as it is a majority of domains have a SPF record, and some of the domains that most e-mail is from that are commonly spoofed have DMARC entries as well.
I could see rejecting email because there's no SPF record, eventually, but not yet.
Not until the Forwarding alias Problem is solved with a protocol such as ARC.
And sorry, but Sender Rewrite Scheme is not viable; because SPF requires everyone to have implemented it first, and in practice --- nobody implements it.
if I was making cellphones, that's what I'd do. cut 'em off like Murderistan. the people would rise up and throw those asshats out of office in two days.
Sell them phones with no software on them, and make the user download the code using a USB thumb drive.
This has always been a major problem with Laptops, it gets better for some devices, then suddenly worse again over time with new models, lather rinse and repeat, and it's not getting consistently solved permanently, unless hardware manufacturers start becoming serious about Linux support.
Howso? Domain A sends mail to domain B, domain B forwards mail to domain C in a new "envelope" just as currently happens.
This is not what happens in practice. I can assure you that enforcing SPF Hardfail policy violations with SMTP rejects results in Numerous complaints from mailbox holders about "Lost e-mail" that is a result of such forwarding.
And scoring it as spam generates complaints about spam filtering false positives and numerous whitelisting requests.
Yes, you have to do header rewriting. That's been around since the early SPF days over a decade ago.
First of all it's Not "header" rewriting. It's MAIL FROM rewriting The Rfc5321.MailFrom is not a message header; This is different from the Rfc5322.From header, which (outside of DMARC), has no relationship with SPF.
It's almost irrelevent that YOU can do MailFrom. There is no mechanism you can use to force other people to do MailFrom rewriting when forwarding mail you (or one of your customers) send to a forwarded address, Or that your mail server receives from a forwarding server, and very often they do not implement the Sender rewrite scheme or other MailFrom rewriting. It's most often Other People's Mail servers, such as large ISPs that will forward without return path rewriting.
They can avoid making global warming worse by diverting light AWAY from the part of the earth that is currently day, thus the results would be more global-warming neutral, AND the tradeoff for making it day 24x7 in one area is that it would be night 24x7 in another area.....
May I suggest the state of California to be the location to have light diverted away from it, so it becomes nighttime 24x7 there?
That's because the GPL doesn't grant freedom. It requires developers to grant freedom
The GPL grants freedom on the condition you cannot enslave others; that includes the users of your product, even if they paid you first.
If they like your product highly enough, then they can fork it and resell it or pay a competing developer continue the development, so they
can compete directly, and the GPL prohibits you from writing a proprietary value-add that becomes an extension of the software.
Yes..... Trustwave was initially being sued over the Target breach as well.
Seems this is like Strike 2 for Trustwave.
I imagine that cases like this coming to the media must be quite damaging to their reputation, and they should want to avoid further occasions and settle it quickly.
Doesn't PCI-DSS mandate retaining outside firms to do these audits?
PCI-DSS itself does not say who audits a company against the standard, But depending on transaction volumes and assessed risk, banks certainly will required that audits be conducted both internally and by an approved 3rd-party QSA.
will check that there is a documented process for security related changes, the fact that the process is actually implemented in practice is non important and they will never verify what you tell them to be actually true.
Well, it may be that they don't need to actually verify that what you say is true. If your company or an officer attests to a lie in an engagement with an auditor, then under federal law, there's a crime called fraud that it falls under, and I believe the risk of being prosecuted occurs after there's an incident which should not have occurred, and then the later forensic audit including interviews of management and staff turn up that the claimed policies had not actually been implemented
Malware detection and removal is not like accounting.
Malware can make itself undetectable and dormant for years, and then popup on command.
For example: there's no such thing as an antivirus with a 100% detection rate.
If any security firm is representing that they can make a 100% assurance that all malware is gone, not involving a rebuild or restore of system from backup, Or offline comparison against a gold image, then they are lying, and they deserve to get burned; because they should know better.
viewers outside the US can use a VPN provider to tunnel their traffic through a US IP address.
It's not a "Cat vs Mouse" game; it's more like a "Cat vs Tick" game
.....Or they can get a friend in the US to provide a private VPN for them to use.
Or they can colocate a personal server in the US, and VPN through that.
Or they can stand up short-term Amazon EC2 compute instances in a US datacenter with a private VPN through that, using the AWS API to turn it on only when they need Netflix.
There are some cloud-based security providers that normal US-based users and businesses proxy their web traffic through for security filtering... I'm thinking services such as Zscaler. But there are other consumer-level web antivirus/anti-malware filtering services that involve traffic proxying
Blocking them all won't really be an option, because it will result in too many upset customers.
More points if the guerila-VPN user gets some AWS Elastic IP addresses that happen to be in the same/24 as one of those major Cloud "Remote Web filtering/traffic scrubbing as a service" providers, for their personal VPNs.
Are there legitimate reasons for one device to have multiple public IPs simultaneously?
Yes, it's called being multihomed. Also MP-TCP/IPMP.
Linux and Apple iOS support it for starters, and it can greatly improve network performance.
There are also firewall devices which will balance traffic sourced across WANs.
Or may use a public IP address NAT pool, where different TCP connections from the same end host will be sourced from different public IPs, because they're different connection ID numbers.
Where I am, life doesn't stop when there is a snow storm.
Life may very well stop, in an extremely bad way, for anyone in a car driving on a "road" they cannot see with no lines and no visual cues.
Such an occasion is called a "stay at home and weather the storm day". This is due caution and avoiding unreasonable hazards 101.
They should, quite frankly, put up roadblocks, and have officers writing tickets and a $1000 fine to anyone who dares go on the road those days; however, except for the fact, that it is an unreasonable hazard, of being killed or injured by the cold, to have law officers outdoors in such areas on such days.
In many cases video taping a court room trial is not allowed
Courtrooms are closed proceedings done in a controlled area under strict rules. You don't have free speech rights in court regarding the proceedings of another person's trial; you cannot make distracting speeches in the courtroom either. It's not that you can't video what you want in order to make your desired expression: No video recording or distracting behavior at all is allowed.
Also, the judge may strike certain things from the record, or seal certain records, and prohibit attendees from even discussing certain things out of court.
Sometimes it's important to allow the jurors to view certain materials that are sensitive, and the jury may be allowed to see them, but the closed nature of the proceeding is used to protect the safety or reputation of a witness, for example.
What the question should be is: Is evidence protected under the first amendment?
Yes, it is protected. It is not within the wherewithal or legal authority of the state to restrict your right to use recording devices in public.
You have a 1st amendment right to the expression, and displaying video is a form of expression.
Banning you from making a video or audio recording to document what you have witnessed and allow you to express that in the desired format would be a prior restraint on free speech.
"There have been times we've been pulling bodies out of cars and these people are standing there, snapping pictures on their phones to post on Facebook. It's just not right."
News reporters would be doing the same thing. Snapping pictures to use in their headlines.
What is the actual ethical problem with this behavior?
If you're concerned about people getting in the way of rescue efforts, then make it illegal to interfere with rescue efforts.
If you are concerned with people taking pictures, when they should be providing meaningful assistance --- then make a law requiring people to stop what they are doing and render aid, or walk away slowly and directly to a minimum distance of 100 feet of the injury incident, if not intending to assist.
Slashdot Mirror
It's New Jersey, and it seems like there's no chance they'll repeal it.
Also, both Gun control opponents And advocates have spoken out against Smart guns.
For gun groups such as NRA; there's a rights issue and concerns that anything more complex than Newtonian Physics is too unreliable, Also Smart Gun technology will be expensive and make gun ownership unduly cost-prohibitive, similar to the government just banning outright.
For anti-Gun/Gun-control advocates, there's concerns that Smart Gun technology makes guns more widespread, because then guns seem safer.
Because if even instructors aren't smart enough not to hand a kid a loaded weapon
It's not necessarily a question of intelligence; sometimes even smart people express moments of poor judgement, and they have to deal with the consequences (in this case, their own death).
People are smart enough to drive cars, but more die a year in vehicle accidents than die from non-suicide gun deaths.
It's really just fine, if the purpose is to keep the gun out of reach of kids, and not to prevent the gun from being stolen.
A thug invades your house without notice and then what?
First of all.... improve your perimeter security. Yards should be fenced off. Get a dog who will bark if there is trouble outdoors, and/or install suitable proximity motion sensors outside, motion lighting, and burglar alarm.
One strategy is: Leave the gun where you will, chamber empty, and remove the magazine; keep it loaded, but in a separate place.
I suggest having a couple gun cabinets around the house with digital locks.
no one is seriously going to deny an Email because there isn't an SPF or DMARC record
Not yet. But as it is a majority of domains have a SPF record, and some of the domains that most e-mail is from that are commonly spoofed have DMARC entries as well.
I could see rejecting email because there's no SPF record, eventually, but not yet. Not until the Forwarding alias Problem is solved with a protocol such as ARC.
And sorry, but Sender Rewrite Scheme is not viable; because SPF requires everyone to have implemented it first, and in practice --- nobody implements it.
They don't need to cut the cables to listen in..... they just put the fibres in a Bend Tap, and it's completely non-disruptive and undetectable.
if I was making cellphones, that's what I'd do. cut 'em off like Murderistan. the people would rise up and throw those asshats out of office in two days.
Sell them phones with no software on them, and make the user download the code using a USB thumb drive.
This has always been a major problem with Laptops, it gets better for some devices, then suddenly worse again over time with new models, lather rinse and repeat, and it's not getting consistently solved permanently, unless hardware manufacturers start becoming serious about Linux support.
Howso? Domain A sends mail to domain B, domain B forwards mail to domain C in a new "envelope" just as currently happens.
This is not what happens in practice. I can assure you that enforcing SPF Hardfail policy violations with SMTP rejects results in Numerous complaints from mailbox holders about "Lost e-mail" that is a result of such forwarding.
And scoring it as spam generates complaints about spam filtering false positives and numerous whitelisting requests.
Yes, you have to do header rewriting. That's been around since the early SPF days over a decade ago.
First of all it's Not "header" rewriting. It's MAIL FROM rewriting The Rfc5321.MailFrom is not a message header; This is different from the Rfc5322.From header, which (outside of DMARC), has no relationship with SPF.
It's almost irrelevent that YOU can do MailFrom. There is no mechanism you can use to force other people to do MailFrom rewriting when forwarding mail you (or one of your customers) send to a forwarded address, Or that your mail server receives from a forwarding server, and very often they do not implement the Sender rewrite scheme or other MailFrom rewriting. It's most often Other People's Mail servers, such as large ISPs that will forward without return path rewriting.
DMARC, isn't even hard to set up
Except DMARC with SPF breaks E-mail forwarding between domains, and DKIM with DMARC breaks legitimate Mailing lists, so neither is viable
However, Authenticated Receive Chain spec is promising.
Not worried.... the Vogon Constructor Fleet will be here to clear the obstructions for the intergalactic highway, long before it becomes an issue.
They can avoid making global warming worse by diverting light AWAY from the part of the earth that is currently day, thus the results would be more global-warming neutral, AND the tradeoff for making it day 24x7 in one area is that it would be night 24x7 in another area.....
May I suggest the state of California to be the location to have light diverted away from it, so it becomes nighttime 24x7 there?
That's because the GPL doesn't grant freedom. It requires developers to grant freedom
The GPL grants freedom on the condition you cannot enslave others; that includes the users of your product, even if they paid you first.
If they like your product highly enough, then they can fork it and resell it or pay a competing developer continue the development, so they can compete directly, and the GPL prohibits you from writing a proprietary value-add that becomes an extension of the software.
Once the attacker has the master password, they can download all passwords that the user has stored in Lastpass.
Unless the user has 2FA enabled.....
Yes..... Trustwave was initially being sued over the Target breach as well. Seems this is like Strike 2 for Trustwave.
I imagine that cases like this coming to the media must be quite damaging to their reputation, and they should want to avoid further occasions and settle it quickly.
Doesn't PCI-DSS mandate retaining outside firms to do these audits?
PCI-DSS itself does not say who audits a company against the standard, But depending on transaction volumes and assessed risk, banks certainly will required that audits be conducted both internally and by an approved 3rd-party QSA.
will check that there is a documented process for security related changes, the fact that the process is actually implemented in practice is non important and they will never verify what you tell them to be actually true.
Well, it may be that they don't need to actually verify that what you say is true. If your company or an officer attests to a lie in an engagement with an auditor, then under federal law, there's a crime called fraud that it falls under, and I believe the risk of being prosecuted occurs after there's an incident which should not have occurred, and then the later forensic audit including interviews of management and staff turn up that the claimed policies had not actually been implemented
Company hires accounting firm,
Malware detection and removal is not like accounting.
Malware can make itself undetectable and dormant for years, and then popup on command.
For example: there's no such thing as an antivirus with a 100% detection rate.
If any security firm is representing that they can make a 100% assurance that all malware is gone, not involving a rebuild or restore of system from backup, Or offline comparison against a gold image, then they are lying, and they deserve to get burned; because they should know better.
If you want a medical world analogy for this case: 1. Guys gets shot with a shotgun.
I'm going to go with... 1. Guy gets sick. Hires doctor to find and fix all infections for a fixed pre-paid contract.
2. Doctor identifies invasive skin cancer and administers radiation therapy.
3. Apparent infection dies off.... All the visible anomalies are gone according to all analysis order... doctor pronounces Guy cured.
4. Guy show-up at Doctor2 a year later for a detailed scan.
5. Doctor2 identifies lung cancer in Xray.
6. Guy wants to sue Doctor 1; presuming Doctor 1 must have done his job improperly, if another Doctor is now able to find an infection a year later.
viewers outside the US can use a VPN provider to tunnel their traffic through a US IP address.
It's not a "Cat vs Mouse" game; it's more like a "Cat vs Tick" game
Or they can colocate a personal server in the US, and VPN through that.
Or they can stand up short-term Amazon EC2 compute instances in a US datacenter with a private VPN through that, using the AWS API to turn it on only when they need Netflix.
There are some cloud-based security providers that normal US-based users and businesses proxy their web traffic through for security filtering... I'm thinking services such as Zscaler. But there are other consumer-level web antivirus/anti-malware filtering services that involve traffic proxying
Blocking them all won't really be an option, because it will result in too many upset customers.
More points if the guerila-VPN user gets some AWS Elastic IP addresses that happen to be in the same /24 as one of those major Cloud "Remote Web filtering/traffic scrubbing as a service" providers, for their personal VPNs.
Are there legitimate reasons for one device to have multiple public IPs simultaneously?
Yes, it's called being multihomed. Also MP-TCP/IPMP.
Linux and Apple iOS support it for starters, and it can greatly improve network performance.
There are also firewall devices which will balance traffic sourced across WANs.
Or may use a public IP address NAT pool, where different TCP connections from the same end host will be sourced from different public IPs, because they're different connection ID numbers.
Where I am, life doesn't stop when there is a snow storm.
Life may very well stop, in an extremely bad way, for anyone in a car driving on a "road" they cannot see with no lines and no visual cues.
Such an occasion is called a "stay at home and weather the storm day". This is due caution and avoiding unreasonable hazards 101.
They should, quite frankly, put up roadblocks, and have officers writing tickets and a $1000 fine to anyone who dares go on the road those days; however, except for the fact, that it is an unreasonable hazard, of being killed or injured by the cold, to have law officers outdoors in such areas on such days.
In many cases video taping a court room trial is not allowed
Courtrooms are closed proceedings done in a controlled area under strict rules. You don't have free speech rights in court regarding the proceedings of another person's trial; you cannot make distracting speeches in the courtroom either. It's not that you can't video what you want in order to make your desired expression: No video recording or distracting behavior at all is allowed.
Also, the judge may strike certain things from the record, or seal certain records, and prohibit attendees from even discussing certain things out of court.
Sometimes it's important to allow the jurors to view certain materials that are sensitive, and the jury may be allowed to see them, but the closed nature of the proceeding is used to protect the safety or reputation of a witness, for example.
What the question should be is: Is evidence protected under the first amendment?
Yes, it is protected. It is not within the wherewithal or legal authority of the state to restrict your right to use recording devices in public.
You have a 1st amendment right to the expression, and displaying video is a form of expression. Banning you from making a video or audio recording to document what you have witnessed and allow you to express that in the desired format would be a prior restraint on free speech.
"There have been times we've been pulling bodies out of cars and these people are standing there, snapping pictures on their phones to post on Facebook. It's just not right."
News reporters would be doing the same thing. Snapping pictures to use in their headlines. What is the actual ethical problem with this behavior?
If you're concerned about people getting in the way of rescue efforts, then make it illegal to interfere with rescue efforts.
If you are concerned with people taking pictures, when they should be providing meaningful assistance --- then make a law requiring people to stop what they are doing and render aid, or walk away slowly and directly to a minimum distance of 100 feet of the injury incident, if not intending to assist.