A decade at a DOD site, and about the same time afterwards with PCI and HIPPA compliance. In many cases, you need to report seeing things you are not supposed to see. "Forget" is illegal in many cases, so claiming it's a viable answer is dangerous.
This may be the case in the DOD if you open a document you weren't supposed to have opened, as the military in principle doesn't trust anyone and wants to audit any admin's activity --- you could later suffer a judicial inquiry for opening such and such document and not reporting it, whether you actually saw or read any of the text or not; that could in theory be true within any organization, however, whether you reported it or not.
My argument is you should ignore and forget the content as early as possible, as in before you have actually "seen" or begin to have any comprehension of whatever is there. If you would know what the content is and you would know that you are not supposed to have seen it, then by the time you realize what it is about and you realize it's something you shouldn't be seeing, then you have already failed to practice this strategy.
This doesn't mean you won't make the proper note or annotation for your reason of opening such and such document and finding it miscategorized or inappropriate from a security standpoint, if you did.
HIPAA and PCI do not require you to remember if you incidentally saw something you were not meant to, such as a primary account number, or hex string representing an auth token; the potential legal violation would come in if you started making an effort to memorize or remember the number or code or write it down, extract it, etc. PCI does not have the force of law, either; it is a contractual agreement merchants agreed to adhere to.
Neither PCI nor HIPAA require a specific security policy, however.
I believe your "remember if you ever happen to see anything you think you are not supposed to" must have roots outside private industry.
The violation would be if you disseminated the information, acted upon it, or appeared to act upon the information.
I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them.
What happens when you get a request from management to help them identify/bring to their attention people potentially 'abusing' the e-mail system, such as by e-mailing sensitive information out of the organization, or by identifying employee(s) sending e-mail that are obscene, abusive, harrassing, or contain inappropriate language?
Your best bet is to "forget" you read it; never acknowledge that you saw it, and assume the best.
For example, just because someone wrote about supposed "irregularities in the pension fund"; doesn't mean there are irregularities in the pension fund, it may just be some ignorant person spouting out / jumping to wrong conclusions.
There are also paranoid folks who will say such things, until it's proven that no, there was just some minor typographical mistake and everything's fine.
Just like when a person tells you "I turned off the firewall," but it still gave me the error message.
Doesn't mean they managed to break into the server room and replace the corporate firewall with a closed circuit ------ they haven't a clue what they just said.
Sure it can. You just push a new root certificate to your devices and intercept away.
Issuance of a bogus certificate to fool one of the parties to a SSL conversation is called a Man-in-The-Middle attack which is fraudulent conduct; pushing a fraudulently issued a certificate document claiming to be the other party and that this false thing was the other party's key.
This is nothing to base a security model on, as the attack actually compromises encrypted data --- the parties to a legitimate conversation have no way of knowing who the "security appliance" will be leaking the sensitive information contained in their encrypted conversation to.
Whoever put the code into production should be going to jail.
There is no mitigating circumstance against falsely issuing a certificate and presenting it claiming to be someone else's domain name.
It doesn't matter whether you are a global CA, an Enterprise CA, or someone's given you a locally trusted root...
anyone doing such is going to be going to jail, and again, nothing to base an IPS or IDS on.
Technical books are different, but anything that busts the current obscene textbook scam is a win for society, hands down.
Textbooks generally aren't available as e-Books. If they are, they are not going to be $9.99... however.
They may split up the 25 chapters, and sell each one as a $10 eBook, however.
Then sell the Appendices as a separate $10 book, and each chapter's homework assignments as a $10 eBook,
then a $10 eBook for each chapter's answer key.
Security is not meant to be, and now can't be a bolt-on feature without disrupting performance of the network.
Nor is security what dictates the design of your protocols --- IP traffic is not meant to be intercepted, and more and more of it is becoming encrypted.
Your IDS/IPS cannot look inside SSL traffic, either, which could contain exploit code (conveniently packed and encrypted by the SSL container).
You now need to move and have multiple IDS or IPS security agents on the end devices themselves; perhaps on the NIC, where you most certainly could have access to disparate MP-TCP sessions, with some software engineering.
I'm so sorry, it seems hard that you will now need to manage 1000 IPSes on all your endpoints which is less convenient than
one centralized IPS, but the centralized IPS was always a hack and likely to be compromised or circumvented, for example, by
tunneling, or leveraging a secondary WiFi network, as it's a ripe target.
In principle, the only sound thing to do is going to be to move your detectors.
Unfortunately as long as ICANN is under US jurisdiction, you're going to see disputes like this heading to US courts.
It's NOT icann I am concerned about.... it is the registry operators such as Verisign.
ICANN itself pretty much doesn't have any direct authority to do anything to the registration system on their own;
they have to adopt a policy, or so.
ICANN could be further mitigated if internet citizens would be willing to fund another organization living in
another jurisdiction to share authority with ICANN and adjust both organizations so that they have to agree
on certain matters, or for certain changes.
The problem is..... every individual company; including every registry operator.... has to exist
SOMEWHERE, and there is a good chance whatever government exists at that 'somewhere'
is eventually going to realize that, and, perhaps, attempt to abuse their position.
So ideally you would have all technical tasks divvied up, with no single organization under any one single
jurisdiction is technically empowered to implement some random judge's order that is not agreeable to the
public or to the community.
can only seize domains that are managed by registrars or registries in countries in which they have jurisdiction
In this case, the registrant of the domain has a transferrable right to move the domain,
and the registrar is acting as an agent of the registrant in maintaining their registration, AND
the registry has given the registrar all the capabilities required to effect the technical aspects of
the transfer on their own..
If the registry were truly looking out for the registrant's interests: they would provide a mechanism
such as registry lock to allow the registrant to "SEAL" the domain on their own and make transfers
not authorized with their keys, impossible, even by the registrar.
Why is one part of the domain name considered property but the other part isn't?
Because registrants have been conveyed a transferrable "right" to their registration, which
has a set of privileges which are mostly identical to property rights, other than the fact that
the registry generally reserves the right to take their name from them under a UDRP dispute resolution
procedure, and the registrar generally reserves the right to shut off their domain, in case
they determine that there's been a terms of service violation.
What we've seen from Steam sales is that lower prices mean more revenue - often vastly more. Are books the same?
Maybe some, but not all books are the same. Perhaps the average book is the same.
There are many important books that will probably never sell very many copies.... such as the K&R book "The C Programming Language"
The authors need to be free to price their books accordingly and not have all books given a dictated price based on what the market will bear for the average book, when the is high variability in terms of "what a book is" and how big its audience is, and there are plenty of outliers.
The windows firewall creates terrible delays and jitter, so the impact on for instance sip telephony is terrible.
It seems that your past frustration with one specific application has clouded your judgement.
The windows firewall is not to be disabled, period.
"Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft."
(System will no longer be supported after doing so, and there will likely be a number of kinds of network issues -- for example, disablement of the firewall breaks certain applications, may cause problems with terminal services, etc.)
Now, there will be some exceptional situations where bypassing windows firewall security may be necessary, and an acceptable compromise; providing a compensating control is put into place --- such as a dedicated network segment for the one computer,
with additional hardware firewall.
I think Firefox should boycott the site.... display a message about it being possibly malicious/dangerous to
all users attempting to visit OKCupid, showing a link to the article as a warning message in bright red...
(Just kidding <EG>).
TCP performance on the Internet is almost totally limited by latency (AKA RTT or round trip time for the ACKs), not the bandwidth.
Modern TCP stacks, including Windows 7, 8 and Linux these days have a feature called TCP Timestamping, where an RTT estimate is taken for the connection, and a feature called TCP Autotuning where the window size is automatically scaled up to fill a Long fat pipe.
So no... the days where TCP throughput of a session was totally limited by latency are long gone.
You could even run a network monitoring app. But the browser is one highly visible one that most people already have installed.
Perhaps you could, but now essentially you are having "users that think they have problems" downloading an extra application and they start monitoring after there's a problem most likely.
This means your app cannot get the right data on what's normal for the user or for the world, because you have a sample of app users that are biased towards users that already are experiencing network issues of some sort, and you don't have a good baseline for the user that installed it either.
It will probably end up pissing off ISPs to the point of either finding ways of faking the data, blocking the data, or just as policy telling customers to ignore the speed numbers.
If the data is blocked, the browser should figure out why and explain to the user that there seems to be
an issue with their network; in other words "Blocking" should make it even worse for the ISP.
a smarter browser UI could be a tremendous help to support technicians, which the ISPs should absolutely love ---- perhaps even tell the user exactly which entity to contact, even display their ISP's support number on the screen, to help accelerate the problem resolution process, and providing access to comments by other users of the same ISP, leading to happier customers, and customers who can share info with each other pertinent to troubleshooting or why this is happening, etc.
A lot of people won't be able to distinguish when something is their ISP's fault and when it might be the end servers fault.
I am suggesting the browser should also take some responsibility to the interpretation of the results here.
There should be a highly visible "troubleshooting" button that causes some tests to be run. Explanations should be right there in a natural language that any English speaker could understand.
The browser should not show an alert if there is not enough data to make a conclusion with a fair measure of
statistical confidence.
We can definitely make a strong distinguishment between a "web site performance issue" and a client connectivity issue, with data from a sufficient number of users.
The browser would also need to take into account geographic location and client connectivity, however.
e.g. Is the site slow because the visitor is half way around the world from the nearest mirror,
or is it slow because they're connecting over congested WiFi or 3G networks, instead of a wired connection?
I realize it's not "easy", but the web browser is the only software component that is in a position to take the kinds of measurements that are required and help alert the user to the problem, tell the user which entity they should contact, and assist with troubleshooting.
SO when you pay for that service it says something like "up to 75mbps" which in reality means that the speed test and google's home page could see that much speed and everyone else will look like dial up from the 1990's.
I have a suggestion.... Web browsers should take some measurements and display prominently in a visible status bar or other location.... average TCP throughput --- And Estimated average bandwidth;
Both a "this site" value, a "this browser session" value, and (Optionally) if the user decides to share their numbers,
Community average bandwidth for this site, Community average bandwidth for this ISP, and Community average for this site on this ISP.
If Community average for this site on this ISP is more than a standard deviation below Community average for this site,
Then a little warning exclamation point should appear to the right of the browser bar.
On mouseover, and for a few seconds after loading the page, a little warning bubble should appear for a few seconds.
"Your internet service provider seems to have below average performance in loading this page."
The name constraints extension, which MUST be used only in a CA
certificate, indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located. Restrictions apply to the subject distinguished name and apply to
subject alternative names.
...
>
It is an option that was not forced on the root CAs.
Essentially none of the public CAs are signing from intermediary CAs with name restrictions applied to their certificates.
Generally the restriction mechanism is only allowed to do something
kind of "creepy"; where the root CA essentially "sells" this service to a smaller company for perhaps $50,000 or so and issues a restricted certificate --- that allows whoever bought this service to sign subcerts within certain constraints.
or at least just force via policy certain certificates onto each computer's browser as trusted?
That works fine for Internet Explorer on Windows via group policy.
It doesn't work for Firefox or Java (separate private trusted certificate storage databases).
More importantly: It doesn't work for iPhones, Androids, or macs accessing intranet resourses, or
that require a valid certificate to setup Activesync connection.
This isn't really about privacy, though - it's about SouthWest's perogative to refuse service to someone they feel was being abusive.
Their perogative to arbitrarily refuse service ends when they accept your money and enter into an agreement to render service; they essentially can't back out without cause, or they risk being sued for breach of contract and discriminatory actions.
Also, there is this matter of coercing a customer to remove a public message under threat of arrest, that the customer had a right to post.
Airports are NOT public places, particularly the Gates at airports.
They are called places of public accommodation just like restaurants.
There is zero expectation of privacy for the employees in areas where there is customer access.
Members of the public have access to them.
Specifically... any members of the public who have paid a fee and obtained a ticket.
Unless the objects weren't black holes but a massive amount of dark matter which is invisible across the visible light spectrum, and maybe our telescopes saw nothing, but there actually is a finite mass which does not emit light.
and have used the calculus and statistics required for my CS degree precisely never. And honestly there are hardly any professions that need either of these disciplines.
It's not that everyone absolutely has to have the knowledge to get by: it's that it is useful.
You use it, or lose it.
Chances are, in one way or another --- what you learned in Calculus helped you.
Either that, or you never really learned calculus, or you just did the homework, and you forgot about it after the test: instead of exploring.
Things you learned there can make your job easier now, or they can help you accomplish some tasks faster or more accurately, and maybe even
do some things you couldn't do otherwise, if you actually learned and retained them.
Don't tell me you write computer software and never had a need to numerically approximate a figure or categorize something probalistically, such as... is it Spam or Not spam?
What's the best route to draw on the map to give your user some driving directions?
Which product is the most relevant to recommend to this customer?
Sorry, you're too late. I already subscribed to a competing cloud service which provides the same functionality, only: I can use it from anywhere in the world, and my provider worries about maintenance.
This would be like suing a hacker who formatted your company web server and the
judge refusing to accept the argument that the damage was harm to reputation and loss of business,
and instead only accepting the claim of increased electric bill and wear/tear on the hard drives.
A decade at a DOD site, and about the same time afterwards with PCI and HIPPA compliance. In many cases, you need to report seeing things you are not supposed to see. "Forget" is illegal in many cases, so claiming it's a viable answer is dangerous.
This may be the case in the DOD if you open a document you weren't supposed to have opened, as the military in principle doesn't trust anyone and wants to audit any admin's activity --- you could later suffer a judicial inquiry for opening such and such document and not reporting it, whether you actually saw or read any of the text or not; that could in theory be true within any organization, however, whether you reported it or not.
My argument is you should ignore and forget the content as early as possible, as in before you have actually "seen" or begin to have any comprehension of whatever is there. If you would know what the content is and you would know that you are not supposed to have seen it, then by the time you realize what it is about and you realize it's something you shouldn't be seeing, then you have already failed to practice this strategy.
This doesn't mean you won't make the proper note or annotation for your reason of opening such and such document and finding it miscategorized or inappropriate from a security standpoint, if you did.
HIPAA and PCI do not require you to remember if you incidentally saw something you were not meant to, such as a primary account number, or hex string representing an auth token; the potential legal violation would come in if you started making an effort to memorize or remember the number or code or write it down, extract it, etc. PCI does not have the force of law, either; it is a contractual agreement merchants agreed to adhere to.
Neither PCI nor HIPAA require a specific security policy, however. I believe your "remember if you ever happen to see anything you think you are not supposed to" must have roots outside private industry.
The violation would be if you disseminated the information, acted upon it, or appeared to act upon the information.
I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them.
What happens when you get a request from management to help them identify/bring to their attention people potentially 'abusing' the e-mail system, such as by e-mailing sensitive information out of the organization, or by identifying employee(s) sending e-mail that are obscene, abusive, harrassing, or contain inappropriate language?
Your best bet is to "forget" you read it; never acknowledge that you saw it, and assume the best.
For example, just because someone wrote about supposed "irregularities in the pension fund"; doesn't mean there are irregularities in the pension fund, it may just be some ignorant person spouting out / jumping to wrong conclusions.
There are also paranoid folks who will say such things, until it's proven that no, there was just some minor typographical mistake and everything's fine.
Just like when a person tells you "I turned off the firewall," but it still gave me the error message. Doesn't mean they managed to break into the server room and replace the corporate firewall with a closed circuit ------ they haven't a clue what they just said.
Sure it can. You just push a new root certificate to your devices and intercept away.
Issuance of a bogus certificate to fool one of the parties to a SSL conversation is called a Man-in-The-Middle attack which is fraudulent conduct; pushing a fraudulently issued a certificate document claiming to be the other party and that this false thing was the other party's key.
This is nothing to base a security model on, as the attack actually compromises encrypted data --- the parties to a legitimate conversation have no way of knowing who the "security appliance" will be leaking the sensitive information contained in their encrypted conversation to.
Whoever put the code into production should be going to jail. There is no mitigating circumstance against falsely issuing a certificate and presenting it claiming to be someone else's domain name.
It doesn't matter whether you are a global CA, an Enterprise CA, or someone's given you a locally trusted root... anyone doing such is going to be going to jail, and again, nothing to base an IPS or IDS on.
Technical books are different, but anything that busts the current obscene textbook scam is a win for society, hands down.
Textbooks generally aren't available as e-Books. If they are, they are not going to be $9.99... however. They may split up the 25 chapters, and sell each one as a $10 eBook, however.
Then sell the Appendices as a separate $10 book, and each chapter's homework assignments as a $10 eBook, then a $10 eBook for each chapter's answer key.
Security is not meant to be, and now can't be a bolt-on feature without disrupting performance of the network. Nor is security what dictates the design of your protocols --- IP traffic is not meant to be intercepted, and more and more of it is becoming encrypted. Your IDS/IPS cannot look inside SSL traffic, either, which could contain exploit code (conveniently packed and encrypted by the SSL container).
You now need to move and have multiple IDS or IPS security agents on the end devices themselves; perhaps on the NIC, where you most certainly could have access to disparate MP-TCP sessions, with some software engineering.
I'm so sorry, it seems hard that you will now need to manage 1000 IPSes on all your endpoints which is less convenient than one centralized IPS, but the centralized IPS was always a hack and likely to be compromised or circumvented, for example, by tunneling, or leveraging a secondary WiFi network, as it's a ripe target.
In principle, the only sound thing to do is going to be to move your detectors.
Unfortunately as long as ICANN is under US jurisdiction, you're going to see disputes like this heading to US courts.
It's NOT icann I am concerned about.... it is the registry operators such as Verisign.
ICANN itself pretty much doesn't have any direct authority to do anything to the registration system on their own; they have to adopt a policy, or so.
ICANN could be further mitigated if internet citizens would be willing to fund another organization living in another jurisdiction to share authority with ICANN and adjust both organizations so that they have to agree on certain matters, or for certain changes.
The problem is..... every individual company; including every registry operator.... has to exist SOMEWHERE, and there is a good chance whatever government exists at that 'somewhere' is eventually going to realize that, and, perhaps, attempt to abuse their position.
So ideally you would have all technical tasks divvied up, with no single organization under any one single jurisdiction is technically empowered to implement some random judge's order that is not agreeable to the public or to the community.
can only seize domains that are managed by registrars or registries in countries in which they have jurisdiction
In this case, the registrant of the domain has a transferrable right to move the domain, and the registrar is acting as an agent of the registrant in maintaining their registration, AND the registry has given the registrar all the capabilities required to effect the technical aspects of the transfer on their own..
If the registry were truly looking out for the registrant's interests: they would provide a mechanism such as registry lock to allow the registrant to "SEAL" the domain on their own and make transfers not authorized with their keys, impossible, even by the registrar.
Why is one part of the domain name considered property but the other part isn't?
Because registrants have been conveyed a transferrable "right" to their registration, which has a set of privileges which are mostly identical to property rights, other than the fact that the registry generally reserves the right to take their name from them under a UDRP dispute resolution procedure, and the registrar generally reserves the right to shut off their domain, in case they determine that there's been a terms of service violation.
What we've seen from Steam sales is that lower prices mean more revenue - often vastly more. Are books the same?
Maybe some, but not all books are the same. Perhaps the average book is the same.
There are many important books that will probably never sell very many copies.... such as the K&R book "The C Programming Language"
The authors need to be free to price their books accordingly and not have all books given a dictated price based on what the market will bear for the average book, when the is high variability in terms of "what a book is" and how big its audience is, and there are plenty of outliers.
The windows firewall creates terrible delays and jitter, so the impact on for instance sip telephony is terrible.
It seems that your past frustration with one specific application has clouded your judgement.
The windows firewall is not to be disabled, period. "Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft." (System will no longer be supported after doing so, and there will likely be a number of kinds of network issues -- for example, disablement of the firewall breaks certain applications, may cause problems with terminal services, etc.)
Now, there will be some exceptional situations where bypassing windows firewall security may be necessary, and an acceptable compromise; providing a compensating control is put into place --- such as a dedicated network segment for the one computer, with additional hardware firewall.
But past pains do not justify another wrong.
I think Firefox should boycott the site.... display a message about it being possibly malicious/dangerous to all users attempting to visit OKCupid, showing a link to the article as a warning message in bright red... (Just kidding <EG>).
TCP performance on the Internet is almost totally limited by latency (AKA RTT or round trip time for the ACKs), not the bandwidth.
Modern TCP stacks, including Windows 7, 8 and Linux these days have a feature called TCP Timestamping, where an RTT estimate is taken for the connection, and a feature called TCP Autotuning where the window size is automatically scaled up to fill a Long fat pipe.
So no... the days where TCP throughput of a session was totally limited by latency are long gone.
You could even run a network monitoring app. But the browser is one highly visible one that most people already have installed.
Perhaps you could, but now essentially you are having "users that think they have problems" downloading an extra application and they start monitoring after there's a problem most likely.
This means your app cannot get the right data on what's normal for the user or for the world, because you have a sample of app users that are biased towards users that already are experiencing network issues of some sort, and you don't have a good baseline for the user that installed it either.
It will probably end up pissing off ISPs to the point of either finding ways of faking the data, blocking the data, or just as policy telling customers to ignore the speed numbers.
If the data is blocked, the browser should figure out why and explain to the user that there seems to be an issue with their network; in other words "Blocking" should make it even worse for the ISP. a smarter browser UI could be a tremendous help to support technicians, which the ISPs should absolutely love ---- perhaps even tell the user exactly which entity to contact, even display their ISP's support number on the screen, to help accelerate the problem resolution process, and providing access to comments by other users of the same ISP, leading to happier customers, and customers who can share info with each other pertinent to troubleshooting or why this is happening, etc.
A lot of people won't be able to distinguish when something is their ISP's fault and when it might be the end servers fault.
I am suggesting the browser should also take some responsibility to the interpretation of the results here. There should be a highly visible "troubleshooting" button that causes some tests to be run. Explanations should be right there in a natural language that any English speaker could understand.
The browser should not show an alert if there is not enough data to make a conclusion with a fair measure of statistical confidence.
We can definitely make a strong distinguishment between a "web site performance issue" and a client connectivity issue, with data from a sufficient number of users.
The browser would also need to take into account geographic location and client connectivity, however.
e.g. Is the site slow because the visitor is half way around the world from the nearest mirror, or is it slow because they're connecting over congested WiFi or 3G networks, instead of a wired connection?
I realize it's not "easy", but the web browser is the only software component that is in a position to take the kinds of measurements that are required and help alert the user to the problem, tell the user which entity they should contact, and assist with troubleshooting.
SO when you pay for that service it says something like "up to 75mbps" which in reality means that the speed test and google's home page could see that much speed and everyone else will look like dial up from the 1990's.
I have a suggestion.... Web browsers should take some measurements and display prominently in a visible status bar or other location.... average TCP throughput --- And Estimated average bandwidth;
Both a "this site" value, a "this browser session" value, and (Optionally) if the user decides to share their numbers, Community average bandwidth for this site, Community average bandwidth for this ISP, and Community average for this site on this ISP.
If Community average for this site on this ISP is more than a standard deviation below Community average for this site,
Then a little warning exclamation point should appear to the right of the browser bar. On mouseover, and for a few seconds after loading the page, a little warning bubble should appear for a few seconds. "Your internet service provider seems to have below average performance in loading this page."
Or is this an option?
RFC 3280 #4.2.1.11
>
It is an option that was not forced on the root CAs. Essentially none of the public CAs are signing from intermediary CAs with name restrictions applied to their certificates.
Generally the restriction mechanism is only allowed to do something kind of "creepy"; where the root CA essentially "sells" this service to a smaller company for perhaps $50,000 or so and issues a restricted certificate --- that allows whoever bought this service to sign subcerts within certain constraints.
or at least just force via policy certain certificates onto each computer's browser as trusted?
That works fine for Internet Explorer on Windows via group policy.
It doesn't work for Firefox or Java (separate private trusted certificate storage databases).
More importantly: It doesn't work for iPhones, Androids, or macs accessing intranet resourses, or that require a valid certificate to setup Activesync connection.
This isn't really about privacy, though - it's about SouthWest's perogative to refuse service to someone they feel was being abusive.
Their perogative to arbitrarily refuse service ends when they accept your money and enter into an agreement to render service; they essentially can't back out without cause, or they risk being sued for breach of contract and discriminatory actions.
Also, there is this matter of coercing a customer to remove a public message under threat of arrest, that the customer had a right to post.
Airports are NOT public places, particularly the Gates at airports.
They are called places of public accommodation just like restaurants. There is zero expectation of privacy for the employees in areas where there is customer access. Members of the public have access to them. Specifically... any members of the public who have paid a fee and obtained a ticket.
Unless the objects weren't black holes but a massive amount of dark matter which is invisible across the visible light spectrum, and maybe our telescopes saw nothing, but there actually is a finite mass which does not emit light.
and have used the calculus and statistics required for my CS degree precisely never. And honestly there are hardly any professions that need either of these disciplines.
It's not that everyone absolutely has to have the knowledge to get by: it's that it is useful.
You use it, or lose it.
Chances are, in one way or another --- what you learned in Calculus helped you.
Either that, or you never really learned calculus, or you just did the homework, and you forgot about it after the test: instead of exploring.
Things you learned there can make your job easier now, or they can help you accomplish some tasks faster or more accurately, and maybe even do some things you couldn't do otherwise, if you actually learned and retained them.
Don't tell me you write computer software and never had a need to numerically approximate a figure or categorize something probalistically, such as... is it Spam or Not spam? What's the best route to draw on the map to give your user some driving directions?
Which product is the most relevant to recommend to this customer?
Correct. Just waiting for someone to press the big red button and end it all.
Sorry, you're too late. I already subscribed to a competing cloud service which provides the same functionality, only: I can use it from anywhere in the world, and my provider worries about maintenance.
This would be like suing a hacker who formatted your company web server and the judge refusing to accept the argument that the damage was harm to reputation and loss of business, and instead only accepting the claim of increased electric bill and wear/tear on the hard drives.