3rd party app stores since they're clearly abusing the monopoly they have on app distribution for iOS.
Apple doesn't have a monopoly, so there is no place the DOJ gets to intervene. iOS is just a closed platform like the WiiU, Xbox, Playstation 4, or Nintendo Switch. Just like those other platforms Nobody is allowed to build applications for those platforms without a contract with Apple --- If you don't think Microsoft, Nintendo, Sony require developers contract with them to develop on their platforms and share a big cut of revenue from sales and any subscriptions for the right to distribute anything on those platforms, then i'm sure you'd be sorely mistaken. You can become an Apple developer for a fee and have the ability to use a device you personally own for development purposes, but you have to agree to and follow Apple's rules to play in their ball court, and that includes your app has to follow strict guidelines and can only ever be sold through the App store --- any cost necessary to purchase your app will be collected using the approved APIs, and Apple takes whatever cut they were able to get you to agree to.
But the number of complaints, combined with new ways of reaching users, regulatory scrutiny and competitive pressure
What competitive pressure? Apple and Google provide the platform for building the apps and the marketplace used by their respective platforms. If you want to do business, then you gotta pay the fee.
Sure, there are some legitimate ways around them, but you there are also disadvantages in doing so.
Furthermore, regulatory scrutiny may be interesting, but at the end of the day regulators don't get to fix prices for access to Apple or Google's billing APIs.
This should strengthen Bitcoin's foundation As a payment system and a potential currency in the long run, as it is not intended as a Get Rich quick scheme -- if you want to get rich off Bitcoin the main way is to start a more traditional business providing goods or services that are demand and utilize Bitcoin technology to do it if you like, but most such businesses should keep most operational assets in traditional currencies for now.
Before his appointment to the FCC, Pai held positions with... Verizon Communications (as Associate General Counsel).
In other words, Pai will have to recuse himself from the proceeding and let the other commissioners handle the matter due to conflict of interest concerns.
The democratic thing to do is change it. Sure it might be "less safe" but the vote has gone against reducing traffic deaths and increasing speeds - so there
One of the major purposes of government on the roads is to protect human life and ensure safety: even when doing so results in inconvenience for most drivers.
You don't get to vote to put other people's lives in danger, even if you are in the majority --- that is not how government works, And it is part of the reason we have representative governments not mob rule; the representatives are to recognize when the majority are in the wrong due to present-focus or other cognitive issues which entice people doing things against their own interests and help provide the regulation and enforcement to protect them anyways ---- In other words, if a majority of people speed at X, that calls for further changes to the road features to dissuade speeding or stronger enforcement of the speed limit to protect the safety of both the law-abiding minority and dissuade the violating majority, not changing the speed limit.
Verizon imposed these limitations despite being informed that throttling was actively impeding County Fire's ability to provide crisis-response and essential emergency services.
The moment Verizon staff deliberately stepped over that line: it should have resulted in all their spectrum licenses and their FCC Telecoms license being placed in jeapordy. At the very least there should be a billion$ lawsuit for obstructing first responders.
I suggest installation of more hidden speed cameras with radar detectors. Make sure the majority of cars exceeding the speed limit by more than the greater of 5 Mph and 10% of max allowed speed will be ticketed.
In interesting solution would be if the apps started fining those they are paying if they were speeding. probably wont' happen unless a lot of people die.
They should calculate the distance the worker will have to drive at speed limit and set 120% of that or so as "minimum time required for job" to ensure workers aren't being rushed. If you reach a waypoint faster than the minimum time, then you lose a small portion of your payment for that job and add an extra 10-15 minute timeout "penalty waiting period" that will be imposed before you can accept another job.
Even though Twitter banned Alex Jones, you also see people like Will Wheaton self banning
Maybe so, but I believe we should have a law that Critical Internet Platforms such as Google Search, Facebook, Twitter, Uber, AirBnb, Netflix, etc. Do not have the right and may not permanently ban a natural person nor suspend for an extended period from their platform. In the 21st century: These platforms are as critical as other utilities like Electricity or Gas, and even if someone is caught stealing power and has their service cut off, there are provisions where that person cannot be "Banned for life from buying electricity from that company" --- they just have to satisfy some conditions that likely include statutory penalties.
So I say... The law ought to stipulate that Twitter, etc, can take measures to stop abuse or recover losses from significant monetary damages and delete or close an account immediately after abuse, or apply a short time-limited suspension, But there must be a provision for the person to re-open at least 1 account and resume legitimate use of the service in a manner following the same rules as all other users.
Also, they should not be allowed to suppress ALL a user's messages based on a few perceived violations. The recourse for violations should be removal of violating content.
Violating content cannot be content that merely supports or opposes certain people for political office or follows a certain political ideology.
Dang... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.
Yes.... Capturing a picture of a short message won't be a problem. I'm concerned about what happens when a contact gets "In the habit" of sending messages routinely using Confidential Mode to "Protect themselves". It's a small annoyance, but it still is an annoyance.
Also -- one of the problems with a camera picture; is this doesn't include Metadata and provably link the content of a specific e-mail message to all the specific metadata that a normal e-mail message has.
If the sender violates a contract later or breaks the law, or files suit, and the content of the Confidential mode message is required in order to defend against the lawsuit: then how do we prove this message metadata goes with this content, And, how do we efficiently make sure the Photo gets archived together with the metadata and becomes searchable for later investigation and reporting?
Secondly.... If the e-mail message is long; say a 50-page-long document, then snapping with a camera could get to be excessively laborious.
The mail is no longer on your server once you send it.
Like everyone with something similar has done it.
When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user: It's going to send them a message with an annoying link instead of the actual E-mail content.
The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers. It will probably prompt you for the secret code and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the web page to restrict the browser commands that could otherwise Print a copy of content.
Yes, protecting the user privacy make things harder, but sending the full URL is very bad and can break trust
No... Respecting that they need the information sent to them to do what they do and have a Privacy policy restricting their use of information is called TRUSTing them. "Break"ing trust is suggesting some crazy scheme where the security provider will only have hashes based on URLs and Postdata, because you don't personally trust them to adhere to their privacy policy regarding data they admit to collect. Besides.... Have you considered that even if you Hash URL components, that doesn't technically assure privacy?
With enough wasted computation power: All the hashes can be reversed by brute force or dictionary scan; especially if you know that all the names are short PostData components or DNS names --- only uncommon hostnames would be at all resilient.
Your "hashing" solution to a Non-Problem is essentially flawed at its fundamental level: The result of a hashing algorithm is not a zero-trust proof; Cryptographic hashes were not designed by any means for the application that you are proposing ------ Seems like you're basically trying to suggest security solutions providers misuse hashing algorithms and roll their own flawwed crypto, which is a big security no-no, and a waste of time and developer resources, anyways.
Even if really needed, the host can always be a hash (break it if needed) and send only the plain uri without query-strings. This way user site access is protected and query-string data is protected.
No.. You are making assumptions about the filtering methods that will be used. Despite your suggestion to the contrary, the query-strings and other data are very necessary for the security provider to have for some of the most effective methods. These are actually necessary for the security provider's servers to accurately simulate the URL being accessed by a client, As they are part of the environment data passed to the webpage: and if the URL data were missing -- this can tip off the Javascript code or exploit attempt that someone is running their script inside a malware detection/analysis sandbox or other dynamic evaluation environment on a headless remote server before the real browser is allowed to see it.
Again, that is the lazy solution
Not really... It is potentially the method a proper solution should use.
you can break the url in blocks and hash then and again use the hash against your internal rules
No malicious URL detection mechanism worth its salt is based solely on a fixed blacklist or whitelist that can be looked up by hashes of URL components. Contextual information within page documents, where a link appears, the type of content, type and reputation of the HTTP referrer, whether the URL appears to contain malformed objects, obfuscated code, Or known code snippets from a large library are very relevant, and those are things the server needs to pull and find in order to return a response + optionally Update private reputation data that will be used to quickly recognize a bad URL in the future.
you can create a blocklist rule for more complex rules and send it to the client
You're referring to a specific kind of blocking system. By their very nature different filtering solutions work by different means and have Pros and Cons. Systems that rely on only the client to make complex "detection" decisions tend to be greatly inferior from a security and reliability standpoint, because of the design constraints that using client-side decisionmaking imposes.
Implementing blocking logic on the server VS the client is totally a software architecture choice. Both choices are legitimate, and server-based blocking precludes concealing information from the server by hashing it. The server is going to do the analysis and make a decision for the whole gro
Alexa: State law and regulations passed by the board of trustees require that all Freshman or other students with less than 30 completed course hours attending public university live on campus, unless you are enrolled only part-time, married, age 21 years or older, have dependent children, live with a parent or guardian within a 25-mile radius of campus, or can show proof of a medical need preventing you from living in provided dorms.
They're trying to send DRM'ed E-mail. I absolutely despise this idea, because the most likely uses are (1) Extorting or bullying people, Or (2) Attempting to send messages regarding an illegal act and making sure the recipient doesn't keep evidence to use against the sender.
Thus... I want a way to BLOCK confidential mode e-mail and ensure it gets rejected.
in order for the cheat engine to work it must make a copy of elements of the game code in memory, and that's a violation of copyright
In order for the original PROGRAM to start up; an image of the elements of the game code are made in memory -- However, this is ephemeral in that the same process occurs in your brain when you read a book: an image of the author's text will have been made in your memory; cheat code won't have changed that process at all.
An ephemeral image of something is not a copy even if it is identical to the original --- a copy only exists if that is made unique and independent in a fixed (persistent) form and then distributed or used on its own; not if an image is ephemeral and only used with another copy --- code in bits in RAM are not sent out for use independent of the permanent storage.
you hash the full url... and send the hash. the remote server compare if that hash is in their DB or not and report back to the user about the result.
No..... that is an architecture choice. A hash is pretty useless for scanning the URL if the URL is not found in their current database. Many web filtering solutions query the full domain and URI to a remote server; (or rather, a Base64-encoded version of the same).
This is fundamentally no different than Proofpoint's method which scans all incoming e-mail and replaces URLs with an encoded version that forwards through.URLDefense.proofpoint.com which does a 302 REDIRECT either to the original URL in the e-mail message if nothing suspicious is found. Or else a 302 REDIRECT to a block page.
The security provider's servers check a cache if the URL is known good or known bad, and takes the proper action. If the URL is in Neither database ---- then their servers won't know a hash for that URL, Before returning a reply to the client, the security provider runs a scan of the URL from their servers, using their patterns and proprietary rules, possibly augmented with some 3rd party databases, and returns back either a Good or Suspicious Site response. Note that a hash is not adequate for any of this process.
Both of these programs Menyoo and AbsoluteMenu are used in single player and have many legitimate and creative purposes. The issue with people abusing these with hacked clients to break multiplayer rules on GTA's own servers shouldn't be able to prevent these 3rd party tools that have many legitimate and awesome uses from existing....
Also, a Publisher of video game software doesn't have any right to prevent people from altering the game or modifying their game playing experience for personal entertainment; Assuming the person doesn't use the game with an online service to cheat, but the recourse for cheating is to file suit against the person cheating on their service or ban them from their server -- not to prevent the distribution of tools.
Where implanted microchips will be so ingrained into society that you must have one in your right hand or on your forehead as your government id to drive your car, or to buy, sell, or perform any other kind of business transaction ---- all the functions of your driver's license, car keys, house keys, debit card terminals, etc, will be implemented so that they use the chip to identify you. With maybe a slight complication of you type a 3-digit number and push the "Visa" or "Paypal" button to identify which of your credit cards you intend to use for a purchase, etc.
which was at the center of a controversy this week after it was caught sending users' browsing histories to a server located in Germany.
The AddOn's description and privacy policy are very clear.... It's a cloud-based security AddOn that queries a realtime database on somebody else's server to help decide if a URL is malicious, therefore the addon naturally has to send a request to the server with the URL.
Whoever is describing the Add-On as "Spying" because of functioning as it is documented to function is being extremely disengenuous (IMO) --- Perhaps they work for another antivirus or security company and would prefer more users be infected to bolster sales?
2. Non-personally identifiable information that is collected automatically by Creative Software Solutions GmbH:
When the user opens the pages, used by Web Security, the following information gets processed to assure the successful operation of Web Security: the web pages that the user opens or the operating web server, the name of the internet service provider of the user and the website from which the user came from and the sub-pages the user opened. Otherwise, the user might not be warned of harmful sites. No personal information is collected by Creative Software Solutions GmbH automatically. The date and duration of the individual page visits will be stored by Creative Software Solutions GmbH in an anonymous form and checked against a database operated by Creative Software Solutions GmbH to alert the user about malicious sites, so that the purpose of the contract is fulfilled.
But pragmatically because we need more of them. Because the job is important. Because that school can do it.
We don't just need more of them.... as a country we desperately need more of them; the shortage of qualified medical professionals is one of the inputs into the cost of medical care --- which, in case some of you haven't noticed, has become ridiculously high.
The high cost of major medical operations and treatments is a result of multiple factors, but a major one is the high demand and low supply.
Also, they are labored with high financial burdens.... School debt is one of them.
Another is frivolous civil lawsuits -- legal liability and the costs of liability insurance for these professionals: as in.... you may pull in $100K in a year as a doctor sure, then you get to pay from that $5,000 a month or more to the malpractice insurance company, or risk losing everything that can happen over the most frivolous boneheaded claim -- that still persuades the jury through emotion to take from the professional perceived as having $$$.
If the barrier to opening and successfully suing both professionals and hospitals over undesirable medical outcomes was much higher, then the costs of legal insurance, and the costs of many services could have been much lower; just in the built-in risk cost necessary to profit from each service, and also, fewer totally unnecessary "CYA" expenses, such as uncalled for testing performed solely to protect against the potential of a claim.
Yet Apple themselves estimated its value as $200, which is their legal admission that it has very little value to them, special or not.
Those are different things. Apple's tax attorney's assertion of the "fair market value" of their property is not an evaluation of how much value Apple gets from the occupation of this property, nor is it an offer to sell it for that sum, or to sell it at all, and doesn't determine fair compensation for "Eminent domain" purposes.
If some of Apple's land had to be taken for eminent domain: then they would still have to seek agreement with Apple on value, and if they were in disagreement -- a condemnation proceeding would be required.
Also, "Eminent domain" has limitations, and the local government doesn't have the power to simply go around forcing people to sell off their buildings decided based on "supposed market value" --- the Eminent domain case can be contested during the proceedings, And the eminent domain case will fail if the government is targeting Apple alone or attempting to condemn too much land, or if its "public purposes" can be accomplished with less intrusion upon private landowner's rights.
It's not the plaintiff who got repeatedly phished, it was AT&T.
No.... The perpetrator was the thief, and I would say they managed to scam BOTH the guy and ATT. That is also another possible outcome for this case. (1) ATT is only Partially responsible for this loss: because the service they provided was Telephone, Data and SMS text message service --- The Terms of Service do not include a warranty that the SMS text message service is "Fit for the purpose of authenticating you", let-alone "Fit for the purpose of strongly authenticating you so as to secure access to $23 million".
And (2) The plaintiff, despite not having a warranty that this SMS Text messaging service was usable for sending high-value messages that could not be intercepted decided to rely upon it for such, with no contract to ATT promising it suitable for that purpose and entitling them to rely upon it for such, And, (3) Therefore, ATT's liability should be limited to the first $1,000,000 of the claimed loss.
These could be collector's bottle caps just the same. Both of these have a monetary value that's unrelated to any intrinsic virtue
Correct... The loss will be evaluated in USD... damages are valued in currency, not in Bitcoins. The loss is either the value of the personal property at the time stolen, OR if the cost to replace the personal item is higher now --- then the plaintiff can potentially claim the cost to replace their property with like property in the same condition as necessary to "make them whole"; For example, if their car was stolen and destroyed, they can seek whatever cost is necessary to get the same make of car in same age and condition --- even if that cost is higher than what their lost property was worth when stolen.
Capitalistic systems and free enterprise have been the most successful systems and are responsible for America being such a prosperous country, and "not being positive about capitalism", basically suggests these people are largely ignorant about Economics, Economic history, and Philosophy.
People in the US don't seem to recognize their own privilege --- the poorest of those in the US are better off than the average person in countries that have had other systems.
Every attempt to "centrally plan" an economy ever have resulted in total disaster; some other systems that have been proven not to work are Socialism and Communism --- look at Venezuela for examples.
Look how China has risen from the ashes after it changed to a more capitalistic system with free-er markets than it had before.
It would be funny to have the local municipality come in and take the property though eminent domain using Apple's valuation.
Eminent domain requires justly compensating Apple for the loss of their property: not paying Apple the Proposed Tax Assessment value or the Fair Market value, that's not necessarily sufficient for just compensation. Even if the market considers their property worth only $5, and they might, if for example the property has special value to Apple which all other potential businesses are unable to exploit in any way, because the nature of the property not meeting their needs --- if Apple uses that property to generate $1Billion a year in revenue, then the public has to pay Apple at least enough $$$$ to replace the property that would be lost with an equivalent property that generates the same or more revenue.
Slashdot Mirror
3rd party app stores since they're clearly abusing the monopoly they have on app distribution for iOS.
Apple doesn't have a monopoly, so there is no place the DOJ gets to intervene. iOS is just a closed platform like the WiiU, Xbox, Playstation 4, or Nintendo Switch. Just like those other platforms Nobody is allowed to build applications for those platforms without a contract with Apple --- If you don't think Microsoft, Nintendo, Sony require developers contract with them to develop on their platforms and share a big cut of revenue from sales and any subscriptions for the right to distribute anything on those platforms, then i'm sure you'd be sorely mistaken. You can become an Apple developer for a fee and have the ability to use a device you personally own for development purposes, but you have to agree to and follow Apple's rules to play in their ball court, and that includes your app has to follow strict guidelines and can only ever be sold through the App store --- any cost necessary to purchase your app will be collected using the approved APIs, and Apple takes whatever cut they were able to get you to agree to.
But the number of complaints, combined with new ways of reaching users, regulatory scrutiny and competitive pressure
What competitive pressure? Apple and Google provide the platform for building the apps and the marketplace used by their respective platforms. If you want to do business, then you gotta pay the fee.
Sure, there are some legitimate ways around them, but you there are also disadvantages in doing so.
Furthermore, regulatory scrutiny may be interesting, but at the end of the day regulators don't get to fix prices for access to Apple or Google's billing APIs.
This should strengthen Bitcoin's foundation As a payment system and a potential currency in the long run, as it is not intended as a Get Rich quick scheme -- if you want to get rich off Bitcoin the main way is to start a more traditional business providing goods or services that are demand and utilize Bitcoin technology to do it if you like, but most such businesses should keep most operational assets in traditional currencies for now.
Before his appointment to the FCC, Pai held positions with ... Verizon Communications (as Associate General Counsel).
In other words, Pai will have to recuse himself from the proceeding and let the other commissioners handle the matter due to conflict of interest concerns.
The democratic thing to do is change it. Sure it might be "less safe" but the vote has gone against reducing traffic deaths and increasing speeds - so there
One of the major purposes of government on the roads is to protect human life and ensure safety: even when doing so results in inconvenience for most drivers.
You don't get to vote to put other people's lives in danger, even if you are in the majority --- that is not how government works, And it is part of the reason we have representative governments not mob rule; the representatives are to recognize when the majority are in the wrong due to present-focus or other cognitive issues which entice people doing things against their own interests and help provide the regulation and enforcement to protect them anyways ---- In other words, if a majority of people speed at X, that calls for further changes to the road features to dissuade speeding or stronger enforcement of the speed limit to protect the safety of both the law-abiding minority and dissuade the violating majority, not changing the speed limit.
Verizon imposed these limitations despite being informed that throttling was actively impeding County Fire's ability to provide crisis-response and essential emergency services.
The moment Verizon staff deliberately stepped over that line: it should have resulted in all their spectrum licenses and their FCC Telecoms license being placed in jeapordy. At the very least there should be a billion$ lawsuit for obstructing first responders.
I suggest installation of more hidden speed cameras with radar detectors. Make sure the majority of cars exceeding the speed limit
by more than the greater of 5 Mph and 10% of max allowed speed will be ticketed.
In interesting solution would be if the apps started fining those they are paying if they were speeding. probably wont' happen unless a lot of people die.
They should calculate the distance the worker will have to drive at speed limit and set 120% of that or so as "minimum time required for job" to ensure workers aren't being rushed. If you reach a waypoint faster than the minimum time, then you lose a small portion of your payment for that job and add an extra 10-15 minute timeout "penalty waiting period" that will be imposed before you can accept another job.
Even though Twitter banned Alex Jones, you also see people like Will Wheaton self banning
Maybe so, but I believe we should have a law that Critical Internet Platforms such as Google Search, Facebook, Twitter, Uber, AirBnb, Netflix, etc.
Do not have the right and may not permanently ban a natural person nor suspend for an extended period from their platform.
In the 21st century: These platforms are as critical as other utilities like Electricity or Gas, and even if someone is caught stealing power and has their
service cut off, there are provisions where that person cannot be "Banned for life from buying electricity from that company" --- they just have to satisfy some conditions that likely include statutory penalties.
So I say... The law ought to stipulate that Twitter, etc, can take
measures to stop abuse or recover losses from significant monetary damages and delete or close an account immediately
after abuse, or apply a short time-limited suspension, But there must be a provision for the person to re-open at least 1 account and
resume legitimate use of the service in a manner following the same rules as all other users.
Also, they should not be allowed to suppress ALL a user's messages based on a few perceived violations.
The recourse for violations should be removal of violating content.
Violating content cannot be content that merely supports or opposes certain people for political office or follows a certain political ideology.
now as a synonym for "information". You would never say "informations".
And I would never say "datas", but "data" and "information" are different words, despite being synonyms.
I would say data is always referring to more than one thing in a way similar that the word "stuff" is always referring to more than one thing.
For example, you never say: "I found a data" just like you never say "I found a stuff".
You would say "I found some data", or "I found some stuff"
And the word data is like that.... it is always some nebulous collective substance, not a particular thing.
You can say "I found a piece of data", or "I found a datum", but "A data" or "Alice gave Bob a data." would be right out insane.
So no... the word "data" cannot be singular.
Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.
Yes.... Capturing a picture of a short message won't be a problem.
I'm concerned about what happens when a contact gets "In the habit" of sending
messages routinely using Confidential Mode to "Protect themselves". It's a small
annoyance, but it still is an annoyance.
Also -- one of the problems with a camera picture; is this doesn't include Metadata and
provably link the content of a specific e-mail message to all the specific metadata that a normal e-mail message has.
If the sender violates a contract later or breaks the law, or files suit, and the content of the Confidential mode message
is required in order to defend against the lawsuit: then how do we prove this message metadata goes with this content,
And, how do we efficiently make sure the Photo gets archived together with the metadata and becomes searchable
for later investigation and reporting?
Secondly.... If the e-mail message is long; say a 50-page-long document, then
snapping with a camera could get to be excessively laborious.
The mail is no longer on your server once you send it.
Like everyone with something similar has done it.
When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user:
It's going to send them a message with an annoying link instead of the actual E-mail content.
The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers.
It will probably prompt you for the secret code and then use Javascript to render a JPEG of the
message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System
won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or
access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the
web page to restrict the browser commands that could otherwise Print a copy of content.
Yes, protecting the user privacy make things harder, but sending the full URL is very bad and can break trust
No... Respecting that they need the information sent to them to do what they do and have a Privacy policy restricting their use of information is called
TRUSTing them. "Break"ing trust is suggesting some crazy scheme where the security provider will only have hashes based on URLs and Postdata,
because you don't personally trust them to adhere to their privacy policy regarding data they admit to collect.
Besides.... Have you considered that even if you Hash URL components, that doesn't technically assure privacy?
With enough wasted computation power: All the hashes can be reversed by brute force or dictionary scan; especially if you know that
all the names are short PostData components or DNS names --- only uncommon hostnames would be at all resilient.
Your "hashing" solution to a Non-Problem is essentially flawed at its fundamental level: The result of a hashing algorithm is not a zero-trust proof; Cryptographic hashes were not designed by any means for the application that you are proposing ------ Seems like you're basically trying to suggest security solutions providers misuse hashing algorithms and roll their own flawwed crypto, which is a big security no-no, and a waste of time and developer resources, anyways.
Even if really needed, the host can always be a hash (break it if needed) and send only the plain uri without query-strings. This way user site access is protected and query-string data is protected.
No.. You are making assumptions about the filtering methods that will be used. Despite your suggestion to the contrary, the
query-strings and other data are very necessary for the security provider to have for some of the most effective methods.
These are actually necessary for the security provider's servers to accurately simulate the URL being accessed by a client, As they are part of the environment data passed to the webpage: and if the URL data were missing -- this can tip off the Javascript code or exploit attempt that someone is running their script inside a malware detection/analysis sandbox or other dynamic evaluation environment on a headless remote server before the real browser is allowed to see it.
Again, that is the lazy solution
Not really... It is potentially the method a proper solution should use.
you can break the url in blocks and hash then and again use the hash against your internal rules
No malicious URL detection mechanism worth its salt is based solely on a fixed blacklist or whitelist that can be looked up by hashes of URL components.
Contextual information within page documents, where a link appears, the type of content, type and reputation of the HTTP referrer, whether the URL appears to contain malformed objects, obfuscated code, Or known code snippets from a large library are very relevant, and those are things the server needs to pull and find in order to return a response + optionally Update private reputation data that will be used to quickly recognize a bad URL in the future.
you can create a blocklist rule for more complex rules and send it to the client
You're referring to a specific kind of blocking system.
By their very nature different filtering solutions work by different means and have Pros and Cons.
Systems that rely on only the client to make complex "detection" decisions tend to be greatly inferior from a security
and reliability standpoint, because of the design constraints that using client-side decisionmaking imposes.
Implementing blocking logic on the server VS the client is totally a software architecture choice.
Both choices are legitimate, and server-based blocking precludes concealing information from the
server by hashing it. The server is going to do the analysis and make a decision for the whole gro
Alexa: State law and regulations passed by the board of trustees require that all Freshman or other students with less than 30 completed course hours attending public university live on campus, unless you are enrolled only part-time, married, age 21 years or older, have dependent children, live with a parent or guardian within a 25-mile radius of campus, or can show proof of a medical need preventing you from living in provided dorms.
They're trying to send DRM'ed E-mail. I absolutely despise this idea, because the most likely uses are (1) Extorting or bullying people, Or (2) Attempting to send messages regarding an illegal act and making sure the recipient doesn't keep evidence to use against the sender.
Thus... I want a way to BLOCK confidential mode e-mail and ensure it gets rejected.
in order for the cheat engine to work it must make a copy of elements of the game code in memory, and that's a violation of copyright
In order for the original PROGRAM to start up; an image of the elements of the game code are made in memory --
However, this is ephemeral in that the same process occurs in your brain when you read a book: an image of the author's text will
have been made in your memory; cheat code won't have changed that process at all.
An ephemeral image of something is not a copy even if it is identical to the original --- a copy only exists if that is made unique
and independent in a fixed (persistent) form and then distributed or used on its own; not if an image is ephemeral and only used
with another copy --- code in bits in RAM are not sent out for use independent of the permanent storage.
you hash the full url ... and send the hash. the remote server compare if that hash is in their DB or not and report back to the user about the result.
No..... that is an architecture choice. A hash is pretty useless for scanning the URL if the URL is not found in their current database.
Many web filtering solutions query the full domain and URI to a remote server; (or rather, a Base64-encoded version of the same).
This is fundamentally no different than Proofpoint's method which scans all incoming e-mail and replaces URLs with an encoded version that .URLDefense.proofpoint.com which does a 302 REDIRECT either to the original URL in the e-mail
forwards through
message if nothing suspicious is found. Or else a 302 REDIRECT to a block page.
The security provider's servers check a cache if the URL is known good or known bad, and takes the proper action.
If the URL is in Neither database ---- then their servers won't know a hash for that URL, Before returning a reply to
the client, the security provider runs a scan of the URL from their servers, using their patterns and proprietary rules, possibly augmented with some 3rd party databases, and returns back either a Good or Suspicious Site response. Note that a hash is not adequate for any of this process.
Both of these programs Menyoo and AbsoluteMenu are used in single player and have many legitimate and creative purposes.
The issue with people abusing these with hacked clients to break multiplayer rules on GTA's own servers shouldn't be able to prevent these 3rd party tools that have many legitimate and awesome uses from existing....
Also, a Publisher of video game software doesn't have any right to prevent people from altering the game or modifying their game playing experience for personal entertainment; Assuming the person doesn't use the game with an online service to cheat, but the recourse for cheating is to file suit against the person cheating on their service or ban them from their server -- not to prevent the distribution of tools.
Where implanted microchips will be so ingrained into society that you must have one in your right hand or on your forehead as your government id to drive your car, or to buy, sell, or perform any other kind of business transaction ---- all the functions of your driver's license, car keys, house keys, debit card terminals, etc, will be implemented so that they use the chip to identify you.
With maybe a slight complication of you type a 3-digit number and push the "Visa" or "Paypal" button to identify which of your credit cards you intend to use for a purchase, etc.
which was at the center of a controversy this week after it was caught sending users' browsing histories to a server located in Germany.
The AddOn's description and privacy policy are very clear.... It's a cloud-based security AddOn that queries a realtime database on somebody else's server to help decide if a URL is malicious, therefore the addon naturally has to send a request to the server with the URL.
Whoever is describing the Add-On as "Spying" because of functioning as it is documented to function is being extremely disengenuous (IMO) --- Perhaps they work for another antivirus or security company and would prefer more users be infected to bolster sales?
But pragmatically because we need more of them. Because the job is important. Because that school can do it.
We don't just need more of them.... as a country we desperately need more of them;
the shortage of qualified medical professionals is one of the inputs into the cost of medical care --- which, in case some of you haven't noticed,
has become ridiculously high.
The high cost of major medical operations and treatments is a result of multiple factors, but a major one is the high demand and low supply.
Also, they are labored with high financial burdens.... School debt is one of them.
Another is frivolous civil lawsuits -- legal liability and the costs of liability insurance for these professionals:
as in.... you may pull in $100K in a year as a doctor sure, then you get to pay from that $5,000 a month or more to the
malpractice insurance company, or risk losing everything that can happen over the most frivolous boneheaded claim --
that still persuades the jury through emotion to take from the professional perceived as having $$$.
If the barrier to opening and successfully suing both professionals and hospitals over undesirable
medical outcomes was much higher, then the costs of legal insurance, and the costs of many services
could have been much lower; just in the built-in risk cost necessary to profit from each service, and also,
fewer totally unnecessary "CYA" expenses, such as uncalled for testing performed solely to protect against
the potential of a claim.
Yet Apple themselves estimated its value as $200, which is their legal admission that it has very little value to them, special or not.
Those are different things. Apple's tax attorney's assertion of the "fair market value" of their property is not an evaluation of how much value Apple gets from the occupation of this property, nor is it an offer to sell it for that sum, or to sell it at all, and doesn't determine fair compensation for "Eminent domain" purposes.
If some of Apple's land had to be taken for eminent domain: then they would still have to seek agreement with Apple on value, and if they were in disagreement -- a condemnation proceeding would be required.
Also, "Eminent domain" has limitations, and the local government doesn't have the power to simply go around forcing people to sell off their buildings decided based on "supposed market value" --- the Eminent domain case can be contested during the proceedings, And the eminent domain case will fail if the government is targeting Apple alone or attempting to condemn too much land, or if its "public purposes" can be accomplished with less intrusion upon private landowner's rights.
It's not the plaintiff who got repeatedly phished, it was AT&T.
No.... The perpetrator was the thief, and I would say they managed to scam BOTH the guy and ATT.
That is also another possible outcome for this case. (1) ATT is only Partially responsible for this loss: because the service they provided was Telephone, Data and SMS text message service --- The Terms of Service do not include a warranty that the SMS text message service is "Fit for the purpose of authenticating you", let-alone "Fit for the purpose of strongly authenticating you so as to secure access to $23 million".
And (2) The plaintiff, despite not having a warranty that this SMS Text messaging service was usable for sending high-value messages that could not be intercepted decided to rely upon it for such, with no contract to ATT promising it suitable for that purpose and entitling them to rely upon it for such, And,
(3) Therefore, ATT's liability should be limited to the first $1,000,000 of the claimed loss.
These could be collector's bottle caps just the same. Both of these have a monetary value that's unrelated to any intrinsic virtue
Correct... The loss will be evaluated in USD... damages are valued in currency, not in Bitcoins. The loss is either the value of the personal property at the time stolen, OR if the cost to replace the personal item is higher now --- then the plaintiff can potentially claim the cost to replace their property with like property in the same condition as necessary to "make them whole"; For example, if their car was stolen and destroyed, they can seek whatever cost is necessary to get the same make of car in same age and condition --- even if that cost is higher than what their lost property was worth when stolen.
Capitalistic systems and free enterprise have been the most successful systems and are responsible for America being such a prosperous country, and "not being positive about capitalism", basically suggests these people are largely ignorant about Economics, Economic history, and Philosophy.
People in the US don't seem to recognize their own privilege --- the poorest of those in the US are better off than the average person in countries that have had other systems.
Every attempt to "centrally plan" an economy ever have resulted in total disaster;
some other systems that have been proven not to work are Socialism and Communism --- look at Venezuela for examples.
Look how China has risen from the ashes after it changed to a more capitalistic system with free-er markets than it had before.
It would be funny to have the local municipality come in and take the property though eminent domain using Apple's valuation.
Eminent domain requires justly compensating Apple for the loss of their property: not paying Apple the Proposed Tax Assessment value or the Fair Market value, that's not necessarily sufficient for just compensation. Even if the market considers their property worth only $5, and they might, if for example the property has special value to Apple which all other potential businesses are unable to exploit in any way, because the nature of the property not meeting their needs --- if Apple uses that property to generate $1Billion a year in revenue, then the public has to pay Apple at least enough $$$$ to replace the property that would be lost with an equivalent property that generates the same or more revenue.