You would have to get >50% of shareholders (depositors) to vote for higher risk, higher fees, fewer services, gross overpayment to executives, cutting of interest rates on savings accounts, switching from the NCUA to the less solvent FDIC,...
No... not >50% of "shareholders". >50% of "shares". There is a difference.
If a single member has enough money in the CU that they have a 51% share as a member,
then that one depositor can vote >50% of voting shares..
Anyways, shareholders don't decide everything with a vote.
Normally only the board will be chosen by shareholder vote (from the nominees).
The board sets the rules for the organization, the shareholders don't vote on those.
Executives are chosen by the board, and work with the board to set policies.
Normally, most members of the board will be from the banking industry, and they
are supposed to represent the short-term interests of the CU's members.
Policies that members will hate in the long term can be to "their immediate" benefit, however.
There can be a windfall profit for the members, they get shares of stock and/or cash payout for their
membership rights, as the CU is converting and possibly joining with a larger organization to form
a for-profit enterprise.
Later after the conversion decision is made however, nothing really assures the shareholders who
used to have CU member shares do not have their interest diluted by the acquirer and other for-profit
forces pouring money/investments into the new for-profit org. that dwarfs the members' contributions,
or basically results in the members' shareholder interests being "compressed" to a small fraction
such as 15% of the interest in the joint stock company.
So it isn't easy, in fact it may even be illegal to formally co-opt a CU in the way the GP described, but sometimes they do end up being managed by execs with a bankster mindset.
When has "illegal" been a sure stop? If the executives, under whatever influence, decide to appoint a consultant to put forth a conversion proposal, and the members are persuaded to go with the conversion (which is in the consulants' interest), within the rules of the CU's charter, conversion can happen legally, ultimately at a loss to members, and profit to the acquirer.
And yes, Credit unions can convert to bank charters, although it has been rare in the past , see CU Financial Services.
A mass exodus to credit unions could change matters greatly, as
the members who have the most $$$ tied up, could begin to see opportunities from the mass
importation of financially unsavvy members joining, to provide the CU as a whole great opportunity for exploitations.
And the loss of $$$ to banks would give then a great incentive to want to join / become a "partner" in a credit union.
Meanwhile as the CU struggles with growing pains due the importation of members and requires more scalability and more resources to provide service, for-profit models become more enticing, as they provide more capital towards that end.... P.S. and more capital to pay executive bonuses
Download a Gnoppix or Ubuntu Live CD ISO, burn the ISO to a CD, pop it in the CDROM drive, reboot your computer.
THERE you have "installed" and are running Linux from CD.
Configuration is not something that end users do.
Good operating systems always use the defaults...
Convention over Configuration
Unlike Windows, Linux does not require configuration for basic functionality to work securely.
End users always follow the wizard or GUI with minimal actions, because they don't really
understand what's going on inside the appliance (and that's ok), and the result they get is the defaults.
End Users don't know about going into the BIOS, regardless of OS.
End Users don't know about editing files or configurations, regardless of OS.
But end users can still have Linux up and running no problem.
The supposed "secure" boot (which doesn't really add any security),
changes matters entirely.
Oh... I see, with SecureBoot if someone gets a boot sector virus, a very rare creature
indeed nowadays (since Windows is so easy to infest), instead of having
their system boot with the infection, they will have a "Sorry, you cannot boot message"
So for the sake of a mirage of security, Microsoft is getting PC makers to stomp out Linux
for end users.
The difference is that credit unions are explicitly not-for-profit. Their main goal is not to maximize shareholder value, but to maximize member usefulness. That makes a really big difference.
A lot of insurance companies started that way too.
This works great until "demutualization" happens.
Eventually a big company comes in, wants to buy out/get profit from the members of this
association.... slips enough money under the table to the right people, and suddenly you have
the CU turning into a for-profit bank with a one-time payout for members, maybe some shares
of stock if they're lucky
Dell plans to have a BIOS switch to allow SecureBoot to be disabled,
Can you please remind me again... what percentage of the average user population knows
how to change a BIOS switch?
Currently they can just pop in their knoppix CD or try Ubuntu with a Live CD;
No expertise regarding BIOS settings required (normally).
What we have here is an anti-competitive practice being endorsed by Microsoft
in the form of a logo validating "Secure" boot.
This is a low blow, and a shoddy attempt to ward away other OSes, and prevent
you from booting your computer to whatever application or OS you want to boot it into.
The one thing that baffles my mind is that Linux filesystems still don't offer compression of specific folders or files. Seriously, Windows has had this for over a decade.
It sounds like you want ZFS.
ZFS has supported compression for a long time LZJB compression since early on,
GZIP compression since pool version 5, ZLE compression since pool version 20...
The only problem is.... well, on Linux it's mostly available only using FUSE.
There is the ZFS On linux port mentioned, but I suppose that's really not "production quality" yet.
Compression seems to be one of those things that Solaris excels at.
Of course this is useless if your storage hardware is low-end or you lack CPU, since
while compression increases capacity, it doesn't increase how much of that storage you can have live data on
at average activity
Sounds like he succeeded.
Didn't publish a video is not merely an 'attempt'.
Now then... you can call it an 'attempt' as soon as we see the content available despite their efforts.
Actually it sounds like the University itself is responsible for the censorship... specifically
Mr. Rabel, and I would say based on the article... it sounds like the uni is a biased venue
that would choose to publish or not publish based on who won. Shame shame.
The participant decided he didn't want it published after the fact, but since he had already
granted his permission, the ball rests totally in the uni's court....
Our CIO is convinced that technical support for any product is worthless. He's will to spend money on "one-time" software purchases, but nothing that is an annual subscription.
Well, the important thing here is that CentOS is not just free RHEL, and the choice between them
has engineering implications.
A RHEL subscription is not merely technical support. It's also software updates.
CentOS has been notoriously slow about software updates, and the last thing you want
to do is wait 6 months for a bugfix for an issue important to your business.
Your CIO is going to look pretty bad if you have systems crashing due to an issue, with an
available bugfix that you don't have access to, because CentOS hasn't carried it yet.
You can't report "bugs" in CentOS that exist in RHEL, and Redhat won't really listen to you
unless you have the subscription.
Also, the RHEL subscription provides update, monitoring, and patch management features
through the RHN website that are not available with CentOS.
CentOS strives for binary compatibility with RHEL, but this is not guaranteed -- there are and can be issues
and bugs you will encounter.
A good number of third party software products are supported on RHEL but unsupported on CentOS.
Banks lend out as much as they can (subject to capital, not reserve, constraints), and then, if their reserve accounts at the Fed are insufficient, they borrow from the overnight interbank market whatever is needed.
There is another constraint you didn't mention:
there is not an infinite supply of borrowers who are worthwhile credit risks want to and are able to borrow money from the bank once the risk of default has been properly priced into their loan, and even if there were, there are competing banks, so not all of them will come to that bank, once their prices for consumer borrowing are set at a level that allows the bank to profit from the loan.
In bad economic times, the bank's supply of worthy borrowers may be running out before they are capital constrained.
No they don't. Banks create the money for the loan out of the loan. The requirements for deposits stem merely from laws based on fractional reserve banking, i.e., a bank can create money based on some multiple of the amount of its deposits.
Actually the "deposit" _is_ a liability on the bank's part.
The deposit is money they will have to pay back to the depositor on demand.
As long as the banks have sufficient deposits to allow them to lend out how much money they want to lend out, at the level of risk/reward the bank wants to be involved in, they don't want more deposits than that -- because more money deposited = greater liability.
Witness some recent trends like banks starting to add $5/month debit card fees, to try and reduce the amount of deposits }:->
Use rewrite rules to do a 301 redirect to goatse.cx when the host is api.netflix.com!
Why do that when the person to erronously receive the traffic could maybe do something
profitable with that? Such as co-opt the Netflix API calls and display "video" or "messages"
to convince the user to subscribe to a different service, netting
$$ to the unintended target who received Netflix's requests
Pointing the figure and screaming very loudly would be very good, especially if Amazon does it,
as it will help bring attention to broken behavior in DNS and browser software.
I will agree it hurts Amazon, but it helps the community, for large players like Amazon
to help bring attention to broken software, so that it can be fixed.
Browsers are sometimes forced to disregard TTL values to prevent certain type of attacks which involve quickly changing DNS records.
No, they are not "forced" to do so. They have chosen an improper method to "workaround" a security
issue that violates other internet standards and causes issues, because they are not implementing DNS resolution in a valid way.
The TTL in DNS is not an "advisory" value, it is a time after which the old RR in the previous authoritative
DNS response must be expunged, a TTL of 0 prohibits caching altogether.
There are other methods of preventing attacks that involve quickly changing DNS records, like, oh,
fixing their trust policy, or throwing up an error requiring the user to reload their page.
I really don't like that sort of logic with stuff like that. You know, "big enough to handle most disasters".
That's why you want more precise stringent criteria such as: 99.9% of Tsnunami disasters will be fully mitigated with 99% probability in regards to plant safety, and additional failsafes will prevent 99.99% of Tsnunami-related disasters from having significant risk of resulting in a catastrophic situation.
The generators that run the pumps require venting to operate and even if they had piping for the venting it would still be difficult and costly to build a watertight seal around them.
Backup generators don't require the venting until they are actually being utilized however.
They could be in a nearly watertight concrete bunker capable of having venting through openings in the bunker.
With maximal independent protection of each individual backup generator until an emergency failure of the primary occurs when they need to be brought into service.
In other words... the bunker would be sealed, except when the backup unit was actually being prepared to start up.
By the fact there have been so many nuclear disasters in the past, the companies that run these aren't able/willing to do so safely. So, how can we expect any new model reactors to be safe if built and run by these same corporations?
Safety is a relative thing... how do you define safe?
It would be better than the current situation, if newer, safer reactors were implemented, and existing ones were decommissioned.
JAP was lucky. They still had two pumps working after being overrun. TEPCO was not so lucky. You can't just build a bigger wall to avoid tsunami.
Actually... the point of the article... they proved, as the researchers suggested, yes you can
build a bigger wall to avoid a catastrophic failure due to a tsunami.
It is not a certain thing, and it's possible a tsunami will still overcome the higher wall,
however, the probability that the higher wall prevents a catastrophe, is sufficient enough
that the expense should be made.
At some particular height, there is a point where a higher wall no longer significantly reduces the probability
a tsunami will be catastrophic, or the cost increases at a much higher pace, such that at a certain cost, it is
no longer worth extra $$s for small reductions in risk, since the $$$ to build a reliable plant has to be utilized
to mitigate all risks in the design as well.
It is at that height and that cost the wall should be built.
Speech is free beyond merely communication of a message. You're free to persuade people with speech so long as you don't lie or intimidate harm.
Actually, you're not totally free to persuade people with speech in most situations.
You might assume that from a reading of the constitution, but it's simply not implemented that way anymore.
Only certain kinds of speech have been deemed protected by the courts in the US.
One kind of speech that's not protected is speech for a commercial purpose, for example, speech for the purpose of gaining a profit; a category that 'pretending to be' someone else to shoot a movie for profit may fall under, this situation of commercial speech. Some examples of cases where that kind of speech has been specifically prohibited: blackmail.... "be persuaded of such and such" or I publish 'such and such' about you, publish negative things about a competitor you can't prove to promote your business, defamation, subliminal advertising bans, "truth in advertising" laws, product labelling rules, surgeon generals warnings, prohibition of use of television to advertise cigarettes, the list goes on and on.
There are plenty of types of speech that are illegal, but don't harm anyone.
There are plenty of types of speech that do harm but are legal, and corporations can lie all day, as long as they don't lie in the wrong venue about the wrong kind of things; newspapers can publish false articles, perfectly legal, if they are cautious.
There are a few limits in that you do generally need to be clothed
There are quite a few more limits than that. One of those limits is you can't legally tell a lie or create a deception that harms anyone else, if they have a reasonable basis for relying upon that thing, and you financially benefit from the deception... the term is called 'fraud', and in this case the fraud is representing yourself as big foot.
Another... example... If you go down the street wearing a sock over your head, carrying a baseball bat on you, you are liable to be arrested for disorderly conduct, and you can get a nice jail sentence for having done that.
Your right to free expression has legal limits as soon as they involve interactions with other people that go beyond communication of a message.
Attempting to deceive people into thinking you are a threat or monstrous animal is not merely a harmless "expression" or communication.
You could hold up a sign without costume that says "I'm big foot", all day, or other adornments that are not deceptive, now that would be an expression.
How about permits for potentially disruptive activities in order to maintain public order?
Do you have a right to dress up as a large creature or do other deceptive things to disturb other people's
enjoyment of the park?
Using more layers, like IP firewalls and authorization will help mitigate this.
If network security is an adequate bolt-on fix for the situation, then why would you be using XML encryption in the first place?
If you are transferring data over a public network, IP firewalls and authorization are not sufficient.
The source/destination of traffic can be determined by a Man-in-the-Middle for the purposes of IP spoofing
just as easily as the encrypted ciphertext can be illicitly acquired in that manner.
On the other hand, if you are emitting XML encrypted over a VPN, then you are doing the encryption work twice,
and one of those times isn't adding useful protection...
But don't go creating specific encryption algorithms for specific document formats. That's just reinventing the wheel.
XML-Enc does not create specific encryption algorithms for specific document formats.
It sounds to me like a server-side application of some sort is using XML-Enc and CBC mode in a poor way.
Don't pick one shared key which you reuse every time and give the user error messages based on the ciphertext.
Use public key crypto and a different shared key every time you encrypt a document.
Personally... I think the XML-Enc folks ought to have piggy backed on a proven cryptosystem such as OpenPGP as the basis on which ciphertext and signature XML elements are to be built.
You would have to get >50% of shareholders (depositors) to vote for higher risk, higher fees, fewer services, gross overpayment to executives, cutting of interest rates on savings accounts, switching from the NCUA to the less solvent FDIC, ...
No... not >50% of "shareholders". >50% of "shares". There is a difference. If a single member has enough money in the CU that they have a 51% share as a member, then that one depositor can vote >50% of voting shares..
Anyways, shareholders don't decide everything with a vote. Normally only the board will be chosen by shareholder vote (from the nominees).
The board sets the rules for the organization, the shareholders don't vote on those. Executives are chosen by the board, and work with the board to set policies.
Normally, most members of the board will be from the banking industry, and they are supposed to represent the short-term interests of the CU's members.
Policies that members will hate in the long term can be to "their immediate" benefit, however. There can be a windfall profit for the members, they get shares of stock and/or cash payout for their membership rights, as the CU is converting and possibly joining with a larger organization to form a for-profit enterprise.
Later after the conversion decision is made however, nothing really assures the shareholders who used to have CU member shares do not have their interest diluted by the acquirer and other for-profit forces pouring money/investments into the new for-profit org. that dwarfs the members' contributions, or basically results in the members' shareholder interests being "compressed" to a small fraction such as 15% of the interest in the joint stock company.
So it isn't easy, in fact it may even be illegal to formally co-opt a CU in the way the GP described, but sometimes they do end up being managed by execs with a bankster mindset.
When has "illegal" been a sure stop? If the executives, under whatever influence, decide to appoint a consultant to put forth a conversion proposal, and the members are persuaded to go with the conversion (which is in the consulants' interest), within the rules of the CU's charter, conversion can happen legally, ultimately at a loss to members, and profit to the acquirer.
And yes, Credit unions can convert to bank charters, although it has been rare in the past , see CU Financial Services.
See... FRBSF Economic Letter, Credit Unions, Conversions, and Capital , Credit Union Conversions to Banks: Facts, Incentives, Issues, and Reforms.
A mass exodus to credit unions could change matters greatly, as the members who have the most $$$ tied up, could begin to see opportunities from the mass importation of financially unsavvy members joining, to provide the CU as a whole great opportunity for exploitations.
And the loss of $$$ to banks would give then a great incentive to want to join / become a "partner" in a credit union.
Meanwhile as the CU struggles with growing pains due the importation of members and requires more scalability and more resources to provide service, for-profit models become more enticing, as they provide more capital towards that end.... P.S. and more capital to pay executive bonuses
Installing and configuring Linux is difficult.
What utter nonsense you are spouting.
Download a Gnoppix or Ubuntu Live CD ISO, burn the ISO to a CD, pop it in the CDROM drive, reboot your computer.
THERE you have "installed" and are running Linux from CD.
Configuration is not something that end users do. Good operating systems always use the defaults... Convention over Configuration
Unlike Windows, Linux does not require configuration for basic functionality to work securely.
End users always follow the wizard or GUI with minimal actions, because they don't really understand what's going on inside the appliance (and that's ok), and the result they get is the defaults.
End Users don't know about going into the BIOS, regardless of OS.
End Users don't know about editing files or configurations, regardless of OS.
But end users can still have Linux up and running no problem.
The supposed "secure" boot (which doesn't really add any security), changes matters entirely.
Oh... I see, with SecureBoot if someone gets a boot sector virus, a very rare creature indeed nowadays (since Windows is so easy to infest), instead of having their system boot with the infection, they will have a "Sorry, you cannot boot message"
So for the sake of a mirage of security, Microsoft is getting PC makers to stomp out Linux for end users.
The difference is that credit unions are explicitly not-for-profit. Their main goal is not to maximize shareholder value, but to maximize member usefulness. That makes a really big difference.
A lot of insurance companies started that way too. This works great until "demutualization" happens.
Eventually a big company comes in, wants to buy out/get profit from the members of this association.... slips enough money under the table to the right people, and suddenly you have the CU turning into a for-profit bank with a one-time payout for members, maybe some shares of stock if they're lucky
Dell plans to have a BIOS switch to allow SecureBoot to be disabled,
Can you please remind me again... what percentage of the average user population knows how to change a BIOS switch?
Currently they can just pop in their knoppix CD or try Ubuntu with a Live CD; No expertise regarding BIOS settings required (normally).
What we have here is an anti-competitive practice being endorsed by Microsoft in the form of a logo validating "Secure" boot.
This is a low blow, and a shoddy attempt to ward away other OSes, and prevent you from booting your computer to whatever application or OS you want to boot it into.
The one thing that baffles my mind is that Linux filesystems still don't offer compression of specific folders or files. Seriously, Windows has had this for over a decade.
It sounds like you want ZFS. ZFS has supported compression for a long time LZJB compression since early on, GZIP compression since pool version 5, ZLE compression since pool version 20...
The only problem is.... well, on Linux it's mostly available only using FUSE. There is the ZFS On linux port mentioned, but I suppose that's really not "production quality" yet.
Compression seems to be one of those things that Solaris excels at.
Of course this is useless if your storage hardware is low-end or you lack CPU, since while compression increases capacity, it doesn't increase how much of that storage you can have live data on at average activity
Sounds like he succeeded. Didn't publish a video is not merely an 'attempt'. Now then... you can call it an 'attempt' as soon as we see the content available despite their efforts.
Actually it sounds like the University itself is responsible for the censorship... specifically Mr. Rabel, and I would say based on the article... it sounds like the uni is a biased venue that would choose to publish or not publish based on who won. Shame shame.
The participant decided he didn't want it published after the fact, but since he had already granted his permission, the ball rests totally in the uni's court....
Your product requires or will benefit from an improvement in RHEL 6.1 or even better 6.2.
CentOS 6.1 isn't out yet and probably won't be out for quite a while.
Our CIO is convinced that technical support for any product is worthless. He's will to spend money on "one-time" software purchases, but nothing that is an annual subscription.
Well, the important thing here is that CentOS is not just free RHEL, and the choice between them has engineering implications.
A RHEL subscription is not merely technical support. It's also software updates. CentOS has been notoriously slow about software updates, and the last thing you want to do is wait 6 months for a bugfix for an issue important to your business. Your CIO is going to look pretty bad if you have systems crashing due to an issue, with an available bugfix that you don't have access to, because CentOS hasn't carried it yet.
You can't report "bugs" in CentOS that exist in RHEL, and Redhat won't really listen to you unless you have the subscription.
Also, the RHEL subscription provides update, monitoring, and patch management features through the RHN website that are not available with CentOS.
CentOS strives for binary compatibility with RHEL, but this is not guaranteed -- there are and can be issues and bugs you will encounter.
A good number of third party software products are supported on RHEL but unsupported on CentOS.
Banks lend out as much as they can (subject to capital, not reserve, constraints), and then, if their reserve accounts at the Fed are insufficient, they borrow from the overnight interbank market whatever is needed.
There is another constraint you didn't mention: there is not an infinite supply of borrowers who are worthwhile credit risks want to and are able to borrow money from the bank once the risk of default has been properly priced into their loan, and even if there were, there are competing banks, so not all of them will come to that bank, once their prices for consumer borrowing are set at a level that allows the bank to profit from the loan.
In bad economic times, the bank's supply of worthy borrowers may be running out before they are capital constrained.
No they don't. Banks create the money for the loan out of the loan. The requirements for deposits stem merely from laws based on fractional reserve banking, i.e., a bank can create money based on some multiple of the amount of its deposits.
Actually the "deposit" _is_ a liability on the bank's part. The deposit is money they will have to pay back to the depositor on demand.
As long as the banks have sufficient deposits to allow them to lend out how much money they want to lend out, at the level of risk/reward the bank wants to be involved in, they don't want more deposits than that -- because more money deposited = greater liability.
Witness some recent trends like banks starting to add $5/month debit card fees, to try and reduce the amount of deposits }:->
Use rewrite rules to do a 301 redirect to goatse.cx when the host is api.netflix.com!
Why do that when the person to erronously receive the traffic could maybe do something profitable with that? Such as co-opt the Netflix API calls and display "video" or "messages" to convince the user to subscribe to a different service, netting $$ to the unintended target who received Netflix's requests
Pointing the figure and screaming very loudly would be very good, especially if Amazon does it, as it will help bring attention to broken behavior in DNS and browser software.
I will agree it hurts Amazon, but it helps the community, for large players like Amazon to help bring attention to broken software, so that it can be fixed.
Browsers are sometimes forced to disregard TTL values to prevent certain type of attacks which involve quickly changing DNS records.
No, they are not "forced" to do so. They have chosen an improper method to "workaround" a security issue that violates other internet standards and causes issues, because they are not implementing DNS resolution in a valid way.
The TTL in DNS is not an "advisory" value, it is a time after which the old RR in the previous authoritative DNS response must be expunged, a TTL of 0 prohibits caching altogether.
There are other methods of preventing attacks that involve quickly changing DNS records, like, oh, fixing their trust policy, or throwing up an error requiring the user to reload their page.
I really don't like that sort of logic with stuff like that. You know, "big enough to handle most disasters".
That's why you want more precise stringent criteria such as: 99.9% of Tsnunami disasters will be fully mitigated with 99% probability in regards to plant safety, and additional failsafes will prevent 99.99% of Tsnunami-related disasters from having significant risk of resulting in a catastrophic situation.
Fukushima has six reactors and the amount of diesel they would have to keep on site to shut down all of them is vast and itself presents a hazard.
Sounds like it's time to put solar panels on the roof as a backup for the diesel generators.
I imagine all broadcasts would be interrupted with
I thought what I'd do was, I'd pretend I was one of those deaf-mutes
The generators that run the pumps require venting to operate and even if they had piping for the venting it would still be difficult and costly to build a watertight seal around them.
Backup generators don't require the venting until they are actually being utilized however.
They could be in a nearly watertight concrete bunker capable of having venting through openings in the bunker.
With maximal independent protection of each individual backup generator until an emergency failure of the primary occurs when they need to be brought into service.
In other words... the bunker would be sealed, except when the backup unit was actually being prepared to start up.
By the fact there have been so many nuclear disasters in the past, the companies that run these aren't able/willing to do so safely. So, how can we expect any new model reactors to be safe if built and run by these same corporations?
Safety is a relative thing... how do you define safe?
It would be better than the current situation, if newer, safer reactors were implemented, and existing ones were decommissioned.
JAP was lucky. They still had two pumps working after being overrun. TEPCO was not so lucky. You can't just build a bigger wall to avoid tsunami.
Actually... the point of the article... they proved, as the researchers suggested, yes you can build a bigger wall to avoid a catastrophic failure due to a tsunami.
It is not a certain thing, and it's possible a tsunami will still overcome the higher wall, however, the probability that the higher wall prevents a catastrophe, is sufficient enough that the expense should be made.
At some particular height, there is a point where a higher wall no longer significantly reduces the probability a tsunami will be catastrophic, or the cost increases at a much higher pace, such that at a certain cost, it is no longer worth extra $$s for small reductions in risk, since the $$$ to build a reliable plant has to be utilized to mitigate all risks in the design as well. It is at that height and that cost the wall should be built.
Speech is free beyond merely communication of a message. You're free to persuade people with speech so long as you don't lie or intimidate harm.
Actually, you're not totally free to persuade people with speech in most situations. You might assume that from a reading of the constitution, but it's simply not implemented that way anymore.
Only certain kinds of speech have been deemed protected by the courts in the US.
One kind of speech that's not protected is speech for a commercial purpose, for example, speech for the purpose of gaining a profit; a category that 'pretending to be' someone else to shoot a movie for profit may fall under, this situation of commercial speech. Some examples of cases where that kind of speech has been specifically prohibited: blackmail.... "be persuaded of such and such" or I publish 'such and such' about you, publish negative things about a competitor you can't prove to promote your business, defamation, subliminal advertising bans, "truth in advertising" laws, product labelling rules, surgeon generals warnings, prohibition of use of television to advertise cigarettes, the list goes on and on.
There are plenty of types of speech that are illegal, but don't harm anyone.
There are plenty of types of speech that do harm but are legal, and corporations can lie all day, as long as they don't lie in the wrong venue about the wrong kind of things; newspapers can publish false articles, perfectly legal, if they are cautious.
There are a few limits in that you do generally need to be clothed
There are quite a few more limits than that. One of those limits is you can't legally tell a lie or create a deception that harms anyone else, if they have a reasonable basis for relying upon that thing, and you financially benefit from the deception... the term is called 'fraud', and in this case the fraud is representing yourself as big foot.
Another... example... If you go down the street wearing a sock over your head, carrying a baseball bat on you, you are liable to be arrested for disorderly conduct, and you can get a nice jail sentence for having done that.
Your right to free expression has legal limits as soon as they involve interactions with other people that go beyond communication of a message.
Attempting to deceive people into thinking you are a threat or monstrous animal is not merely a harmless "expression" or communication.
You could hold up a sign without costume that says "I'm big foot", all day, or other adornments that are not deceptive, now that would be an expression.
How about permits for potentially disruptive activities in order to maintain public order? Do you have a right to dress up as a large creature or do other deceptive things to disturb other people's enjoyment of the park?
Using more layers, like IP firewalls and authorization will help mitigate this.
If network security is an adequate bolt-on fix for the situation, then why would you be using XML encryption in the first place?
If you are transferring data over a public network, IP firewalls and authorization are not sufficient. The source/destination of traffic can be determined by a Man-in-the-Middle for the purposes of IP spoofing just as easily as the encrypted ciphertext can be illicitly acquired in that manner.
On the other hand, if you are emitting XML encrypted over a VPN, then you are doing the encryption work twice, and one of those times isn't adding useful protection...
But don't go creating specific encryption algorithms for specific document formats. That's just reinventing the wheel.
XML-Enc does not create specific encryption algorithms for specific document formats.
It sounds to me like a server-side application of some sort is using XML-Enc and CBC mode in a poor way.
Don't pick one shared key which you reuse every time and give the user error messages based on the ciphertext.
Use public key crypto and a different shared key every time you encrypt a document.
Personally... I think the XML-Enc folks ought to have piggy backed on a proven cryptosystem such as OpenPGP as the basis on which ciphertext and signature XML elements are to be built.