Most injection systems look at the Content-Type header and only inject text/html. Most of them are pretty conservative at this point and actually manage not to foul up most sites. Still evil and probably a copyright violation, but they’re generally smart enough not to monkey with AJAX calls, binary downloads, etc.
That’s the grey area I wonder about. I think you’re right, but I could see arguments made the other way.
If it’s in the AUP that end-users are granting Comcast the right to modify pages they request, then they’re essentially granting a limited agency to Comcast to act on their behalf. The one similar case that comes to mind was some religious nutcase company that would send you DVD’s with all the racy & violent bits edited out so your good Christian family could still watch the 30 or so minutes that was left of most blockbuster movies... They had you buy a copy of the original, and I’m pretty sure they sent you both the original you purchased along with the modified version (for an additional fee over retail on the movie itself) so they could claim they weren’t really making a “copy” since you bought the original one. If I recall, the studios sued them for copyright infringement / derivative work, and the studios won, putting the god nuts out of business.
As an end-purchaser of a work, I certainly have the right to modify it for my own personal use (editing out the jiggly bits, removing ads, whatever) so long as I don’t distribute it. The decision in the video editing case means that at least in that situation, I can’t grant agency to someone else to create derivative works on my behalf. It seems like the same should apply to Comcast in this case, and even more-so given that the modifications in this instance are unlikely to be what the end user actually wants, but was merely tricked into agreeing to.
It drives me nuts that I have to give my cable company (TW) rights to modify the DOCSIS cable modem I bought & own by pushing TFTP configurations down to it. I can’t even imagine giving them ownership of a device that connects directly to the green side of my network that they can modify any time they want.
You can have my old PC router when you pry my cold dead fingers off it...
Easy fix for them: Whitelist of banks, etc. to not run injection on. They get to claim they’re preserving security for important sites while still injecting adds on everything else. Pretty sure most non-geeks would fall for it.
“To ensure your security, in order to use our service, you must follow these simple instructions so that your system will trust our security certificate.”
Then MitM every SSL request. There’s commercial carrier grade hardware that will carry out the MitM & injection, and I’d bet you get a huge portion of users who blindly do it. SSL be damned...
The ISP (allegedly a common carrier) isn’t a party to that EULA. Only the end-user accessing the site is. The end user has no power to bind the ISP legally to anything.
Aside from that, such a term would never be enforceable in any kind of website AUP. I can put, “By accessing my home page, you owe me a million dollars,” but it ain’t gonna fly...
There’s nothing grey here. What matters is who’s instructing the router to make changes.
Car analogy time: If you borrow a car that I own, and you run someone over with it, you are generally speaking liable for actions you initiated, not me as owner of the car. (Granted, if I cut the brake lines before you borrowed it, that changes things, but let’s assume a mechanically sound vehicle for sake of argument.)
Comcast programs the routers(*) to modify content. The Comcast subscriber where the router is installed has no control over that process. The act that causes the modification to occur is purely done by Comcast. If there are copyright or other issues here (not sure that there are, but seems plausible) only Comcast bears responsibility for them. Not grey at all in terms of culpability here.
(*) Some routers somewhere. I haven’t read anything that suggests that it’s actually modified at the subscriber’s WiFi endpoint router. They could (more) easily modify it upstream in their network somewhere. That seems a more likely implementation approach and would moot this entire conversation.
1) Explain why having access to information resources like a text book or other references should be a problem during a test?
2) Describe a plausible real-world scenario in which an individual will be required to calculate solutions to physics problems without basic reference material and likely the Internet at their disposal.
3) Explain why testing rote memorization is a valuable assessment of a student’s ability to solve problems or apply knowledge and skills?
[You may use your text book or any other resource to complete this exam. Cite all sources appropriately.]
What part of, “I rooted my device to make it respond how you expect it to and look like you expect it to (when you’re looking),” can’t be faked?
Maybe if you hold the exam with each student in their own personal Faraday cage or active wide-spectrum signal jamming inside a room-sized Faraday cage. That doesn’t stop them from putting more “stuff” on the device than they’re supposed to, but I consider any test that can be gamed by a list of facts to be flawed anyway.
That said, I fondly remember (cough) enhancing the capabilities of my TI-8* & TI-9* calculators when I was in high school. They’re not bursting with power, but my 89 rand Derive rather nicely with a bit of work... I was long graduated before math teachers started figuring out the magic key combination to trigger the third party launcher app.
If you knew the slightest thing about the US patent approval process, you’d know he’s probably got a decent chance of making first to file and getting a patent granted anyways...
1) They took nudes. So fscking what. The fact that in their private lives they decided to indulge in an activity that lots of people do isn’t something that should even be reported, much less held against them or effect their careers.
2) Basic human dignity should preclude assholes like the attackers from invading others privacy like this. (Yes, I know the world is full of assholes, and this is unreasonable dreaming, but still wrong of OP to blame the victim for someone else being an asshole.)
3) I believe Apple enables photo syncing to the cloud by default when you setup iCloud on a new device. (I could be wrong. It’s been a while since I setup a device from scratch rather than backup/restore.) I wouldn’t expect the vast majority of people to appreciate the gravity of having every pic you ever take immediately uploaded to a third party server. I consider that a serious falling of the tech industry for not educating people of the risks of using cloud-based services. I also wouldn’t expect the majority of iUsers to be able to find & disable the photo sync option nor to know how to expunge any images that might already have been uploaded. Blaming non-techies for being non-techies isn’t a reasonable approach.
So as far as assigning blame for this one:
1) The Hackers. 2) Prudish, sex-hating, women-hating ‘mur’kans for blaming the victims. 3) The press for seizing on this as news story of the month thus ensuring everyone knows to go searching for the pics. 4) Tech industry for pushing cloud-based storage. 5) Apple for not enabling password lockout on Find my Phone (assuming the reporting on that was accurate). 6) Apple for default-enabled on photo sync (assuming my recollection on that is correct - I may be wrong). 7) Their publicists/managers/etc for not knowing enough to a) ensure their emails were unguessable, b) insist they disable photo syncing on their devices, c) insist they enable two-factor auth, d) ensure complex passwords and non-public-records password reset answers, and e) monitor their emails for “new device accessed your account” or “password reset” notifications.
You’ll note the celebs aren’t in the above list of people who share in the blame here. I don’t even expect them to know enough to use good passwords. They’re ordinary humans whose focus should be on things not related to IT security. The people they undoubtedly pay good money to manage their careers and lives should have known better though. If not known enough themselves, known enough to contract with someone who did who could advise them appropriately.
And in-tree ZFS support, the performance of which beat Linux by a goodly margin last time I tested it. Admittedly that was several years ago and ZoL has come a long way since then. Still, having baked-in ZFS support instead of being stuck (due to GPL/CDDL licensing issues) with your root filesystem in a kernel module was a GoodThing.
As a user, I’d prefer a software system that had no DRM, but I’m prepared to accept that few publishes are ever going to give that up. It’s down to a matter of whether the compromise struck between publisher and user is reasonable and acceptable to me.
It’s true every iOS app is DRM’d, so we have to look at what the restrictions to me as an end user are: In order to run an app, I must login as the Apple account that purchased it on the device I wish to use the app. That’s it. There’s no limitation on the number of devices. To date at least, the DRM has never been used for “evil” to revoke the right to run an app post-purchase. The most Apple has done to my knowledge was revoke an app’s right to use location services when it misbehaved, but the app still ran on devices where it was installed. If I’m not willing to input my Apple ID username & password on a device for some reason, to me that seems like a good indication that I’m trying to run the app on a device that isn’t mine. As a user, I don’t think preventing that is unreasonable as part of the agreement in my purchasing software.
The other restriction on (unrooted) iOS is that I can’t run arbitrary code of my choosing on my device. If I want to circumvent that (without jailbreaking), I can choose to pay Apple $99/year to run any code I like on up to 100 devices of my choosing. If I need more devices than that, there are higher-cost corporate options to do the same.
Don’t get me wrong. I loath DRM in general. All else being equal, I’d use DRM-free platforms whenever possible. That said, all else is not equal, and the benefits that Apple’s platform provides in terms of security, interface consistency, and ease of use are worth the tradeoff of accepting the limitations of their DRM system.
To contrast that, Apple’s video offerings through iTunes are still limited to playback on five computers with permission required each time a new device is authorized. It’s also only possible to play back the video with devices and software that Apple supports (no Linux, no third party media players, XBMC, etc.) Personally I find that an unreasonable restriction for video. I easily have more than five computers that I could want to play video, and several of them are either non Win/Mac or are set-top systems that I use an interface like XBMC that can’t access DRM’d video, even on an otherwise supported OS. For those restrictions, I choose not to buy video from Apple.
When the limitations imposed by DRM actually restrict something that I think is reasonable for me to want to do, I generally choose not to accept those limitations and vote with my wallet. When DRM generally stays out of my way and more or less succeeds at keeping honest people honest Ideologically I might prefer it not exist, but I have a hard time really justifying that in the real world.
The best way to fix a bad law is to enforce it stringently! If every silly little thing is referred for prosecution, it’s only a matter of time before a senator gets pulled over and gets a bill of charges as long as their arm for silly stuff that everyone does anyway. I’d expect amendments on deck fairly quickly thereafter when the cop can’t just let the senator off with a, “Sorry for the inconvenience, Sir.”
Ultimately I’d rather pay a few extra traffic tickets if it makes it less likely that I’ll “have an accident” or just happen to get an entire can of pepper spray to the face when a cop doesn’t like my political position on something.
This is why I LOVE working for a place where coders interview coders. You can put whatever you want on your résumé to play buzzword bingo with HR, but a couple of übers with finely tuned bullshit detectors are going to lay down the gauntlet at your tech phone screen, and doubly so if you make it to a face to face.
If you put a tech [that we care about] on your skills list, and you can’t wax poetic about its finer points in a room with two or three folks who eat, sleep, live, and breath whatever it is, your prospects are looking rather dim.
We’re especially tough on people who are “tech collectors,” choosing new toys with every project just to mess around with them and gain “experience.” If you picked something new and knocked it out of the park on the project, we’re listening. Why did you take the risk in picking a new thing instead of using something established? Show your work, your justification is more important than your results in this case.
If you’ve left a legacy of barely functional piles of duct tape and baling wire behind you, we can usually see right through you. You *might* be able to pull it out of the fire if you can really convince us you did your best within constraints that are out of your control, but it’s not looking good for you at all.
I think the “irony quotes” on “accident” were enough to imply GP didn’t intend to suggest DUI is actually an accidental occurrence where nobody is at fault.
That said, agreed that community service or something that actually contributes to society makes a lot more sense than having society pay to house & feed him for (near enough to) three years, followed by pretty much ruining his ability to ever be a contributing (IE job holding & tax paying) member of society.
You like hanging out at the movies so much? Fine. Ten hours a week scraping chewing gum off the floors and seats of every theater in town for the next three years. Seems like it should do the trick.
Ahh, but you have to consider who’s perspective of improving society really matters here. If it scares more people into not eroding the *AA’s business model, then it’s a win for the groups that are *really* buying the laws.
Easy: By ordering a more compliant entity that has a financial relationship with you to comply on your behalf.
Government: "Pay me a $1000 fine."
Offender: "No."
Government: “Offender’s Bank: Give us $1000 from Offender’s account (by seizing every penny deposited for the next 10 years immediately in priority over EVERY other debit if necessary) plus an extra penalty for non-compliance.”
Offender’s Bank: “Okay, here’s your money, and BTW we’re taking our own fee for enforcing this, and of course we’ll charge them for every overdraft fee that results from draining their account.”
Offender: [sobs pathetically] "How am I going to pay my rent or car payment or buy food now?"
--- Or alternatively if no bank accounts: ---
Government: "Offender's employer: We're garnishing offender's wages. Give us the next $1000 you were going to pay offender, even if that means he doesn't see a penny for a paycheck for the next two months."
Offender's Employer: "Okay, here's your money, and BTW thanks for letting us know our employee's a thief. We’ll be looking to replace them ASAP.”
—-
See: Civil compliance and no truncheons necessary. There will almost always be someone with more to lose than you and less desire to stick it to the man. They’ll comply so you don’t have to.
That the police say something is illegal isn’t enough to get you thrown in jail.
*Possibly* not enough to get you sentenced, but I’m assuming the UK criminal justice system works much the way the US does in that the police can arrest you for pretty much any old thing they want. You get to cool your heels in a cell until they get around to a bail hearing (he’s a ter’ist! No bail!) and then you need to prove your innocence(*) before they release you.
Yes, when it works out the way it’s supposed to, you do actually have to break a law before you end up in PMITA prison, but the distinction seems someone academic when you’re in jail trying to figure out how to afford a lawyer to get you out.
(*) “Innocent until proven guilty” has such a nice ring to it, but let’s be honest here, shall we? In reality the moment the cops decide they like you for something, you’re fighting to prove your innocence a lot harder than they have to fight to prove you’re guilty.
Nope. SMTP envelope sender & recipient plus all the headers are still in the clear if you skip TLS. Metadata...
Network stacks don’t have anything to do with PGP
Sure network stacks don’t do PGP. Not sure what that has to do with SMTP which is an application level protocol common on TCP/IP networks and only a tiny part of the entire stack.
SMTP servers currently tell each other about encoding capabilities they may support. The receiving server may tell the sender for instance that it supports 8BITMIME. A sending server which sees that capability may react by not base 64 encoding the message if it contains UTF-8 characters. The sending server makes a decision immediately before transmitting content (after connecting to the remote and saying "EHLO") on what encoding it should apply.
Adding some indication of PGP to the SMTP capabilities might trigger similar behavior. The sending server could encrypt using the recipient’s public key transparently without requiring any user intervention or access to any private key material. That change could be implemented with an RFC similar to RFC-6152 which covered 8BITMIME. An admittedly more in depth change might enhance SMTP to allow the server to provide a recipient’s key ID if available in response to the "RCPT TO” command.
And a binary copy of PGP could be trojaned to send your decrypted private out somewhere or steganograph it into the ciphertext the second you provide your passphrase. You need to trust your implementation to handle your key in a responsible manner. All I’m saying is that by depending on Javascript to do the math, it’s possible for the system to be designed such that your decrypted private is never present on Yahoo’s servers but only on your own hardware.
You still have all the usual problems of infected machines, using the coffee shop’s computer with half a dozen key loggers conveniently preinstalled for you, etc. You also have to trust that Yahoo won’t ship your key off the second you furnish the passphrase, but if that’s what they have in mind, they won’t even bother with doing any of it client side anyways.
There’s always room for insecure implementation (whether accidental or intentional), but there’s no reason this system can’t be *designed* in a secure manner. And if the crypto is done in script on the client, it’s possible for that script be be audited to some degree by interested parties.
Slashdot Mirror
Most injection systems look at the Content-Type header and only inject text/html. Most of them are pretty conservative at this point and actually manage not to foul up most sites. Still evil and probably a copyright violation, but they’re generally smart enough not to monkey with AJAX calls, binary downloads, etc.
You know you can just buy your own DOCSIS cable modem and not pay them a monthly lease (and pay for the extra electricity), right?
That’s the grey area I wonder about. I think you’re right, but I could see arguments made the other way.
If it’s in the AUP that end-users are granting Comcast the right to modify pages they request, then they’re essentially granting a limited agency to Comcast to act on their behalf. The one similar case that comes to mind was some religious nutcase company that would send you DVD’s with all the racy & violent bits edited out so your good Christian family could still watch the 30 or so minutes that was left of most blockbuster movies... They had you buy a copy of the original, and I’m pretty sure they sent you both the original you purchased along with the modified version (for an additional fee over retail on the movie itself) so they could claim they weren’t really making a “copy” since you bought the original one. If I recall, the studios sued them for copyright infringement / derivative work, and the studios won, putting the god nuts out of business.
As an end-purchaser of a work, I certainly have the right to modify it for my own personal use (editing out the jiggly bits, removing ads, whatever) so long as I don’t distribute it. The decision in the video editing case means that at least in that situation, I can’t grant agency to someone else to create derivative works on my behalf. It seems like the same should apply to Comcast in this case, and even more-so given that the modifications in this instance are unlikely to be what the end user actually wants, but was merely tricked into agreeing to.
It drives me nuts that I have to give my cable company (TW) rights to modify the DOCSIS cable modem I bought & own by pushing TFTP configurations down to it. I can’t even imagine giving them ownership of a device that connects directly to the green side of my network that they can modify any time they want.
You can have my old PC router when you pry my cold dead fingers off it...
Easy fix for them: Whitelist of banks, etc. to not run injection on. They get to claim they’re preserving security for important sites while still injecting adds on everything else. Pretty sure most non-geeks would fall for it.
“To ensure your security, in order to use our service, you must follow these simple instructions so that your system will trust our security certificate.”
Then MitM every SSL request. There’s commercial carrier grade hardware that will carry out the MitM & injection, and I’d bet you get a huge portion of users who blindly do it. SSL be damned...
Contract law doesn’t work like that, fortunately.
The ISP (allegedly a common carrier) isn’t a party to that EULA. Only the end-user accessing the site is. The end user has no power to bind the ISP legally to anything.
Aside from that, such a term would never be enforceable in any kind of website AUP. I can put, “By accessing my home page, you owe me a million dollars,” but it ain’t gonna fly...
There’s nothing grey here. What matters is who’s instructing the router to make changes.
Car analogy time: If you borrow a car that I own, and you run someone over with it, you are generally speaking liable for actions you initiated, not me as owner of the car. (Granted, if I cut the brake lines before you borrowed it, that changes things, but let’s assume a mechanically sound vehicle for sake of argument.)
Comcast programs the routers(*) to modify content. The Comcast subscriber where the router is installed has no control over that process. The act that causes the modification to occur is purely done by Comcast. If there are copyright or other issues here (not sure that there are, but seems plausible) only Comcast bears responsibility for them. Not grey at all in terms of culpability here.
(*) Some routers somewhere. I haven’t read anything that suggests that it’s actually modified at the subscriber’s WiFi endpoint router. They could (more) easily modify it upstream in their network somewhere. That seems a more likely implementation approach and would moot this entire conversation.
1) Explain why having access to information resources like a text book or other references should be a problem during a test?
2) Describe a plausible real-world scenario in which an individual will be required to calculate solutions to physics problems without basic reference material and likely the Internet at their disposal.
3) Explain why testing rote memorization is a valuable assessment of a student’s ability to solve problems or apply knowledge and skills?
[You may use your text book or any other resource to complete this exam. Cite all sources appropriately.]
When you put it like that, it sounds... like exactly something a school district should be pushing for to “protect” our preshius snowflakes.
Shhh, before some high school administrator with more morale turpitude than brains hears you.
What part of, “I rooted my device to make it respond how you expect it to and look like you expect it to (when you’re looking),” can’t be faked?
Maybe if you hold the exam with each student in their own personal Faraday cage or active wide-spectrum signal jamming inside a room-sized Faraday cage. That doesn’t stop them from putting more “stuff” on the device than they’re supposed to, but I consider any test that can be gamed by a list of facts to be flawed anyway.
That said, I fondly remember (cough) enhancing the capabilities of my TI-8* & TI-9* calculators when I was in high school. They’re not bursting with power, but my 89 rand Derive rather nicely with a bit of work... I was long graduated before math teachers started figuring out the magic key combination to trigger the third party launcher app.
SHHHH!!! Don’t talk about that!
If you knew the slightest thing about the US patent approval process, you’d know he’s probably got a decent chance of making first to file and getting a patent granted anyways...
Wrong-think on several levels indeed.
1) They took nudes. So fscking what. The fact that in their private lives they decided to indulge in an activity that lots of people do isn’t something that should even be reported, much less held against them or effect their careers.
2) Basic human dignity should preclude assholes like the attackers from invading others privacy like this. (Yes, I know the world is full of assholes, and this is unreasonable dreaming, but still wrong of OP to blame the victim for someone else being an asshole.)
3) I believe Apple enables photo syncing to the cloud by default when you setup iCloud on a new device. (I could be wrong. It’s been a while since I setup a device from scratch rather than backup/restore.) I wouldn’t expect the vast majority of people to appreciate the gravity of having every pic you ever take immediately uploaded to a third party server. I consider that a serious falling of the tech industry for not educating people of the risks of using cloud-based services. I also wouldn’t expect the majority of iUsers to be able to find & disable the photo sync option nor to know how to expunge any images that might already have been uploaded. Blaming non-techies for being non-techies isn’t a reasonable approach.
So as far as assigning blame for this one:
1) The Hackers.
2) Prudish, sex-hating, women-hating ‘mur’kans for blaming the victims.
3) The press for seizing on this as news story of the month thus ensuring everyone knows to go searching for the pics.
4) Tech industry for pushing cloud-based storage.
5) Apple for not enabling password lockout on Find my Phone (assuming the reporting on that was accurate).
6) Apple for default-enabled on photo sync (assuming my recollection on that is correct - I may be wrong).
7) Their publicists/managers/etc for not knowing enough to a) ensure their emails were unguessable, b) insist they disable photo syncing on their devices, c) insist they enable two-factor auth, d) ensure complex passwords and non-public-records password reset answers, and e) monitor their emails for “new device accessed your account” or “password reset” notifications.
You’ll note the celebs aren’t in the above list of people who share in the blame here. I don’t even expect them to know enough to use good passwords. They’re ordinary humans whose focus should be on things not related to IT security. The people they undoubtedly pay good money to manage their careers and lives should have known better though. If not known enough themselves, known enough to contract with someone who did who could advise them appropriately.
I always use something related to the question asked that isn’t technically the right answer but is something I’d remember.
Example: Ask my mother-in-law’s name, I’ll enter “waste of oxygen”. Never gonna forget that one
And in-tree ZFS support, the performance of which beat Linux by a goodly margin last time I tested it. Admittedly that was several years ago and ZoL has come a long way since then. Still, having baked-in ZFS support instead of being stuck (due to GPL/CDDL licensing issues) with your root filesystem in a kernel module was a GoodThing.
As a user, I’d prefer a software system that had no DRM, but I’m prepared to accept that few publishes are ever going to give that up. It’s down to a matter of whether the compromise struck between publisher and user is reasonable and acceptable to me.
It’s true every iOS app is DRM’d, so we have to look at what the restrictions to me as an end user are: In order to run an app, I must login as the Apple account that purchased it on the device I wish to use the app. That’s it. There’s no limitation on the number of devices. To date at least, the DRM has never been used for “evil” to revoke the right to run an app post-purchase. The most Apple has done to my knowledge was revoke an app’s right to use location services when it misbehaved, but the app still ran on devices where it was installed. If I’m not willing to input my Apple ID username & password on a device for some reason, to me that seems like a good indication that I’m trying to run the app on a device that isn’t mine. As a user, I don’t think preventing that is unreasonable as part of the agreement in my purchasing software.
The other restriction on (unrooted) iOS is that I can’t run arbitrary code of my choosing on my device. If I want to circumvent that (without jailbreaking), I can choose to pay Apple $99/year to run any code I like on up to 100 devices of my choosing. If I need more devices than that, there are higher-cost corporate options to do the same.
Don’t get me wrong. I loath DRM in general. All else being equal, I’d use DRM-free platforms whenever possible. That said, all else is not equal, and the benefits that Apple’s platform provides in terms of security, interface consistency, and ease of use are worth the tradeoff of accepting the limitations of their DRM system.
To contrast that, Apple’s video offerings through iTunes are still limited to playback on five computers with permission required each time a new device is authorized. It’s also only possible to play back the video with devices and software that Apple supports (no Linux, no third party media players, XBMC, etc.) Personally I find that an unreasonable restriction for video. I easily have more than five computers that I could want to play video, and several of them are either non Win/Mac or are set-top systems that I use an interface like XBMC that can’t access DRM’d video, even on an otherwise supported OS. For those restrictions, I choose not to buy video from Apple.
When the limitations imposed by DRM actually restrict something that I think is reasonable for me to want to do, I generally choose not to accept those limitations and vote with my wallet. When DRM generally stays out of my way and more or less succeeds at keeping honest people honest Ideologically I might prefer it not exist, but I have a hard time really justifying that in the real world.
Good!
The best way to fix a bad law is to enforce it stringently! If every silly little thing is referred for prosecution, it’s only a matter of time before a senator gets pulled over and gets a bill of charges as long as their arm for silly stuff that everyone does anyway. I’d expect amendments on deck fairly quickly thereafter when the cop can’t just let the senator off with a, “Sorry for the inconvenience, Sir.”
Ultimately I’d rather pay a few extra traffic tickets if it makes it less likely that I’ll “have an accident” or just happen to get an entire can of pepper spray to the face when a cop doesn’t like my political position on something.
This is why I LOVE working for a place where coders interview coders. You can put whatever you want on your résumé to play buzzword bingo with HR, but a couple of übers with finely tuned bullshit detectors are going to lay down the gauntlet at your tech phone screen, and doubly so if you make it to a face to face.
If you put a tech [that we care about] on your skills list, and you can’t wax poetic about its finer points in a room with two or three folks who eat, sleep, live, and breath whatever it is, your prospects are looking rather dim.
We’re especially tough on people who are “tech collectors,” choosing new toys with every project just to mess around with them and gain “experience.” If you picked something new and knocked it out of the park on the project, we’re listening. Why did you take the risk in picking a new thing instead of using something established? Show your work, your justification is more important than your results in this case.
If you’ve left a legacy of barely functional piles of duct tape and baling wire behind you, we can usually see right through you. You *might* be able to pull it out of the fire if you can really convince us you did your best within constraints that are out of your control, but it’s not looking good for you at all.
I think the “irony quotes” on “accident” were enough to imply GP didn’t intend to suggest DUI is actually an accidental occurrence where nobody is at fault.
That said, agreed that community service or something that actually contributes to society makes a lot more sense than having society pay to house & feed him for (near enough to) three years, followed by pretty much ruining his ability to ever be a contributing (IE job holding & tax paying) member of society.
You like hanging out at the movies so much? Fine. Ten hours a week scraping chewing gum off the floors and seats of every theater in town for the next three years. Seems like it should do the trick.
Ahh, but you have to consider who’s perspective of improving society really matters here. If it scares more people into not eroding the *AA’s business model, then it’s a win for the groups that are *really* buying the laws.
Easy: By ordering a more compliant entity that has a financial relationship with you to comply on your behalf.
Government: "Pay me a $1000 fine."
Offender: "No."
Government: “Offender’s Bank: Give us $1000 from Offender’s account (by seizing every penny deposited for the next 10 years immediately in priority over EVERY other debit if necessary) plus an extra penalty for non-compliance.”
Offender’s Bank: “Okay, here’s your money, and BTW we’re taking our own fee for enforcing this, and of course we’ll charge them for every overdraft fee that results from draining their account.”
Offender: [sobs pathetically] "How am I going to pay my rent or car payment or buy food now?"
--- Or alternatively if no bank accounts: ---
Government: "Offender's employer: We're garnishing offender's wages. Give us the next $1000 you were going to pay offender, even if that means he doesn't see a penny for a paycheck for the next two months."
Offender's Employer: "Okay, here's your money, and BTW thanks for letting us know our employee's a thief. We’ll be looking to replace them ASAP.”
—-
See: Civil compliance and no truncheons necessary. There will almost always be someone with more to lose than you and less desire to stick it to the man. They’ll comply so you don’t have to.
*Possibly* not enough to get you sentenced, but I’m assuming the UK criminal justice system works much the way the US does in that the police can arrest you for pretty much any old thing they want. You get to cool your heels in a cell until they get around to a bail hearing (he’s a ter’ist! No bail!) and then you need to prove your innocence(*) before they release you.
Yes, when it works out the way it’s supposed to, you do actually have to break a law before you end up in PMITA prison, but the distinction seems someone academic when you’re in jail trying to figure out how to afford a lawyer to get you out.
(*) “Innocent until proven guilty” has such a nice ring to it, but let’s be honest here, shall we? In reality the moment the cops decide they like you for something, you’re fighting to prove your innocence a lot harder than they have to fight to prove you’re guilty.
Nope. SMTP envelope sender & recipient plus all the headers are still in the clear if you skip TLS. Metadata...
Sure network stacks don’t do PGP. Not sure what that has to do with SMTP which is an application level protocol common on TCP/IP networks and only a tiny part of the entire stack.
SMTP servers currently tell each other about encoding capabilities they may support. The receiving server may tell the sender for instance that it supports 8BITMIME. A sending server which sees that capability may react by not base 64 encoding the message if it contains UTF-8 characters. The sending server makes a decision immediately before transmitting content (after connecting to the remote and saying "EHLO") on what encoding it should apply.
Adding some indication of PGP to the SMTP capabilities might trigger similar behavior. The sending server could encrypt using the recipient’s public key transparently without requiring any user intervention or access to any private key material. That change could be implemented with an RFC similar to RFC-6152 which covered 8BITMIME. An admittedly more in depth change might enhance SMTP to allow the server to provide a recipient’s key ID if available in response to the "RCPT TO” command.
And a binary copy of PGP could be trojaned to send your decrypted private out somewhere or steganograph it into the ciphertext the second you provide your passphrase. You need to trust your implementation to handle your key in a responsible manner. All I’m saying is that by depending on Javascript to do the math, it’s possible for the system to be designed such that your decrypted private is never present on Yahoo’s servers but only on your own hardware.
You still have all the usual problems of infected machines, using the coffee shop’s computer with half a dozen key loggers conveniently preinstalled for you, etc. You also have to trust that Yahoo won’t ship your key off the second you furnish the passphrase, but if that’s what they have in mind, they won’t even bother with doing any of it client side anyways.
There’s always room for insecure implementation (whether accidental or intentional), but there’s no reason this system can’t be *designed* in a secure manner. And if the crypto is done in script on the client, it’s possible for that script be be audited to some degree by interested parties.