Clearly the poster was using one of Boston's new maps. Europe is much smaller now, so they've probably had to omit some letters to make everything fit.
Google would be required to provide Edina police with basic contact information for people targeted by the warrant, as well as Social Security numbers, account and payment information, and IP and MAC addresses.
Google might have *some* of that data - possibly even the MAC, if it's an Android device - but even with Google's reach, expecting them to be able to produce that data on a whole bunch of essentially random Google users just based on their searches seems a bit of a stretch. Am I missing something here, or is it just those involved in writing and granting the warrant badly need to run a few Google searches of their own?
Give the "hello_1984.m", I rather suspect it's a play on the scene from George Orwell's "1984" where Winston gets tortured by O'Brien over the number of fingers he's holding up rather the number of lights based rip-off Trek did (it was TNG not DS9, btw).
Maybe it's down to whether or not you signed up to (AKA, "didn't opt out of") the "Customer Experience Improvement Programme" or not. I mean, seriously, even the name reeks of something cooked up by a marketing weasel somewhere and, let's face it, what marketing droid doesn't see selling more product as "improving the customer experience" (AKA, "meeting my targets and getting my bonus")?
Microsoft is run by marketing flacks, not by developers. It's been that way since Bill Gates handed over the reins. Why do people still act surprised when they behave like a shady marketing department?
...able to withstand massive amounts of pressure from a vacuum.
I never cease to be amazed how many people think vacuum exerts a massive amount of pressure; Hollywood has a *LOT* to answer for for all those ridiculous explosive decompression scenes. The pressure between hard vacuum and atmosphere at sea level is exactly 1 atmosphere; you can get more pressure differential in a typical swimming pool. There's a reason spacecraft are about as rigid as a tin can and submarines are built out of many tonnes of steel and titanium, and it's that one has to deal with some pressure and the other... doesn't. If anything, the tube of the hyperloop is likely to be under more stress from the capilliary action of the vehicles (are we going with rail terminology and calling them "cars" or something else?) and bowshock in the less than perfect vacuum then pressure from the external atmosphere.
GMT+1 is the time most of the EU is on, whereas GMT is quintessentially a BRITISH thing; it's right there in the name! With the almost wall-to-wall "Fuck You, EU!" attitude from most of the the media and around half the population in the UK, if you ever wanted to scrap daylight savings and standardise on GMT I'd say the next couple of years are when you want to push for it.
It would be up to the higher court to decide, but the UK's system definitely allows for judges in the lower court to be sanctioned although I have no idea what constraints there might be on the limits of those, or how they might be applied if they determined that this was a case of overreach or some such. There are also some specific rules and procedures for the legal system in Scotland, so things might be a little different in the first level of appeal than it might be in England and Wales, but do they share the same Supreme Court, so it would also depend on how far it went through the system. Ironically (or is it serendipitously?), given the threat applied to the photographer, loss of job for the judge is definitely an available sanction, but I'm only aware of that being applied is some *really* severe cases of judicial malpractice.
You've completely missed the point. While the seizure of the images was an issue, the *real* issue was that they threatened to take away his tools of the trade if he didn't comply, and that the threat is still standing even though he *has* complied and provided them with copies. It's the next step down the slippery slope started with "provide your encyption keys, or we'll lock you up" that could be applied to people they suspected of a crime, only now it's "we think you might have some evidence, even though you didn't actually commit the crime, so hand it over or we'll put you out of work."
Andy Smith might have saved himself a lot of pain, and you can't blame him for that, but he's also absolutely right in his final assessment that it wasn't the right thing to do; this tactic needs to be booted up to higher courts and stopped ASAP. Putting a *suspected* criminal on the spot like that is bad enough, but doing so to someone you *know* is innocent of the crime in question is completely and utterely unacceptable for any country that doesn't want to lay claim to being a police state.
Not 100% sure either, but I think this is entirely on Hopkins. If she was acting in an "official capacity" and using a Daily Mail specific account then the lawsuit would have probably been brought against the paper based on past incidences of a similar nature in the UK, including one for a column of Hopkins' that was a £150k loss for the Daily Mail. Making an employer liable for what an employee does on their own personal account - even if apparently in an "offfical capacity" - seems like a slippery slope no employer - and especially not the Daily Mail with its outspoken and hate-filled staff - is going to want to even walk up to, let alone step foot on.
It's probably no surprise that the Daily Mail doesn't seem in any rush to report on this story though; a shame, because the lies and spin they'll no doubt put on this is likely to be some of their "best" work.
Entropy is the key. The biggest problem with the idea of a "password rule" is that it lacks the final "s"; there are any number of ways of generating secure passwords, but most sites that implement a password rule do so based on a single rule, not several alternatives. If someone wants to use a string of gibberish with sufficient entropy, that should be fine. If someone else wants to use some random words with sufficient entropy, that should also be fine. If a third person wants to use some biometric/OTP tool or whatever that provides sufficient entropy, then that should be fine as well.
The ones that piss me off are ones that only allow/require a very small set of symbols, so I have to generate it and tweak it.
Set the appropriate options in KeePass that include a minimal superset of the permitted symbols, then click on the "Preview" button. You'll get a thirty sample passwords, at least one of which should fit the requirements - copy and paste it. If not, switch out of the Preview tab and back to get another set until you do get one that works with whatever subset of special characters the site permits. If in doubt, it's also a good idea to avoid any characters that might be used in an exploit - quotes, semi-colons, wildcards, etc. - as those tend to be the ones that fail lame input sanitization.
This, other than UPnP which is seriously broken for many devices. Except for the real entry level ones, most modern consumer routers will let you setup multiple networks and firewall them from each other right out of the box; you don't even need some third party option like Tomato or OpenWRT. The problem is that the UIs to do so are generally extremely clunky and poorly documented - and that's before you even start getting around to figuring out how to secure access to those IoT devices that you might actually want to be able to access from the Internet (hint: VPN) - or need to be able to access the Internet to even work (hint: barring where it's obviously necessary, avoid like the plague).
If you know what you are doing, it's usually not *that* painful to figure it all out and get it working, but the real problem comes from the fact that most people *don't* know what they are doing (including many who think they do) and have absolutely zero inclination to figure it out. If we accept that the IoT - insecure crap and all - probably isn't going away, then what's needed is a defence in depth approach with all of the vendors doing their part. That means the consumer and SoHo router vendors need to make network segregation, device isolation, firewalling and VPN setup *much* easier - and ideally automatically - right out of the box. Enforcing an admin password change and adding a simple way to setup an IoT VLAN and using some device ID techniques to create an initally and sane firewall ruleset would be a good start, having a VPN client app for mobile devices and allow would be even better, but what they really need is some form of IDS rather than just the IPS they currently have.
I've got most of that (just the next-gen setup wizard and automatic device identifcation is missing) on my router already, albeit it's on a considerably more expensive SoHo level product than your typical D-Link/NetGear/whatever home router, and far from as trivial as it needs to be to configure, but it's certainly possible. The problem is it's going to cost, it's going to take time to develop, and it's going to take even longer to deploy (how often *does* Joe Public replace a router? Probably only if/when he switches ISP or upgrades to a different connection type), so I wouldn't hold your breath on a quick fix coming any time soon.
Pretty sure the number of spammers that look at (or even see) bounces or rejects is near enough to zero as to make no difference, or if they do then they certainly don't seem to care about them. I'm still getting attempts to send spam to accounts and entire domains that have been refusing to accept email at the SMTP MTA for over decade, which is fine by me, because every single IP that does so gets submitted to a whole bunch of DNSBLs.
Or maybe they just have an intrusion detection system and Vickery or one of his helpers tripped over it while exfiltrating the data. Hopefully they've got enough for law enforcement to identify at least some of those involved and, ultimately, send them for a lengthy stay somewhere where they need to worry about unsolicited male.
That was the first thought I had after reading the headline too. I hope everyone keeps that in mind the next time the FBI trots out some variation of the "Won't somebody think of the children..." line to justify some over-reaching surveillance programme they are pushing, because they clearly don't believe it themselves.
Just spotted on the BBC: Londoner accidentally gets Uber to Croydon, via Bristol. That's a £467 bill for what should have been a ~30 minute journey (in central London) that took five additional hours and a few hundred extra miles because the Uber driver didn't speak enough English to understand what the problem was when the passenger woke up and realised what was going on. To be fair to Uber, they're going to refund the fare as a goodwill gesture, but apropos to the story non-the-less.
I grabbed the 22MB zip file of domains on Cloudflare from this page, which supposedly contains a superset of the sites that *might* have been infected by CloudBleed - e.g. not all the sites included have a problem, but all those that did are in the list. I then dumped a list of all the domain names in my Password Manager to a second text file and used "egrep -f" to see which domains were in both files. That turned out to be a pretty short list considering the supposed reach of CloudFlare, so I then worked through those domains and updated those passwords (increasing length and complexity where I could as well), just in case. Done.
The whole process took me less than 15 minutes and, barring future developments, CloudBleed is now hopefully in my rear view mirror. Not that I consider the odds of any of my data being leaked likely to cause much pain cleaning up the aftermath anyway - one of the benefits of unique passwords for every single site.
It definitely ought to be in the mandatory curriculum somewhere before students get to their mid-teens, and science classes are probably the best fit, or maybe whatever class any debating skills get put into where you are (if any). On the other hand though, putting it into religious education classes would actually be far more likely to get some interesting debates going that would help more students realise why it matters - not to mention providing some absolutely *hilarious* videos for YouTube! Sadly, thanks to all these precious snowflakes and their need for "safe spaces", we'll just have to keep making do with more cat videos...
It seems like this particular wheel gets regularly reinvented; when I was in higher education the most often cited work on this was the chapter of Carl Sagan's 1995 work "The Demon-Haunted World: Science as a Candle in the Dark" entitled "The Fine Art of Baloney Detection" (PDF link) which, rather fittingly, opens with a quote from an even earlier passage on the subject:
The human understanding is no dry light, but receives an infusion from the will and affections; whence proceed sciences which may be called “sciences as one would.” For what a man had rather were true he more readily believes. Therefore he rejects difficult things from impatience of research; sober things, because they narrow hope; the deeper things of nature, from superstition; the light of experience, from arrogance and pride, lest his mind should seem to be occupied with things mean and transitory; things not commonly believed, out of deference to the opinion of the vulgar. Numberless in short are the ways, and sometimes imperceptible, in which the affections colour and infect the understanding.
Francis Bacon, Novum Organon (1620)
I wonder if there's any correlation between those reinventions and the level of bullshit in the world.
They want the patents, the user data, and the stake in Alibaba.
Still vastly overpriced when you consider that the bulk of the user data is available for a hell of a lot less on the darknet (and not so darknet), so any exclusivity you might have had to it is long gone - anyone else who wants the data can have it well - and it's anyone's guess how many accounts are still truly active. There's also the general push back against tech-patents that don't involve actual tangible innovations (e.g. most - if not all - of the Yahoo! portfolio) and how much you generally need to spend on lawyers to leverage any patent assets you may have. Even you manage to successfully navigate the minefield of prior-art, amicus briefs opposing your claims, and convince a jury who quite probably has no real idea what anyone is talking about, there's still no guarantee the judge will award the massive damages you are hoping for, and the process can takes years of bad PR too - see Oracle vs. Google and (of course) SCO vs. The World.
The Alibaba stock is definitely worth something though, but in that case Verizon might actually be better off just using some third parties to buy up Alibaba shares on the open market rather than going the the pains of a trying to pick over Yahoo!'s carcass for any remaining scraps of fat and gristle that might still have a tiny bit of residual value. It's surely not going to be too long before Yahoo! would be forced to start selling off assets to keep the lights on anyway, and since the only real asset it has that it can sell is its stake in Alibaba...
It appears Hollywood may have also essentially done a remake set on the ISS in "Life" due out next month, complete with a 155 second Youtube trailer that seems to pretty much give the entire plot away. As if that's not bad enough, it's entirely possible there may also be some kind of message about the current political situation regarding illegal aliens in there too just for good measure, but at least it looks pretty...
Completely useless for anyone using a VPN with an endpoint that doesn't transit Cogent to get to Cloudflare, and even if that is the case you can *still* work around it since assigned IPs on Cloudflare are entirely administrative and almost any Cloudflare IP will work as long as you present a valid hostname and HTTP header. Add $blocked_site to your hosts file with a different IP (104.31.18.31 instead of 104.31.18.30, for example) and off you go.
Slashdot Mirror
Clearly the poster was using one of Boston's new maps. Europe is much smaller now, so they've probably had to omit some letters to make everything fit.
Google might have *some* of that data - possibly even the MAC, if it's an Android device - but even with Google's reach, expecting them to be able to produce that data on a whole bunch of essentially random Google users just based on their searches seems a bit of a stretch. Am I missing something here, or is it just those involved in writing and granting the warrant badly need to run a few Google searches of their own?
But I tried the other kind, turns out I hate western too. :(
Give the "hello_1984.m", I rather suspect it's a play on the scene from George Orwell's "1984" where Winston gets tortured by O'Brien over the number of fingers he's holding up rather the number of lights based rip-off Trek did (it was TNG not DS9, btw).
Maybe it's down to whether or not you signed up to (AKA, "didn't opt out of") the "Customer Experience Improvement Programme" or not. I mean, seriously, even the name reeks of something cooked up by a marketing weasel somewhere and, let's face it, what marketing droid doesn't see selling more product as "improving the customer experience" (AKA, "meeting my targets and getting my bonus")?
Microsoft is run by marketing flacks, not by developers. It's been that way since Bill Gates handed over the reins. Why do people still act surprised when they behave like a shady marketing department?
I never cease to be amazed how many people think vacuum exerts a massive amount of pressure; Hollywood has a *LOT* to answer for for all those ridiculous explosive decompression scenes. The pressure between hard vacuum and atmosphere at sea level is exactly 1 atmosphere; you can get more pressure differential in a typical swimming pool. There's a reason spacecraft are about as rigid as a tin can and submarines are built out of many tonnes of steel and titanium, and it's that one has to deal with some pressure and the other... doesn't. If anything, the tube of the hyperloop is likely to be under more stress from the capilliary action of the vehicles (are we going with rail terminology and calling them "cars" or something else?) and bowshock in the less than perfect vacuum then pressure from the external atmosphere.
GMT+1 is the time most of the EU is on, whereas GMT is quintessentially a BRITISH thing; it's right there in the name! With the almost wall-to-wall "Fuck You, EU!" attitude from most of the the media and around half the population in the UK, if you ever wanted to scrap daylight savings and standardise on GMT I'd say the next couple of years are when you want to push for it.
It would be up to the higher court to decide, but the UK's system definitely allows for judges in the lower court to be sanctioned although I have no idea what constraints there might be on the limits of those, or how they might be applied if they determined that this was a case of overreach or some such. There are also some specific rules and procedures for the legal system in Scotland, so things might be a little different in the first level of appeal than it might be in England and Wales, but do they share the same Supreme Court, so it would also depend on how far it went through the system. Ironically (or is it serendipitously?), given the threat applied to the photographer, loss of job for the judge is definitely an available sanction, but I'm only aware of that being applied is some *really* severe cases of judicial malpractice.
You've completely missed the point. While the seizure of the images was an issue, the *real* issue was that they threatened to take away his tools of the trade if he didn't comply, and that the threat is still standing even though he *has* complied and provided them with copies. It's the next step down the slippery slope started with "provide your encyption keys, or we'll lock you up" that could be applied to people they suspected of a crime, only now it's "we think you might have some evidence, even though you didn't actually commit the crime, so hand it over or we'll put you out of work."
Andy Smith might have saved himself a lot of pain, and you can't blame him for that, but he's also absolutely right in his final assessment that it wasn't the right thing to do; this tactic needs to be booted up to higher courts and stopped ASAP. Putting a *suspected* criminal on the spot like that is bad enough, but doing so to someone you *know* is innocent of the crime in question is completely and utterely unacceptable for any country that doesn't want to lay claim to being a police state.
Not 100% sure either, but I think this is entirely on Hopkins. If she was acting in an "official capacity" and using a Daily Mail specific account then the lawsuit would have probably been brought against the paper based on past incidences of a similar nature in the UK, including one for a column of Hopkins' that was a £150k loss for the Daily Mail. Making an employer liable for what an employee does on their own personal account - even if apparently in an "offfical capacity" - seems like a slippery slope no employer - and especially not the Daily Mail with its outspoken and hate-filled staff - is going to want to even walk up to, let alone step foot on.
It's probably no surprise that the Daily Mail doesn't seem in any rush to report on this story though; a shame, because the lies and spin they'll no doubt put on this is likely to be some of their "best" work.
Entropy is the key. The biggest problem with the idea of a "password rule" is that it lacks the final "s"; there are any number of ways of generating secure passwords, but most sites that implement a password rule do so based on a single rule, not several alternatives. If someone wants to use a string of gibberish with sufficient entropy, that should be fine. If someone else wants to use some random words with sufficient entropy, that should also be fine. If a third person wants to use some biometric/OTP tool or whatever that provides sufficient entropy, then that should be fine as well.
Set the appropriate options in KeePass that include a minimal superset of the permitted symbols, then click on the "Preview" button. You'll get a thirty sample passwords, at least one of which should fit the requirements - copy and paste it. If not, switch out of the Preview tab and back to get another set until you do get one that works with whatever subset of special characters the site permits. If in doubt, it's also a good idea to avoid any characters that might be used in an exploit - quotes, semi-colons, wildcards, etc. - as those tend to be the ones that fail lame input sanitization.
Is that all? I would consider that terrible news. That means that several millions are yet to be exploited.
FTFY.
This, other than UPnP which is seriously broken for many devices. Except for the real entry level ones, most modern consumer routers will let you setup multiple networks and firewall them from each other right out of the box; you don't even need some third party option like Tomato or OpenWRT. The problem is that the UIs to do so are generally extremely clunky and poorly documented - and that's before you even start getting around to figuring out how to secure access to those IoT devices that you might actually want to be able to access from the Internet (hint: VPN) - or need to be able to access the Internet to even work (hint: barring where it's obviously necessary, avoid like the plague).
If you know what you are doing, it's usually not *that* painful to figure it all out and get it working, but the real problem comes from the fact that most people *don't* know what they are doing (including many who think they do) and have absolutely zero inclination to figure it out. If we accept that the IoT - insecure crap and all - probably isn't going away, then what's needed is a defence in depth approach with all of the vendors doing their part. That means the consumer and SoHo router vendors need to make network segregation, device isolation, firewalling and VPN setup *much* easier - and ideally automatically - right out of the box. Enforcing an admin password change and adding a simple way to setup an IoT VLAN and using some device ID techniques to create an initally and sane firewall ruleset would be a good start, having a VPN client app for mobile devices and allow would be even better, but what they really need is some form of IDS rather than just the IPS they currently have.
I've got most of that (just the next-gen setup wizard and automatic device identifcation is missing) on my router already, albeit it's on a considerably more expensive SoHo level product than your typical D-Link/NetGear/whatever home router, and far from as trivial as it needs to be to configure, but it's certainly possible. The problem is it's going to cost, it's going to take time to develop, and it's going to take even longer to deploy (how often *does* Joe Public replace a router? Probably only if/when he switches ISP or upgrades to a different connection type), so I wouldn't hold your breath on a quick fix coming any time soon.
Pretty sure the number of spammers that look at (or even see) bounces or rejects is near enough to zero as to make no difference, or if they do then they certainly don't seem to care about them. I'm still getting attempts to send spam to accounts and entire domains that have been refusing to accept email at the SMTP MTA for over decade, which is fine by me, because every single IP that does so gets submitted to a whole bunch of DNSBLs.
Or maybe they just have an intrusion detection system and Vickery or one of his helpers tripped over it while exfiltrating the data. Hopefully they've got enough for law enforcement to identify at least some of those involved and, ultimately, send them for a lengthy stay somewhere where they need to worry about unsolicited male.
That was the first thought I had after reading the headline too. I hope everyone keeps that in mind the next time the FBI trots out some variation of the "Won't somebody think of the children..." line to justify some over-reaching surveillance programme they are pushing, because they clearly don't believe it themselves.
So, where would you like to go?
Let's start with the local shopping mall, some utility companies, and a real estate agent, please!
A job interview *is* a two way street, you know?
Just spotted on the BBC: Londoner accidentally gets Uber to Croydon, via Bristol. That's a £467 bill for what should have been a ~30 minute journey (in central London) that took five additional hours and a few hundred extra miles because the Uber driver didn't speak enough English to understand what the problem was when the passenger woke up and realised what was going on. To be fair to Uber, they're going to refund the fare as a goodwill gesture, but apropos to the story non-the-less.
I grabbed the 22MB zip file of domains on Cloudflare from this page, which supposedly contains a superset of the sites that *might* have been infected by CloudBleed - e.g. not all the sites included have a problem, but all those that did are in the list. I then dumped a list of all the domain names in my Password Manager to a second text file and used "egrep -f" to see which domains were in both files. That turned out to be a pretty short list considering the supposed reach of CloudFlare, so I then worked through those domains and updated those passwords (increasing length and complexity where I could as well), just in case. Done.
The whole process took me less than 15 minutes and, barring future developments, CloudBleed is now hopefully in my rear view mirror. Not that I consider the odds of any of my data being leaked likely to cause much pain cleaning up the aftermath anyway - one of the benefits of unique passwords for every single site.
It definitely ought to be in the mandatory curriculum somewhere before students get to their mid-teens, and science classes are probably the best fit, or maybe whatever class any debating skills get put into where you are (if any). On the other hand though, putting it into religious education classes would actually be far more likely to get some interesting debates going that would help more students realise why it matters - not to mention providing some absolutely *hilarious* videos for YouTube! Sadly, thanks to all these precious snowflakes and their need for "safe spaces", we'll just have to keep making do with more cat videos...
I wonder if there's any correlation between those reinventions and the level of bullshit in the world.
Still vastly overpriced when you consider that the bulk of the user data is available for a hell of a lot less on the darknet (and not so darknet), so any exclusivity you might have had to it is long gone - anyone else who wants the data can have it well - and it's anyone's guess how many accounts are still truly active. There's also the general push back against tech-patents that don't involve actual tangible innovations (e.g. most - if not all - of the Yahoo! portfolio) and how much you generally need to spend on lawyers to leverage any patent assets you may have. Even you manage to successfully navigate the minefield of prior-art, amicus briefs opposing your claims, and convince a jury who quite probably has no real idea what anyone is talking about, there's still no guarantee the judge will award the massive damages you are hoping for, and the process can takes years of bad PR too - see Oracle vs. Google and (of course) SCO vs. The World.
The Alibaba stock is definitely worth something though, but in that case Verizon might actually be better off just using some third parties to buy up Alibaba shares on the open market rather than going the the pains of a trying to pick over Yahoo!'s carcass for any remaining scraps of fat and gristle that might still have a tiny bit of residual value. It's surely not going to be too long before Yahoo! would be forced to start selling off assets to keep the lights on anyway, and since the only real asset it has that it can sell is its stake in Alibaba...
It appears Hollywood may have also essentially done a remake set on the ISS in "Life" due out next month, complete with a 155 second Youtube trailer that seems to pretty much give the entire plot away. As if that's not bad enough, it's entirely possible there may also be some kind of message about the current political situation regarding illegal aliens in there too just for good measure, but at least it looks pretty...
Completely useless for anyone using a VPN with an endpoint that doesn't transit Cogent to get to Cloudflare, and even if that is the case you can *still* work around it since assigned IPs on Cloudflare are entirely administrative and almost any Cloudflare IP will work as long as you present a valid hostname and HTTP header. Add $blocked_site to your hosts file with a different IP (104.31.18.31 instead of 104.31.18.30, for example) and off you go.