Actually, OP is probably right not to get your hopes up. The ASA is pretty toothless in practice; their track record is usually "Don't use that advert again!" and the occassional slap on the wrist fine and/or requirement to print a retraction in the media. I don't recall a single instance where they've actually required compensation, let alone refunds, be paid to someone who fell for the misleading advertising before it got pulled.
It's actually "Ernst & Young (Hong Kong)" - i.e. "China" - specifically, rather than Ernst and Young in general, but that caught my eye as well. In fact, there's a lot of things about the write up that imply that Mozilla at least suspects some high level corruption on behalf of multiple actors in this but is just being politic about it, and especially so if you keep in mind what some of WoSign's "errors" might enable in terms of censorship and surveillance.
Firefox alone, possibly not. However, Mozilla's certificate store is also the one commonly used by NSS on Linux which might not be so big on the web browser front, but that's going to cause a lot of problems for people trying to use any post-revocation WoSign/Startcom certificates to send email through Linux gateways using TLS. Also, while I didn't mention it in the submission since it's far from certain, there's a reason the response is on GoogleDocs; one of the authors (Ryan Sleevi) is a Google employee heavily involved in CA management for Chromium, so it's possibly just a matter of time before Google Chrome drops them as well. Historically on CA trust violations Mozilla, Google and Microsoft have generally all done the same thing in roughly the same timeframe, so if both Mozilla and Google are going to revoke...
You've read the list of hoops that they'll have to jump through to get re-listed, right? Assuming they survive the suspension to even try and get re-listed that is. The real kicker is that they have to be audited by an agency appointed by Mozilla before that happens, which doesn't seem like something they'd be too keen on at the best of times. If you look at some of the issues Mozilla has with them in the light of the normal modus operandi of the Chinese government and it would seem the chances of them actually requesting to have a someone outside their control come along and subject them to an audit is pretty close to zero.
As the submitter, I pitched it as possibly draconian because they're basically proposing to kill the business of both WoSign and, more critically perhaps, Startcom. It might be presented as a one year timeout but, realistically, what business can survive for an entire year without actually being able to generate any revenue, and even if they survive that long have to jump through some pretty big hoops before they can start operations again - including having Mozilla appoint someone to audit them and their code? There's also the issue of Startcom - until around year ago they were their own (Israeli) business and a lot of people took advantage of Startcom's free certificates - they were in many ways the forerunner of Let's Encrypt in bringing SSL/TLS to the masses - and those users are going to get at least slightly singed as well.
Anyway, since the story isn't really the place for the writer's opinion and the comments are, for the the record I think that WoSign really screwed up, they deserve what they get, and this a good solution for this and future CA incidents that minimises the fallout on those customers who already have one of their certs. Also, once they finalise this, I think Mozilla's next step should be to write this up as policy and then try and get Google, Microsoft and Apple on board with it as an agreed template for multilaterally handling the inevitable future incidents. The whole root CA system is only as strong as its weakest link, and if it's going to survive as a viable means of establishing trust then when weak links are identified they need to be removed with prejudice as soon as possible - it's not just great power that requires great responsibility; it's trust too.
In the specific context of whether the IoT devices under discussion have been rooted or not, abnormal traffic actually does tend to stick out a bit. Legit traffic will generally be restricted to your internal network, plus a selection drawn from the vendor (and possibly a few "partners"), a cloud service operator or two, and a small pool of ISPs/MNOs that are are used to access the device remotely, depending on the device type and usage patterns - a finite set of IP ranges that will come up continually. Botnet activity is going to consist of periods of extra high activity to either one fixed address that probably isn't in that pool (e.g. a DDoS of Brian Kreb's website) or periods of extra high activity to lots of IP addresses not in that pool (e.g. co-opted to send spam). You can also draw a pretty firm conclusion that you've been hacked from things like time of day when activity occurs (why is it streaming data all night?), protocols being used (why is my DVR sending lots of email?), and so on.
Not something that a typical user is likely to be able to do, of course, but if you've got a basic grasp of networking fundamentals and can put that together with your knowledge of how you are using the device, then getting a yes/no on whether a device has been compromised from logs isn't that hard to do, even without some baseline data of what's "normal".
these days a lot of equipment ships with unique random passwords
True, but more often than not it's derived from the MAC address (probably programmatically on boot with a defaulted config so they don't have to program each device in the factory) which is an absolutely horrible idea for WiFi enabled devices. If a (l)user sees an apparently random string of hex, conveniently also printed onto a sticker on the box so they don't have to remember it, it's a pretty safe bet that they are going to think it's secure and, quite possibly, not something they should change because that sticker looks important. Not a major problem for someone connecting over the Internet (although if they can ID the device make/model, they've got the OID and hugely reduced the brute force effort), but a serious issue if someone happens to be coming in over your WiFi and can connect directly.
ALWAYS change your default password, and the username too, if it'll let you.
Pretty much this, and given how bad many IoT devices are, even if you do change the passwords, etc., it's safer to just assume that they already have been compromised, or that they will be. Since we're talking retrospectively here, set up some connection logging on your outbound router. See if there's anything in the logs that's not what you were expecting, bearing in mind that they'll almost certainly be phoning home to "check for updates" and "backup your data to the cloud" (AKA "monetize your data"). Done. A better approach would have been to be more proactive (because the typical SoHo router vendor sure as hell won't be); as a minimum lock down anything you don't need, put all the IoT type devices on a dedicated network away from the stuff that matters, and configure the router to send an alert when anything anomalous happens. Bonus points for things like implementing BCP38 locally so even when you are compromised at least tried to minimise the damage, enabling syslog and actually monitoring the output, and other basic security principles.
I can't see Brian Krebs moving to Cloudflare under any circumstances. He's lain into them far too many times, and will likely continue to do so, over their support of various cybercrime operations like the vDOS stressor that his exposure of - and arrest of two suspects - likely lead to someone launching the DDoS that took him off line earlier this week. As Krebs sees it, Cloudflare are a major part of the problem and their activities are highly questionable since they directly benefit from people seeking protection from the very services Cloudflare are helping stay in operation; it just makes it easier to keep the moral highground if he's hosted elsewhere. Cloudflare's view is that because they are not actually hosting the sites themselves, just hosting a reverse proxy that redirects traffic to them, they are on firm legal ground and are doing nothing wrong.
Something to think about, if you're in the market for DDoS protection...
Then you're doing it wrong. You need to either, 1) slipsteam your install media with all the patches and do your build(s) that way, or 2) disconnect the network, install from SP1 media, reboot, then install the "Convenience Update" (KB3125574) (AKA SP2, released in April), reboot again, then connect it up and let it get the remaining post-April updates. Both approaches are far from perfect, and still have the odd glitch, but they are a lot more efficient than letting an new SP1 install try to patch itself.
Still not even remotely close to the efficiency of Linux's approach of an integrated download of any updated packages during the install, then a single reboot though...
Most people don't get an unfiltered email feed any more; your ISP or webmail provider will be rejecting or dumping a lot of the more obvious junk long before it even comes close your spam folder, let alone your inbox, so unless you are running your own mail server and can see all the inbound email unfiltered and are monitoring SMTP rejects it's much harder to tell. Cisco Talos is essentially going to be using the SpamCop feed and traps to make their assessments, so they have access to a *lot* of "raw" SMTP traffic on which to base their judgement. I only run a relatively small number of spam traps to get some spam for teaching Bayes because my MTA level filtering blocks out upwards of 90% of the crap before it even gets to SpamAssassin so there's a larger margin of error and not the >100% rise Talos is seeing, but even so I'm seeing a sharp uptick in volume and a lot more port scanning for SMTP servers than has been the case for quite some time.
I'm sure there's a lot of election related phishing out there too, and I've got lots of examples of that too, but as I noted all of this is pointed entirely at genuine Trump/GOP domains with a few MSM ones thrown in for citations; it's almost certainly genuine campaign spam from Trump or one of his supporters acting (possibly independently) on his behalf - there are no dodgy domains at all (unless you want to count Fox News), including in the mail headers, which are from a legit ESP. They're also hitting spamtraps that go back years (some were only ever seeded on Usenet over a decade ago) so either someone in Trump's campaign, officially or otherwise, has been buying really low quality mailing lists, or someone has fed them a bunch of email addresses from them.
Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.
Can't say I'm at all surprised by that. I've been getting a steady stream of what appear to be genuine emails from the Trump campaign (all the links are to legit Trump and GOP domains, plus a few MSM ones) asking for donations for a few weeks now. There's a whole bunch of problems with that, other than it being UBE - I'm a British citizen so I don't think Trump can legally accept my donation anyway; several of the domains involved are within the.uk ccTLD; and the addresses concerned are all (and always have been) spam traps. And yes, I have been forwarding them all to the FEC.
Seriously, Donald, if you're going to let your campaign team buy email lists from who-knows-where and spam the shit out of them, they could at least do some basic list washing first - it's starting to look like Hillary isn't the only one with an incompetent email admin team...
Actually, that's not the case, despite a lot of the coverage claiming it is. It's the largest seen by by Akamai, but OVH reported a DDoS peaking at 800Gb/s earlier the same day - although there are no indications of a connection (yet?). What's perhaps more interesting about the DDoS on Krebs isn't the size of it so much that it apparently wasn't a UDP amplification attack, which is the norm for DDoS these days, but TCP/GRE - the botnet used was generating all that traffic on its own Both attacks are far larger than any one group was thought capable of doing (until now) and might be an indication that the number of botnet operators might not be as large as suspected, but instead consists of a smaller number of operators with multiple botnets under their control.
To the economy as a whole, yes, the impact of the loss of passporting has the potential to be far worse, but that will take a while to trickle down to the man on the street and will be harder to directly attibute to BrExit when it gets there, especially given the poor grasp of cause and effect demonstrated by both camps during the campaign. Going to WTO defaults is far more immediate, hits everyone, and is directly and unequivocally attributable to BrExit. Having prices go up by a few percent because of extra trade tariffs, plus a few more percent dealing with the bureaucratic overhead is far more immediate, impacts everyone, and will likely result in some smaller (and probably not so small) import/export based businesses failing because they can't handle it.
That last bit is the key, and is what the Leave campaigners were railing against in the link I gave; it means the reintroduction of additional border checks, sample testing, warehouseing costs while all that takes place, and lots more red tape. For UK businesses that have grown accustomed to goods sailing back and forth to the EU with minimal border controls and delays, that's going to have a huge impact over and above the import/export tariffs; more paperwork, longer and more variable end-to-end shipping times playing havoc with just in time delivery (especially for perishable goods), more staff required to handle it all, and on and on - all of which adds up to more costs to be passed on up the chain to the man on the street. Here's a telling quote (and, remember, this is from a Pro-Leave group):
One can say, unequivocally, that the UK could not survive as a trading nation by relying on the WTO Option. It would be an unmitigated disaster, and no responsible government would allow it. If, on the other hand, the official Leave campaign adopts it, the Remain side will be counting its blessings.
In effect, what the V4 group have done with that statement of intent is made BrExit into a more binary choice - and one they absolutely have the power to force - between an exit so soft that we might as well not bother and stick with what we have now, or an exit so hard we're almost certainly going to be economically fucked through the combined loss of passporting and fallback to WTO trade frameworks for years to come.
The UK isn't in Schengen, so that's moot - there's a difference between not requiring ID to cross borders (Schengen) and needed to go through EU immigation controls at the border (non-Schengen) too. Now that the EU has us over a barrel however I'm sure some of them - like the Visegrad Group, or V4, (Czech Republic, Hungary, Poland and Slovakia) - might just try and insist that we adopt Schengen if we wish to have continued access to the EEA free trade area.
On the subject of the V4, their position does perhaps make how things are going to end up a little clearer to predict - provided that they are not just bluffing. Basically, they have promised to veto any Article 50 agreement that doesn't continue to allow free travel (with ID) for their citizens to the UK, as is currently the case. Any Article 50 agreement requires a unanamous vote in favour - all 27 remaining countries - so the only agreement V4 wil accept is a *very* soft exit, which simply won't be acceptable to Leave supporters. Likewise any extension of the two year period requires all 27 nations to agree which is equally unlikely so, two years after the UK invokes Article 50 whenever that is, it defaults to a hard exit with no trade agreements in place - the UK ceases to be member of the EU and becomes just another country with no established trade agreements in place.
That will no doubt make many in the Leave camp very happy... until the implications of having all the EU's trade treaties become null and void and WTO defaults kicking in strike home because they really, really, suck - why else would governments spend so much time negotiating treaties with each other? If we're lucky, we'll have that covered by getting an agreement to maintain the existing EU trade agreements as an interim measure as a stop gap, but if we end up in WTO defaults with one or more of our major trading partners, we're basically screwed - something even Pro-Leave groups concur with.
Nothing should *ever* be opt-out. The default should always be to opt-in. If you can't make that enabling process easy to do and successfully sell the idea to your prospective end users (AKA "source of data" - because they are absolutely going to be saving all your DNS queries as "metadata"), then maybe it wasn't such a good idea to start with.
People have been claiming that automation will lead to vast numbers of unemployed since the early days of the industrial revolution - the original Luddites - and, to date, have been demonstrably in error. It's known as the Luddite Fallacy, or sometimes as Technological Unemployment. The increased use of robotics in industry, manufacturing, and other sectors, is almost certainly just the latest change that will ultimately just result in another redistribution of the labour pool to areas that have not been automated. It still sucks if you are one of those put out of work by a robot and have to try and find employment elsewhere, but doom and gloom on a national scale is just FUD.
Oh, sure, the make up of the speakers was absolutely diverse enough by any reasonable standards. Just not diverse in the particular way necessary to satisfy this particular pro-diversity protester's personal biases.
When you get right down to it most pro-diversity protesters are just as biased and bigotted as those they are supposedly protesting against, they're just too tied up in their own one-horse personal agendas (disability, gender, race, religion, whatever) to see it. Either you promote equality for ALL, or you can GTFO because you are no better than the rest of the bigots.
A bit borderline on the Godwin there, aren't we?:) Anyway, I think the real reason for this is that he knew he was likely going down and went for the plea deal instead. Assuming that he can name and shame enough of the C-level execs who were also involved he might at least get a stay in white-collar jail with a chance of getting out in a reasonable timescale, assuming he goes down at all. They wouldn't have offered the deal in the first place if they didn't think he had some dirt on the bigger fish to parley it for, so for his sake he'd better have filed all those emails safely away...
They seem to, at least unless you specifically opt not to have one when buying new - I've certainly never had a hire car without one yet, and they're typically less than a year or two old. Unless it's going to market in those countries where smoking is still a widely accepted thing to do, I think the general expectation from manufacturers is that it's increasingly more likely to be used for power rather than as an actual cigarette lighter though.
As someone who frequently uses hire cars, I can absolutely back this up with experience. I have *never* seen any sign that a rental agency has wiped data captured from previous renters; where applicable there has almost always been previous satnav destinations, playlists, media files, and other details saved on the in-car system. Ideally, the only thing you want to connect your phone to in a rental is a USB charging cable plugged into the cigarette lighter, but failing that at least make sure that you have established what data will transfer and how you can wipe it once your rental is over although even that is assuming that the car won't do something stupid to your phone.
Yeah, it would be all in the timing. You'd definitely want the first stages of planetary accretion completed in order to to get most of the initial gas and dust into a form that can be turned into asteroid sized building blocks, yet avoid things reaching the point where you have proto-planets that are binding up most of your heavy metals in a mostly molten state. I suppose that you *could* get in earlier than that if your construction tools and processes were to include a "Space Balls" style cosmic vacuum cleaner and handling of molten minerals did not present a major challenge either, of course, but waiting until to have to unbind major iron planets and strip the atmospheres from gas giants doesn't seem like the most efficient approach. The sweet spot is probably right around the time that gas giants are starting to form as by that point the bulk of the dust and gas will have been pulled into common orbits with some rocky elements and protoplanets helping to bind it all up until you need it for construction.
Alternatively, maybe you skip all that and actually manage the early formation of the protoplanets in the first place by getting them into convenient orbits ready for the main construction phases, seeding some specifically to gravitationally "harvest" some of the denser regions of gas in the system, and so on. Steering a whole bunch of protoplanets of suitable size around on strategic orbits for a few hundred thousand years or so would almost certainly make things much cleaner in terms of rogue asteroids and other debris that could cause issues later on as well. It's not like you wouldn't have plenty of time; even with Dyson's original idea - that the sphere isn't actually solid - you're probably still going to need a lot more raw materials than one stellar dust cloud can provide, so you're likely to be shipping in materials from nearby star systems as well.
While I do think this is just some new natural phenomenon, just to play devil's advocate for a minute, which of these is likely to be the simplest and provide the longest return on investment for a suitably advanced civilization to construct a Dyson sphere from, assuming (as would be likely) that interstellar travel isn't a significant problem:
A: A mature star system, where most of the raw materials for construction have already coalesced into planets, and may only have 2/3 of its stellar life left.
B: A new star system, where most of the raw materials for construction are still drifting around in the form of large rocks and the star has its entire life left.
Pretty sure it's "B" - no matter how advanced your civilization might be, it's got to be easier to get your raw materials from asteroid sized chunks of ore that can be redirected into a more convenient orbit rather than strip mining a planet down to nothing and boosting all that mass up out of the (slowing diminishing) gravity well into suitable stellar orbits.
Slashdot Mirror
Actually, OP is probably right not to get your hopes up. The ASA is pretty toothless in practice; their track record is usually "Don't use that advert again!" and the occassional slap on the wrist fine and/or requirement to print a retraction in the media. I don't recall a single instance where they've actually required compensation, let alone refunds, be paid to someone who fell for the misleading advertising before it got pulled.
It's actually "Ernst & Young (Hong Kong)" - i.e. "China" - specifically, rather than Ernst and Young in general, but that caught my eye as well. In fact, there's a lot of things about the write up that imply that Mozilla at least suspects some high level corruption on behalf of multiple actors in this but is just being politic about it, and especially so if you keep in mind what some of WoSign's "errors" might enable in terms of censorship and surveillance.
Firefox alone, possibly not. However, Mozilla's certificate store is also the one commonly used by NSS on Linux which might not be so big on the web browser front, but that's going to cause a lot of problems for people trying to use any post-revocation WoSign/Startcom certificates to send email through Linux gateways using TLS. Also, while I didn't mention it in the submission since it's far from certain, there's a reason the response is on GoogleDocs; one of the authors (Ryan Sleevi) is a Google employee heavily involved in CA management for Chromium, so it's possibly just a matter of time before Google Chrome drops them as well. Historically on CA trust violations Mozilla, Google and Microsoft have generally all done the same thing in roughly the same timeframe, so if both Mozilla and Google are going to revoke...
You've read the list of hoops that they'll have to jump through to get re-listed, right? Assuming they survive the suspension to even try and get re-listed that is. The real kicker is that they have to be audited by an agency appointed by Mozilla before that happens, which doesn't seem like something they'd be too keen on at the best of times. If you look at some of the issues Mozilla has with them in the light of the normal modus operandi of the Chinese government and it would seem the chances of them actually requesting to have a someone outside their control come along and subject them to an audit is pretty close to zero.
As the submitter, I pitched it as possibly draconian because they're basically proposing to kill the business of both WoSign and, more critically perhaps, Startcom. It might be presented as a one year timeout but, realistically, what business can survive for an entire year without actually being able to generate any revenue, and even if they survive that long have to jump through some pretty big hoops before they can start operations again - including having Mozilla appoint someone to audit them and their code? There's also the issue of Startcom - until around year ago they were their own (Israeli) business and a lot of people took advantage of Startcom's free certificates - they were in many ways the forerunner of Let's Encrypt in bringing SSL/TLS to the masses - and those users are going to get at least slightly singed as well.
Anyway, since the story isn't really the place for the writer's opinion and the comments are, for the the record I think that WoSign really screwed up, they deserve what they get, and this a good solution for this and future CA incidents that minimises the fallout on those customers who already have one of their certs. Also, once they finalise this, I think Mozilla's next step should be to write this up as policy and then try and get Google, Microsoft and Apple on board with it as an agreed template for multilaterally handling the inevitable future incidents. The whole root CA system is only as strong as its weakest link, and if it's going to survive as a viable means of establishing trust then when weak links are identified they need to be removed with prejudice as soon as possible - it's not just great power that requires great responsibility; it's trust too.
In the specific context of whether the IoT devices under discussion have been rooted or not, abnormal traffic actually does tend to stick out a bit. Legit traffic will generally be restricted to your internal network, plus a selection drawn from the vendor (and possibly a few "partners"), a cloud service operator or two, and a small pool of ISPs/MNOs that are are used to access the device remotely, depending on the device type and usage patterns - a finite set of IP ranges that will come up continually. Botnet activity is going to consist of periods of extra high activity to either one fixed address that probably isn't in that pool (e.g. a DDoS of Brian Kreb's website) or periods of extra high activity to lots of IP addresses not in that pool (e.g. co-opted to send spam). You can also draw a pretty firm conclusion that you've been hacked from things like time of day when activity occurs (why is it streaming data all night?), protocols being used (why is my DVR sending lots of email?), and so on.
Not something that a typical user is likely to be able to do, of course, but if you've got a basic grasp of networking fundamentals and can put that together with your knowledge of how you are using the device, then getting a yes/no on whether a device has been compromised from logs isn't that hard to do, even without some baseline data of what's "normal".
True, but more often than not it's derived from the MAC address (probably programmatically on boot with a defaulted config so they don't have to program each device in the factory) which is an absolutely horrible idea for WiFi enabled devices. If a (l)user sees an apparently random string of hex, conveniently also printed onto a sticker on the box so they don't have to remember it, it's a pretty safe bet that they are going to think it's secure and, quite possibly, not something they should change because that sticker looks important. Not a major problem for someone connecting over the Internet (although if they can ID the device make/model, they've got the OID and hugely reduced the brute force effort), but a serious issue if someone happens to be coming in over your WiFi and can connect directly.
ALWAYS change your default password, and the username too, if it'll let you.
Pretty much this, and given how bad many IoT devices are, even if you do change the passwords, etc., it's safer to just assume that they already have been compromised, or that they will be. Since we're talking retrospectively here, set up some connection logging on your outbound router. See if there's anything in the logs that's not what you were expecting, bearing in mind that they'll almost certainly be phoning home to "check for updates" and "backup your data to the cloud" (AKA "monetize your data"). Done. A better approach would have been to be more proactive (because the typical SoHo router vendor sure as hell won't be); as a minimum lock down anything you don't need, put all the IoT type devices on a dedicated network away from the stuff that matters, and configure the router to send an alert when anything anomalous happens. Bonus points for things like implementing BCP38 locally so even when you are compromised at least tried to minimise the damage, enabling syslog and actually monitoring the output, and other basic security principles.
I can't see Brian Krebs moving to Cloudflare under any circumstances. He's lain into them far too many times, and will likely continue to do so, over their support of various cybercrime operations like the vDOS stressor that his exposure of - and arrest of two suspects - likely lead to someone launching the DDoS that took him off line earlier this week. As Krebs sees it, Cloudflare are a major part of the problem and their activities are highly questionable since they directly benefit from people seeking protection from the very services Cloudflare are helping stay in operation; it just makes it easier to keep the moral highground if he's hosted elsewhere. Cloudflare's view is that because they are not actually hosting the sites themselves, just hosting a reverse proxy that redirects traffic to them, they are on firm legal ground and are doing nothing wrong.
Something to think about, if you're in the market for DDoS protection...
Then you're doing it wrong. You need to either, 1) slipsteam your install media with all the patches and do your build(s) that way, or 2) disconnect the network, install from SP1 media, reboot, then install the "Convenience Update" (KB3125574) (AKA SP2, released in April), reboot again, then connect it up and let it get the remaining post-April updates. Both approaches are far from perfect, and still have the odd glitch, but they are a lot more efficient than letting an new SP1 install try to patch itself.
Still not even remotely close to the efficiency of Linux's approach of an integrated download of any updated packages during the install, then a single reboot though...
Most people don't get an unfiltered email feed any more; your ISP or webmail provider will be rejecting or dumping a lot of the more obvious junk long before it even comes close your spam folder, let alone your inbox, so unless you are running your own mail server and can see all the inbound email unfiltered and are monitoring SMTP rejects it's much harder to tell. Cisco Talos is essentially going to be using the SpamCop feed and traps to make their assessments, so they have access to a *lot* of "raw" SMTP traffic on which to base their judgement. I only run a relatively small number of spam traps to get some spam for teaching Bayes because my MTA level filtering blocks out upwards of 90% of the crap before it even gets to SpamAssassin so there's a larger margin of error and not the >100% rise Talos is seeing, but even so I'm seeing a sharp uptick in volume and a lot more port scanning for SMTP servers than has been the case for quite some time.
I'm sure there's a lot of election related phishing out there too, and I've got lots of examples of that too, but as I noted all of this is pointed entirely at genuine Trump/GOP domains with a few MSM ones thrown in for citations; it's almost certainly genuine campaign spam from Trump or one of his supporters acting (possibly independently) on his behalf - there are no dodgy domains at all (unless you want to count Fox News), including in the mail headers, which are from a legit ESP. They're also hitting spamtraps that go back years (some were only ever seeded on Usenet over a decade ago) so either someone in Trump's campaign, officially or otherwise, has been buying really low quality mailing lists, or someone has fed them a bunch of email addresses from them.
Can't say I'm at all surprised by that. I've been getting a steady stream of what appear to be genuine emails from the Trump campaign (all the links are to legit Trump and GOP domains, plus a few MSM ones) asking for donations for a few weeks now. There's a whole bunch of problems with that, other than it being UBE - I'm a British citizen so I don't think Trump can legally accept my donation anyway; several of the domains involved are within the .uk ccTLD; and the addresses concerned are all (and always have been) spam traps. And yes, I have been forwarding them all to the FEC.
Seriously, Donald, if you're going to let your campaign team buy email lists from who-knows-where and spam the shit out of them, they could at least do some basic list washing first - it's starting to look like Hillary isn't the only one with an incompetent email admin team...
Actually, that's not the case, despite a lot of the coverage claiming it is. It's the largest seen by by Akamai, but OVH reported a DDoS peaking at 800Gb/s earlier the same day - although there are no indications of a connection (yet?). What's perhaps more interesting about the DDoS on Krebs isn't the size of it so much that it apparently wasn't a UDP amplification attack, which is the norm for DDoS these days, but TCP/GRE - the botnet used was generating all that traffic on its own Both attacks are far larger than any one group was thought capable of doing (until now) and might be an indication that the number of botnet operators might not be as large as suspected, but instead consists of a smaller number of operators with multiple botnets under their control.
Sounds like Bill Jong Gates and APK might have a lot in common...
That last bit is the key, and is what the Leave campaigners were railing against in the link I gave; it means the reintroduction of additional border checks, sample testing, warehouseing costs while all that takes place, and lots more red tape. For UK businesses that have grown accustomed to goods sailing back and forth to the EU with minimal border controls and delays, that's going to have a huge impact over and above the import/export tariffs; more paperwork, longer and more variable end-to-end shipping times playing havoc with just in time delivery (especially for perishable goods), more staff required to handle it all, and on and on - all of which adds up to more costs to be passed on up the chain to the man on the street. Here's a telling quote (and, remember, this is from a Pro-Leave group):
In effect, what the V4 group have done with that statement of intent is made BrExit into a more binary choice - and one they absolutely have the power to force - between an exit so soft that we might as well not bother and stick with what we have now, or an exit so hard we're almost certainly going to be economically fucked through the combined loss of passporting and fallback to WTO trade frameworks for years to come.
The UK isn't in Schengen, so that's moot - there's a difference between not requiring ID to cross borders (Schengen) and needed to go through EU immigation controls at the border (non-Schengen) too. Now that the EU has us over a barrel however I'm sure some of them - like the Visegrad Group, or V4, (Czech Republic, Hungary, Poland and Slovakia) - might just try and insist that we adopt Schengen if we wish to have continued access to the EEA free trade area.
On the subject of the V4, their position does perhaps make how things are going to end up a little clearer to predict - provided that they are not just bluffing. Basically, they have promised to veto any Article 50 agreement that doesn't continue to allow free travel (with ID) for their citizens to the UK, as is currently the case. Any Article 50 agreement requires a unanamous vote in favour - all 27 remaining countries - so the only agreement V4 wil accept is a *very* soft exit, which simply won't be acceptable to Leave supporters. Likewise any extension of the two year period requires all 27 nations to agree which is equally unlikely so, two years after the UK invokes Article 50 whenever that is, it defaults to a hard exit with no trade agreements in place - the UK ceases to be member of the EU and becomes just another country with no established trade agreements in place.
That will no doubt make many in the Leave camp very happy... until the implications of having all the EU's trade treaties become null and void and WTO defaults kicking in strike home because they really, really, suck - why else would governments spend so much time negotiating treaties with each other? If we're lucky, we'll have that covered by getting an agreement to maintain the existing EU trade agreements as an interim measure as a stop gap, but if we end up in WTO defaults with one or more of our major trading partners, we're basically screwed - something even Pro-Leave groups concur with.
Nothing should *ever* be opt-out. The default should always be to opt-in. If you can't make that enabling process easy to do and successfully sell the idea to your prospective end users (AKA "source of data" - because they are absolutely going to be saving all your DNS queries as "metadata"), then maybe it wasn't such a good idea to start with.
People have been claiming that automation will lead to vast numbers of unemployed since the early days of the industrial revolution - the original Luddites - and, to date, have been demonstrably in error. It's known as the Luddite Fallacy, or sometimes as Technological Unemployment. The increased use of robotics in industry, manufacturing, and other sectors, is almost certainly just the latest change that will ultimately just result in another redistribution of the labour pool to areas that have not been automated. It still sucks if you are one of those put out of work by a robot and have to try and find employment elsewhere, but doom and gloom on a national scale is just FUD.
Oh, sure, the make up of the speakers was absolutely diverse enough by any reasonable standards. Just not diverse in the particular way necessary to satisfy this particular pro-diversity protester's personal biases.
When you get right down to it most pro-diversity protesters are just as biased and bigotted as those they are supposedly protesting against, they're just too tied up in their own one-horse personal agendas (disability, gender, race, religion, whatever) to see it. Either you promote equality for ALL, or you can GTFO because you are no better than the rest of the bigots.
A bit borderline on the Godwin there, aren't we? :) Anyway, I think the real reason for this is that he knew he was likely going down and went for the plea deal instead. Assuming that he can name and shame enough of the C-level execs who were also involved he might at least get a stay in white-collar jail with a chance of getting out in a reasonable timescale, assuming he goes down at all. They wouldn't have offered the deal in the first place if they didn't think he had some dirt on the bigger fish to parley it for, so for his sake he'd better have filed all those emails safely away...
They seem to, at least unless you specifically opt not to have one when buying new - I've certainly never had a hire car without one yet, and they're typically less than a year or two old. Unless it's going to market in those countries where smoking is still a widely accepted thing to do, I think the general expectation from manufacturers is that it's increasingly more likely to be used for power rather than as an actual cigarette lighter though.
As someone who frequently uses hire cars, I can absolutely back this up with experience. I have *never* seen any sign that a rental agency has wiped data captured from previous renters; where applicable there has almost always been previous satnav destinations, playlists, media files, and other details saved on the in-car system. Ideally, the only thing you want to connect your phone to in a rental is a USB charging cable plugged into the cigarette lighter, but failing that at least make sure that you have established what data will transfer and how you can wipe it once your rental is over although even that is assuming that the car won't do something stupid to your phone.
Yeah, it would be all in the timing. You'd definitely want the first stages of planetary accretion completed in order to to get most of the initial gas and dust into a form that can be turned into asteroid sized building blocks, yet avoid things reaching the point where you have proto-planets that are binding up most of your heavy metals in a mostly molten state. I suppose that you *could* get in earlier than that if your construction tools and processes were to include a "Space Balls" style cosmic vacuum cleaner and handling of molten minerals did not present a major challenge either, of course, but waiting until to have to unbind major iron planets and strip the atmospheres from gas giants doesn't seem like the most efficient approach. The sweet spot is probably right around the time that gas giants are starting to form as by that point the bulk of the dust and gas will have been pulled into common orbits with some rocky elements and protoplanets helping to bind it all up until you need it for construction.
Alternatively, maybe you skip all that and actually manage the early formation of the protoplanets in the first place by getting them into convenient orbits ready for the main construction phases, seeding some specifically to gravitationally "harvest" some of the denser regions of gas in the system, and so on. Steering a whole bunch of protoplanets of suitable size around on strategic orbits for a few hundred thousand years or so would almost certainly make things much cleaner in terms of rogue asteroids and other debris that could cause issues later on as well. It's not like you wouldn't have plenty of time; even with Dyson's original idea - that the sphere isn't actually solid - you're probably still going to need a lot more raw materials than one stellar dust cloud can provide, so you're likely to be shipping in materials from nearby star systems as well.
While I do think this is just some new natural phenomenon, just to play devil's advocate for a minute, which of these is likely to be the simplest and provide the longest return on investment for a suitably advanced civilization to construct a Dyson sphere from, assuming (as would be likely) that interstellar travel isn't a significant problem:
A: A mature star system, where most of the raw materials for construction have already coalesced into planets, and may only have 2/3 of its stellar life left.
B: A new star system, where most of the raw materials for construction are still drifting around in the form of large rocks and the star has its entire life left.
Pretty sure it's "B" - no matter how advanced your civilization might be, it's got to be easier to get your raw materials from asteroid sized chunks of ore that can be redirected into a more convenient orbit rather than strip mining a planet down to nothing and boosting all that mass up out of the (slowing diminishing) gravity well into suitable stellar orbits.