"Prime Video is a knockoff geared towards upselling. It's primary purpose isn't to be a streaming video platform, it's a false flag freebie for people who want fast shipping free."
Prime free shipping is available in like 6 countries.
"The DNS challenge requires that the device requesting the certificate have control over TXT records associated with the requested hostname, which is true of any dynamic DNS implementation."
Are you saying devices in the world have access to send dynamic DNS updates for a domain, of which they have a record pointing to an address that reaches the device?
I don't know that many people who habe domains just for their own devices at home...
Sure, it's technically possible, but it's also possible for the user to operate their own CA, but neithet are going to result in most users getting the app to work.
See Amazon WorkDocs. It does seem that this individual did leave to go to a direct competitor of a product he had provileged knowledge of. I am sure he could have found other work that doesn't compete directly with the AWS team he was involved in leading.
"Non-Compete Deal should be full pay with the same COL / pay raises that you should of gotten and full benefits for the term."
Typically in the case of both retention contracts and non-compete clauses, the remuneration provided in the position is much higher than you would get in circumstances nob-cimpete clauses are not required.
If you sign a non-compete clause without considering these aspects, you will need to find some other type of work if you leave while it in effect. If you didn't negotiate sufficient remuneration to make the restrictions worthwhile, you're doing it wrong.
Thete's a difference between being laid off while a retention contract/non-compete clause is in effect, and leaving voluntarily in direct violation of the contract.
If course they need to cancel the non-compete clause if you are laid off, they can't argue that you are critical to thier business while not being able/willing to employ you.
"or let Linux be a client for Windows drive sharing"
No, smbd isn't required for this, and nmbd is optional of you have working dns, winnind only required to map NT SIDs to Linux UIDs if the client is joined to a domain without RFC2307 schema.
So, no daemon required for that, mount.cifs from cifs-utils may be all you meed.
About 4 ran Windows, the rest Linux (RHEal7 mostly). About 2 of the Linux VMs had Samba (to store common large software packages used by developers). The shares weren't writable eccept by system administrators, and the underlying filesystems mounted noexec. SELinux set to enforcing.
It's not like it wpuld be a burden to patch those, and lots of mitigations if exploited before someone does patch them.
So your idea that 'Linux in the enterprise runs Samba' needs a qualifier.
"It might not be intentional. Linux distro's by default come with a whole load of server applications active; samba, avahi, cups, ntp, dhclient."
Please list one linux distro that installs and enables smbd by default.
The rest are not server-only software, cups is usually configured to listen on yhe loopback interface, and avahi and ntpd normally run as non-root
So the biggest risk is the dhcp client. One wonders if it is necessary for the dhcp client to listen all the time these days. Of course it should be possible to write a dhxp client that drops privs and requires the minimum capabilities to configure network interfaces.
Of course, all of these are optional, and you would only lose the feature provided by the service if you disable it, and updates won't re-enable anything you have disabled (unlike on Windows).
So, I don't think we willl see the same level of exploitation.
"Sure, but while it exists, removing net neutrality will allows ISPs to control the flow of information to your computer. Google will get a fat pipe, Joe's Startup search engine, not so much."
If I realise that accessing Joe's Startup search engine is slower than it should be, and I notice other discrepancies, why wouldn't I try a different ISP (fire up a PPPoE session on my laptop using a $2/5GB account from another ISP) and compare?
Oh, right, Americans haven't figured out how to separate the internet service provider from the access network provider.
Maybe you should regulate to ensure there is competition, rather than regulating the exact behaviour of the internet service on each provider?
Your Title II requirements would make sense for application on the access network, but a budget ISP running on top could offer a service where all video was throttled, or have usage caps, while other ISPs could offer totally unlimited neutral access (but it may be more expensive).
Many people who have never seen the inside.of an ISP believe.l capacity is free, but the reality is that it isn't, and the bandwidth hogs want everyone else to subsidise their usage.
Requiring virtual ISPs wpuld let the market decide what kind of offerings make sense while avoiding excessive monopolies.
"The internet was NOT invented for ISP profitability. Fuck this treasonous noise."
It also wasn't invented to be a retail-ISP subsidised distribution network for Netflix.
It was invented as a resilient network for military communication. And invention of the basics (TCP/IP) wasn't sufficient to even bring basic internet access to consumers.
The commercial ISPs funded the majority of the infrastructure that brought the internet to consumers, which also indirectly funded development of other protocols required for scaling the internet (e.g. BGP).
I also thought Americans believed in allowing the market to resolve problems.
Yes, the challenge.l is how to prevent a natural monopoly from becoming problematic.
And maybe the answer is to require all access networks to allow any virtual ISP to offer services on their network to any customer. This can usually be achieved with almost no additional capex by the access network, and whay capex there is can be recovered from service fees from ISPs. The biggest challenge is getting the network operator to split it's consumer-facing services from access network operations, and this is where you would need some regulation.
This model works quite well in other countries (e.g. the UK).
The Kereberos *protocol* does, as far as I know, satisfy these requirements.
Can you provide any evidence of any implementation besides Microsoft's, not satisfying the requirements in a typical configuration?
Yes, Microsoft's implementation of a Kerberos KDC seems to be broken due to having backwards-compatibility with NTLM, but that doesn't mean that the protocol itself is broken.
The problems here seem specific to Microsoft's implementation of Kerberos in their effort to retain backwards compatibility with NTLM.
"If we have an arbitrary SPN that is registered for a domain user account, then the NTLM hash of that userâ(TM)s accountâ(TM)s plaintext password is used for the service ticket creation. This is the key to Kerberoasting."
"Tim realized that because of this, and because part of a TGS requested for an SPN instance is encrypted with the NTLM hash of a service accountâ(TM)s plaintext password, any user can request these TGS tickets and then crack the service accountâ(TM)s plaintext password offline, without the risk of account lockout!"
As far as I know, no other Kerberos implemenatation (MIT, Heimdal) does this, however it may be worthwhile checking if the Samba 4 KDC had to re-implement this for.compatibility reasons.
"Uber's profit margin is none of the driver's business. Don't get me wrong, I'm not defending Uber. I think they're scumbags and you shouldn't work for them. And if you don't think Uber is paying you enough, then that's another good reason to not work for them."
But the issue is that Uber is partly able to undercut Taxis because they claim that theuy aren't a taxi company and don't employ drivers and merely take a percentage commission for facilitating a transaction between a rider and an independant driver.
If they are now paying drivers from one algorithm and charging riders from a different one, I don't see how they can continue to claim that they are a 3rd party in the transaction between the rider and the driver, and should no longer.ne exempt from laws that apply to taxi operators.
"The curved edge of the screen is used as a sidebar for various purposes: it can be used to display different panels, including shortcuts to frequent applications, displays of notifications, news, stocks, sports, social networks, playback controls for the music and video players, camera controls, data usage, and minigames."
The ability to have "controls" and minigames would require the edge to be touch-sensitive.
"In particular, a flexible substrate can be used to fabricate the display panel and/or the touch sensor panel (referred to collectively herein as a âoecircuit panelâ) of a mobile electronic device so that the edges of the display panel and/or the touch sensor panel can be bent. "
Samsung implemented the version with the "and", at least on the Galaxy S6 Edge I looked at when it launched in my country in about March 2015.
Also, I don't know what definition of "bezel" you are using, but the only applicable one on wikipedia says:
"A space or frame around a display device, such as on a television or mobile device"
Which seems to conflict with your claim of the bezel being in place even with the screen going over the edges of the front side of the device (thus there being no "frame" on the sides).
"My understanding is that Samsung still has a bezel in the sense the the wrapped portion of the display (and a small amount near the edges) has no touch sensors."
Your understanding is not correct.
At least on the Galaxy S6 Edge, the entire screen including the piece on edge of the phone was touch-sensitive. Maybe this has changed in recent models.
"First, baseband firmware is a "binary blob" that would likely get a device disqualified from Free Software Foundation's "Respects Your Freedom" certification program."
But that is totally irrelevant to whether the software is respecting the GPLv2 or not.
Consider an alternative where the firmware was not distributed with the O.S. (and required separate flashing to update it). For example, a totally free distro isn't considered GPL-infringing because it was provided with a computer that has a non-free BIOS.
"and one of the GPL's reasons for existence in the first place is to prevent royalty-bearing software patents from harming the Free World."
Maybe you mean the GPLv3. The GPLv2, the version of the licence used by the Linux kernel, was written before software patents were such a problem, and doesn't have soecific requirements regarding patent licensing that the GPLv3 has.
"Why don't Google push vendors to open source if they want to be part of Android. Which is a pretty big stick."
The end of the blog post says: "In addition to the architectural changes, we're working with our silicon and device partners to take their code changes, such as features for a carrier network in a specific country, and move them into the common Android Open Source Project (AOSP) codebase. For example, Sony and Qualcomm contributed dozens of features and hundreds of bugfixes to Android O so they no longer need to rework these patches with each new release of Android."
It genuinely looks like Google is doing their part to address the problems, we can only hope consumers are clever enough to buy models from OEMs who do their part too.
Browsing https://azure.microsoft.com/en... makes it look like running 3 Openstack deployments would be easier (and of course cheaper) than keeping something running on Azure...
Slashdot Mirror
"Prime Video is a knockoff geared towards upselling. It's primary purpose isn't to be a streaming video platform, it's a false flag freebie for people who want fast shipping free."
Prime free shipping is available in like 6 countries.
Prime video is available about 100.
Something doesn't compute.
"The DNS challenge requires that the device requesting the certificate have control over TXT records associated with the requested hostname, which is true of any dynamic DNS implementation."
Are you saying devices in the world have access to send dynamic DNS updates for a domain, of which they have a record pointing to an address that reaches the device?
I don't know that many people who habe domains just for their own devices at home ...
Sure, it's technically possible, but it's also possible for the user to operate their own CA, but neithet are going to result in most users getting the app to work.
Except if you want to get the app into the Apple App Store, they are requiring *ALL* HTTP to use HTTPS now?
Because HTTPS Everywhere, even when the end result is less secure for the user ...
"Does this mean that Amazon was planning to fight back with some kind of "Amazon Docs" solution?"
See: https://aws.amazon.com/workdoc...
See Amazon WorkDocs. It does seem that this individual did leave to go to a direct competitor of a product he had provileged knowledge of. I am sure he could have found other work that doesn't compete directly with the AWS team he was involved in leading.
See also Amazon Prime Video and Netflix.
See Amazon WorkDocs ( https://aws.amazon.com/workdoc... ), based on the URL it's an AWS product.
"Non-Compete Deal should be full pay with the same COL / pay raises that you should of gotten and full benefits for the term."
Typically in the case of both retention contracts and non-compete clauses, the remuneration provided in the position is much higher than you would get in circumstances nob-cimpete clauses are not required.
If you sign a non-compete clause without considering these aspects, you will need to find some other type of work if you leave while it in effect. If you didn't negotiate sufficient remuneration to make the restrictions worthwhile, you're doing it wrong.
Thete's a difference between being laid off while a retention contract/non-compete clause is in effect, and leaving voluntarily in direct violation of the contract.
If course they need to cancel the non-compete clause if you are laid off, they can't argue that you are critical to thier business while not being able/willing to employ you.
"or let Linux be a client for Windows drive sharing"
No, smbd isn't required for this, and nmbd is optional of you have working dns, winnind only required to map NT SIDs to Linux UIDs if the client is joined to a domain without RFC2307 schema.
So, no daemon required for that, mount.cifs from cifs-utils may be all you meed.
I worked for an enterprise until recently.
Our team ran about 200 VMs.
About 4 ran Windows, the rest Linux (RHEal7 mostly).
About 2 of the Linux VMs had Samba (to store common large software packages used by developers). The shares weren't writable eccept by system administrators, and the underlying filesystems mounted noexec. SELinux set to enforcing.
It's not like it wpuld be a burden to patch those, and lots of mitigations if exploited before someone does patch them.
So your idea that 'Linux in the enterprise runs Samba' needs a qualifier.
I have a similar setup.
Why?
Kodi profiles.
I have one Kodi instance, running as one unix user, but if the Kids profile is logged in, there is no way to access non-child-apprpriate content.
When the master profile logs in to Kodi, the samba shares are used, accessed by username/password.
Yes, it is not secure, but enougj to keep kids under 9 away from stuff they probably don't need to hear/see.
And, due to the nature of NFS, not so easy to do (since NFS perma apply bu unix uid or other similar proxy e.g uid with access to kerberos tgt).
If there is a samba-less solution, I would like to hear it, since I have no Windows in my house.
"It might not be intentional. Linux distro's by default come with a whole load of server applications active; samba, avahi, cups, ntp, dhclient."
Please list one linux distro that installs and enables smbd by default.
The rest are not server-only software, cups is usually configured to listen on yhe loopback interface, and avahi and ntpd normally run as non-root
So the biggest risk is the dhcp client. One wonders if it is necessary for the dhcp client to listen all the time these days. Of course it should be possible to write a dhxp client that drops privs and requires the minimum capabilities to configure network interfaces.
Of course, all of these are optional, and you would only lose the feature provided by the service if you disable it, and updates won't re-enable anything you have disabled (unlike on Windows).
So, I don't think we willl see the same level of exploitation.
"Sure, but while it exists, removing net neutrality will allows ISPs to control the flow of information to your computer. Google will get a fat pipe, Joe's Startup search engine, not so much."
If I realise that accessing Joe's Startup search engine is slower than it should be, and I notice other discrepancies, why wouldn't I try a different ISP (fire up a PPPoE session on my laptop using a $2/5GB account from another ISP) and compare?
Oh, right, Americans haven't figured out how to separate the internet service provider from the access network provider.
Maybe you should regulate to ensure there is competition, rather than regulating the exact behaviour of the internet service on each provider?
Your Title II requirements would make sense for application on the access network, but a budget ISP running on top could offer a service where all video was throttled, or have usage caps, while other ISPs could offer totally unlimited neutral access (but it may be more expensive).
Many people who have never seen the inside.of an ISP believe.l capacity is free, but the reality is that it isn't, and the bandwidth hogs want everyone else to subsidise their usage.
Requiring virtual ISPs wpuld let the market decide what kind of offerings make sense while avoiding excessive monopolies.
"The internet was NOT invented for ISP profitability. Fuck this treasonous noise."
It also wasn't invented to be a retail-ISP subsidised distribution network for Netflix.
It was invented as a resilient network for military communication. And invention of the basics (TCP/IP) wasn't sufficient to even bring basic internet access to consumers.
The commercial ISPs funded the majority of the infrastructure that brought the internet to consumers, which also indirectly funded development of other protocols required for scaling the internet (e.g. BGP).
I also thought Americans believed in allowing the market to resolve problems.
Yes, the challenge.l is how to prevent a natural monopoly from becoming problematic.
And maybe the answer is to require all access networks to allow any virtual ISP to offer services on their network to any customer. This can usually be achieved with almost no additional capex by the access network, and whay capex there is can be recovered from service fees from ISPs. The biggest challenge is getting the network operator to split it's consumer-facing services from access network operations, and this is where you would need some regulation.
This model works quite well in other countries (e.g. the UK).
The Kereberos *protocol* does, as far as I know, satisfy these requirements.
Can you provide any evidence of any implementation besides Microsoft's, not satisfying the requirements in a typical configuration?
Yes, Microsoft's implementation of a Kerberos KDC seems to be broken due to having backwards-compatibility with NTLM, but that doesn't mean that the protocol itself is broken.
The problems here seem specific to Microsoft's implementation of Kerberos in their effort to retain backwards compatibility with NTLM.
"If we have an arbitrary SPN that is registered for a domain user account, then the NTLM hash of that userâ(TM)s accountâ(TM)s plaintext password is used for the service ticket creation. This is the key to Kerberoasting."
"Tim realized that because of this, and because part of a TGS requested for an SPN instance is encrypted with the NTLM hash of a service accountâ(TM)s plaintext password, any user can request these TGS tickets and then crack the service accountâ(TM)s plaintext password offline, without the risk of account lockout!"
As far as I know, no other Kerberos implemenatation (MIT, Heimdal) does this, however it may be worthwhile checking if the Samba 4 KDC had to re-implement this for.compatibility reasons.
"Uber's profit margin is none of the driver's business. Don't get me wrong, I'm not defending Uber. I think they're scumbags and you shouldn't work for them. And if you don't think Uber is paying you enough, then that's another good reason to not work for them."
But the issue is that Uber is partly able to undercut Taxis because they claim that theuy aren't a taxi company and don't employ drivers and merely take a percentage commission for facilitating a transaction between a rider and an independant driver.
If they are now paying drivers from one algorithm and charging riders from a different one, I don't see how they can continue to claim that they are a 3rd party in the transaction between the rider and the driver, and should no longer.ne exempt from laws that apply to taxi operators.
The wikipedia article on the Galaxy Note Edge ( https://en.m.wikipedia.org/wik... ) states:
"The curved edge of the screen is used as a sidebar for various purposes: it can be used to display different panels, including shortcuts to frequent applications, displays of notifications, news, stocks, sports, social networks, playback controls for the music and video players, camera controls, data usage, and minigames."
The ability to have "controls" and minigames would require the edge to be touch-sensitive.
So you are incorrect.
The patent says:
"In particular, a flexible substrate can be used to fabricate the display panel and/or the touch sensor panel (referred to collectively herein as a âoecircuit panelâ) of a mobile electronic device so that the edges of the display panel and/or the touch sensor panel can be bent. "
Samsung implemented the version with the "and", at least on the Galaxy S6 Edge I looked at when it launched in my country in about March 2015.
Also, I don't know what definition of "bezel" you are using, but the only applicable one on wikipedia says:
"A space or frame around a display device, such as on a television or mobile device"
Which seems to conflict with your claim of the bezel being in place even with the screen going over the edges of the front side of the device (thus there being no "frame" on the sides).
"My understanding is that Samsung still has a bezel in the sense the the wrapped portion of the display (and a small amount near the edges) has no touch sensors."
Your understanding is not correct.
At least on the Galaxy S6 Edge, the entire screen including the piece on edge of the phone was touch-sensitive. Maybe this has changed in recent models.
"First, baseband firmware is a "binary blob" that would likely get a device disqualified from Free Software Foundation's "Respects Your Freedom" certification program."
But that is totally irrelevant to whether the software is respecting the GPLv2 or not.
Consider an alternative where the firmware was not distributed with the O.S. (and required separate flashing to update it). For example, a totally free distro isn't considered GPL-infringing because it was provided with a computer that has a non-free BIOS.
"and one of the GPL's reasons for existence in the first place is to prevent royalty-bearing software patents from harming the Free World."
Maybe you mean the GPLv3. The GPLv2, the version of the licence used by the Linux kernel, was written before software patents were such a problem, and doesn't have soecific requirements regarding patent licensing that the GPLv3 has.
"Why don't Google push vendors to open source if they want to be part of Android. Which is a pretty big stick."
The end of the blog post says:
"In addition to the architectural changes, we're working with our silicon and device partners to take their code changes, such as features for a carrier network in a specific country, and move them into the common Android Open Source Project (AOSP) codebase. For example, Sony and Qualcomm contributed dozens of features and hundreds of bugfixes to Android O so they no longer need to rework these patches with each new release of Android."
It genuinely looks like Google is doing their part to address the problems, we can only hope consumers are clever enough to buy models from OEMs who do their part too.
"Yeah great if you work for a tiny company, try the same with 100/1000/10000/100000 desktops..."
Economies of scale makes it cheaper per desktop the more you have ...
Really?
Browsing ...
https://azure.microsoft.com/en... makes it look like running 3 Openstack deployments would be easier (and of course cheaper) than keeping something running on Azure