RE: What would upset you more
Arresting someone using evidence obtained illegally is definitely more heinous. Any system that encourages or allows law enforcers to break or bypass the law inherently reduces respect for and compliance with that institution and ultimately leads to more and greater crime, from both enforcers and criminals.
It's apparently not difficult to get an essentially rubber stamp warrant from a judge. At least that has a modicum of accountability in the process. Why the hell don't they simply get a warrant?!?!
Yes, but the dating site ads that people are inundated with on the site with breasts photoshopped up to about 200% actual size with gravity defying physics are perfectly OK
but if the newer greener methods aren't financially competitive (either naturally, or in a contrived fashion via tax incentives or artificially elevated fuel costs, etc.) then they will never become the majority of the market.
Also, ignoring other pollutants due to manufacture or maintenance in favor of reduction in a more singular pollutant such as greenhouse gasses is a problem.
Nearly all Windows phones have the FM hardware (wired headphones required for an antenna) since Windows Phone 7 days, but the software to use it has been hidden, but still present in the base OS. You just need to load any third party FM radio app from the store, then you can save shortcuts to your stations once the radio is playing and can remove the third party software, basically the third party software just calls the underlying OS included FM radio functions. MS has said they are removing the software from their upcoming "anniversary release" of Windows 10 in July though.
If he had only reported that he was able to get in the front door it would be one thing, but tfa says that he also used what he found to log in and explore, seems to me that is where the legality line was crossed, not the exposure of the vulnerability itself.
please don't take this as being a Windows 10 apologist. I'm taking a generalist approach here. Automatic updates were enabled for a valid reason on most consumer OS's, that's a fact, a fact that any user has to deal with if they manage their own system. We could argue the merits or positive/negative qualities of each implementation, some are obviously better than others, or more/less intrusive or disruptive, that's another discussion. But automatic updates ARE a fact on any consumer OS today, something that any user has to deal with.
you could certainly make that argument and I would agree with you at least to an extent. But at the root, my point is that if you don't want to be interrupted by automatic updates (on any OS) then you need to figure out how to disable them. The complexity (and potential risks) of doing that is obviously widely variable. Things were made automatic because in many cases consumers weren't updating at all, putting far more than just that individual user at risk, perhaps the pendulum has swung too far in the other direction, but it's not my call to make.
Incompetent control of system options leads to unforeseen service interruptions. Seem that this "feature" is OS independent to me. Name a single consumer OS (most Linux or BSD distros are removed by the "consumer" description) today that is not out of box configured for automatic updates?
well, then the FBI is hiring some seriously incompetent lawyers, IANAL and I knew about the limited jurisdiction. Couldn't at all be the fact that they were simply trying to "slide one by" could it?
ditto, spoken like an anonymous coward. One who's perfectly willing to toss civil liberties in the name of an extreme edge case that's less likely than being struck by lighting, twice, on the same day.
It's rarely the "artist's" decision, except for those very few pop stars who are more "media personality" than "artist". It's the media company's choice in nearly all cases, usually to some detriment of the actual originating artists, IE: business as usual in the media company world. Screw the originating artist in the name of the middlemen and distributors making a fraction of a penny more per stream.
I am distinctly not a lawyer, but is there merit to this thought?
The entire legal basis of the "third party doctrine", with which enforcement types can grab your data from a company you do business with basically on demand (or with very easy to get approval), depends on your having "no reasonable expectation of privacy.
Well, if I end to end encrypt all communications and stored data in such a way that the storing company does not hold the key, only I do, then I DO now have a reasonable expectation of privacy and the entire third party doctrine collapses legally.
I'm VERY certain that it would take an army of attorneys and lots of $$$ and patience to push this idea through the courts, and likely a legal issue with which to establish "standing" to pursue the issue, but thoughts? Is there merit to this line of thinking?
So very true, and no they typically don't isolate them network wise, or at least not the extent necessary for safety. Hospitals and health care in general is where I've witnessed some of the absolute worst IT practices of my 25 year career, topping this list is entrenched legacy systems like what you mention, and management that refuses to press the vendors for proper software maintenance, thinking that it's somehow unnecessary. The industry use of unmaintained embedded software (doesn't matter what OS) is the largest vulnerability of all. This will be a quaint preview of what will happen with the Internet of Things too.
You no longer need the specific Here applications, the GPS/Mapping app from MS is bundled with the WIndows 10 mobile OS and uses Here's map data files, in fact the bundled app is essentially rebranded Here Maps. So why compete with yourself?
$1.35 million is such a tiny "penalty" that it really gets me steamed. This is a company that was actively modifying user's request to suit their interests, with no opt out and no ability for the user to even know it was happening. And when I contacted their support over it, the actively and vehemently denied doin it even as I watched it happening in the packet capture between my phone and web server, even contacted an attorney over it, but he wouldn't take the case due to an inability to assign a dollar value to the "damage".
Yes, you could avoid it by using HTTPS/TLS, but given the sloppy coding of many or most apps, and near zero visibility of the workings of those apps, how could you be sure you were avoiding it (and yes, I have to use apps occasionally for my side work that have no corollary web interface).
This "fine" would only amount to fractions of a penny per user for years of what are essentially MITM attacks.
that works until the next precedent setting court case that determines that failing to update the warrant canary is a form of communication prohibited by the gag order due to the intent of the operator. Coming soon to a federal court near you I'm sure.
Slashdot Mirror
RE: What would upset you more Arresting someone using evidence obtained illegally is definitely more heinous. Any system that encourages or allows law enforcers to break or bypass the law inherently reduces respect for and compliance with that institution and ultimately leads to more and greater crime, from both enforcers and criminals.
It's apparently not difficult to get an essentially rubber stamp warrant from a judge. At least that has a modicum of accountability in the process. Why the hell don't they simply get a warrant?!?!
Yes, but the dating site ads that people are inundated with on the site with breasts photoshopped up to about 200% actual size with gravity defying physics are perfectly OK
but if the newer greener methods aren't financially competitive (either naturally, or in a contrived fashion via tax incentives or artificially elevated fuel costs, etc.) then they will never become the majority of the market. Also, ignoring other pollutants due to manufacture or maintenance in favor of reduction in a more singular pollutant such as greenhouse gasses is a problem.
all phones I have witnessed that have the FM radio hardware require wired headphones for it to operate, the headphone cable acts as the antenna
Nearly all Windows phones have the FM hardware (wired headphones required for an antenna) since Windows Phone 7 days, but the software to use it has been hidden, but still present in the base OS. You just need to load any third party FM radio app from the store, then you can save shortcuts to your stations once the radio is playing and can remove the third party software, basically the third party software just calls the underlying OS included FM radio functions. MS has said they are removing the software from their upcoming "anniversary release" of Windows 10 in July though.
If he had only reported that he was able to get in the front door it would be one thing, but tfa says that he also used what he found to log in and explore, seems to me that is where the legality line was crossed, not the exposure of the vulnerability itself.
please don't take this as being a Windows 10 apologist. I'm taking a generalist approach here. Automatic updates were enabled for a valid reason on most consumer OS's, that's a fact, a fact that any user has to deal with if they manage their own system. We could argue the merits or positive/negative qualities of each implementation, some are obviously better than others, or more/less intrusive or disruptive, that's another discussion. But automatic updates ARE a fact on any consumer OS today, something that any user has to deal with.
you could certainly make that argument and I would agree with you at least to an extent. But at the root, my point is that if you don't want to be interrupted by automatic updates (on any OS) then you need to figure out how to disable them. The complexity (and potential risks) of doing that is obviously widely variable. Things were made automatic because in many cases consumers weren't updating at all, putting far more than just that individual user at risk, perhaps the pendulum has swung too far in the other direction, but it's not my call to make.
Incompetent control of system options leads to unforeseen service interruptions. Seem that this "feature" is OS independent to me. Name a single consumer OS (most Linux or BSD distros are removed by the "consumer" description) today that is not out of box configured for automatic updates?
well, then the FBI is hiring some seriously incompetent lawyers, IANAL and I knew about the limited jurisdiction. Couldn't at all be the fact that they were simply trying to "slide one by" could it?
they got a warrant from a local friendly magistrate, that they damned well knew would not be applicable country wide.
ditto, spoken like an anonymous coward. One who's perfectly willing to toss civil liberties in the name of an extreme edge case that's less likely than being struck by lighting, twice, on the same day.
fair enough, the "construction" statement still stands though, even if the land is purchased by others for that usage.
It's called "construction", did someone expect a spaceport to spring fully formed in the coastal swamps simply because SpaceX purchased the land?
Way to plant that false flag my man. Think of the children!
It's rarely the "artist's" decision, except for those very few pop stars who are more "media personality" than "artist". It's the media company's choice in nearly all cases, usually to some detriment of the actual originating artists, IE: business as usual in the media company world. Screw the originating artist in the name of the middlemen and distributors making a fraction of a penny more per stream.
Ok, fair. thanks! They can have all the blocks of ciphertext that they care to consume I guess.
I am distinctly not a lawyer, but is there merit to this thought? The entire legal basis of the "third party doctrine", with which enforcement types can grab your data from a company you do business with basically on demand (or with very easy to get approval), depends on your having "no reasonable expectation of privacy. Well, if I end to end encrypt all communications and stored data in such a way that the storing company does not hold the key, only I do, then I DO now have a reasonable expectation of privacy and the entire third party doctrine collapses legally. I'm VERY certain that it would take an army of attorneys and lots of $$$ and patience to push this idea through the courts, and likely a legal issue with which to establish "standing" to pursue the issue, but thoughts? Is there merit to this line of thinking?
an ineptly failed false flag operation intended to justify continued war against brown people
So very true, and no they typically don't isolate them network wise, or at least not the extent necessary for safety. Hospitals and health care in general is where I've witnessed some of the absolute worst IT practices of my 25 year career, topping this list is entrenched legacy systems like what you mention, and management that refuses to press the vendors for proper software maintenance, thinking that it's somehow unnecessary. The industry use of unmaintained embedded software (doesn't matter what OS) is the largest vulnerability of all. This will be a quaint preview of what will happen with the Internet of Things too.
Thank you!
You no longer need the specific Here applications, the GPS/Mapping app from MS is bundled with the WIndows 10 mobile OS and uses Here's map data files, in fact the bundled app is essentially rebranded Here Maps. So why compete with yourself?
$1.35 million is such a tiny "penalty" that it really gets me steamed. This is a company that was actively modifying user's request to suit their interests, with no opt out and no ability for the user to even know it was happening. And when I contacted their support over it, the actively and vehemently denied doin it even as I watched it happening in the packet capture between my phone and web server, even contacted an attorney over it, but he wouldn't take the case due to an inability to assign a dollar value to the "damage". Yes, you could avoid it by using HTTPS/TLS, but given the sloppy coding of many or most apps, and near zero visibility of the workings of those apps, how could you be sure you were avoiding it (and yes, I have to use apps occasionally for my side work that have no corollary web interface). This "fine" would only amount to fractions of a penny per user for years of what are essentially MITM attacks.
that works until the next precedent setting court case that determines that failing to update the warrant canary is a form of communication prohibited by the gag order due to the intent of the operator. Coming soon to a federal court near you I'm sure.