>> How much CPU performance do you lose running your beloved Linux in a VM
> I could test this right now using Virtual Box, and if I boot up a Windows 10 VM, then try to load Visual Studio 2015, Altium Designer, Excel and a few other apps.
Windows 10, Visual Studio, Excel, etc aren't actually Linux. You bring up a good point though - if you set the VM to have some small amount of memory, then load up a bunch of huge, memory hogging applications, can certainly cause trashing. If you're going to run a bunch of Microsoft applications simultaneously, you will indeed need plenty of RAM available to Windows - whether Windows is running in metal or in a hypervisor.
Linux needs a bit LESS RAM when run in a hypervisor, due to paravirtualized IO and certain other items. You do still need 1GB for a Linux host, though, so total RAM usage is a bit higher.
To actually answer the question, which was about CPU usage, about 10%-15%, assuming you've turned on virtualization support in the BIOS. So my 3.6 Ghz CPU which would be idle 90% of the time running on bare metal is only idle 88% of the time when Linux is virtualized.
Aside from setting the CPU or RAM for the virtual machine grossly suboptimal or forgetting to turn on virtualization support in BIOS, another thing that can make a big difference is using the paravirtualized storage and network drivers. Rather than emulating IDE or SCSI for each disk read, and emulating a R1000 network card, it's significantly faster to use paravirtualized devices. Basically, instead of an "IDE" disk or a "SCSI" disk, you use a "vmware" disk.
I use VMWare for development and it works quite for my needs. We take advantage of the vmware software within the guest for a shared clipboard and shared storage. Setting up the network initially, with the corporate VPNs, was a bit of a hassle to figure out, but that was a one-time event.
My particular setup is Mac hardware and I spend most of my time SSHed to a local Linux VM. For the Linux environment, the fact that it's a VM is completely invisible - it looks and feels *exactly* like running it on metal (except backup and snapshots are easier).
I use a Windows VM for working with Microsoft SQL Server. I have no complaints about using Windows in a VM, but I'm only using a couple programs.
Two or three large monitors are very useful for development, with or without VMs. With VMs, I can have a Windows monitor (fullscreen VM) and a Linux monitor, and can move seamlessly between them.
I wouldn't want to use a GUI in a VM constantly without a nice large monitor or two, though. An OS needs to be able to fill a screen, not a little window on a screen.
The *actual* dictionary definition of "bing" is "a heap or pile". So my question to Microsoft is this "your search engine is a heaping pile of WHAT, exactly?"
My post may have been a bit unclear. "Or any later version" is indeed an option used by many GPL programs, but certainly not all. GNU recommends including that. I don't in my software, because a) I object to the patent terms of GPLv3, as actually written and b) I no longer trust GNU to avoid adding objectionable clauses in future versions.
There are many ways to allow for the possibility that the license may need to be changed in the future, without allowing just anyone to pick any license they choose.
The standard GPL license has a clause allowing the code to be distributed under the current license *or any future version* of the GPL license.
One could ask permission to distribute it under any OSI-approved license. I've received that permission before, the author granted me permission to use "any open source license", and the OSI list is reasonable, third-party definition of which licenses qualify as "any open source license".
One could say that the license may be changed be unanimous agreement of the foundation board of directors, by 2/3rds vote of recent contributors, or some other planned method.
> I'm pretty sure both common law and civil law jurisdictions would side with a contributor who objects after the fact, even if they did get the notice.
If they got the notice, estoppel by acquiescence may apply. "Estoppel by acquiescence" means one may not sue later if you were given a clear opportunity to object and chose to not object in any way. Georgia v. South Carolina is a well-known case. Georgia had legal claim to certain land based on a treaty. For many years, South Carolina treated it as part of South Carolina, levying taxes in the area, etc.Georgia did not object during these many years. Later Georgia attempted to assert their claim to the area. The court ruled that Georgia's failure to object for many years barred the action - their silence was basically implied permission.
A related concept is laches. Laches means you have to assert your rights in a reasonable time frame, or not at all - an author who files suit regarding the license change ten years from now will probably be barred by laches.
> It's not the courts that need to side with us, it's the legislators.
Exactly. Writing law is the job of elected legislators. A ln appointed judge's job is to read and understand the law in order to apply it to a particular case.
The current law on patents, written by legislators, is that a patent controls who can "make, sell, or use" the patented invention. The "sell or use" part needs to be fixed. Judges shouldn't just ignore the law as written whenever they unilaterally decide they don't like the law.
> keep on making us take require Flash - such as the one on "information security"... > I have to have Flash installed so I can tick off a little checkbox that says I know not to install software like Flash.
That reminds me of a certain network security company. They have all of their employees take annual security training, provided by a third-party. In order to keep track of who has done the training, employees log in to the third-party site using their Active Directory credentials - the same credentials that have access to all of the company resources, and indirectly, customer networks.
Well that's kinda stupid, employees need to be pretty careful that they don't get phished into entering their AD credentials into the wrong third-party site. They better look carefully at the URL in that email from "corporate security", right? No can do, all incoming email has URLs obfuscated by the email "security" system so you can't tell where the URL points to without clicking it.
There's literally no way for employees to know if they are sending their AD credentials to the site they are required to send them to, or sending them to a phisher.
What you've said is exactly right. Anyone who has ever called a locksmith because they were locked out of their house or car understands two things:
1) They weren't able to get in without the key - it was secure. 2) The locksmith got in without a key, probably in under 2 minutes. It was not secure.
Security is a quantitative thing, not a binary thing. You can ask HOW secure something is. Asking "is it secure, yes or no?" is folly.
Standard TLS (https) is much more secure than plain text (http).
Standard TLS connections are useful in the same way that physical locks are useful - they make it unlikely that anyone will in fact defeat your security. Both *can* be defeated by a skilled person using the right tools, given they invest enough time in doing so. Both are more secure than leaving stuff wide open for any passerby to take.
Self-signed certificates are slightly more secure than plain text on a *technical* level, but because they may create an illusion of strong security where none exists, they may be less secure in practice.
We have customers using self-signed certs (without pinning) who mistakenly think the self-signed certs prevent MITM attacks, so they send sensitive data over these connections, "secured" by TLS using self-signed certs. They'd arguably be more secure overall if they understood they have no protection on those connections, so they wouldn't use them for sensitive data (or would encrypt the data before sending it over the non-secured connection). A misunderstanding of the "protection" offered by self-signed certs leads them to do something foolish.
In this regard, there is a counterpoint to what I said above about it being folly to ask "is it secure?" as a yes or no question. It may be wise to try to create a binary secure/non-secure label in order to ease understanding. Weak security can fool users into thinking it's "secure", so it may be better to either secure something strongly or not at all, so users can easily tell that it's obviously not secured.
> Can someone explain to me why domains don't just include a public key in their DNS record (signed all the way up to a root authority)... > Why, exactly, are we still fucking around with certificate authorities
Okay, so the DNS record would have a signed certificate. You'd have "the root authority" sign certificates? You would trust this authority for certificates, and this "certificate signing authority" would be better than having a certificate authority?
What you've suggested can be said more succinctly as follows: Why aren't the people who run DNS also certificate authorities?
You still have CA, you've just decided that the CA needs to be the same people who run DNS, because... well no good reason that I can think of. What does that gain you?
His wife was an heir, along with her sister, to a hotel company which owned a chain and non-chain properties including the Beverly Hills Hotel. She got $123 million from that. When they divorced, she gave him $23 million. So there wasn't anything him giving her hundreds of millions and her giving it back.
He did pay hundreds of millions in fines and restitution. He may have managed to keep a few million in ill-gotten gains.
The three articles you posted were all about what Lorrie Cranor said, but you seem to misunderstand what she said. Cranor did NOT say that it's a bad idea to change YOUR password.
What Cranor said is that there are downsides to forcing everyone to change their password every month or so.
People will not remember a new password every month, so if forced to "change" it monthly they'll either write it on a Post-It note or just use [password]1, [password]2, [password]3, etc, not really changing the password, Cranor said. She's not wrong - there absolutely is a limit to how *often* you should *force* people to change their password.
Also, leaks happen, leaks with millions of accounts, so you will be safer if you change your password *ocassionally*. I use a system in which I can change my password 6-12 months, without having to remember a new password. Another fact about passwords is that the safe length for a password keeps getting longer - I now normally call it a "pass phrase". When I started in security, an eight-character password was considered secure. So what I do is every so often I add a couple characters to my base password.
Imagine in 1998 maybe I could have used "pallFurt" as my base password. In 2000 I'd start using "pallFurt!?". In 2002, "4pallFurt!?". In 2004, "4pallFurt!?Dh". So I don't have to remember something completely different each time, but password changes, meaning dumps from old sites don't have my current password (besides it's slightly different for each site).
> That's even worse. > Ambition and egotism are deadly dangerous things.
It'll be significant, for good or bad (probably both). Keep in mind ALL presidents think that a) they should be president and b) the voters will recognize that. So a huge ego is the number one defining character trait of someone who runs for President. The second happens to be loyalty.
Trump will do things big, compared to other presidents. He'll do something good in a big a way and something bad in a big way.
The teams didn't just decide that morning "hey let's compete in Pwn2Own today". They prepared months in advance, testing all the browsers to see what they could do. Perhaps a month or two before the event, they decided which browser they had the best exploits for, the browser they would focus on during the actual competition.
All the teams but one learned from their testing that they wouldn't be able to hack Chrome. One team thought it was their best chance and that team failed.
> to the tune of millions upon millions of dollars
George Washington had a half BILLION dollars (expressed in today's dollars, of course). The very same people who *wrote* the Constitution supported Washington for president, and didn't see any Constitutional issue.
One commentator at the time did see it as a *political* liability. Most people agree it is better public relations to divest, which is why most recent presidents have done so.
I don't know if Trump's business ventures will turn out to be a significant problem or not. I hope not, of course. Understanding a bit of his personality, he's always focused on the biggest, most grandiose thing. Running the United States is far grander than naming royalties on a hotel, so based on his personality I don't think he gives a shit about a hotel right now - he's running the whole COUNTRY and he's likely trying to be the most significant president in recent history. A little money is no longer an issue - he could lose half his money and still be a multi-billionaire. For him, it's about doing something HUGE, doing things that will be in high history books.
It would certainly look better if he sold off all of his businesses. I've sold two businesses, both simple, very small companies. One took three months to sell, the other took two years. I would guesstimate that given the complexity of some of Trump's hundreds of business relationships, it would take perhaps three or four years to get most of them sold off. That's an issue. I don't know that there is a particularly good solution now that he's president. I voted against him because I didn't think he should be president, but anyway now he's president and he has these business interests that aren't going to vanish - just as the early presidents did. It's certainly an optics problem. It's not a Constitutional problem, according to the people who wrote the Constitution.
> he still owns, and profits fully from, every single thing his businesses are doing, while he's President, meaning that just about anyone (including Foreign Governments) can straight up pay him money (which is grossly in violation of the constitution).
Most of the country's early presidents, including George Washington, Thomas Jefferson, and Andrew Jackson owned businesses which had customers from other countries. You have an opinion about what the Constitution means, and the people who actually wrote the Constitution disagree, they thought that when they wrote "emoluments of the office" they meant exactly what they said, emoluments - payments for holding the office, as opposed to ordinary buying and selling things at market prices. Most presidents from George Washington to John F Kennedy sold things (business) just as they bought things (shopping). It wasn't until 1965, LBJ, the presidents starting moving their business wealth into a blind trust.
Was there some constitutional amendment in 1965? I don't know of any change in the Constitution that required LBJ to do that, it just looks good politically.
> One of my past passwords was "iAmCh33seburger"; do you really think I think I'm a sandwich?
There is strong reason to believe you don't think you're a cheeseburger, despite the (weak) evidence that you have an interest in cheeseburgers. On the other hand, if through some strange set of circumstances your belief in your cheeseburgerness WERE at issue in a trial (something to do with insanity perhaps) the fact that you wrote "I am a cheeseburger" prior to the trial would be very weak evidence that you thought that. Not convincing evidence, probably, since also approximately nobody thinks they are a cheeseburger, but evidence nonetheless.
The point here is that the fifth doesn't say "compelled in any criminal case to be a BELIEVABLE witness against himself"; it says "a witness against himself". Whether or not the testimony is credible doesn't limit the fifth amendment.
If I put $100 on 28 on roulette wheel and the ball happened to land on 28, what did I lose? It just so happened that this particular gamble worked out this time. If you bought when it was $1300 (or bet on 23) you lost money. Some people won the gamble. It's still gambling, not investment.
> Newegg accepts bitcoin so I buy random items and resell them on eBay. So yeah I take a slight loss there along with fees but come on how is that not a sound plan?
When I do work, I like to make money, not lose money. If you're going to do the work resell things on eBay, a sound plan is to buy a box of 200 widgets for $200, then sell the widgets for $2.50 each. You more than double your money as you work, rather than losing money.
> > then *the password itself* would be testimony and therefore it seems it would be protected.
> No. "My password is 'I am guilty'" is not the same as saying "I am guilty." The first is mention, the second is use. Or put another way, the quotation marks matter.
You may notice there are no quotation marks in the password itself. Or put another way, quotation marks matter - you can't just insert them into my sentence without changing its meaning a bit.
*The password itself* is evidence that at the time they chose that password, the declarant either believed they were in fact guilty of possessing child porn or at very least, when creating the encrypted volume they had child porn in mind. So it's evidence in words, aka testimony. It would be admissable under Uniform Rule 63(1), Prior Inconsistent Statements. See also California v. Green, 399 U.S. 149 (1970).
On the other hand, adding quotation marks to get: My password is "I'm guilty of child porn"
Is essentially the same as these alternative statements: When I created the encrypted drive, I had child porn in mind. I'm the type of sicko who chooses "I'm guilty of child porn" as his password.
Both of the above statements are evidence of the declarant's intent and state of mind around the time of the act. As evidence, spoken, they are testimonial.
If evidence is destroyed *after* it's been subpoenaed, that may be contempt of court, but more importantly it's tampering with evidence, if done with the expectation that a prosecution is likely.
Tampering with evidence generally has a lesser sentence than child porn, so one might argue it makes sense to take a tampering conviction if it prevents a CP conviction.
> I thought that it was already established by case law that you did not have to say anything to aid the prosecution in any way, that your right to remain silent was absolute in a criminal case?
The law is you don't have to *testify* against yourself. Testimony is spoken evidence.
Physical evidence can be compelled because it's not spoken.
Words which are not evidence can be compelled - for example your name is not evidence, so a defendant can be compelled to give their name. Knowing the name may certainly aid the investigation, but your name is not itself evidence of any crime. Because it's not evidence, it's not testimony. The fifth amendment refers to testimony.
So yeah you can be compelled to provide information which is not itself evidence, but does aid the investigation.
One recent case has been cited in even more recent cases regarding passwords. That case ruled that if it's not proven that the drive is yours, stating "the encryption password is foobar" would be effectively testifying that it *is* your drive. That would be protected by the fifth. However, if it's not disputed that the device belongs to the defendant, the password is not evidence and is therefore not protected by the fifth amendment, the court ruled.
As someone else posted here, if the password were "I admit I am guilty of...", then the password itself would be testimony and therefore it seems it would be protected.
Slashdot Mirror
>> How much CPU performance do you lose running your beloved Linux in a VM
> I could test this right now using Virtual Box, and if I boot up a Windows 10 VM, then try to load Visual Studio 2015, Altium Designer, Excel and a few other apps.
Windows 10, Visual Studio, Excel, etc aren't actually Linux. You bring up a good point though - if you set the VM to have some small amount of memory, then load up a bunch of huge, memory hogging applications, can certainly cause trashing. If you're going to run a bunch of Microsoft applications simultaneously, you will indeed need plenty of RAM available to Windows - whether Windows is running in metal or in a hypervisor.
Linux needs a bit LESS RAM when run in a hypervisor, due to paravirtualized IO and certain other items. You do still need 1GB for a Linux host, though, so total RAM usage is a bit higher.
To actually answer the question, which was about CPU usage, about 10%-15%, assuming you've turned on virtualization support in the BIOS. So my 3.6 Ghz CPU which would be idle 90% of the time running on bare metal is only idle 88% of the time when Linux is virtualized.
Aside from setting the CPU or RAM for the virtual machine grossly suboptimal or forgetting to turn on virtualization support in BIOS, another thing that can make a big difference is using the paravirtualized storage and network drivers. Rather than emulating IDE or SCSI for each disk read, and emulating a R1000 network card, it's significantly faster to use paravirtualized devices. Basically, instead of an "IDE" disk or a "SCSI" disk, you use a "vmware" disk.
32 gigabytes bare minimum for you guys? I take it you're running Visual Studio or other Microsoft tools.
Vim, fully pimped out for dozens of languages, does fine with 32 MEGAbytes.
I use VMWare for development and it works quite for my needs. We take advantage of the vmware software within the guest for a shared clipboard and shared storage. Setting up the network initially, with the corporate VPNs, was a bit of a hassle to figure out, but that was a one-time event.
My particular setup is Mac hardware and I spend most of my time SSHed to a local Linux VM. For the Linux environment, the fact that it's a VM is completely invisible - it looks and feels *exactly* like running it on metal (except backup and snapshots are easier).
I use a Windows VM for working with Microsoft SQL Server. I have no complaints about using Windows in a VM, but I'm only using a couple programs.
Two or three large monitors are very useful for development, with or without VMs. With VMs, I can have a Windows monitor (fullscreen VM) and a Linux monitor, and can move seamlessly between them.
I wouldn't want to use a GUI in a VM constantly without a nice large monitor or two, though. An OS needs to be able to fill a screen, not a little window on a screen.
The *actual* dictionary definition of "bing" is "a heap or pile". So my question to Microsoft is this "your search engine is a heaping pile of WHAT, exactly?"
My post may have been a bit unclear. "Or any later version" is indeed an option used by many GPL programs, but certainly not all. GNU recommends including that. I don't in my software, because a) I object to the patent terms of GPLv3, as actually written and b) I no longer trust GNU to avoid adding objectionable clauses in future versions.
There are many ways to allow for the possibility that the license may need to be changed in the future, without allowing just anyone to pick any license they choose.
The standard GPL license has a clause allowing the code to be distributed under the current license *or any future version* of the GPL license.
One could ask permission to distribute it under any OSI-approved license. I've received that permission before, the author granted me permission to use "any open source license", and the OSI list is reasonable, third-party definition of which licenses qualify as "any open source license".
One could say that the license may be changed be unanimous agreement of the foundation board of directors, by 2/3rds vote of recent contributors, or some other planned method.
> I'm pretty sure both common law and civil law jurisdictions would side with a contributor who objects after the fact, even if they did get the notice.
If they got the notice, estoppel by acquiescence may apply. "Estoppel by acquiescence" means one may not sue later if you were given a clear opportunity to object and chose to not object in any way. Georgia v. South Carolina is a well-known case. Georgia had legal claim to certain land based on a treaty. For many years, South Carolina treated it as part of South Carolina, levying taxes in the area, etc.Georgia did not object during these many years. Later Georgia attempted to assert their claim to the area. The court ruled that Georgia's failure to object for many years barred the action - their silence was basically implied permission.
A related concept is laches. Laches means you have to assert your rights in a reasonable time frame, or not at all - an author who files suit regarding the license change ten years from now will probably be barred by laches.
> It's not the courts that need to side with us, it's the legislators.
Exactly. Writing law is the job of elected legislators. A ln appointed judge's job is to read and understand the law in order to apply it to a particular case.
The current law on patents, written by legislators, is that a patent controls who can "make, sell, or use" the patented invention. The "sell or use" part needs to be fixed. Judges shouldn't just ignore the law as written whenever they unilaterally decide they don't like the law.
> keep on making us take require Flash - such as the one on "information security" ...
> I have to have Flash installed so I can tick off a little checkbox that says I know not to install software like Flash.
That reminds me of a certain network security company. They have all of their employees take annual security training, provided by a third-party. In order to keep track of who has done the training, employees log in to the third-party site using their Active Directory credentials - the same credentials that have access to all of the company resources, and indirectly, customer networks.
Well that's kinda stupid, employees need to be pretty careful that they don't get phished into entering their AD credentials into the wrong third-party site. They better look carefully at the URL in that email from "corporate security", right? No can do, all incoming email has URLs obfuscated by the email "security" system so you can't tell where the URL points to without clicking it.
There's literally no way for employees to know if they are sending their AD credentials to the site they are required to send them to, or sending them to a phisher.
> there are only three entities you need to trust: the domain administrator for "example.com.", the registrar for "com.", and the root authority.
There are 900 registrars handling .com, any of which can issue a transfer and change the root DNS servers for any .com domain.
You shouldn't be rendering a window every few milliseconds if it hasn't changed. This:
function paint {
if (window.changed) {
window.render();
}
}
function render {
window.gdiPaint();
# In Windows, most screen elements are "window"s
for child window.children {
child.paint()
}
}
Not this:
while true {
window.gdiPaint();
for child window.children {
child.gdiPaint()
}
}
Amazon made $2.37 billion, on over $400 billion invested. So an owner (investor) who put in $10,000 of their retirement savings made $59. Whoohoo!
Due to inflation, $10,000 in 2015 was worth only $9,700 in 2016, so they actually LOST $241.
Yeah, "making" less money than you're losing to inflation is pretty dismal.
What you've said is exactly right. Anyone who has ever called a locksmith because they were locked out of their house or car understands two things:
1) They weren't able to get in without the key - it was secure.
2) The locksmith got in without a key, probably in under 2 minutes. It was not secure.
Security is a quantitative thing, not a binary thing. You can ask HOW secure something is. Asking "is it secure, yes or no?" is folly.
Standard TLS (https) is much more secure than plain text (http).
Standard TLS connections are useful in the same way that physical locks are useful - they make it unlikely that anyone will in fact defeat your security. Both *can* be defeated by a skilled person using the right tools, given they invest enough time in doing so. Both are more secure than leaving stuff wide open for any passerby to take.
Self-signed certificates are slightly more secure than plain text on a *technical* level, but because they may create an illusion of strong security where none exists, they may be less secure in practice.
We have customers using self-signed certs (without pinning) who mistakenly think the self-signed certs prevent MITM attacks, so they send sensitive data over these connections, "secured" by TLS using self-signed certs. They'd arguably be more secure overall if they understood they have no protection on those connections, so they wouldn't use them for sensitive data (or would encrypt the data before sending it over the non-secured connection). A misunderstanding of the "protection" offered by self-signed certs leads them to do something foolish.
In this regard, there is a counterpoint to what I said above about it being folly to ask "is it secure?" as a yes or no question. It may be wise to try to create a binary secure/non-secure label in order to ease understanding. Weak security can fool users into thinking it's "secure", so it may be better to either secure something strongly or not at all, so users can easily tell that it's obviously not secured.
> Can someone explain to me why domains don't just include a public key in their DNS record (signed all the way up to a root authority) ...
> Why, exactly, are we still fucking around with certificate authorities
Okay, so the DNS record would have a signed certificate. You'd have "the root authority" sign certificates? You would trust this authority for certificates, and this "certificate signing authority" would be better than having a certificate authority?
What you've suggested can be said more succinctly as follows:
Why aren't the people who run DNS also certificate authorities?
You still have CA, you've just decided that the CA needs to be the same people who run DNS, because ... well no good reason that I can think of. What does that gain you?
His wife was an heir, along with her sister, to a hotel company which owned a chain and non-chain properties including the Beverly Hills Hotel. She got $123 million from that. When they divorced, she gave him $23 million. So there wasn't anything him giving her hundreds of millions and her giving it back.
He did pay hundreds of millions in fines and restitution. He may have managed to keep a few million in ill-gotten gains.
The three articles you posted were all about what Lorrie Cranor said, but you seem to misunderstand what she said. Cranor did NOT say that it's a bad idea to change YOUR password.
What Cranor said is that there are downsides to forcing everyone to change their password every month or so.
People will not remember a new password every month, so if forced to "change" it monthly they'll either write it on a Post-It note or just use [password]1, [password]2, [password]3, etc, not really changing the password, Cranor said. She's not wrong - there absolutely is a limit to how *often* you should *force* people to change their password.
Also, leaks happen, leaks with millions of accounts, so you will be safer if you change your password *ocassionally*. I use a system in which I can change my password 6-12 months, without having to remember a new password. Another fact about passwords is that the safe length for a password keeps getting longer - I now normally call it a "pass phrase". When I started in security, an eight-character password was considered secure. So what I do is every so often I add a couple characters to my base password.
Imagine in 1998 maybe I could have used "pallFurt" as my base password. In 2000 I'd start using "pallFurt!?". In 2002, "4pallFurt!?". In 2004, "4pallFurt!?Dh". So I don't have to remember something completely different each time, but password changes, meaning dumps from old sites don't have my current password (besides it's slightly different for each site).
> That's even worse.
> Ambition and egotism are deadly dangerous things.
It'll be significant, for good or bad (probably both).
Keep in mind ALL presidents think that a) they should be president and b) the voters will recognize that. So a huge ego is the number one defining character trait of someone who runs for President. The second happens to be loyalty.
Trump will do things big, compared to other presidents. He'll do something good in a big a way and something bad in a big way.
The teams didn't just decide that morning "hey let's compete in Pwn2Own today". They prepared months in advance, testing all the browsers to see what they could do. Perhaps a month or two before the event, they decided which browser they had the best exploits for, the browser they would focus on during the actual competition.
All the teams but one learned from their testing that they wouldn't be able to hack Chrome. One team thought it was their best chance and that team failed.
> to the tune of millions upon millions of dollars
George Washington had a half BILLION dollars (expressed in today's dollars, of course). The very same people who *wrote* the Constitution supported Washington for president, and didn't see any Constitutional issue.
One commentator at the time did see it as a *political* liability. Most people agree it is better public relations to divest, which is why most recent presidents have done so.
I don't know if Trump's business ventures will turn out to be a significant problem or not. I hope not, of course. Understanding a bit of his personality, he's always focused on the biggest, most grandiose thing. Running the United States is far grander than naming royalties on a hotel, so based on his personality I don't think he gives a shit about a hotel right now - he's running the whole COUNTRY and he's likely trying to be the most significant president in recent history. A little money is no longer an issue - he could lose half his money and still be a multi-billionaire. For him, it's about doing something HUGE, doing things that will be in high history books.
It would certainly look better if he sold off all of his businesses. I've sold two businesses, both simple, very small companies. One took three months to sell, the other took two years. I would guesstimate that given the complexity of some of Trump's hundreds of business relationships, it would take perhaps three or four years to get most of them sold off. That's an issue. I don't know that there is a particularly good solution now that he's president. I voted against him because I didn't think he should be president, but anyway now he's president and he has these business interests that aren't going to vanish - just as the early presidents did. It's certainly an optics problem. It's not a Constitutional problem, according to the people who wrote the Constitution.
> he still owns, and profits fully from, every single thing his businesses are doing, while he's President, meaning that just about anyone (including Foreign Governments) can straight up pay him money (which is grossly in violation of the constitution).
Most of the country's early presidents, including George Washington, Thomas Jefferson, and Andrew Jackson owned businesses which had customers from other countries. You have an opinion about what the Constitution means, and the people who actually wrote the Constitution disagree, they thought that when they wrote "emoluments of the office" they meant exactly what they said, emoluments - payments for holding the office, as opposed to ordinary buying and selling things at market prices. Most presidents from George Washington to John F Kennedy sold things (business) just as they bought things (shopping). It wasn't until 1965, LBJ, the presidents starting moving their business wealth into a blind trust.
Was there some constitutional amendment in 1965? I don't know of any change in the Constitution that required LBJ to do that, it just looks good politically.
> One of my past passwords was "iAmCh33seburger"; do you really think I think I'm a sandwich?
There is strong reason to believe you don't think you're a cheeseburger, despite the (weak) evidence that you have an interest in cheeseburgers. On the other hand, if through some strange set of circumstances your belief in your cheeseburgerness WERE at issue in a trial (something to do with insanity perhaps) the fact that you wrote "I am a cheeseburger" prior to the trial would be very weak evidence that you thought that. Not convincing evidence, probably, since also approximately nobody thinks they are a cheeseburger, but evidence nonetheless.
The point here is that the fifth doesn't say "compelled in any criminal case to be a BELIEVABLE witness against himself"; it says "a witness against himself". Whether or not the testimony is credible doesn't limit the fifth amendment.
If I put $100 on 28 on roulette wheel and the ball happened to land on 28, what did I lose? It just so happened that this particular gamble worked out this time. If you bought when it was $1300 (or bet on 23) you lost money. Some people won the gamble. It's still gambling, not investment.
> Newegg accepts bitcoin so I buy random items and resell them on eBay. So yeah I take a slight loss there along with fees but come on how is that not a sound plan?
When I do work, I like to make money, not lose money. If you're going to do the work resell things on eBay, a sound plan is to buy a box of 200 widgets for $200, then sell the widgets for $2.50 each. You more than double your money as you work, rather than losing money.
> > then *the password itself* would be testimony and therefore it seems it would be protected.
> No. "My password is 'I am guilty'" is not the same as saying "I am guilty." The first is mention, the second is use. Or put another way, the quotation marks matter.
You may notice there are no quotation marks in the password itself. Or put another way, quotation marks matter - you can't just insert them into my sentence without changing its meaning a bit.
*The password itself* is evidence that at the time they chose that password, the declarant either believed they were in fact guilty of possessing child porn or at very least, when creating the encrypted volume they had child porn in mind. So it's evidence in words, aka testimony. It would be admissable under Uniform Rule 63(1), Prior Inconsistent Statements. See also California v. Green, 399 U.S. 149 (1970).
On the other hand, adding quotation marks to get:
My password is "I'm guilty of child porn"
Is essentially the same as these alternative statements:
When I created the encrypted drive, I had child porn in mind.
I'm the type of sicko who chooses "I'm guilty of child porn" as his password.
Both of the above statements are evidence of the declarant's intent and state of mind around the time of the act. As evidence, spoken, they are testimonial.
If evidence is destroyed *after* it's been subpoenaed, that may be contempt of court, but more importantly it's tampering with evidence, if done with the expectation that a prosecution is likely.
Tampering with evidence generally has a lesser sentence than child porn, so one might argue it makes sense to take a tampering conviction if it prevents a CP conviction.
> I thought that it was already established by case law that you did not have to say anything to aid the prosecution in any way, that your right to remain silent was absolute in a criminal case?
The law is you don't have to *testify* against yourself. Testimony is spoken evidence.
Physical evidence can be compelled because it's not spoken.
Words which are not evidence can be compelled - for example your name is not evidence, so a defendant can be compelled to give their name. Knowing the name may certainly aid the investigation, but your name is not itself evidence of any crime. Because it's not evidence, it's not testimony. The fifth amendment refers to testimony.
So yeah you can be compelled to provide information which is not itself evidence, but does aid the investigation.
One recent case has been cited in even more recent cases regarding passwords. That case ruled that if it's not proven that the drive is yours, stating "the encryption password is foobar" would be effectively testifying that it *is* your drive. That would be protected by the fifth. However, if it's not disputed that the device belongs to the defendant, the password is not evidence and is therefore not protected by the fifth amendment, the court ruled.
As someone else posted here, if the password were "I admit I am guilty of ...", then the password itself would be testimony and therefore it seems it would be protected.