In any technical field, conferences are the "Training" component for the more experienced, just as classes/CBT are for the less experienced. "When you stop learning, you start dying".
A bigger problem is "bean-counteritis", an endemic loss of vision and courage in management position-holders. Entrepreneurialism and indeed all capitalism is based on taking selected risks. If you only bet on documented sure things, poor returns are guaranteed.
Yep. Do you have any idea how big a 100+A relay is? (~1 cm contacts) The cooling? And you'd need a duplex for std N.American service (230V hot-hotinv). Look at a 50A AC relay. Smaller & fewer for UK/EU. But meters are buss-bar straddle devices. You have to physically pull the meter out of it's socket to cut power.
Now a malefactor certainly could interfere with the power usage signals, and potentially confuse higher (optimizing) layers of the grid load-balancing system. Even that should not result in a brownout, let alone a blackout.
This story is prehistoric, overbooking has been an algorithmically optimised practice by the airlines for at least 40 years. No recent news, but in 2011 the US increased the legally-mandated compensation for "involuntary denied boarding compensation" in 14 CFR 250.5 .
The loophole is the airlines try to get their victims to agree to substantially less, mostly by never giving the written notice they're required to, or by obfuscating it. Go google/duckduckgo it.
This device is the very essence of cracking, unauthorized access to a computer system, namely the targetted cellphone and others in the vacinity. A violation of 13 USC 1030. It is testimony to the corruption of our legal system that the perpetrators, so-called Law Enforcement Officers, are so brazen as to use these devices openly without fear of prosecution.
Doh! Accessing a computer without the owners permission is a felony under 18 USC 1030 . Even if the vendors did not access/test their botnet, they are accessories-before-the-fact. DDoS on open, public ports may or may not be covered as contrary to 18 USC 1030 , however accessing all the little 'bots most certainly is.
That's why I said _explicit_ consent. I meant separate annual contract, with separate consideration, not part of any other contract. And "cross readable" would still be personally identifiable...
What if it were legislated/court ruled that an individual has a copyright interest in any and all data that is personally identifiable? Certainly a company recorded it, but _MY_ click created it. They of course can use it as necessarily intended (implied consent), but cannot copy and send it anywhere else without explicit (annual?) consent. Database holders might have the right to strip personal identifiers and average data from users (min 12?) then use the aggregates as they wish.
There are many problems with copyright enforcement, two of which is the disproportionate size of litigants and low cost of making a false complaint. There ought to be some liquidated damages like US$1000/day-blocked per 3Mbps in the event of an unsupported/unproven finding. Modest for the complainer, but sufficient to encourage vigorous defense and hence very careful prosecution.
Yes, hammers look like stupid overkill. But people die in flash floods, often of underpasses. How? If the car stalls out because the water is deeper than expected, you or weaker family members will not be able to open the doors due to water pressure. If you don't get the windows open (due to hard rain?) before the power to them dies, you will have to break windows or drown. Nasty progressive trap.
At some point, anyone bent on malicious programming _wants_ to be detected -- when the payload does whatever malice intended. Before then, it wants to hide. Loadable kernel modules are a good way to hide, but not perfect. It might be detected by network activity (gotta love those lights) or power consumption (machine not sleeping). Both AFAIK still major detection mechanisms for all intrustions.
But LKM are a known security risk, and can be turned off in Linux. Easy with known hardware. At one time OpenBSD did not allow LKM.
Well, this should depend on whether Parlement authorised the Brexit referendum. If they did, then they ought to abide by the result. That is the implication of making such a choice public.
If the Parlement at Westminster did not pass a bill for Brexit and HM govt held Brexit on its' own, then Parlement _has_ been bypassed, and has a legitimate concern.
Why make this offer? Just for publicity? Or could it be that many people have trouble upgrading and MS needs to counter the chatter by giving the press something? I've never heard of such an offer before.
Can you not recognize a trial balloon? More common in the UK, where someone less senior (_NOT_ the big cheese) throws out details for an established theme to see reaction. Easily deniable if excessively opposed, easily co-opted if insufficiently opposed. Look for a payoff as an Ambassadorship or Cabinet post.
As for legality, please show me the Feds care. They certainly did not when Senator Joe McCarthy abused subpoena power. Both before and since, the Feds have lawyers who will argue that zero is one.
While entrenched in British Common Law, the very notion of "soverreign immunity" is completely contradictory with the founding principles of the United States. The idea was whatever powers (sovereigns) were subject to limitations.
To now claim "sovereign immunity" is merely a complete about-face, and very likely corrupt.
I'm of two minds: on the one hand, HRC clearly violated Federal Law. Nevermind that the law is stupid (overspecific) and capriciously enforced (how tough is it to write a flagging filter for classification strings [NOFORINT] and non.gov addr?)
On the other, HRC could easily have been disgusted by the electronic tools imposed upon her, and worked around. If State's email servers are anything like the corp.servers I've seen, who could blame her for wanting more reliable and secure? Or do whe have a.gov netadmin who can say their servers are faultless? The geek in me says "BRAVO"!
Otherwise, the notion of secure email without e2e tools like PGP is a delusion. Sure, officials have to turn over offical papers, but afterwards -- they never had to cc'in some central office.
Sure, like everything else from the UNO this will be more honored in the breech than the observance. Don't you think the bureaucrats and diplomats know this? But if they say nothing, then by implication, depriving access becomes legitimate government policy.
What really happens is the depriving internet access becomes more grounds for sanctions and other measures that are desired for other reasons.
Please tell me how to distinguish this "bad Flash" info from Fear, Uncertainty and Doubt (FUD) disinformation from HTML5 advocates? Patching will inevitably be, well, patchy. So the only safe course seems to be elimination.
Have there really been statistically significant exploitation measured? If so, why haven't websites banned it themselves?
Certainly I understand the patrons can do little. The police, especially SWAT ought to be slightly more courageous. At least, they ought not be drunk. Of course assessment needs to be done, but continued fire and wounded victims indicates urgency. I would expect multiple-point breech (rip firedoors off) in about one hour.
While these are certainly the actions of a depraved individual, what do you call the 3 hour delay between first shots (at police) and last shots (by SWAT)? All the while victims were bleeding out (past Golden Hour) and shooting continued.
To me, the delay looks like egregious cowardice, depraved indifference or worse (false flag amplification).
Agreed. Even if the phone is secure (does not flash SMS when locked), the channel is not -- SMS are unencrypted. Even challenge / response is subject to intercept & replay / frontrunning if without a passwd.
Users should be able to choose their own level of security to match their individual situations (consequences). With just one provider-imposed level, the same compromises between security and useability have to be selected and imposed on all users.
For instance, a user could choose to set security very lax (pwd over phone) if they have little to protect and value convenience. Someone with something to worry about might set security very tight (long/rand pwds, resets only in meatspace with two forms of ID).
I was shocked when I saw how much CPU scripts take on many websites. Even an 3 GHz i5 can get 75% loaded. Small wonder the little tablet ARMs get overwhelmed. Also seriously missing is [mini/micro] HDMI output on nearly all.
I'm surprised lawyers aren't all over this. Granting anyone else access to your FaceBook, InstaGram, or worse, SlashDot account login information is against the Terms-of-Service, as is using it in an insecure way (known hazardous friends). FB lawyers actually have a cause-of-action as someone is inducing their customers to break their contracts.
No different from employers, landlords could easily face discrimination lawsuits. But more likely to fear FB who can marshall endless legions of lawyers. I'm somewhat surprised they have not to protect their userbase and reputation.
Thank you for the data. I believe it near-static IPs are also common in the US. But not for workplace computers, hotels or other hotspots. The idea is not to have absolute anonymity -- that can be abused. But tracing logs is work that would only be done for "cause". Harvesting MACs (via router unimplimented Privacy Extentions) is too easy, and would lead to automated commercial dragnets. Rather as the "Do Not Track" request is implemented as "Market with increased subtlety".
Slashdot Mirror
A bigger problem is "bean-counteritis", an endemic loss of vision and courage in management position-holders. Entrepreneurialism and indeed all capitalism is based on taking selected risks. If you only bet on documented sure things, poor returns are guaranteed.
Yep. Do you have any idea how big a 100+A relay is? (~1 cm contacts) The cooling? And you'd need a duplex for std N.American service (230V hot-hotinv). Look at a 50A AC relay. Smaller & fewer for UK/EU. But meters are buss-bar straddle devices. You have to physically pull the meter out of it's socket to cut power.
Now a malefactor certainly could interfere with the power usage signals, and potentially confuse higher (optimizing) layers of the grid load-balancing system. Even that should not result in a brownout, let alone a blackout.
This story is prehistoric, overbooking has been an algorithmically optimised practice by the airlines for at least 40 years. No recent news, but in 2011 the US increased the legally-mandated compensation for "involuntary denied boarding compensation" in 14 CFR 250.5 .
The loophole is the airlines try to get their victims to agree to substantially less, mostly by never giving the written notice they're required to, or by obfuscating it. Go google/duckduckgo it.
This device is the very essence of cracking, unauthorized access to a computer system, namely the targetted cellphone and others in the vacinity. A violation of 13 USC 1030. It is testimony to the corruption of our legal system that the perpetrators, so-called Law Enforcement Officers, are so brazen as to use these devices openly without fear of prosecution.
Doh! Accessing a computer without the owners permission is a felony under 18 USC 1030 . Even if the vendors did not access/test their botnet, they are accessories-before-the-fact. DDoS on open, public ports may or may not be covered as contrary to 18 USC 1030 , however accessing all the little 'bots most certainly is.
That's why I said _explicit_ consent. I meant separate annual contract, with separate consideration, not part of any other contract. And "cross readable" would still be personally identifiable ...
What if it were legislated/court ruled that an individual has a copyright interest in any and all data that is personally identifiable? Certainly a company recorded it, but _MY_ click created it. They of course can use it as necessarily intended (implied consent), but cannot copy and send it anywhere else without explicit (annual?) consent. Database holders might have the right to strip personal identifiers and average data from users (min 12?) then use the aggregates as they wish.
There are many problems with copyright enforcement, two of which is the disproportionate size of litigants and low cost of making a false complaint. There ought to be some liquidated damages like US$1000/day-blocked per 3Mbps in the event of an unsupported/unproven finding. Modest for the complainer, but sufficient to encourage vigorous defense and hence very careful prosecution.
Yes, hammers look like stupid overkill. But people die in flash floods, often of underpasses. How? If the car stalls out because the water is deeper than expected, you or weaker family members will not be able to open the doors due to water pressure. If you don't get the windows open (due to hard rain?) before the power to them dies, you will have to break windows or drown. Nasty progressive trap.
At some point, anyone bent on malicious programming _wants_ to be detected -- when the payload does whatever malice intended. Before then, it wants to hide. Loadable kernel modules are a good way to hide, but not perfect. It might be detected by network activity (gotta love those lights) or power consumption (machine not sleeping). Both AFAIK still major detection mechanisms for all intrustions.
But LKM are a known security risk, and can be turned off in Linux. Easy with known hardware. At one time OpenBSD did not allow LKM.
Well, this should depend on whether Parlement authorised the Brexit referendum. If they did, then they ought to abide by the result. That is the implication of making such a choice public.
If the Parlement at Westminster did not pass a bill for Brexit and HM govt held Brexit on its' own, then Parlement _has_ been bypassed, and has a legitimate concern.
Why make this offer? Just for publicity? Or could it be that many people have trouble upgrading and MS needs to counter the chatter by giving the press something? I've never heard of such an offer before.
Can you not recognize a trial balloon? More common in the UK, where someone less senior (_NOT_ the big cheese) throws out details for an established theme to see reaction. Easily deniable if excessively opposed, easily co-opted if insufficiently opposed. Look for a payoff as an Ambassadorship or Cabinet post.
As for legality, please show me the Feds care. They certainly did not when Senator Joe McCarthy abused subpoena power. Both before and since, the Feds have lawyers who will argue that zero is one.
While entrenched in British Common Law, the very notion of "soverreign immunity" is completely contradictory with the founding principles of the United States. The idea was whatever powers (sovereigns) were subject to limitations.
To now claim "sovereign immunity" is merely a complete about-face, and very likely corrupt.
I'm of two minds: on the one hand, HRC clearly violated Federal Law. Nevermind that the law is stupid (overspecific) and capriciously enforced (how tough is it to write a flagging filter for classification strings [NOFORINT] and non.gov addr?)
On the other, HRC could easily have been disgusted by the electronic tools imposed upon her, and worked around. If State's email servers are anything like the corp.servers I've seen, who could blame her for wanting more reliable and secure? Or do whe have a .gov netadmin who can say their servers are faultless? The geek in me says "BRAVO"!
Otherwise, the notion of secure email without e2e tools like PGP is a delusion. Sure, officials have to turn over offical papers, but afterwards -- they never had to cc'in some central office.
Sure, like everything else from the UNO this will be more honored in the breech than the observance. Don't you think the bureaucrats and diplomats know this? But if they say nothing, then by implication, depriving access becomes legitimate government policy.
What really happens is the depriving internet access becomes more grounds for sanctions and other measures that are desired for other reasons.
Please tell me how to distinguish this "bad Flash" info from Fear, Uncertainty and Doubt (FUD) disinformation from HTML5 advocates? Patching will inevitably be, well, patchy. So the only safe course seems to be elimination.
Have there really been statistically significant exploitation measured? If so, why haven't websites banned it themselves?
Certainly I understand the patrons can do little. The police, especially SWAT ought to be slightly more courageous. At least, they ought not be drunk. Of course assessment needs to be done, but continued fire and wounded victims indicates urgency. I would expect multiple-point breech (rip firedoors off) in about one hour.
While these are certainly the actions of a depraved individual, what do you call the 3 hour delay between first shots (at police) and last shots (by SWAT)? All the while victims were bleeding out (past Golden Hour) and shooting continued.
To me, the delay looks like egregious cowardice, depraved indifference or worse (false flag amplification).
Agreed. Even if the phone is secure (does not flash SMS when locked), the channel is not -- SMS are unencrypted. Even challenge / response is subject to intercept & replay / frontrunning if without a passwd.
z/70 is nouveau :)
Users should be able to choose their own level of security to match their individual situations (consequences). With just one provider-imposed level, the same compromises between security and useability have to be selected and imposed on all users.
For instance, a user could choose to set security very lax (pwd over phone) if they have little to protect and value convenience. Someone with something to worry about might set security very tight (long/rand pwds, resets only in meatspace with two forms of ID).
I was shocked when I saw how much CPU scripts take on many websites. Even an 3 GHz i5 can get 75% loaded. Small wonder the little tablet ARMs get overwhelmed. Also seriously missing is [mini/micro] HDMI output on nearly all.
I'm surprised lawyers aren't all over this. Granting anyone else access to your FaceBook, InstaGram, or worse, SlashDot account login information is against the Terms-of-Service, as is using it in an insecure way (known hazardous friends). FB lawyers actually have a cause-of-action as someone is inducing their customers to break their contracts.
No different from employers, landlords could easily face discrimination lawsuits. But more likely to fear FB who can marshall endless legions of lawyers. I'm somewhat surprised they have not to protect their userbase and reputation.
Thank you for the data. I believe it near-static IPs are also common in the US. But not for workplace computers, hotels or other hotspots. The idea is not to have absolute anonymity -- that can be abused. But tracing logs is work that would only be done for "cause". Harvesting MACs (via router unimplimented Privacy Extentions) is too easy, and would lead to automated commercial dragnets. Rather as the "Do Not Track" request is implemented as "Market with increased subtlety".