What crook will openly admit his major crimes if hiding them guarantees a job? The checks therefore have to performed by the employer by contacting the authorities. But Uber cares more about saving money than about the safety about its customers.
And the authorities care more about revenue collection than about actually ensuring the safety of the public, which is why background checks cost companies money to have performed.
What we still don't seem to have, is proof of any actual crimes.
Public outrage over morally questionable selfishness is pointless stupidity. Where is the crime? Where is the proof?
Actually, we have the proof. It's in the data dumps.
The actual actions involved are illegal tax shelters. These work for corporations because they are, in fact, legal. They also work for high net worth individuals, but only if they are willing to relocate their residence outside their home country for a period of time.
For the U.S., the magic number is ~191 days a year (indisputably, at least 51% of their time). For other countries, the numbers are different.
In all cases, however, the general rule is that you want to establish a legal tax shelter. And if you can't... well, some people *still* don't want to pay taxes, and instead establish illegal tax shelters.
The primary reason that there are not a lot of U.S. individuals on the disclosure list is that most of these schemes were shut down in the U.S. about a decade ago (closer to 2004/2005, so add a couple of years to that). Now it's the turn of the rest of the world.
Here's an example from 2004 for the U.S..
The way the scheme operates is to relocate a business and your primary legal residence to an economic development zone (EDZ), which saves you 90% (as an exemption) on your federal income tax, if you employ a certain number of people in a business. Only the rules were pretty lax, and a lot of people didn't meet the 190+ days a year requirement, because they tried to count actually living in the U.S. as "vacation time".
As part of the laxity of those rules, you didn't have to personally employ the people, instead you could buy into a co-op that employed that number of people (what they did or didn't do really didn't matter -- the rules were lax), buy a vacation home in the area, and live there as much as you could.
Now it should be noted that not every co-op was a tax shelter scam, and there were people who in fact met the 190+ day requirement, and owned businesses in the EDZ's, that employed the required number of people. In addition, a number of the co-ops that were being used as scam shelters, actually had these honest people involved in them as well -- both as protective covering, and because it was handy to have the co-op deal with the details of the paperwork.
One of these shelters was "Kapok" in the U.S. Virgin Islands, which were an EDZ at the time, and remained so for about a decade.
The point is that, just because there are good apples, doesn't mean that there are not also rotten apples, and it's pretty clear that this disclosure, even for those which are not engaged themselves in illegal activity, is going to rip the bandaid off what is, at least in areas, a festering wound.
P.S.: if you want to know about how to legally take advantage of a tax loophole opened by Prop 13in California, at the last minute, by the Kaiser Family Foundation, I can enlighten you on that as well, but be aware, you pretty much have to be a rather large property holder (like the KFF) to take reasonable advantage of it. There are also some pretty careful zoning hurdles you have to pass... but it's doable.
The CRISPR/Cas9 technique used in that article to inactivate PERVs was prematurely reported. Specifically, it's nearly impossible to come up with an edit sequence that does not match another edit sequence, since you are typically talking, at most, about 28 base pairs.
This tends to be a problem for large genomes, in that it typically hits multiple locations that have the same sequences, rather than just the target location. This was seen in the Chinese experiments on human embryos regarding Juvenile Huntington's and DMD (Duchesne Muscular Dystrophy).
At present, you have to therefore make the modifications in vitro, then grow colonies of cell, and then sort out the ones that have off-target CRISPR modifications. So far this technique has only been used experimentally for autologous transplants from farmed cells from an individual with a disease that the experimenter is attempting to cure.
So while this might work to grow "safe pigs" to use for transplant material, you'd pretty much have to grow them as embryos in vitro, place the ones with the desired characteristics in vivo, row them into pigs, and then continue to grow them until the organs you wanted to harvest were large enough to be viable for transplant.
Not to downplay the blood protein IgE reaction suppression: it's a pretty cool breakthrough, but using the organs for transplant into humans is quite a ways off (we are actually more likely to edit the histamine complex on c6 to ensure histocompatibility instead, first).
In general, if you are considering a xenotransplant at all, it's usually time critical enough that you are not going to be able to wait for the pig to grow to the necessary size.
One of the big problems with xeno-transplants from pigs is PERV (Porcine Endogenous RetroVirus).
We've treated a number of people with Parkinson's in the U.S. (many more in Russia, where the technique was pioneered) using fetal pig stem cells from the brains. However, we're typically worried about introducing the virus to the human genome, since it become part of the actual genome of the organism (hence "endogenous"). One of the requirements to participate in the clinical trials was an agreement to not have unprotected sex which might result in a pregnancy -- ever -- to keep it out of the human genome.
No. It's easily changed, and it doesn't fingerprint your machine in a non-repudiable way.
If a copy of "Steamboat Willy" gets out there , Disney wants to be able to trace it back to the person who paid for it, and then put it up on TorrentFreak do that they can send the Imperial Storm Troopers (Disney owns those now) over to your house and flog you for hundreds of thousands of dollars.
The point is to uniquely identify a machine so as to make the owner of the machine legally culpable.
Fuck that. I use it well enough to get by and everyone else can deal.
This just in... less agreeable people use language and grammar well enough, end expect everyone else to "just deal", because they are the most special snowflakes on Earth, and, hey, fuck everyone else.
1. It failed to maintain the ability to run 32 bit binaries on 64 bit systems
2. It failed to maintain a binary compatible runtime environment
3. It failed to maintain a uniquely identifiable machine ID; mostly, this was the deprecation of libhal, which was deprecated in 2008 https://lists.freedesktop.org/... and which is no longer supported
Yes, it's annoying that it requires the ability to uniquely identify your machine, just like the Adobe content management plugin for Flash needed to play Amazon and Google Play videos that are pulled down from those "stores" requires the same thing, to verify the CMS key on the back end server to permit decryption of the DRM'ed content.
Too bad, so sad: Their toys: play by their rules, or you can't play with their toys.
Getting laid helps propagate the species; being a tinfoil-hat-wearing shut-in does not. One of those choices leads to the continuation of the species; the other does not. Care to guess which is which?
That's just the heterosexuals, trampling all over the reproductive rights of everyone else. I blame them for only allowing the species to propagate by them getting laid.
17 U.S. Code 1201 (e) only applies if they did not crack the device before they had the contract with the FBI.
Since they demonstrated the technique to the FBI prior to the FBI contracting with them, according to news reports and statements by the FBI, including statements to the court by FBI representatives requesting a stay, it's pretty clear that the technique existed before the FBI engaged them as contractors.
While they may in fact be protected on the specific instance of the iPhone from San Bernardino, they are still liable under the act for having developed the technique prior to the contract.
If they wish to roll this in under blanket protection from another contract for previous work, or an ongoing contract for existing work in progress, they can... assuming they are willing to disclose sufficient details of the contracts in question for the court to make a determination that the prior contract(s) do in fact apply to the current case.
As they offered the breaking of the San Bernardino iPhone as a service for hire for the FBI, it's pretty clear that they intended to profit from the act of breaking into an iPhone (or more than one iPhone), and therefore the safe harbor provisions od 17 U.S. Code 1201 (g) *also* do not apply.
Have fun in court, in any case, given that the discovery process will require disclosure of the techniques in front of Apple experts to ensure that the techniques did not in fact constitute new and unique DMCA violations prior to the contract being issues/engaged.
Gotta love a case where the DMCA hoists the government on their own petard, particularly since the EFF has been trying unsuccessfully to get the anti-reverse engineering provision of the DMCA struct down for *literally years*.
Perhaps the next time the EFF goes to try and get the DMCA anti-reverse engineering provision struck down, the FBI will be willing to file an Amicus Curie Brief on behalf of the EFF's position?
Except there was a news story on the first day of problems, since it resulted in a delay and outage, and they specifically called out "voltage spike", before they murdered the second BART car by putting it on the same line.
In other words, they knew that the thyristor had blown.
Thinking the issue was transient accounts for car #2.
Nothing accounts for the other 98 thyristors except that they want new toys.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
The leading theory is: Desolder the memory chip, make an off line copy, then reattach the chip, try 10 unlock codes. If it scrambles the memory restore from back up and try next 10 unlock codes.
The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.
It's not that delicate. There's a Samsung engineer who was unlocking iPhones for $200 a pop with about an 95% success rate using a toaster oven for the reflow, back when there wasn't a software unlock.
Also, what I suggested in the first place. A variant of the technique would disable the flash write enable pin after it boots. That way/var/run/* is all happy, and the phone can't tell during boot.
The fix is to just try a write during pin entry, and read it back, and if it's not the same, iOS knows it's being gamed.
The fix for the fix is to provide write cache RAM in front of the flash, and *still* disable the WE pin going to the actual flash. The iOS thinks it's been written successfully, and can't see the hardware hack again.
The fix for the fix for the fix is maintain a boot count without the code being entered, since they have to allow writes until they disable them.
Eventually, we get to where we enter a couple of failed pass codes, and utilizing what's used to do the crypt reference, infer the hidden code. But then you are starting to talk a lot of hardware.
So you FedEx it to Chipworks in Canada, they top the secure enclave and the CPU for you, and you just operate on the flash image.
They need that many thyristors because there was a voltage spike that was killing them.
Rather than fix the voltage spike on that one small section, they took other cars from other areas of the system, and replaced the cards with the blown thyristors.
Which the unfixed voltage spike then killed up as well.
Rather than bus-bridge the impacted section, and actually figure out what the heck was going on with that small section that was making it cook thyristors in the cars, they... you guessed it! Threw *MORE* cars at the problem, and cooked even *MORE* of them.
Either someone is grossly incompetent, or someone really wants the taxpayers to buy them new toys, and they are perfectly willing to set fire to the old toys they no longer want in order to temper-tantrum their way into the new toys.
Meanwhile: quit being assholes and throwing more of your dwindling supply of cars at that section of track!
---
Moral of this story...
Patient: "Doctor, it hurts when I do 'this'!!!" Doctor: "Then don't do that."
Slashdot Mirror
If you want to assume everyone is likely to kill you then feel free to never leave the basement.
Sure, that's just what *they* want!
THEN they FLOOD the basement!
What crook will openly admit his major crimes if hiding them guarantees a job? The checks therefore have to performed by the employer by contacting the authorities. But Uber cares more about saving money than about the safety about its customers.
And the authorities care more about revenue collection than about actually ensuring the safety of the public, which is why background checks cost companies money to have performed.
"There is no such thing as zero risk."
On one hand, *if* there's no such thing as zero risk, don't advertise your service as being safe. Otherwise, there's awaiting a nice fine for you.
On the other hand, yes, there is such a thing as zero risk. I.e: once you are dead there is zero risk of you saying nonsenses anymore.
See what I did here?
I think there is probably zero risk of him understanding that comment as anything as smarmy...
What we still don't seem to have, is proof of any actual crimes.
Public outrage over morally questionable selfishness is pointless stupidity. Where is the crime? Where is the proof?
Actually, we have the proof. It's in the data dumps.
The actual actions involved are illegal tax shelters. These work for corporations because they are, in fact, legal. They also work for high net worth individuals, but only if they are willing to relocate their residence outside their home country for a period of time.
For the U.S., the magic number is ~191 days a year (indisputably, at least 51% of their time). For other countries, the numbers are different.
In all cases, however, the general rule is that you want to establish a legal tax shelter. And if you can't ... well, some people *still* don't want to pay taxes, and instead establish illegal tax shelters.
The primary reason that there are not a lot of U.S. individuals on the disclosure list is that most of these schemes were shut down in the U.S. about a decade ago (closer to 2004/2005, so add a couple of years to that). Now it's the turn of the rest of the world.
Here's an example from 2004 for the U.S..
The way the scheme operates is to relocate a business and your primary legal residence to an economic development zone (EDZ), which saves you 90% (as an exemption) on your federal income tax, if you employ a certain number of people in a business. Only the rules were pretty lax, and a lot of people didn't meet the 190+ days a year requirement, because they tried to count actually living in the U.S. as "vacation time".
As part of the laxity of those rules, you didn't have to personally employ the people, instead you could buy into a co-op that employed that number of people (what they did or didn't do really didn't matter -- the rules were lax), buy a vacation home in the area, and live there as much as you could.
Now it should be noted that not every co-op was a tax shelter scam, and there were people who in fact met the 190+ day requirement, and owned businesses in the EDZ's, that employed the required number of people. In addition, a number of the co-ops that were being used as scam shelters, actually had these honest people involved in them as well -- both as protective covering, and because it was handy to have the co-op deal with the details of the paperwork.
One of these shelters was "Kapok" in the U.S. Virgin Islands, which were an EDZ at the time, and remained so for about a decade.
The point is that, just because there are good apples, doesn't mean that there are not also rotten apples, and it's pretty clear that this disclosure, even for those which are not engaged themselves in illegal activity, is going to rip the bandaid off what is, at least in areas, a festering wound.
If you want to read more about Kapok, specifically, here's an article from 2004: http://amarillo.com/stories/20...
P.S.: if you want to know about how to legally take advantage of a tax loophole opened by Prop 13in California, at the last minute, by the Kaiser Family Foundation, I can enlighten you on that as well, but be aware, you pretty much have to be a rather large property holder (like the KFF) to take reasonable advantage of it. There are also some pretty careful zoning hurdles you have to pass ... but it's doable.
Biggest contributor to Panama breach:
People doing illegal things in the first place.
One of the big problems with xeno-transplants from pigs is PERV (Porcine Endogenous RetroVirus).
Already being solved
The CRISPR/Cas9 technique used in that article to inactivate PERVs was prematurely reported. Specifically, it's nearly impossible to come up with an edit sequence that does not match another edit sequence, since you are typically talking, at most, about 28 base pairs.
This tends to be a problem for large genomes, in that it typically hits multiple locations that have the same sequences, rather than just the target location. This was seen in the Chinese experiments on human embryos regarding Juvenile Huntington's and DMD (Duchesne Muscular Dystrophy).
At present, you have to therefore make the modifications in vitro, then grow colonies of cell, and then sort out the ones that have off-target CRISPR modifications. So far this technique has only been used experimentally for autologous transplants from farmed cells from an individual with a disease that the experimenter is attempting to cure.
So while this might work to grow "safe pigs" to use for transplant material, you'd pretty much have to grow them as embryos in vitro, place the ones with the desired characteristics in vivo, row them into pigs, and then continue to grow them until the organs you wanted to harvest were large enough to be viable for transplant.
Not to downplay the blood protein IgE reaction suppression: it's a pretty cool breakthrough, but using the organs for transplant into humans is quite a ways off (we are actually more likely to edit the histamine complex on c6 to ensure histocompatibility instead, first).
In general, if you are considering a xenotransplant at all, it's usually time critical enough that you are not going to be able to wait for the pig to grow to the necessary size.
Here I was all excited!
But reading the article, the headline is not correct: "Twitter To Give All New Parents 20 Weeks of Paid Leave"
Apparently, this only applies to Twitter employees, and not actually "All New Parents".
Great idea, if you never want to have kids.
One of the big problems with xeno-transplants from pigs is PERV (Porcine Endogenous RetroVirus).
We've treated a number of people with Parkinson's in the U.S. (many more in Russia, where the technique was pioneered) using fetal pig stem cells from the brains. However, we're typically worried about introducing the virus to the human genome, since it become part of the actual genome of the organism (hence "endogenous"). One of the requirements to participate in the clinical trials was an agreement to not have unprotected sex which might result in a pregnancy -- ever -- to keep it out of the human genome.
Does it run Linux?
The real question is does it run systemd.
The motion is quite jerky, it has an unexpectedly high latency, and it has bad English.
So I would tentatively say "yes".
3. Is /etc/machine-id not good enough?
No. It's easily changed, and it doesn't fingerprint your machine in a non-repudiable way.
If a copy of "Steamboat Willy" gets out there , Disney wants to be able to trace it back to the person who paid for it, and then put it up on TorrentFreak do that they can send the Imperial Storm Troopers (Disney owns those now) over to your house and flog you for hundreds of thousands of dollars.
The point is to uniquely identify a machine so as to make the owner of the machine legally culpable.
Big Five axiomatically assumes extraversion = healthy and introversion = pathological.
So, I call bullshit on this whole deal.
Sure, that's exactly what a pathological introvert *would* say, isn't it?
Fuck that. I use it well enough to get by and everyone else can deal.
This just in... less agreeable people use language and grammar well enough, end expect everyone else to "just deal", because they are the most special snowflakes on Earth, and, hey, fuck everyone else.
The issue isn't Skype, the issue is Linux.
Linux changed out from under it.
Linux failed in three ways:
1. It failed to maintain the ability to run 32 bit binaries on 64 bit systems
2. It failed to maintain a binary compatible runtime environment
3. It failed to maintain a uniquely identifiable machine ID; mostly, this was the deprecation of libhal, which was deprecated in 2008 https://lists.freedesktop.org/... and which is no longer supported
Yes, it's annoying that it requires the ability to uniquely identify your machine, just like the Adobe content management plugin for Flash needed to play Amazon and Google Play videos that are pulled down from those "stores" requires the same thing, to verify the CMS key on the back end server to permit decryption of the DRM'ed content.
Too bad, so sad: Their toys: play by their rules, or you can't play with their toys.
Getting laid helps propagate the species; being a tinfoil-hat-wearing shut-in does not. One of those choices leads to the continuation of the species; the other does not. Care to guess which is which?
That's just the heterosexuals, trampling all over the reproductive rights of everyone else. I blame them for only allowing the species to propagate by them getting laid.
Obviously the FBI should keep quiet.
That way they can hack the phones of government officials with impunity.
Dark == no DNS entries
Quit charging for DNS hosting and domain names, and the majority of this problem evaporates over night.
You're the idiot:
17 U.S. Code 1201 (e) only applies if they did not crack the device before they had the contract with the FBI.
Since they demonstrated the technique to the FBI prior to the FBI contracting with them, according to news reports and statements by the FBI, including statements to the court by FBI representatives requesting a stay, it's pretty clear that the technique existed before the FBI engaged them as contractors.
While they may in fact be protected on the specific instance of the iPhone from San Bernardino, they are still liable under the act for having developed the technique prior to the contract.
If they wish to roll this in under blanket protection from another contract for previous work, or an ongoing contract for existing work in progress, they can... assuming they are willing to disclose sufficient details of the contracts in question for the court to make a determination that the prior contract(s) do in fact apply to the current case.
As they offered the breaking of the San Bernardino iPhone as a service for hire for the FBI, it's pretty clear that they intended to profit from the act of breaking into an iPhone (or more than one iPhone), and therefore the safe harbor provisions od 17 U.S. Code 1201 (g) *also* do not apply.
Have fun in court, in any case, given that the discovery process will require disclosure of the techniques in front of Apple experts to ensure that the techniques did not in fact constitute new and unique DMCA violations prior to the contract being issues/engaged.
Gotta love a case where the DMCA hoists the government on their own petard, particularly since the EFF has been trying unsuccessfully to get the anti-reverse engineering provision of the DMCA struct down for *literally years*.
Perhaps the next time the EFF goes to try and get the DMCA anti-reverse engineering provision struck down, the FBI will be willing to file an Amicus Curie Brief on behalf of the EFF's position?
May I perhaps suggest... a 2230 E Rocket Launch Controller?
Cellebrite is an Israeli company and Israel is not bound by DMCA requirements.
They are if they want to do business in the U.S..
Except there was a news story on the first day of problems, since it resulted in a delay and outage, and they specifically called out "voltage spike", before they murdered the second BART car by putting it on the same line.
In other words, they knew that the thyristor had blown.
Thinking the issue was transient accounts for car #2.
Nothing accounts for the other 98 thyristors except that they want new toys.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
The leading theory is: Desolder the memory chip, make an off line copy, then reattach the chip, try 10 unlock codes. If it scrambles the memory restore from back up and try next 10 unlock codes.
The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.
It's not that delicate. There's a Samsung engineer who was unlocking iPhones for $200 a pop with about an 95% success rate using a toaster oven for the reflow, back when there wasn't a software unlock.
Also, what I suggested in the first place. A variant of the technique would disable the flash write enable pin after it boots. That way /var/run/* is all happy, and the phone can't tell during boot.
The fix is to just try a write during pin entry, and read it back, and if it's not the same, iOS knows it's being gamed.
The fix for the fix is to provide write cache RAM in front of the flash, and *still* disable the WE pin going to the actual flash. The iOS thinks it's been written successfully, and can't see the hardware hack again.
The fix for the fix for the fix is maintain a boot count without the code being entered, since they have to allow writes until they disable them.
Eventually, we get to where we enter a couple of failed pass codes, and utilizing what's used to do the crypt reference, infer the hidden code. But then you are starting to talk a lot of hardware.
So you FedEx it to Chipworks in Canada, they top the secure enclave and the CPU for you, and you just operate on the flash image.
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
Sounds like it's a lot cheaper to boast about your platform instead of paying bug bounties, doesn't it?
They need that many thyristors because there was a voltage spike that was killing them.
Rather than fix the voltage spike on that one small section, they took other cars from other areas of the system, and replaced the cards with the blown thyristors.
Which the unfixed voltage spike then killed up as well.
Rather than bus-bridge the impacted section, and actually figure out what the heck was going on with that small section that was making it cook thyristors in the cars, they ... you guessed it! Threw *MORE* cars at the problem, and cooked even *MORE* of them.
Either someone is grossly incompetent, or someone really wants the taxpayers to buy them new toys, and they are perfectly willing to set fire to the old toys they no longer want in order to temper-tantrum their way into the new toys.
Meanwhile: quit being assholes and throwing more of your dwindling supply of cars at that section of track!
---
Moral of this story...
Patient: "Doctor, it hurts when I do 'this'!!!"
Doctor: "Then don't do that."
No, they're intentionally - and rightly, in my opinion - ignoring it to focus on the lie before them.
I'm pretty sure what's lies in front of them, without indoor plumbing.