Except that fewer and fewer people will actually drive their own cars, they'll just subscribe to a car service.
Many people drive despite the difficulties involved in finding parking and the costs because they either need or simply enjoy the convenience. Many people don't take public transportation because it is inconvenient, and one of the big inconveniences is having to wait at a bus stop, sometimes for half an hour or more. (Our city bus system has some routes that are once an hour.) So no, waiting for your own car to show up, or waiting for the car service car to show up, are inconveniences which some people avoid by driving. That won't change in the brave new world of cars that are smarter than people.
Owning your own car will become like owning your own light plane - something a few enthusiasts enjoy.
You don't understand the GA marketplace, then. It's not just "a few enthusiasts" who use and own them. For some people they are a convenience -- just like having a car. For some people, they are a necessity. Yes, for some they are just a toy, but writing the entire fleet off as "a few enthusiasts" is silly.
As long as the car parks close enough that it can get to you within a few minutes, what's the problem?
"Off-street buffer lots" are what we call, today, parking lots, using that kind of definition. To replace the on-street parking, there will have to be a lot more of them, and where do you get the space? From further away from the city. My point still stands, people will just love standing around on the sidewalk waiting for their cars to come back from "resting".
And if you're not going to be there that long, just have the car drop you off and circle the block.
Sometimes you don't know how long you are going to be there, sometimes you think it will be "not that long" and you find out it will be an hour. If there is a "circle the block" option, then you'll create an endless parade of empty cars circling the block, creating traffic issues, and delaying those "few minutes" away resting cars from getting back.
As for handicapped people; there's no need for the *car* to park to help them.
Why no, of course not. Just stop in the middle of the street and vomit forth the paraplegic and his wheelchair and let him get to the curb on his own. And have the arthritic people standing on the curb for half an hour waiting for their cars to come back...
I sense a lack of compassion here. Is your desire for a neat and tidy autonomous future that strong?
Same for deliveries, unless substantial unloading time is required, in which case the delivery vehicle will need a loading dock or other unloading zone, same as now.
So a parcel delivery man needs a special parking place ("loading zone") so he can go up thirty floors to deliver his package? And it's not "parking" when he leaves the vehicle, even though it meets all the legal definitions of parking? It's now some magical "unloading space" instead of "parking space"?
Sorry. Your optimism over the death of parking in the city is not justified. Even before the age of the automobile, there were "parking spaces" for horses on-street. Not everyone took their trusty steeds to the stable, and they certainly didn't allow them to "autonomously" wander around until called.
Autonomous cars will 'rest' in off-street buffer lots and maintenance warehouses, and it will be No Parking forever citywide.
Yeah, because everyone who drives will be perfectly happy waiting half an hour for their car to return from "resting" before they can do something somewhere else.
No, there will never be "no parking citywide", because too many people need to park where they go. Not just delivery people who park while delivering things, but handicapped people.
If you start from scratch, you are bound to make many of the same mistakes the original developers made.
Where better to make those mistakes than in your own attempt at duplicating a library? You learn from those. That's why rewriting a library can be a very good learning experience.
Rewriting such a project should therefore, within reason, be avoided if at all possible -
Like I said, rewriting a library doesn't mean trying to produce a new, production version of a library, it means writing your own version. Even if you never use it for your own projects.
- once you actually start with it, you really don't know where it will take you.
It will most likely take you to a place of better understanding of the programming language you think you know, and a much better understanding of the kinds of things that library writers have to consider. Isn't that a good thing?
And NONE of this has anything to do with the claim that many people think it is prohibited. Where did that nonsense come from? Who is telling people that it is prohibited to write your own libraries, or to rewrite existing ones?
The best assembly language to learn the basics of optimization was the Cyber 6500 system. It had 60-bit words, and 15, 30, and 60 bit instructions. A 15, 30, 30 sequence would waste at least 15 bits since the second thirty could not occupy the remaining 15 bits of the first word. A sequence of 15, 60, 15, 60... would waste 45 bits for each pair.
And knowing assembly is really good for helping to learn languages like C. I learned 68000 assembly language while learning C -- I would write some C and have the compiler dump the assembly, and then I could compare what I thought the C should do with what it actually did at the machine level.
Don't spend time solving problems others have already solved.
First, it is a great learning experience to rewrite a library or parts of it. If you have the source you can compare what you did and what kinds of error checking etc. you didn't think of. Even without the source, getting what you write to reproduce the results is good practice at reverse engineering.
But second, how does this in any way relate to the idea that rewriting a library is PROHIBITED? It doesn't. Larry Wall's (and the general perl idea of not recreating the wheel when it isn't necessary) isn't a prohibition. And I hate to tell you, there are many CPAN modules that could use rewriting. In any case, writing your code and comparing it to "the experts" is a good learning experience.
If a library is getting long in the tooth or has some functionality that is still relevant but a lot of legacy baggage that is obsolete then a rewrite is not necessarily a bad thing.
Rewriting a library doesn't mean trying to create a replacement production version of what already exists. It means learning the concepts of, say, numerical conversion and writing your own version of printf or scanf.
So I have had a replaced lockscreen on my HTC One (M7) for a few months now.
HTC's lockscreen is bad enough as it is. It has an ugly clock that you cannot configure, move, or remove. And it is telling me that "weather unavailable", which means that it would normally try to reach across the net to find the local weather, were the location services not turned off. You can't configure or remove the weather, either.
Further, it has four apps at the bottom that, if you miss the small center bit while "swiping up", become active should you enter the unlock code. You can't change those apps or get rid of them without changing or removing them from the bottom task bar altogether.
And the kicker is that if you "swipe up" to get to the unlock code entry, you can then "swipe down" to pull down the notification area menus -- which allows you to turn all kinds of things on and off (like the hotspot) without unlocking the phone.
Maybe I should update my ES so I get a better lockscreen?
It doesn't matter. He wasn't keeping anyone from breaking in when he was busy using the login credentials he obtained. Whether or not his reporting the vulnerability of the SQL injection attack resulted in it being fixed -- three months after he found it, wasn't it? -- his use of the passwords he got to wander around didn't fix anything.
SQL injections are common and easy to find, someone else finding and using it is inevitable it is simply a question of when.
Use simple words. How did his use of the election supervisor's login and password to access other, secure areas of the system prevent anyone from using the SQL injection flaw?
Most likely he was discovering if they were valid credentials
Yes, he was having fun rummaging through things he shouldn't have access to. He didn't need to find out if the credentials were valid. Using those credentials wasn't a vulnerability he was testing, it was simple unauthorized access. All he had to do was report the SQL issue and say "one of the things I got was a login X with password Y. The election supervisor can verify the validity without him breaking in.
As for using the credentials he obviously didn't do anything harmful with them if he reported it.
Now you are making bold assumptions. He could have done quite a bit of damage (downloading private data, e.g.) and then reported it. It was three months, after all.
He crossed a line but the question is if the damage he caused by doing so outweighs the damage that would be caused by a malicious attacker crossing that line.
You're stretching things really really thin trying to excuse his violation of the law, here. No, the damage is irrelevant.
Oh, please. He was getting login credentials for the election supervisor. Those weren't a vulnerability, it was the SQL injection, that he was already using. He knew the scope. He went one step too far.
... and any vulnerability found is reported it should not be illegal.
"I was able to use the election supervisor's username and password to log into restricted areas of a website" is not a vulnerability. He wasn't "finding a vulnerability" at that point, he was exploiting it.
Reporting that "I was able to use an SQL injection attack on this web page and got the system to do something that wasn't intended" is finding a vulnerability, but he didn't stop there. He didn't need to actually use the credentials he obtained using that attack vector to report the problem or prove that it existed.
I'm having trouble even knowing where to start with someone who thinks that robbing from the rich and giving to the poor is in any way analogous to a security researcher reporting a flaw they discovered.
It isn't. But "breaking the law" is analogous to using a website flaw to gather login credentials and then using those credentials to access other, properly protected material. From TFA:
"Levin then went a step further and used the Lee County supervisor's username and password to gain access to other password protected areas."
First off, if what he did is illegal under the current law (which has yet to be decided in court),
When someone says "he broke the law" in common language, it means "I believe there is evidence to support the claim he broke the law." And here, there is. Unauthorized use of computing systems is a crime. He knew his access was unauthorized because he had to use credentials that he got from breaking into a website.
So, while criminal liability and determination of guilt under the legal system has to await a court's decision, it is fair to say "he broke the law" in normal discussion.
then the law should be repealed and the jury should vote for nullification.
So you'd be happy if someone shoulder-surfed your login and then used that to look through all your files? The law against unauthorized computer access deals with that; it should be repealed or nullified you say.
Second, unlike your "rob from the rich to give to the poor" analogy, what he actually did was the equivalent of walking through a gigantic hole into a bank's vault,
Nope. He had to log in using credentials he got by picking the lock on a vault door.
left the money alone,
Again, nope. He used the credentials he obtained after picking the lock on the vault door to open a few other properly secured doors. That's not leaving the money alone, that's using the money he found.
And it doesn't take a conspiracy to recognize that it would only take a phone call from the election officer to the D.A. to get this guy charged, since he posted a video of something that on its face would appear to be illegal...
Yes. Why is this a bad thing? Should election officials not be allowed to report illegal activities they see in a video posted publicly?
..if you didn't apply any common sense at all.
The failure of common sense occurred when the white hat hacker didn't immediately report the problem to the relevant authorities, but instead "went a step further and used the Lee County supervisor's username and password to gain access to other password protected areas."
The problem with the website was the ability to perform an SQL injection attack. It was a violation of law to then use the credentials to wander around other password protected areas. But see, the summary doesn't talk about the latter problem, it claims he was arrested for reporting the SQL issue. You have to read TFA to find out what actually happened, because a headline that says "hacker arrested for using stolen credentials to access elections computer" isn't sexy enough a headline for this forum.
The door was locked, but the lock was pickable by inserting the correct jiggle pick. (I.e., using an SQL injection attack.) Then, when you got the door open, you went downstairs and rummaged through the sealed boxes. I.e., used the election official's login credentials to gain access to other parts of the house.
One of the people who've come into your open house opens that door, stumbles on the step in the dark,
There was nobody else involved, no "injured visitor" here. There was a visitor who picked the lock and then rummaged through other people's stuff, before he told the owner of the house that his lock was pickable.
His actions prevented future defrauding of the people which is a far greater crime than unauthorized systems access.
How did his rifling through the parts of the network that he got access to by using the election official's login credentials stop anyone else from doing the same thing? Answer: it didn't.
That's even IF you assume that his reporting the SQL injection hole stopped anyone else from using it, and it didn't. But he wasn't charged because he reported the hole, despite the clickbait headline, he was charged because he used the credentials he uncovered by using that hole.
No. The guy walking into the bank did so innocently, not in a way deliberately trying to bypass any security. Further, when he found nobody there, he called to report it. He didn't start rifling through the manager's desk looking for interesting stuff, and didn't try opening the safe to access any money.
The main difference is intent, and the secondary difference is what happened once access was gained.
You find one that's open. A few days later you see that neighbor and tell them "oh, by the way your bedroom window is unlocked."
"And to prove it, I reached in and took a pair of your wife's panties. Here they are..." Or "I reached in and took the keys laying on top of your dresser and then looked through the trunk of your car. You've also got a flat spare."
To make the analogy fit, the window would have had to been accessible from a public space, like next to the sidewalk. Even so, trying it would have been breaking and entering. But if you start with "I saw it was ajar..." you're closer.
nor that he did anything more than his civic duty after discovering a vulnerability.
How is it his "civic duty" to use the login credentials he obtained by hacking into a website to access other secure areas of the system? Is there any surprise that the login credentials of the election supervisor can actually be used to log into other parts of the network, and is this really a bug in the system?
Had he stopped at the SQL injection attack and reported that, we could argue about whether that was criminal in itself. But by stepping over the line and using the credentials he nullified the argument in his favor.
It is very much like leaving a ballot box unguarded and unlocked at a polling place, and then arresting the person who lifts up the lid and says "hey, someone left this unlocked!"
It is trivial to detect an unlocked ballot box. It has no lock on it! You don't need to open it up to know that. And unguarded likewise, does not require opening it up to demonstrate.
In this case, knowing that an SQL injection attack can get the elections supervisor login credentials may take an actual SQL injection attack. But it doesn't take any deep insight to know that having the supervisor's credentials will give someone access to other parts of the system, which is what this guy proceeded to do after the attack. THAT'S what makes this more than just "basic pen testing".
In your ballot box analogy, it would be like noticing an unlocked/unguarded ballot box, opening the top to demonstrate that fact, and then rifling through the ballots to see how people voted. It's that last step that goes over the line.
In a worse case, this could have been done easily by a random tech guy barely out of high school, a malicious government, a ransomware operator, or anyone who wanted to steal the election.
I'm sorry, but how does there being a number of people who could have broken the law mean the law should be ignored?
"It's a lot like Siri but it understands more complex questions and it can interact with third party applications.".
With a more open interface, are we sure that "interaction" won't be along the lines of "I see you want to buy that book from Barnes and Noble, but wouldn't you rather buy it from Amazon?" Or "I see you're asking about how to cook flank steak, but Trader Joes has a special on tofu and it's better for you..."
One image format would have the possibly to "include" contents that is to be downloaded from someplace else.
Another example of overloading a simple function with unnecessary wide-scope actions. Why should an image processing program need to use wget to do anything?
But if it did that, there'd be no point of using an image processing tool at all,
Sounds like they're not using an image processing tool, they're using a command shell that happens to understand image formats.
Already the corporations have shifted all of their tax burden to the individuals.
FTFY. Who do you think really pays the taxes on corporate profits? The customers, of course, Taxes are a cost of doing business, and they get passed on just like the cost of electricity or labor.
The only glitch is, current law taxes the profits only when they are brought into the USA.
Why should the US get a tax bite out of profits made outside the US?
1. The rich don't pay their 'fair share' of taxes because they have ways to hide their money (offshore accounts, shell corporations, etc).
Yeah, they're so good at hiding their money that they already pay the majority of the income taxes -- in a highly disproportionate amount. I'd say that when 5% of the people pay 57% of the taxes, that's too much and well above fair.
2. Do you even listen to/watch/read the news? In many places homelessness itself is literally treated like a criminal act,
Yes, and that is not true.
3. You keep saying it's a 'local problem' but it's ALL OVER THE UNITED STATES, it's time for it to be handled on a NATIONAL LEVEL, you nitwit!
Thanks for the gratuitous insult. Just because it happens in a lot of places doesn't mean the solution has to be national in scope. The best, and correct, solutions come from the local level.
4. You keep acting like people with money are 'handling' the homelessness problem;
Oh stop it. You're putting words in my mouth. I never said anything like that.
then how come charity organizations keep hounding working people for their money to 'combat homelessness'?
Because charities ask people for money all the time. Sheesh. It's not a conspiracy of the rich to get charities to do what charities are supposed to do.
Clearly people with millions (or BILLIONS) of dollars need to ante up
Many of them do. When it is your money you can tell them how to spend it.
not paying their taxes (as described above!)
Yeah, in your world, 5% of the people paying 57% of the income taxes is "not paying their taxes".
and stop using the homeless as a 'warning' to everyone else to not get 'uppity' (which doubtlessly you're going to scoff at and mock me for saying, now).
Well, it is a pretty stupid statement. I'm not sure how I would use a homeless person as a warning to anyone, nor can I imaging how a "rich person" would do that.
Clearly you have your head in the sand, or you just don't give a fuck,
Clearly you are ignoring the facts, both about the amount of taxes the rich pay, and the proper level of support for the problem. And you've managed to come up with some marvelously stupid interpretations of what I've said. Like how you get this:
or maybe you're one of the rich people who has deluded yourself into believing that there's no 'homeless problem' and therefore you don't need to do anything.
When did I say there was no problem? Isn't a claim that it is a local problem a clear statement that there IS a problem? Except to you, I guess.
and we have even ONE person living on the streets? Unacceptable!
The fact that you have disposable income that you use for Internet access instead of giving it all to the local homeless people in your area tells me how unacceptable you think the problem is. You say the charities "hound" people -- but you keep your money from them. That's because you think it is a problem that OTHER people should pay to solve. OTHER people should be forced to pay up. OTHER people, OTHER people...
Our area has reasonable services for the homeless (as i understand it) but the fear is that if we provide further services then we'll essentially create more homeless people who come here because they can get a hot meal and a bed on a cold night.
You won't create more homeless people when you start handing out free stuff to homeless people. Nobody is going to say "screw this working for a living, I can move to Sometown and get handouts!".
You WILL attract already homeless people who hear that you are handing stuff out for free. But that's not a reason to try mandating a national solution. Your area is different than mine, and from others. Your solutions need to be different.
Since you believe that you would attract outsiders, why would you force other communities to become an attractor for them if they don't already have the problem? That's what a nationally mandated plan would accomplish.
The truth is, there are already places that have more handouts and better deals for the homeless than others, yet the homeless have not congregated there. They're still living in places with no services. Perhaps your fear is unfounded.
Ah I see the problem here. You think I mean 'The Government' when I say "top down", when I mean "rich people".
Well, the solution will have to come from somewhere, and "rich people" aren't going to just band together to hand out money. There will have to be a government involvement, and "top-down", in that context, means "federal government".
Either directly or through more taxation.
Yes, well, "directly" is meaningless. "More taxation" is a federal government operation.
But don't sit there and keep repeating to me that the rich are paying all the taxes they should be paying, because I and many others don't believe it.
What you believe is irrelevant. The facts back up my statements that they are paying the majority of the taxes already, which you deny, and that taxes aren't levied on people who don't have the wealth, which you also deny. Whether they pay "all they should be paying" is a subjective opinion. You're claims that they aren't paying enough are unsupported by the data that shows they do pay the majority already. Your implication that it is unfair that "rich people" get tax deductions has been dealt with.
And if the homeless problem isn't a problem,
You haven't read what I've written, have you? Where did I say it wasn't a problem?
and worse, are being treated like criminals in many places.
You're demonstrating the same logical fallacy that many others display. When people break the law, they are criminals. If they are homeless and breaking the law, they are criminals. "Homeless" is irrelevant, and it isn't an exemption from existing laws.
If everything is working as well as you make it out to be,
Where the fuck did you get that from?
Or are you part of the problem and are just protecting yourself?
I am neither homeless nor am I protecting myself. I'm pointing out your errors of fact, and that the homeless problem is inherently a local problem, not a national one. It cannot be dealt with at a national level because the homeless are inherently local to start with.
Except that fewer and fewer people will actually drive their own cars, they'll just subscribe to a car service.
Many people drive despite the difficulties involved in finding parking and the costs because they either need or simply enjoy the convenience. Many people don't take public transportation because it is inconvenient, and one of the big inconveniences is having to wait at a bus stop, sometimes for half an hour or more. (Our city bus system has some routes that are once an hour.) So no, waiting for your own car to show up, or waiting for the car service car to show up, are inconveniences which some people avoid by driving. That won't change in the brave new world of cars that are smarter than people.
Owning your own car will become like owning your own light plane - something a few enthusiasts enjoy.
You don't understand the GA marketplace, then. It's not just "a few enthusiasts" who use and own them. For some people they are a convenience -- just like having a car. For some people, they are a necessity. Yes, for some they are just a toy, but writing the entire fleet off as "a few enthusiasts" is silly.
As long as the car parks close enough that it can get to you within a few minutes, what's the problem?
"Off-street buffer lots" are what we call, today, parking lots, using that kind of definition. To replace the on-street parking, there will have to be a lot more of them, and where do you get the space? From further away from the city. My point still stands, people will just love standing around on the sidewalk waiting for their cars to come back from "resting".
And if you're not going to be there that long, just have the car drop you off and circle the block.
Sometimes you don't know how long you are going to be there, sometimes you think it will be "not that long" and you find out it will be an hour. If there is a "circle the block" option, then you'll create an endless parade of empty cars circling the block, creating traffic issues, and delaying those "few minutes" away resting cars from getting back.
As for handicapped people; there's no need for the *car* to park to help them.
Why no, of course not. Just stop in the middle of the street and vomit forth the paraplegic and his wheelchair and let him get to the curb on his own. And have the arthritic people standing on the curb for half an hour waiting for their cars to come back ...
I sense a lack of compassion here. Is your desire for a neat and tidy autonomous future that strong?
Same for deliveries, unless substantial unloading time is required, in which case the delivery vehicle will need a loading dock or other unloading zone, same as now.
So a parcel delivery man needs a special parking place ("loading zone") so he can go up thirty floors to deliver his package? And it's not "parking" when he leaves the vehicle, even though it meets all the legal definitions of parking? It's now some magical "unloading space" instead of "parking space"?
Sorry. Your optimism over the death of parking in the city is not justified. Even before the age of the automobile, there were "parking spaces" for horses on-street. Not everyone took their trusty steeds to the stable, and they certainly didn't allow them to "autonomously" wander around until called.
Autonomous cars will 'rest' in off-street buffer lots and maintenance warehouses, and it will be No Parking forever citywide.
Yeah, because everyone who drives will be perfectly happy waiting half an hour for their car to return from "resting" before they can do something somewhere else.
No, there will never be "no parking citywide", because too many people need to park where they go. Not just delivery people who park while delivering things, but handicapped people.
If you start from scratch, you are bound to make many of the same mistakes the original developers made.
Where better to make those mistakes than in your own attempt at duplicating a library? You learn from those. That's why rewriting a library can be a very good learning experience.
Rewriting such a project should therefore, within reason, be avoided if at all possible -
Like I said, rewriting a library doesn't mean trying to produce a new, production version of a library, it means writing your own version. Even if you never use it for your own projects.
- once you actually start with it, you really don't know where it will take you.
It will most likely take you to a place of better understanding of the programming language you think you know, and a much better understanding of the kinds of things that library writers have to consider. Isn't that a good thing?
And NONE of this has anything to do with the claim that many people think it is prohibited. Where did that nonsense come from? Who is telling people that it is prohibited to write your own libraries, or to rewrite existing ones?
Assembly was a real grind though.
The best assembly language to learn the basics of optimization was the Cyber 6500 system. It had 60-bit words, and 15, 30, and 60 bit instructions. A 15, 30, 30 sequence would waste at least 15 bits since the second thirty could not occupy the remaining 15 bits of the first word. A sequence of 15, 60, 15, 60 ... would waste 45 bits for each pair.
And knowing assembly is really good for helping to learn languages like C. I learned 68000 assembly language while learning C -- I would write some C and have the compiler dump the assembly, and then I could compare what I thought the C should do with what it actually did at the machine level.
Don't spend time solving problems others have already solved.
First, it is a great learning experience to rewrite a library or parts of it. If you have the source you can compare what you did and what kinds of error checking etc. you didn't think of. Even without the source, getting what you write to reproduce the results is good practice at reverse engineering.
But second, how does this in any way relate to the idea that rewriting a library is PROHIBITED? It doesn't. Larry Wall's (and the general perl idea of not recreating the wheel when it isn't necessary) isn't a prohibition. And I hate to tell you, there are many CPAN modules that could use rewriting. In any case, writing your code and comparing it to "the experts" is a good learning experience.
If a library is getting long in the tooth or has some functionality that is still relevant but a lot of legacy baggage that is obsolete then a rewrite is not necessarily a bad thing.
Rewriting a library doesn't mean trying to create a replacement production version of what already exists. It means learning the concepts of, say, numerical conversion and writing your own version of printf or scanf.
What I want to know is who thinks rewriting a library is prohibited. Who is spreading that kind of misinformation?
So I have had a replaced lockscreen on my HTC One (M7) for a few months now.
HTC's lockscreen is bad enough as it is. It has an ugly clock that you cannot configure, move, or remove. And it is telling me that "weather unavailable", which means that it would normally try to reach across the net to find the local weather, were the location services not turned off. You can't configure or remove the weather, either.
Further, it has four apps at the bottom that, if you miss the small center bit while "swiping up", become active should you enter the unlock code. You can't change those apps or get rid of them without changing or removing them from the bottom task bar altogether.
And the kicker is that if you "swipe up" to get to the unlock code entry, you can then "swipe down" to pull down the notification area menus -- which allows you to turn all kinds of things on and off (like the hotspot) without unlocking the phone.
Maybe I should update my ES so I get a better lockscreen?
Assuming it didn't is a bold assumption.
It doesn't matter. He wasn't keeping anyone from breaking in when he was busy using the login credentials he obtained. Whether or not his reporting the vulnerability of the SQL injection attack resulted in it being fixed -- three months after he found it, wasn't it? -- his use of the passwords he got to wander around didn't fix anything.
SQL injections are common and easy to find, someone else finding and using it is inevitable it is simply a question of when.
Use simple words. How did his use of the election supervisor's login and password to access other, secure areas of the system prevent anyone from using the SQL injection flaw?
Most likely he was discovering if they were valid credentials
Yes, he was having fun rummaging through things he shouldn't have access to. He didn't need to find out if the credentials were valid. Using those credentials wasn't a vulnerability he was testing, it was simple unauthorized access. All he had to do was report the SQL issue and say "one of the things I got was a login X with password Y. The election supervisor can verify the validity without him breaking in.
As for using the credentials he obviously didn't do anything harmful with them if he reported it.
Now you are making bold assumptions. He could have done quite a bit of damage (downloading private data, e.g.) and then reported it. It was three months, after all.
He crossed a line but the question is if the damage he caused by doing so outweighs the damage that would be caused by a malicious attacker crossing that line.
You're stretching things really really thin trying to excuse his violation of the law, here. No, the damage is irrelevant.
Oh, please. He was getting login credentials for the election supervisor. Those weren't a vulnerability, it was the SQL injection, that he was already using. He knew the scope. He went one step too far.
"I was able to use the election supervisor's username and password to log into restricted areas of a website" is not a vulnerability. He wasn't "finding a vulnerability" at that point, he was exploiting it.
Reporting that "I was able to use an SQL injection attack on this web page and got the system to do something that wasn't intended" is finding a vulnerability, but he didn't stop there. He didn't need to actually use the credentials he obtained using that attack vector to report the problem or prove that it existed.
I'm having trouble even knowing where to start with someone who thinks that robbing from the rich and giving to the poor is in any way analogous to a security researcher reporting a flaw they discovered.
It isn't. But "breaking the law" is analogous to using a website flaw to gather login credentials and then using those credentials to access other, properly protected material. From TFA:
First off, if what he did is illegal under the current law (which has yet to be decided in court),
When someone says "he broke the law" in common language, it means "I believe there is evidence to support the claim he broke the law." And here, there is. Unauthorized use of computing systems is a crime. He knew his access was unauthorized because he had to use credentials that he got from breaking into a website.
So, while criminal liability and determination of guilt under the legal system has to await a court's decision, it is fair to say "he broke the law" in normal discussion.
then the law should be repealed and the jury should vote for nullification.
So you'd be happy if someone shoulder-surfed your login and then used that to look through all your files? The law against unauthorized computer access deals with that; it should be repealed or nullified you say.
Second, unlike your "rob from the rich to give to the poor" analogy, what he actually did was the equivalent of walking through a gigantic hole into a bank's vault,
Nope. He had to log in using credentials he got by picking the lock on a vault door.
left the money alone,
Again, nope. He used the credentials he obtained after picking the lock on the vault door to open a few other properly secured doors. That's not leaving the money alone, that's using the money he found.
And it doesn't take a conspiracy to recognize that it would only take a phone call from the election officer to the D.A. to get this guy charged, since he posted a video of something that on its face would appear to be illegal...
Yes. Why is this a bad thing? Should election officials not be allowed to report illegal activities they see in a video posted publicly?
..if you didn't apply any common sense at all.
The failure of common sense occurred when the white hat hacker didn't immediately report the problem to the relevant authorities, but instead "went a step further and used the Lee County supervisor's username and password to gain access to other password protected areas."
The problem with the website was the ability to perform an SQL injection attack. It was a violation of law to then use the credentials to wander around other password protected areas. But see, the summary doesn't talk about the latter problem, it claims he was arrested for reporting the SQL issue. You have to read TFA to find out what actually happened, because a headline that says "hacker arrested for using stolen credentials to access elections computer" isn't sexy enough a headline for this forum.
You've not marked or locked this door.
The door was locked, but the lock was pickable by inserting the correct jiggle pick. (I.e., using an SQL injection attack.) Then, when you got the door open, you went downstairs and rummaged through the sealed boxes. I.e., used the election official's login credentials to gain access to other parts of the house.
One of the people who've come into your open house opens that door, stumbles on the step in the dark,
There was nobody else involved, no "injured visitor" here. There was a visitor who picked the lock and then rummaged through other people's stuff, before he told the owner of the house that his lock was pickable.
His actions prevented future defrauding of the people which is a far greater crime than unauthorized systems access.
How did his rifling through the parts of the network that he got access to by using the election official's login credentials stop anyone else from doing the same thing? Answer: it didn't.
That's even IF you assume that his reporting the SQL injection hole stopped anyone else from using it, and it didn't. But he wasn't charged because he reported the hole, despite the clickbait headline, he was charged because he used the credentials he uncovered by using that hole.
The main difference is intent, and the secondary difference is what happened once access was gained.
You find one that's open. A few days later you see that neighbor and tell them "oh, by the way your bedroom window is unlocked."
"And to prove it, I reached in and took a pair of your wife's panties. Here they are..." Or "I reached in and took the keys laying on top of your dresser and then looked through the trunk of your car. You've also got a flat spare."
To make the analogy fit, the window would have had to been accessible from a public space, like next to the sidewalk. Even so, trying it would have been breaking and entering. But if you start with "I saw it was ajar ..." you're closer.
nor that he did anything more than his civic duty after discovering a vulnerability.
How is it his "civic duty" to use the login credentials he obtained by hacking into a website to access other secure areas of the system? Is there any surprise that the login credentials of the election supervisor can actually be used to log into other parts of the network, and is this really a bug in the system?
Had he stopped at the SQL injection attack and reported that, we could argue about whether that was criminal in itself. But by stepping over the line and using the credentials he nullified the argument in his favor.
It is very much like leaving a ballot box unguarded and unlocked at a polling place, and then arresting the person who lifts up the lid and says "hey, someone left this unlocked!"
It is trivial to detect an unlocked ballot box. It has no lock on it! You don't need to open it up to know that. And unguarded likewise, does not require opening it up to demonstrate.
In this case, knowing that an SQL injection attack can get the elections supervisor login credentials may take an actual SQL injection attack. But it doesn't take any deep insight to know that having the supervisor's credentials will give someone access to other parts of the system, which is what this guy proceeded to do after the attack. THAT'S what makes this more than just "basic pen testing".
In your ballot box analogy, it would be like noticing an unlocked/unguarded ballot box, opening the top to demonstrate that fact, and then rifling through the ballots to see how people voted. It's that last step that goes over the line.
In a worse case, this could have been done easily by a random tech guy barely out of high school, a malicious government, a ransomware operator, or anyone who wanted to steal the election.
I'm sorry, but how does there being a number of people who could have broken the law mean the law should be ignored?
"It's a lot like Siri but it understands more complex questions and it can interact with third party applications.".
With a more open interface, are we sure that "interaction" won't be along the lines of "I see you want to buy that book from Barnes and Noble, but wouldn't you rather buy it from Amazon?" Or "I see you're asking about how to cook flank steak, but Trader Joes has a special on tofu and it's better for you ..."
E = mc^2
One image format would have the possibly to "include" contents that is to be downloaded from someplace else.
Another example of overloading a simple function with unnecessary wide-scope actions. Why should an image processing program need to use wget to do anything?
But if it did that, there'd be no point of using an image processing tool at all,
Sounds like they're not using an image processing tool, they're using a command shell that happens to understand image formats.
Already the corporations have shifted all of their tax burden to the individuals.
FTFY. Who do you think really pays the taxes on corporate profits? The customers, of course, Taxes are a cost of doing business, and they get passed on just like the cost of electricity or labor.
The only glitch is, current law taxes the profits only when they are brought into the USA.
Why should the US get a tax bite out of profits made outside the US?
1. The rich don't pay their 'fair share' of taxes because they have ways to hide their money (offshore accounts, shell corporations, etc).
Yeah, they're so good at hiding their money that they already pay the majority of the income taxes -- in a highly disproportionate amount. I'd say that when 5% of the people pay 57% of the taxes, that's too much and well above fair.
2. Do you even listen to/watch/read the news? In many places homelessness itself is literally treated like a criminal act,
Yes, and that is not true.
3. You keep saying it's a 'local problem' but it's ALL OVER THE UNITED STATES, it's time for it to be handled on a NATIONAL LEVEL, you nitwit!
Thanks for the gratuitous insult. Just because it happens in a lot of places doesn't mean the solution has to be national in scope. The best, and correct, solutions come from the local level.
4. You keep acting like people with money are 'handling' the homelessness problem;
Oh stop it. You're putting words in my mouth. I never said anything like that.
then how come charity organizations keep hounding working people for their money to 'combat homelessness'?
Because charities ask people for money all the time. Sheesh. It's not a conspiracy of the rich to get charities to do what charities are supposed to do.
Clearly people with millions (or BILLIONS) of dollars need to ante up
Many of them do. When it is your money you can tell them how to spend it.
not paying their taxes (as described above!)
Yeah, in your world, 5% of the people paying 57% of the income taxes is "not paying their taxes".
and stop using the homeless as a 'warning' to everyone else to not get 'uppity' (which doubtlessly you're going to scoff at and mock me for saying, now).
Well, it is a pretty stupid statement. I'm not sure how I would use a homeless person as a warning to anyone, nor can I imaging how a "rich person" would do that.
Clearly you have your head in the sand, or you just don't give a fuck,
Clearly you are ignoring the facts, both about the amount of taxes the rich pay, and the proper level of support for the problem. And you've managed to come up with some marvelously stupid interpretations of what I've said. Like how you get this:
or maybe you're one of the rich people who has deluded yourself into believing that there's no 'homeless problem' and therefore you don't need to do anything.
When did I say there was no problem? Isn't a claim that it is a local problem a clear statement that there IS a problem? Except to you, I guess.
and we have even ONE person living on the streets? Unacceptable!
The fact that you have disposable income that you use for Internet access instead of giving it all to the local homeless people in your area tells me how unacceptable you think the problem is. You say the charities "hound" people -- but you keep your money from them. That's because you think it is a problem that OTHER people should pay to solve. OTHER people should be forced to pay up. OTHER people, OTHER people ...
Our area has reasonable services for the homeless (as i understand it) but the fear is that if we provide further services then we'll essentially create more homeless people who come here because they can get a hot meal and a bed on a cold night.
You won't create more homeless people when you start handing out free stuff to homeless people. Nobody is going to say "screw this working for a living, I can move to Sometown and get handouts!".
You WILL attract already homeless people who hear that you are handing stuff out for free. But that's not a reason to try mandating a national solution. Your area is different than mine, and from others. Your solutions need to be different.
Since you believe that you would attract outsiders, why would you force other communities to become an attractor for them if they don't already have the problem? That's what a nationally mandated plan would accomplish.
The truth is, there are already places that have more handouts and better deals for the homeless than others, yet the homeless have not congregated there. They're still living in places with no services. Perhaps your fear is unfounded.
Ah I see the problem here. You think I mean 'The Government' when I say "top down", when I mean "rich people".
Well, the solution will have to come from somewhere, and "rich people" aren't going to just band together to hand out money. There will have to be a government involvement, and "top-down", in that context, means "federal government".
Either directly or through more taxation.
Yes, well, "directly" is meaningless. "More taxation" is a federal government operation.
But don't sit there and keep repeating to me that the rich are paying all the taxes they should be paying, because I and many others don't believe it.
What you believe is irrelevant. The facts back up my statements that they are paying the majority of the taxes already, which you deny, and that taxes aren't levied on people who don't have the wealth, which you also deny. Whether they pay "all they should be paying" is a subjective opinion. You're claims that they aren't paying enough are unsupported by the data that shows they do pay the majority already. Your implication that it is unfair that "rich people" get tax deductions has been dealt with.
And if the homeless problem isn't a problem,
You haven't read what I've written, have you? Where did I say it wasn't a problem?
and worse, are being treated like criminals in many places.
You're demonstrating the same logical fallacy that many others display. When people break the law, they are criminals. If they are homeless and breaking the law, they are criminals. "Homeless" is irrelevant, and it isn't an exemption from existing laws.
If everything is working as well as you make it out to be,
Where the fuck did you get that from?
Or are you part of the problem and are just protecting yourself?
I am neither homeless nor am I protecting myself. I'm pointing out your errors of fact, and that the homeless problem is inherently a local problem, not a national one. It cannot be dealt with at a national level because the homeless are inherently local to start with.