Diverting traffic is not illegal. Recording the diverted traffic is not illegal. So nothing they've done, or asked anyone to do, was in fact illegal. This is apples and oranges compared to the hit man analogy.
So giving someone a free vacation to country X is legal. Let's say that in country X there is a way to kill someone that is legal. I would suspect that if you arranged both of these things for someone with the intent of killing them, you could easily be convicted of conspiracy to commit murder.
A probe revealed that the problems were due to the non-removable battery
The probe revealed that the battery was the issue, specifically that the battery did not have enough space and physical protection within the phone case. If I recall there were other manufacturing issues with the battery itself. The cause of the failure was not the inability to remove the battery. This writing shows the bias here that most of us like removable cell phone batteries, but it is not correct to say that this missing desirable feature was the root cause of the failure. It did make fixing the issue more difficult for Samsung (they couldn't just send out new batteries) and by making the battery non-removable Samsung may have also taken the opportunity to put in a physically too large battery, but again the inability to remove the battery was not the root cause. I know it is wishful thinking, but this is supposed to be a technical site. Could we please be more technically accurate?
A directory service is good in theory but most it departements isn't competent enough to hande it, i.e. it will cost more than not using it..
So every computer and server in the company should have separate accounts and passwords? I ask because having a common source for accounts and passwords across an enterprise (or even a small business) is one of the primary things a directory service does for you. Thinking about using Google, Facebook, or Microsoft accounts for you employees to log into company resources? Those are (outsourced) directory services as well.
Secondarily, directory services provide the ability to group users together for various permission granting. You grant rights to accounting resources to your "accountants" group and then you place your accountants in that group. When you hire a new accountant, you just put them the the group; when an accountant leaves the company or moves to a different job function, you take them out of the group. How would you accomplish this reliably without some sort of directory service?
If you are talking Microsoft's directory service (AD), you also have the ability to maintain consistent workstation configuration, which can be quite difficult without a directory service.
I believe it would cost you more in terms of time, effort, and mistakes you will make if you *don't* have a directory service.
That AI software has already been written. In a previous life it was called "Clippy". "It looks like you are trying to hijack this plane. Would you like to..."
Why not? 100 meters per second is about 225 miles per hour. Take off speeds are slower and cruising speeds are faster, so shortly after takeoff, 100 meters per second doesn't sound unreasonable.
I played with bitcoin mining a couple of years ago back when BTC prices were around $7. At that point it was just about at the point where it was not economical (power costs) to compete in mining with GPU based hardware - the shift to FPGA and ASIC was just beginning. Today is it even economically feasible to generate enough hash power with GPU based hardware? If so, what has changed? Sure the BTC price is 300-400 times higher, but GPU speed hasn't increased by two orders of magnitude, and there is lot more mining competition for a relatively fixed amount of mining rewards / transaction fees.
Of course back when I was playing with it I purchased a couple of hundred dollars worth of graphics cards, mined about the same amount value in bitcoins, sold them and came out about $50 ahead - I was pretty proud of my self back then. Probably should have saved those 50 BTC...
At my company, some idiot developer used a public facing URL to put PDFs of our customers' health insurance claims so that he didn't have to write an on-demand report generator to display that same information in an HTTPs session. Even though the file names were pseudo-random, Yahoo quickly crawled it and made the information searchable.
So not only was private information made publicly available, the PDF files were in a directory that was marked browseable by the web server? That's extra nice.
I don't see why commercial interests should be able to spoof their CallerID even after verification. What makes them so special?
If you are a company with several phone numbers, it is reasonable to have the main number show up on caller id. For example if the main number for BobCorp is 555-1000 and individual employees have phone numbers like 555-1001, 555-1002, etc., when an employee calls out, it makes sense to show the 555-1000 number on caller id. That way when the customer calls back, they get the switchboard.
I would say that the caller id number "spoofed" should have to be verified as belonging to the organization exposing it, but a level of spoofing is reasonable.
You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.
Assuming that Aunt Annie is not a technical person she would either hire a professional or rely on help from friends and relatives -- the same thing she would do if her car broke down (also assuming that she isn't a mechanic). I don't remember the order because I don't spend much time on Windows 7. I have moved on to a currently supported operating system. I happened to have the patch files sitting in a a directory on my file server and as a courtesy gave you the KB numbers. If I had to patch a Windows 7 box again, I would just look of the KBs I listed, install the two prerequisites for the speed patch, the speed patch, and then the update roll up. (The four KBs I listed) I don't perceive this as a problem because when Windows 7 was released the expected technical level of someone using a computer was much higher than it is today. I will perceive it as a problem if Windows 10 as a similar update issue 5 years from now as expectations of a computer maintaining itself are much higher. (As a side note, the current expectation of computers "just working" is a big driver of Microsoft forcing patches that we as technical folks can be uncomfortable with.)
I disagree. I paid for 7, I get 7 until it's officially expired. It should work until that day, which is in 2020.
Support (meaning that Microsoft will help individual users with specific issues, e.g. you can call them and get help) is officially expired as of January 13, 2015. The 2020 date is extended support, which means that Microsoft will create security patches, but not necessarily help you install them or help you with other issues.
Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)
uhh you realize last month this effected 90% of windows systems? new and old? microsoft decided that older versions of windows didnt matter anymore. even know in the 90's they convinced all kinds of Cat Scan and MRI makers to install windows XP or even worse windows SE on their machines for ease of use.. and now they refuse to give updates to people that paid $200,000-$5,000,000 for their computers. sounds like shitty business practice to me. Now i understand microsoft didnt sell the people the machines. but they did a damn good job of making sure their shitty OS was inside of them.
Why would you expect Microsoft to pay for the mistake the CAT scan and MRI makers made in designing their equipment? If the MRI machine used a plastic gear to move some of the mechanics of the machine and it turned out that the gear would wear out and needed to be replaced by a metal gear, you wouldn't blame the manufacturer that made the gear or attempt to get the manufacturer to pay for a different kind of gear, you would blame the MRI designer for using a part that was inappropriate for the task at hand. The operating system is just part of the overall design of an MRI system and if you use an OS that doesn't perform adequately over the expected life of the machine, you have made a poor engineering decision. In addition if your operating system isn't rated as a life safety system (Windows and most operating systems are not), you may have made a dangerous engineering decision. (Yes the software of the MRI machine that actually directly controls the dangerous part of the machine is probably embedded and rated for life safety operations, but if a compromise of the Windows software can lead to bad instructions or control limits being sent to the embedded software, you have made a dangerous design mistake.)
Microsoft, for public relations reasons, may opt provide support beyond their original intentions, but it ultimately comes down to a business decision. It is not Microsoft's (or any vendor's) responsibility to pay big dollars forever to compensate for bad engineering decisions of other companies.
I should have been more clear. I wasn't saying that what the guy did was or should be legal. I was lamenting over the loss (or change) of the meaning of the term "hacking" in general. Hacking used to mean finding an edge case or a loophole in a technical system and hacking used to require a high level of skill and understanding of a system, so much so that those performing hacking (hackers) were looked up upon and revered -- sometimes to the point of being given a pass for breaking or bending rules and laws. Now hacking simply means doing something with a computer that someone else doesn't like and doesn't necessarily require any skills.
According to the Central District Court of California, Mr Garcia had obtained login credentials - without ever having been given them - and accessed the records without authorisation
So just using an account you are not authorized for is now hacking? It doesn't require circumvention or bypass of technical systems or finding interesting edge cases in the rules of the system any more? Sad.
HTTPS will keep a client from pulling updates from the wrong server.
Assuming of course that your HTTPS client properly validates the server's HTTPS certificate. This includes not only checking that the subject name of the certificate matches the DNS name you are connecting to, but also needs to include validating the cryptographic chain up to a well known trusted root Certificate Authority, and examining Certificate Revocation Lists to ensure that the CRL is current and doesn't contain a record indicating that the certificate has been revoked. Many systems do not fully ensure a valid HTTPS session, in specific many do not do CRL checking as it takes time.
While ensuring that the update has been properly signed reduces the likelihood that HTTPS has been unknowingly compromised, you still have to make sure that the signature process of the signed update is cryptographically valid as well.
If you are already compromised, all bets are off as you cannot be assured that your list of trusted CAs (which are the base of HTTPS security), whatever you are basing the signing of your updates on, and the very code that is validating everything is still doing its job.
In the USA the hierarchy goes: Country, State, City, County (note the lack of an 'R')
A county is a subset of the city, typically only to define the local government divisions.
Not exactly. Here in the USA we have country (federal) laws that apply to the whole country. The country is divided up into states, each of which have their own laws, but don't override federal law. States are further divided into counties, which have their own regulations but don't override state law. Independent of states and counties there are cities, which are usually contained within counties, but don't have to be. Cities can even span state boundaries. Cities have their own laws which do not override state or federal law. City law usually overrides county law, but not always, Yes, it is complicated.
Fair points. I didn't expand on everything or it would have been a TLDR; post. Sure kids are distractions, but you can yell at them without having to take your focus off the road. Driving drunk or sleepy is just stupid and you can't fix stupid. My point was that there is a significant difference in the design of controls on a smart phone (especially when you include non-phone stuff like texting, navigation, and who knows what other apps people use when driving) and the design of controls that are built into the car.
People also know the risks of fucking with the radio, looking at maps, yelling at kids, driving while sleepy, or drinking and driving. Guess what?
The only real differentiator is that the phone lets us combine nearly everything into a handheld distraction as opposed to having 10 different proximate causes.
Well the phone is different because it was not designed to be used while driving. Compare the phone to the climate control or radio controls in a car. The radio controls are in a fixed place on the dash and possibly also on the steering wheel. The radio controls typically have some sort of tactile feedback that you can use without looking at them. With a smart phone, it is not in a predictable location (your hand, the seat, a holder in the dash, your pocket, maybe the floor). With a smart phone, you can not operate it without looking at it (phone may be locked, the app you need may not be on the screen, no real buttons with tactile feedback, etc.) Smart phone screens are typically much smaller (in size and font) than are the radio and native car controls.
Smart phone interfaces are not specifically designed for driving, where the native car controls are. Sure, some newer cars are going to screen based interfaces, and this is a bad trend, but at least these screens are mounted to the dash and car companies have some responsibility (and potential liability) around making these interfaces non-distracting, whereas smart phone manufactures do not.
While the results are interesting, they are likely biased due to the source of the survey respondents being GitHub users. I would assume that GitHub users lean toward the open source world. While I like the open source world, it does not represent the whole of software developers. There are lots of developers that work on proprietary software and or projects that are not allowed to use cloud based (like GitHub) repositories and tools.
Portland will have 100% renewable energy, but the roads will still be crap, and all of the schools falling apart with no extra curricular activities. And 10K homeless people will be able to get free light.
And everyone will have to mumble, because they banned dental fluoride.
It's not so much banning fluoride, rather it is maintaining purity of essence and ensuring the integrity of precious bodily fluids.
And it's all linked by SSN. If every industry were using their own identifiers instead of the SSN then a few isolated data loss events would be less significant. It's time the government came up with a better identifier, and mandate that it only used it for government purposes.
The problem seems to be that SSN is used by folks for authorization in addition to identification. If the government made it illegal to use SSN in any way for any part of an authorization process and enforced this with severe penalties, say 1 year of jail time and 1 million dollars for each C-level executive in the company per SSN involved, the problem would go away. I don't think it is really so much of an issue to use it as an identifier or linking number, it's just that possession of a SSN number should not constitute any evidence or assurance that you are that person.
and then pay yearly subscription fees for storage & analysis to the end of time.
Actually I am fine with this with one caveat to follow. Of course the company plans to make money in the future on re-occurring revenue. The caveat is that it really needs to be possible for the police departments to store their own video or use another cloud provider after the year is up. As long as there is the possibility for competition in the future, why not take the deal? From Taser's point of view, it is likely a good business investment, as many departments out of inertia would continue to buy services. Even if Taser doesn't allow local storage or competitive cloud offerings, as long as there is not contractual obligation to buy service after the year is up, it is still a good deal for departments to learn how to use the technology and decide if it is actually practical or not.
Slashdot Mirror
Diverting traffic is not illegal. Recording the diverted traffic is not illegal. So nothing they've done, or asked anyone to do, was in fact illegal. This is apples and oranges compared to the hit man analogy.
So giving someone a free vacation to country X is legal. Let's say that in country X there is a way to kill someone that is legal. I would suspect that if you arranged both of these things for someone with the intent of killing them, you could easily be convicted of conspiracy to commit murder.
A probe revealed that the problems were due to the non-removable battery
The probe revealed that the battery was the issue, specifically that the battery did not have enough space and physical protection within the phone case. If I recall there were other manufacturing issues with the battery itself. The cause of the failure was not the inability to remove the battery. This writing shows the bias here that most of us like removable cell phone batteries, but it is not correct to say that this missing desirable feature was the root cause of the failure. It did make fixing the issue more difficult for Samsung (they couldn't just send out new batteries) and by making the battery non-removable Samsung may have also taken the opportunity to put in a physically too large battery, but again the inability to remove the battery was not the root cause. I know it is wishful thinking, but this is supposed to be a technical site. Could we please be more technically accurate?
A directory service is good in theory but most it departements isn't competent enough to hande it, i.e. it will cost more than not using it. .
So every computer and server in the company should have separate accounts and passwords? I ask because having a common source for accounts and passwords across an enterprise (or even a small business) is one of the primary things a directory service does for you. Thinking about using Google, Facebook, or Microsoft accounts for you employees to log into company resources? Those are (outsourced) directory services as well.
Secondarily, directory services provide the ability to group users together for various permission granting. You grant rights to accounting resources to your "accountants" group and then you place your accountants in that group. When you hire a new accountant, you just put them the the group; when an accountant leaves the company or moves to a different job function, you take them out of the group. How would you accomplish this reliably without some sort of directory service?
If you are talking Microsoft's directory service (AD), you also have the ability to maintain consistent workstation configuration, which can be quite difficult without a directory service.
I believe it would cost you more in terms of time, effort, and mistakes you will make if you *don't* have a directory service.
I wonder how AIs react to hijacker demands?
That AI software has already been written. In a previous life it was called "Clippy". "It looks like you are trying to hijack this plane. Would you like to..."
100m/s eh? I dont think so
Why not? 100 meters per second is about 225 miles per hour. Take off speeds are slower and cruising speeds are faster, so shortly after takeoff, 100 meters per second doesn't sound unreasonable.
I played with bitcoin mining a couple of years ago back when BTC prices were around $7. At that point it was just about at the point where it was not economical (power costs) to compete in mining with GPU based hardware - the shift to FPGA and ASIC was just beginning. Today is it even economically feasible to generate enough hash power with GPU based hardware? If so, what has changed? Sure the BTC price is 300-400 times higher, but GPU speed hasn't increased by two orders of magnitude, and there is lot more mining competition for a relatively fixed amount of mining rewards / transaction fees.
Of course back when I was playing with it I purchased a couple of hundred dollars worth of graphics cards, mined about the same amount value in bitcoins, sold them and came out about $50 ahead - I was pretty proud of my self back then. Probably should have saved those 50 BTC...
At my company, some idiot developer used a public facing URL to put PDFs of our customers' health insurance claims so that he didn't have to write an on-demand report generator to display that same information in an HTTPs session. Even though the file names were pseudo-random, Yahoo quickly crawled it and made the information searchable.
So not only was private information made publicly available, the PDF files were in a directory that was marked browseable by the web server? That's extra nice.
I don't see why commercial interests should be able to spoof their CallerID even after verification. What makes them so special?
If you are a company with several phone numbers, it is reasonable to have the main number show up on caller id. For example if the main number for BobCorp is 555-1000 and individual employees have phone numbers like 555-1001, 555-1002, etc., when an employee calls out, it makes sense to show the 555-1000 number on caller id. That way when the customer calls back, they get the switchboard.
I would say that the caller id number "spoofed" should have to be verified as belonging to the organization exposing it, but a level of spoofing is reasonable.
You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.
Assuming that Aunt Annie is not a technical person she would either hire a professional or rely on help from friends and relatives -- the same thing she would do if her car broke down (also assuming that she isn't a mechanic). I don't remember the order because I don't spend much time on Windows 7. I have moved on to a currently supported operating system. I happened to have the patch files sitting in a a directory on my file server and as a courtesy gave you the KB numbers. If I had to patch a Windows 7 box again, I would just look of the KBs I listed, install the two prerequisites for the speed patch, the speed patch, and then the update roll up. (The four KBs I listed) I don't perceive this as a problem because when Windows 7 was released the expected technical level of someone using a computer was much higher than it is today. I will perceive it as a problem if Windows 10 as a similar update issue 5 years from now as expectations of a computer maintaining itself are much higher. (As a side note, the current expectation of computers "just working" is a big driver of Microsoft forcing patches that we as technical folks can be uncomfortable with.)
I disagree. I paid for 7, I get 7 until it's officially expired. It should work until that day, which is in 2020.
Support (meaning that Microsoft will help individual users with specific issues, e.g. you can call them and get help) is officially expired as of January 13, 2015. The 2020 date is extended support, which means that Microsoft will create security patches, but not necessarily help you install them or help you with other issues.
Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)
uhh you realize last month this effected 90% of windows systems? new and old? microsoft decided that older versions of windows didnt matter anymore. even know in the 90's they convinced all kinds of Cat Scan and MRI makers to install windows XP or even worse windows SE on their machines for ease of use.. and now they refuse to give updates to people that paid $200,000-$5,000,000 for their computers. sounds like shitty business practice to me. Now i understand microsoft didnt sell the people the machines. but they did a damn good job of making sure their shitty OS was inside of them.
Why would you expect Microsoft to pay for the mistake the CAT scan and MRI makers made in designing their equipment? If the MRI machine used a plastic gear to move some of the mechanics of the machine and it turned out that the gear would wear out and needed to be replaced by a metal gear, you wouldn't blame the manufacturer that made the gear or attempt to get the manufacturer to pay for a different kind of gear, you would blame the MRI designer for using a part that was inappropriate for the task at hand. The operating system is just part of the overall design of an MRI system and if you use an OS that doesn't perform adequately over the expected life of the machine, you have made a poor engineering decision. In addition if your operating system isn't rated as a life safety system (Windows and most operating systems are not), you may have made a dangerous engineering decision. (Yes the software of the MRI machine that actually directly controls the dangerous part of the machine is probably embedded and rated for life safety operations, but if a compromise of the Windows software can lead to bad instructions or control limits being sent to the embedded software, you have made a dangerous design mistake.)
Microsoft, for public relations reasons, may opt provide support beyond their original intentions, but it ultimately comes down to a business decision. It is not Microsoft's (or any vendor's) responsibility to pay big dollars forever to compensate for bad engineering decisions of other companies.
I should have been more clear. I wasn't saying that what the guy did was or should be legal. I was lamenting over the loss (or change) of the meaning of the term "hacking" in general. Hacking used to mean finding an edge case or a loophole in a technical system and hacking used to require a high level of skill and understanding of a system, so much so that those performing hacking (hackers) were looked up upon and revered -- sometimes to the point of being given a pass for breaking or bending rules and laws. Now hacking simply means doing something with a computer that someone else doesn't like and doesn't necessarily require any skills.
According to the Central District Court of California, Mr Garcia had obtained login credentials - without ever having been given them - and accessed the records without authorisation
So just using an account you are not authorized for is now hacking? It doesn't require circumvention or bypass of technical systems or finding interesting edge cases in the rules of the system any more? Sad.
HTTPS will keep a client from pulling updates from the wrong server.
Assuming of course that your HTTPS client properly validates the server's HTTPS certificate. This includes not only checking that the subject name of the certificate matches the DNS name you are connecting to, but also needs to include validating the cryptographic chain up to a well known trusted root Certificate Authority, and examining Certificate Revocation Lists to ensure that the CRL is current and doesn't contain a record indicating that the certificate has been revoked. Many systems do not fully ensure a valid HTTPS session, in specific many do not do CRL checking as it takes time.
While ensuring that the update has been properly signed reduces the likelihood that HTTPS has been unknowingly compromised, you still have to make sure that the signature process of the signed update is cryptographically valid as well.
If you are already compromised, all bets are off as you cannot be assured that your list of trusted CAs (which are the base of HTTPS security), whatever you are basing the signing of your updates on, and the very code that is validating everything is still doing its job.
All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
If the bricked devices were fixed, then they really were not bricked.
In the USA the hierarchy goes: Country, State, City, County (note the lack of an 'R')
A county is a subset of the city, typically only to define the local government divisions.
Not exactly. Here in the USA we have country (federal) laws that apply to the whole country. The country is divided up into states, each of which have their own laws, but don't override federal law. States are further divided into counties, which have their own regulations but don't override state law. Independent of states and counties there are cities, which are usually contained within counties, but don't have to be. Cities can even span state boundaries. Cities have their own laws which do not override state or federal law. City law usually overrides county law, but not always, Yes, it is complicated.
What we're really finding out here is that we need to build an orbital cleanup satellite.
Or just use mega maid.
Fair points. I didn't expand on everything or it would have been a TLDR; post. Sure kids are distractions, but you can yell at them without having to take your focus off the road. Driving drunk or sleepy is just stupid and you can't fix stupid. My point was that there is a significant difference in the design of controls on a smart phone (especially when you include non-phone stuff like texting, navigation, and who knows what other apps people use when driving) and the design of controls that are built into the car.
People also know the risks of fucking with the radio, looking at maps, yelling at kids, driving while sleepy, or drinking and driving. Guess what? The only real differentiator is that the phone lets us combine nearly everything into a handheld distraction as opposed to having 10 different proximate causes.
Well the phone is different because it was not designed to be used while driving. Compare the phone to the climate control or radio controls in a car. The radio controls are in a fixed place on the dash and possibly also on the steering wheel. The radio controls typically have some sort of tactile feedback that you can use without looking at them. With a smart phone, it is not in a predictable location (your hand, the seat, a holder in the dash, your pocket, maybe the floor). With a smart phone, you can not operate it without looking at it (phone may be locked, the app you need may not be on the screen, no real buttons with tactile feedback, etc.) Smart phone screens are typically much smaller (in size and font) than are the radio and native car controls.
Smart phone interfaces are not specifically designed for driving, where the native car controls are. Sure, some newer cars are going to screen based interfaces, and this is a bad trend, but at least these screens are mounted to the dash and car companies have some responsibility (and potential liability) around making these interfaces non-distracting, whereas smart phone manufactures do not.
Because if it could we could use some here...
While the results are interesting, they are likely biased due to the source of the survey respondents being GitHub users. I would assume that GitHub users lean toward the open source world. While I like the open source world, it does not represent the whole of software developers. There are lots of developers that work on proprietary software and or projects that are not allowed to use cloud based (like GitHub) repositories and tools.
Portland will have 100% renewable energy, but the roads will still be crap, and all of the schools falling apart with no extra curricular activities. And 10K homeless people will be able to get free light.
And everyone will have to mumble, because they banned dental fluoride.
It's not so much banning fluoride, rather it is maintaining purity of essence and ensuring the integrity of precious bodily fluids.
And it's all linked by SSN. If every industry were using their own identifiers instead of the SSN then a few isolated data loss events would be less significant. It's time the government came up with a better identifier, and mandate that it only used it for government purposes.
The problem seems to be that SSN is used by folks for authorization in addition to identification. If the government made it illegal to use SSN in any way for any part of an authorization process and enforced this with severe penalties, say 1 year of jail time and 1 million dollars for each C-level executive in the company per SSN involved, the problem would go away. I don't think it is really so much of an issue to use it as an identifier or linking number, it's just that possession of a SSN number should not constitute any evidence or assurance that you are that person.
and then pay yearly subscription fees for storage & analysis to the end of time.
Actually I am fine with this with one caveat to follow. Of course the company plans to make money in the future on re-occurring revenue. The caveat is that it really needs to be possible for the police departments to store their own video or use another cloud provider after the year is up. As long as there is the possibility for competition in the future, why not take the deal? From Taser's point of view, it is likely a good business investment, as many departments out of inertia would continue to buy services. Even if Taser doesn't allow local storage or competitive cloud offerings, as long as there is not contractual obligation to buy service after the year is up, it is still a good deal for departments to learn how to use the technology and decide if it is actually practical or not.
Xfinity is still Comcast
Yahoo by any other name is still Yahoo
AOL by any other name is still AOL
Roses smell better than all the above