Except that Google and Its employees are citizens with rights too. Everyone should be equal under the law. The law in Spain is now, you have to pay to link to certain types of content. Fine, Google is complying with the law, they tried to convince the people not to support it and failed, so now they are being a good citizen and obeying.
Its not Google's fault you or the news papers miss'em now that they are gone. If Google is now to be forced to operate a news aggregator, than so should every other organization or individual that has a website! That is just fair.
Speaking as a computer security professional the entire second amendment argument is juvenile and stupid, if not harmful. On top of this we continue as a society to tolerate an obviously corrupt system of double standards. I completely agree with you.
We have corporations that now seem to operate under an entirely different set of lows than the rest of use do. We have HS and College kids being aggressively prosecuted for acts that cause tiny amounts of harm if any. Sony deploys a root-kit that puts the security of the systems of millions of customers in danger, and impairs those systems in general and they get basically asked to apologize and replace the defective product, they are not asked to do anything about the real damage. I don't recall prosecutors asking Aaron if he would like kindly remove his machine from MIT's wiring closet, delete the copies of the journals he made, tidy up and than forget the whole thing; no he was threatened with prison and a ruinous legal process until he killed himself. Yet for some reason Sony gets off without even having to clean up the mess they made.
Meanwhile the security community continues to want play army. Weather its with red vs blue rhetoric, or bizarre and ill considered Second Amendment analogies. To anything thinking person software it self and digital communications are more closely tied to the First Amendment, in terms of speech and anything you might do with a computer or network is more relate-able to expression or assembly.
A computer is not a weapon, let me repeat that a computer is not a weapon. Now it might control a weapon, be a component in or of a weapon but a computer it self is not a weapon. We don't need to conflate these things. By the logic they are using anything that can be weaponized is an arm. Which would mean I have the right to keep and bare well anything. "Sorry mister DEA agent, that brick of cocaine isn't drugs, I use it throw at people I don't like. Its a great arm, if you get hit with the corners of the package it really hurts; yet at only one kilo its light enough to carry around throw easily!" To say nothing of the implications for cars, kitchen knives etc.
This is about impotent little pricks that want to feel powerful, without having to leave their desks. The CFAA is a terrible law that is vague and potentially criminalizes lots of very innocent activity. Still I hardly think given the number of shared resources out there we want go to a total free for all where anyone can do anything the like online with no real/physical world consequences either. I am not even necessarily against "attack back" if its allowed under a prescribe limited set of circumstances, just like castle doctrines or stand your ground laws. The important parts of that though are "limited" and "prescribed" none of which applies to what Sony is doing here.
Its distributed and it denies service (or at least the service users are expecting), just because they are not necessarily "packeting" the targets does not make it not a DDOS.
A false representation of a matter of factâ"whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosedâ"that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury.
This sure sounds like it very well could fall under that definition. The question is for (me at least, IANAJ) does an HTTP get represent a page view? Who agreed to that interpretation? Perhaps the advertizing firm and the site operator agreed those are equivalent but I never did. My guess is though the "by conduct" part is going to cover it. I mean in this case an individual has downloaded software specifically designed to disrupt statistics gathering that is know to be used for paying on ad views, and then your proceed to use said software. No part of the definition requires you to gain anything directly, only the other party to be injured so this may qualify as "defrauding the ad company" by you the user, without involving the site operator as a party.
I really don't know, but would/will stay away myself.
There is a world of space between telling people what they want to hear and " telling people your view of the truth bluntly". If you are qualified to offer an opinion and one has actually been sought you should offer your actual opinion, that is how you add value. If it differs from that of others you do so diplomatically.
For instance, lets say someone says, "I think we could deliver that in six weeks" and you know they forgot about issue $X. You don't reply "Well you forgot about issue $X so I don't think that will work."
You allow them to save a little face, and you say something like: "Sounds a little tight, I think you have underestimated how long $X could take, because we know it can fragile and will need extra QA testing attention"
They can cop to having for got all about X or not, you haven't completely shot their idea down but if they are a decent thinking person they correct the course. You know "a little tight" means "way the fuck off" and they do to but others might not need to known and you have not rubbed it in the face in even if its just between the two of you.
Just being some yes man does not do anyone any good though and those people usually only rise as far as the bottom rungs of the decision makers because eventually folks realize they just agree with everyone all the time and don't really offer anything.
Which is insane, but if it looks like special treatment it usually is. Denying our own senses takes us away from reality, it prevents us from recognize something that actually is unfair when we see it. We spend all our time solving imaginary problems rather than addressing real ones.
There is this huge push to get girls into STEM, encourage them to do science and math etc; because what apparently they can't be expected form their own ambitions and desires in the presence of all the societal messaging.
Yet on flip side we don't see a big push to encourage boys not to enlist in the armed forces. Nope despite all the glorification war in movies (almost always shown be fought by men) GI Joe, video games where you play soldier clearly marketed almost exclusive to men and boys, men are still expected to think for themselves. The idea of encouraging our girls to go into this high risk line of work is given lip-service at most.
Oh sure there has been lots of news about women in the military but you don't see the recruiters chasing the girls down the side walk outside the local high school.
Lets face it if it was really about getting rid of gender stereotypes we would stop calling attention to gender stereotypes. Rather than going oh look "SHE is a successful software developer" we would start saying oh look "Jane is a successful software developer" We should put the emphasis on Jane and not her sex. We would not "find female mathematician" to speak to the girls in the class about math, we would find the best mathematician willing to talk about their work to class of students regardless of their gender to do it.
Kids are not stupid, showing Barbie "can be a computer engineer too" or having a chapter in the computer science text about "women in the field' or something does not play as "see girls can do computers" it plays as "see you won't be the only freak out there, girls can do computers but its still kinda weird"
Finally we need to stop framing thinks as women's issues that are not. Early voting for example. Pelosi tried to push the idea the women for some reason are unique in the obstacles they face getting to the polls, because I don't men apparently don't have events in their daily lives that make it hard to abandon their usual routines on a particular Tuesday, nope that's girls. Then we see how she treats a female fellow democrat that might happen to vote in away she does not agree with, the instance she seeks the right to vote by proxy. Hint she is denied.
So either women don't need special consideration for voting or the do which is it? Oh that right the answer is obvious they don't or if they do the need it no more and no less than any male. Still Nancy was perfectly willing to portray her gender as needing special accommodate when it was politically useful but she knows perfectly well the need is imagined, and discards the idea when its not politically useful.
Yea, honestly the lesson I would want a child to take away from this book is that life isn't fair. Barbie is a bimbo she hasn't got to neurons to rub together but she is pretty and charismatic, she will be able find other people like boys in this book to sponge off and carry her anywhere she wants to go.
This isn't a gender thing either. Pretty boys gave the same advantage although it might show up a little later in life. I have worked lots of places and seen one male manager who is near totally incompetent leading a vastly less successful and productive team than his counter part and their team get selected for promotion to some role like director or CIO/CTO over and over again. Why because that guy was taller and better looking and maybe if he possessed any skills at all its knowing how to tell others what they want to hear.
People need to understand that they may come up against the Barbies and Kens out there and depending on the situation it might not be a fair fight. They might need to recognize they are Barbie or Ken and learn to lever that too.
I taught at one of those evil "For Profit" schools and wasn't able to provide adequate resources for students to be able to download the tools for class, let alone entire operating systems which were needed from time to time.
Your failure to manage resources is not the school or tax payers or tuition payers in the case of a private school's problem. All of that stuff could have been downloaded once (perhaps over night) and passed around the room on an $8 usb stick you most likely could have expensed.
I don't see this as much of a solution. The Grandparent is right transport encryption is a requirement but I am not sure its first step. encryption and authentication are part and parcel. One really isn't useful without the other and might be more dangerous alone than nothing.
At least with HTTP I *know* there exists the possibility what I am receiving isn't coming from who I thought it was from, may have been undetectably altered, and others know I am viewing it. Just as anything i send, might be altered or not go where i expect it to.
The big problem today is all those shitty domain validated certs, are cheap ticket to every spammer, fraudster in the world to appear legit.. Not to mention if I can find some stored-reflected-xss or even just content injection via iframe, or img tag on a legit site say "example.com, I register a name like uberCDN.com and host the sourced content at example.com.uberCDN.com and the typical victim user will have virtually no chance to detect anything is up..
Honestly we need to solve the trust problem as step 0, than we need encryption and integrity + authentication as step 1.
Funny I think a world in which you did face liability limited to your ownership would make for a lot nicer America. So you have 25 shares of XYZ corp, if XYZ if fined, has unpaid debts etc, incurs a civil liability etc, you should be proportionally responsible for that after XYZs assets have been exhausted. If the remaining debt is 5 Billion and you own.000002% of the shares out standing than you should be on the hook for 10K.
My guess is if the owners could be held accountable, we would have boards of directors and shareholder votes targeting very very different qualities where selection of top management is concerned.
If he was ale to talk to someone to make threats, he could have used the same time to rebut.
There is no proof of that, not that there is proof of any of this. My point was the media acts as a gatekeeper. Had he responded with a reasoned argument citing statics about the rate at which assaults by uber drives actually compares to those at the hands of other public and private transportation operators and staff there is no guarantee at all Lacy would print it.
What is a better headline? "Some uber drivers caught assaulting passengers!" or "There is a vanishingly small risk your uber driver could assult you and its probably very comparable to the risk you face from everyone else!"
The media isn't one group think. Fox news love to suck business cock, and they would give them the time.
Ah but many of the folks he needs to reach don't watch Fox. Just like many of the people who do don't read left leaning media. So its not one group but the intersection of the groups getting smaller and smaller. When the groups no longer over lap its just a bunch of silo shaped echo chambers.
One of the many ways the news media has abandon the few vestiges of integrity it ever had, has been the move toward tailor the message to the audience.
I blame the media though. The "news" media has never exactly been objective but once upon a time they at least offered up most of the facts and some reasoned analysis. This gave them some appearance of objectivity which sat better with folks and also put most of the facts out there so you could reject their conclusion and form your own.
Now almost all the news media is very closely tied to the interest of their corporate masters. So much of the media now at least appears to have axe to grind, even when its not clear whose axe that is, I can understand the concern.
Put yourself in Uber's shoes, you are running a company and getting somewhat hostile media treatment, perhaps you deep down to your core believe the criticisms are inaccurate, and deeply unfair. You try to rebut them but you are simple not given the same air time the critics are. What should you do just bend over an take it, let them damage your business. I for one would much rather erode peoples faith in the source, and opposition research is how you do that!
Seriously, what do they think they can gain from not letting a government control it's own name?
Hmm lets see break every link to every site for an entire country. Sounds like a pretty stiff sanction to me. Think of the economic harm that would happen to us for instance if suddenly.com.org and.net were suddenly pointed elsewhere, that would mean for example slashdot.org would not resolve or would instead point to someones propaganda page etc.
Services and integrations that have hostnames would beak, I am sure lots of federal and state government systems we don't think of as Websites would cease to function, b2b apps everywhere would die, etc. It would be chaos!
Now countries like Iran and the DPRK would probably be able to recover much faster than we can, they have few internet choke points a handful of well placed NATs could point 53 traffic at a "root server" that responds with values pointing their tlds back at their "proper" name severs, some minor DNSEC issues aside it would probably mostly worky.
Which is an interesting precedent to set on this issue. Consider the cases recently where Microsoft and others have been permitted to size domains. Under this logic that does not fly.
Right, seems like it should be possible to identify the cheats with a simple exam, give everyone in the class a pop quiz, with a really similar question.
For the folks that did not cheat they get reward for their honest hard work, they will already have thought through the problem had the opportunity to test their solution etc, and simply need make some trivial change and scribble their solution down on the exam sheet. Easy-A
The cheaters will be busted, outed by their inability demo knowledge that they already are supposed to have displayed before.
The "difference" is math. You don't pay estate taxes on $5 or $5 million. It doesn't apply to the first $5.3 million dollars of inheritance.
No the difference is a few lines of US Law code that Congress could change at ANY TIME. Just because that carve out exists today does not mean it will exist tomorrow. The SAFEST thing to do is maintain a principled stand against estate taxes. Which only exist because dead people don't vote.
If you want electricity going to traffic lights, you have to pay your fair share.
Dead people don't use those services or well pretty much any services so their "fair share" is $0. Taxes should be on the living, who are able to participate in the democratic process.
We have income taxes, everyone has already paid them, taxing that money a second time upon death is double taxation. Maybe income taxes need to be higher, a debate the living can have, but taxing people twice is wrong.
Maybe we should get rid of income taxes and have an asset tax instead?
Why should he not worry? He is working hard to earn that money if he is thinking about leaving it as a legacy for his children to enjoy that should be his choice. What difference does it matter if its $5 or $5 million, or hell $5 billion.
Its money he "made" and paid taxes on along the way already, none should have any claim on it, its disposition should be his discretion and his alone, the amount isn't important its a basic matter of principle.
Do you have any evidence, any at all that a TOR user's anonymity has ever been compromised due to a vulnerability specific to TOR?
To my knowledge ever document case of someone being discovered that used TOR was because of something they said or did, some type of malware on there machine, or a user-agent that was leaky about identifying information.
I am not saying TOR has not been compromised, we know of the malware injection done by some exit node operations for example, but assuming you are being smart, using SSL, using a browser that is trustworthy and front ending it with something local like privoxy to anonymize user agents strings, strip cookies, other http headers etc, from everything I have read/discovered/scene TOR is still "secure".
What I found really degrades quality is not the language, but an overemphasis on code style at some companies. Instead of code reviews focusing on the functionality of the code being reviewed, they spend all their time nit-picking about variable names and whether to use camel-case or underscores.
I have to disagree with you here. Style and consistency are important. I often do third party code reviews for security and I can tell you the code I get where the there is consistent style and convention being used almost always exhibits fewer problems.
I am sure there is a point in organizational maturity where people first start focusing on style but the group has not mastered it yet, it probably is a distraction there, once past that inflection point however, it makes it easier for peer reviewers to spot the bad decisions and questionable logic in code. if user = authenticate(user,password)
doSomeStuff(user) else
doSomethingDifferent(user) end
Might be perfectly correct code. If you are trying to get code released though you might buzz by what this is doing on a fast read or read it wrong; unless this is a typical convention in use and then you probably would understand immediately. In other shops though you'd see this:
user = authenticate(user,password) if user
doSomeStuff(user) else
doSomethingDifferent(user) end
I don't have a preference actually but If you have people doing it both ways in the same code base, its a recipe for overlooked bugs.
Deepends on if they thing they got more where this came from or not. CurrentC looks pretty hackney so my guess is there will be more breaches more vulns in the future.
Think about the Snowden disclosures. Would it have been more damaging have published it all at once, or was it more entertaining to drop something watch them react and then force them to backpedal and temporize in the face a subsequent releases?
I think that would be a risky move. This is one of those areas the 'regulators' are likely to wade into sooner or latter. Apple and Google don't want to be seen as bad actors. Right now there is a fair amount of goodwill for both Apple Pay and Google Wallet.
Its "Old/Big retail" that is out there trying to suppress competition to push product that various consumer advocates might not see as being good for the consumer. My guess is Apple and Google will seek their victories in the court room and on K street.
I was going to make essentially the same comment. Someone is going to jump in and suggest that utilities like that should have their own user account and call sudo or fork and su to start wget as the limited user, and fetch certificates to some specific directory.
Those someones are probably correct, but we all know in practice that rarely happens.
Real leadership here. Basically the Chocolatey folks did it for them and only after facing the threat of not controlling the dominate package manager on their own platform do they finally after decades offer a solution.
Basically what this tells me is they were trying to avoid competing with their App Store clone BS and are now having their hand forced. Way to go MS way to go.
Keeping their home offices in those locations is really part of the same game as the H1B exploit.
If they can get someone to move there and work for 20% less than the say the US average market rate based on the cost of living theory they know you can't leave.
You will by a house, which you will never be able to sell for enough to cover the majority cost of a similar property any place likely to offer similar employment roles. You won't having savings to make up the difference either because even if your wages went a long way there in terms of the price of local services and housing; they won't elsewhere.
So you will be left there in Bentonville after a 5 years or so going gee, I really can't afford to be 40 years old, exhaust my savings on a down payment and still have only 30% equity in a new home; no matter how good the new job might be.
I am pretty sure some of these companies plan this!
There are lots of Government technical workers, who probably would like to read more tech news but have security clearance related fears. There is much FUD, possibly legitimate FUD don't know, don't have a clearance myself but have been interviewed many times when friends have sought clearances.
Some of them really are afraid clicking the wrong Slashdot story while taking a break at work could cost them. Frankly I think the bigger issue is the government though police are so frightened they even make an issue of such a thing but, it is what is.
So now I guess Verizon with profit from so new ad revenue.
Slashdot Mirror
Except that Google and Its employees are citizens with rights too. Everyone should be equal under the law. The law in Spain is now, you have to pay to link to certain types of content. Fine, Google is complying with the law, they tried to convince the people not to support it and failed, so now they are being a good citizen and obeying.
Its not Google's fault you or the news papers miss'em now that they are gone. If Google is now to be forced to operate a news aggregator, than so should every other organization or individual that has a website! That is just fair.
Speaking as a computer security professional the entire second amendment argument is juvenile and stupid, if not harmful. On top of this we continue as a society to tolerate an obviously corrupt system of double standards. I completely agree with you.
We have corporations that now seem to operate under an entirely different set of lows than the rest of use do. We have HS and College kids being aggressively prosecuted for acts that cause tiny amounts of harm if any. Sony deploys a root-kit that puts the security of the systems of millions of customers in danger, and impairs those systems in general and they get basically asked to apologize and replace the defective product, they are not asked to do anything about the real damage. I don't recall prosecutors asking Aaron if he would like kindly remove his machine from MIT's wiring closet, delete the copies of the journals he made, tidy up and than forget the whole thing; no he was threatened with prison and a ruinous legal process until he killed himself. Yet for some reason Sony gets off without even having to clean up the mess they made.
Meanwhile the security community continues to want play army. Weather its with red vs blue rhetoric, or bizarre and ill considered Second Amendment analogies. To anything thinking person software it self and digital communications are more closely tied to the First Amendment, in terms of speech and anything you might do with a computer or network is more relate-able to expression or assembly.
A computer is not a weapon, let me repeat that a computer is not a weapon. Now it might control a weapon, be a component in or of a weapon but a computer it self is not a weapon. We don't need to conflate these things. By the logic they are using anything that can be weaponized is an arm. Which would mean I have the right to keep and bare well anything. "Sorry mister DEA agent, that brick of cocaine isn't drugs, I use it throw at people I don't like. Its a great arm, if you get hit with the corners of the package it really hurts; yet at only one kilo its light enough to carry around throw easily!" To say nothing of the implications for cars, kitchen knives etc.
This is about impotent little pricks that want to feel powerful, without having to leave their desks. The CFAA is a terrible law that is vague and potentially criminalizes lots of very innocent activity. Still I hardly think given the number of shared resources out there we want go to a total free for all where anyone can do anything the like online with no real/physical world consequences either. I am not even necessarily against "attack back" if its allowed under a prescribe limited set of circumstances, just like castle doctrines or stand your ground laws. The important parts of that though are "limited" and "prescribed" none of which applies to what Sony is doing here.
Its distributed and it denies service (or at least the service users are expecting), just because they are not necessarily "packeting" the targets does not make it not a DDOS.
A false representation of a matter of factâ"whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosedâ"that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury.
This sure sounds like it very well could fall under that definition. The question is for (me at least, IANAJ) does an HTTP get represent a page view? Who agreed to that interpretation? Perhaps the advertizing firm and the site operator agreed those are equivalent but I never did. My guess is though the "by conduct" part is going to cover it. I mean in this case an individual has downloaded software specifically designed to disrupt statistics gathering that is know to be used for paying on ad views, and then your proceed to use said software. No part of the definition requires you to gain anything directly, only the other party to be injured so this may qualify as "defrauding the ad company" by you the user, without involving the site operator as a party.
I really don't know, but would/will stay away myself.
There is a world of space between telling people what they want to hear and " telling people your view of the truth bluntly". If you are qualified to offer an opinion and one has actually been sought you should offer your actual opinion, that is how you add value. If it differs from that of others you do so diplomatically.
For instance, lets say someone says, "I think we could deliver that in six weeks" and you know they forgot about issue $X. You don't reply "Well you forgot about issue $X so I don't think that will work."
You allow them to save a little face, and you say something like: "Sounds a little tight, I think you have underestimated how long $X could take, because we know it can fragile and will need extra QA testing attention"
They can cop to having for got all about X or not, you haven't completely shot their idea down but if they are a decent thinking person they correct the course. You know "a little tight" means "way the fuck off" and they do to but others might not need to known and you have not rubbed it in the face in even if its just between the two of you.
Just being some yes man does not do anyone any good though and those people usually only rise as far as the bottom rungs of the decision makers because eventually folks realize they just agree with everyone all the time and don't really offer anything.
Which is insane, but if it looks like special treatment it usually is. Denying our own senses takes us away from reality, it prevents us from recognize something that actually is unfair when we see it. We spend all our time solving imaginary problems rather than addressing real ones.
There is this huge push to get girls into STEM, encourage them to do science and math etc; because what apparently they can't be expected form their own ambitions and desires in the presence of all the societal messaging.
Yet on flip side we don't see a big push to encourage boys not to enlist in the armed forces. Nope despite all the glorification war in movies (almost always shown be fought by men) GI Joe, video games where you play soldier clearly marketed almost exclusive to men and boys, men are still expected to think for themselves. The idea of encouraging our girls to go into this high risk line of work is given lip-service at most.
Oh sure there has been lots of news about women in the military but you don't see the recruiters chasing the girls down the side walk outside the local high school.
Lets face it if it was really about getting rid of gender stereotypes we would stop calling attention to gender stereotypes. Rather than going oh look "SHE is a successful software developer" we would start saying oh look "Jane is a successful software developer" We should put the emphasis on Jane and not her sex. We would not "find female mathematician" to speak to the girls in the class about math, we would find the best mathematician willing to talk about their work to class of students regardless of their gender to do it.
Kids are not stupid, showing Barbie "can be a computer engineer too" or having a chapter in the computer science text about "women in the field' or something does not play as "see girls can do computers" it plays as "see you won't be the only freak out there, girls can do computers but its still kinda weird"
Finally we need to stop framing thinks as women's issues that are not. Early voting for example. Pelosi tried to push the idea the women for some reason are unique in the obstacles they face getting to the polls, because I don't men apparently don't have events in their daily lives that make it hard to abandon their usual routines on a particular Tuesday, nope that's girls. Then we see how she treats a female fellow democrat that might happen to vote in away she does not agree with, the instance she seeks the right to vote by proxy. Hint she is denied.
So either women don't need special consideration for voting or the do which is it? Oh that right the answer is obvious they don't or if they do the need it no more and no less than any male. Still Nancy was perfectly willing to portray her gender as needing special accommodate when it was politically useful but she knows perfectly well the need is imagined, and discards the idea when its not politically useful.
Yea, honestly the lesson I would want a child to take away from this book is that life isn't fair. Barbie is a bimbo she hasn't got to neurons to rub together but she is pretty and charismatic, she will be able find other people like boys in this book to sponge off and carry her anywhere she wants to go.
This isn't a gender thing either. Pretty boys gave the same advantage although it might show up a little later in life. I have worked lots of places and seen one male manager who is near totally incompetent leading a vastly less successful and productive team than his counter part and their team get selected for promotion to some role like director or CIO/CTO over and over again. Why because that guy was taller and better looking and maybe if he possessed any skills at all its knowing how to tell others what they want to hear.
People need to understand that they may come up against the Barbies and Kens out there and depending on the situation it might not be a fair fight. They might need to recognize they are Barbie or Ken and learn to lever that too.
I taught at one of those evil "For Profit" schools and wasn't able to provide adequate resources for students to be able to download the tools for class, let alone entire operating systems which were needed from time to time.
Your failure to manage resources is not the school or tax payers or tuition payers in the case of a private school's problem. All of that stuff could have been downloaded once (perhaps over night) and passed around the room on an $8 usb stick you most likely could have expensed.
Agreed,
I don't see this as much of a solution. The Grandparent is right transport encryption is a requirement but I am not sure its first step. encryption and authentication are part and parcel. One really isn't useful without the other and might be more dangerous alone than nothing.
At least with HTTP I *know* there exists the possibility what I am receiving isn't coming from who I thought it was from, may have been undetectably altered, and others know I am viewing it. Just as anything i send, might be altered or not go where i expect it to.
The big problem today is all those shitty domain validated certs, are cheap ticket to every spammer, fraudster in the world to appear legit.. Not to mention if I can find some stored-reflected-xss or even just content injection via iframe, or img tag on a legit site say "example.com, I register a name like uberCDN.com and host the sourced content at example.com.uberCDN.com and the typical victim user will have virtually no chance to detect anything is up..
Honestly we need to solve the trust problem as step 0, than we need encryption and integrity + authentication as step 1.
Funny I think a world in which you did face liability limited to your ownership would make for a lot nicer America. So you have 25 shares of XYZ corp, if XYZ if fined, has unpaid debts etc, incurs a civil liability etc, you should be proportionally responsible for that after XYZs assets have been exhausted. If the remaining debt is 5 Billion and you own .000002% of the shares out standing than you should be on the hook for 10K.
My guess is if the owners could be held accountable, we would have boards of directors and shareholder votes targeting very very different qualities where selection of top management is concerned.
If he was ale to talk to someone to make threats, he could have used the same time to rebut.
There is no proof of that, not that there is proof of any of this. My point was the media acts as a gatekeeper. Had he responded with a reasoned argument citing statics about the rate at which assaults by uber drives actually compares to those at the hands of other public and private transportation operators and staff there is no guarantee at all Lacy would print it.
What is a better headline? "Some uber drivers caught assaulting passengers!" or "There is a vanishingly small risk your uber driver could assult you and its probably very comparable to the risk you face from everyone else!"
The media isn't one group think. Fox news love to suck business cock, and they would give them the time.
Ah but many of the folks he needs to reach don't watch Fox. Just like many of the people who do don't read left leaning media. So its not one group but the intersection of the groups getting smaller and smaller. When the groups no longer over lap its just a bunch of silo shaped echo chambers.
One of the many ways the news media has abandon the few vestiges of integrity it ever had, has been the move toward tailor the message to the audience.
I blame the media though. The "news" media has never exactly been objective but once upon a time they at least offered up most of the facts and some reasoned analysis. This gave them some appearance of objectivity which sat better with folks and also put most of the facts out there so you could reject their conclusion and form your own.
Now almost all the news media is very closely tied to the interest of their corporate masters. So much of the media now at least appears to have axe to grind, even when its not clear whose axe that is, I can understand the concern.
Put yourself in Uber's shoes, you are running a company and getting somewhat hostile media treatment, perhaps you deep down to your core believe the criticisms are inaccurate, and deeply unfair. You try to rebut them but you are simple not given the same air time the critics are. What should you do just bend over an take it, let them damage your business. I for one would much rather erode peoples faith in the source, and opposition research is how you do that!
Seriously, what do they think they can gain from not letting a government control it's own name?
Hmm lets see break every link to every site for an entire country. Sounds like a pretty stiff sanction to me. Think of the economic harm that would happen to us for instance if suddenly .com .org and .net were suddenly pointed elsewhere, that would mean for example slashdot.org would not resolve or would instead point to someones propaganda page etc.
Services and integrations that have hostnames would beak, I am sure lots of federal and state government systems we don't think of as Websites would cease to function, b2b apps everywhere would die, etc. It would be chaos!
Now countries like Iran and the DPRK would probably be able to recover much faster than we can, they have few internet choke points a handful of well placed NATs could point 53 traffic at a "root server" that responds with values pointing their tlds back at their "proper" name severs, some minor DNSEC issues aside it would probably mostly worky.
Which is an interesting precedent to set on this issue. Consider the cases recently where Microsoft and others have been permitted to size domains. Under this logic that does not fly.
Right, seems like it should be possible to identify the cheats with a simple exam, give everyone in the class a pop quiz, with a really similar question.
For the folks that did not cheat they get reward for their honest hard work, they will already have thought through the problem had the opportunity to test their solution etc, and simply need make some trivial change and scribble their solution down on the exam sheet. Easy-A
The cheaters will be busted, outed by their inability demo knowledge that they already are supposed to have displayed before.
The "difference" is math. You don't pay estate taxes on $5 or $5 million. It doesn't apply to the first $5.3 million dollars of inheritance.
No the difference is a few lines of US Law code that Congress could change at ANY TIME. Just because that carve out exists today does not mean it will exist tomorrow. The SAFEST thing to do is maintain a principled stand against estate taxes. Which only exist because dead people don't vote.
If you want electricity going to traffic lights, you have to pay your fair share.
Dead people don't use those services or well pretty much any services so their "fair share" is $0. Taxes should be on the living, who are able to participate in the democratic process.
We have income taxes, everyone has already paid them, taxing that money a second time upon death is double taxation. Maybe income taxes need to be higher, a debate the living can have, but taxing people twice is wrong.
Maybe we should get rid of income taxes and have an asset tax instead?
Why should he not worry? He is working hard to earn that money if he is thinking about leaving it as a legacy for his children to enjoy that should be his choice. What difference does it matter if its $5 or $5 million, or hell $5 billion.
Its money he "made" and paid taxes on along the way already, none should have any claim on it, its disposition should be his discretion and his alone, the amount isn't important its a basic matter of principle.
Do you have any evidence, any at all that a TOR user's anonymity has ever been compromised due to a vulnerability specific to TOR?
To my knowledge ever document case of someone being discovered that used TOR was because of something they said or did, some type of malware on there machine, or a user-agent that was leaky about identifying information.
I am not saying TOR has not been compromised, we know of the malware injection done by some exit node operations for example, but assuming you are being smart, using SSL, using a browser that is trustworthy and front ending it with something local like privoxy to anonymize user agents strings, strip cookies, other http headers etc, from everything I have read/discovered/scene TOR is still "secure".
What I found really degrades quality is not the language, but an overemphasis on code style at some companies. Instead of code reviews focusing on the functionality of the code being reviewed, they spend all their time nit-picking about variable names and whether to use camel-case or underscores.
I have to disagree with you here. Style and consistency are important. I often do third party code reviews for security and I can tell you the code I get where the there is consistent style and convention being used almost always exhibits fewer problems.
I am sure there is a point in organizational maturity where people first start focusing on style but the group has not mastered it yet, it probably is a distraction there, once past that inflection point however, it makes it easier for peer reviewers to spot the bad decisions and questionable logic in code.
if user = authenticate(user,password)
doSomeStuff(user)
else
doSomethingDifferent(user)
end
Might be perfectly correct code. If you are trying to get code released though you might buzz by what this is doing on a fast read or read it wrong; unless this is a typical convention in use and then you probably would understand immediately. In other shops though you'd see this:
user = authenticate(user,password)
if user
doSomeStuff(user)
else
doSomethingDifferent(user)
end
I don't have a preference actually but If you have people doing it both ways in the same code base, its a recipe for overlooked bugs.
Deepends on if they thing they got more where this came from or not. CurrentC looks pretty hackney so my guess is there will be more breaches more vulns in the future.
Think about the Snowden disclosures. Would it have been more damaging have published it all at once, or was it more entertaining to drop something watch them react and then force them to backpedal and temporize in the face a subsequent releases?
I think that would be a risky move. This is one of those areas the 'regulators' are likely to wade into sooner or latter. Apple and Google don't want to be seen as bad actors. Right now there is a fair amount of goodwill for both Apple Pay and Google Wallet.
Its "Old/Big retail" that is out there trying to suppress competition to push product that various consumer advocates might not see as being good for the consumer. My guess is Apple and Google will seek their victories in the court room and on K street.
I was going to make essentially the same comment. Someone is going to jump in and suggest that utilities like that should have their own user account and call sudo or fork and su to start wget as the limited user, and fetch certificates to some specific directory.
Those someones are probably correct, but we all know in practice that rarely happens.
Real leadership here. Basically the Chocolatey folks did it for them and only after facing the threat of not controlling the dominate package manager on their own platform do they finally after decades offer a solution.
Basically what this tells me is they were trying to avoid competing with their App Store clone BS and are now having their hand forced. Way to go MS way to go.
Keeping their home offices in those locations is really part of the same game as the H1B exploit.
If they can get someone to move there and work for 20% less than the say the US average market rate based on the cost of living theory they know you can't leave.
You will by a house, which you will never be able to sell for enough to cover the majority cost of a similar property any place likely to offer similar employment roles. You won't having savings to make up the difference either because even if your wages went a long way there in terms of the price of local services and housing; they won't elsewhere.
So you will be left there in Bentonville after a 5 years or so going gee, I really can't afford to be 40 years old, exhaust my savings on a down payment and still have only 30% equity in a new home; no matter how good the new job might be.
I am pretty sure some of these companies plan this!
There are lots of Government technical workers, who probably would like to read more tech news but have security clearance related fears. There is much FUD, possibly legitimate FUD don't know, don't have a clearance myself but have been interviewed many times when friends have sought clearances.
Some of them really are afraid clicking the wrong Slashdot story while taking a break at work could cost them. Frankly I think the bigger issue is the government though police are so frightened they even make an issue of such a thing but, it is what is.
So now I guess Verizon with profit from so new ad revenue.