PSA for those who dont already know: don't waste your money on PreCheck alone. If you're going to do it, buy Global Entry, which is only $15 more, includes PreCheck, and will get you through immigration incredibly quickly, sometimes without a single question.
Also PSA for those who don't already know: it's NOT a waste of money depending on your circumstances. PreCheck's.. checks.. are cursory at best, and its requirements are embarrassingly low, hence why I say it's basically "pay to win" because you're practically guaranteed approval unless you're El Chapo or something. However, Global Entry is actually the real thing, with an extensive background check including detailed criminal history, and it has very strict and generally unforgiving qualification rules. Many of those rules are unpublished too, they admit this openly that they don't provide a full list of disqualifiers for "security reasons". PreCheck does provide a full list.
I myself am barred for life from GE (I found out about one of the rules they don't list when my application was denied) because I was arrested once when I was young for misdemeanor possession. Charge was dropped, so I have no convictions just the one arrest, but that alone disqualifies me from Global Entry because it's drug-related, and that was stated plainly on the denial letter I received. I think it's bullshit, since I wouldn't be surprised if a quarter of the entire fucking country has an experience like that, but hey. War on Drugs(tm) and all that.
PreCheck is basically "Pre9/11". You go through metal detectors rather than the nudie scanner, you don't get fondled, you leave everything in your bag and your shoes on and it's pretty much just like the old days. Which was my point about how it reinforces the fact that the rest of the shit is pure theatre.
We never NEEDED to in the first place. That was just a bit of security theater against conveniently unspecified "threats". Just like the liquid restrictions. It made no sense that laptops were somehow special devices that had to be scanned differently from every other piece of electronics sent through the scanner.
A notion further reinforced by anyone who has ever ponied up the $85 "pay to win" fee for PreCheck, since those people for years now have already not had to remove liquids or electronics from their bags, nor take their shoes off. Especially considering it's damn near impossible not to get approved for PreCheck.
It doesn't take much to get a kid to decide not to go to school. But are they willing to make real sacrifices for the environment? Probably not. You have to give up meat. You can't buy electronics devices. You can't use plastics. Can't drink milk or consume many other animal products unless they are expensive sustainable varieties. You have to give up on shopping at the mall and do all your clothes shopping at thrift stores buying only highly durable clothing that lasts more than a season. Give up any sports or extracurriculars that require you to travel by bus.
When kids do those things, they will be standing on firm moral ground.
I wish TFS had bothered to link another Guardian article from earlier this week, that was specifically about Greta herself. Because.. yes, she did do those things. And not only did she make those sacrifices, she convinced her parents to as well. She even got her mother to give up flying, which had a severe impact on her career, for example.
So yeah, at least in Greta's case, she's practicing what she preaches. Her whole family is.
The country's grid is one giant 0-day. Best not to pics details or even identities until it is mitigated.
I wouldn't call the grid "one giant 0-day". While there are plenty of utilities with their heads up their asses about cyber security (or "cyber" anything, honestly), there are plenty of others that DO take it seriously. Mine is one of them (no I will not name them either).
NERC literally spent Two. Years. auditing us. Top to bottom. We just officially got the finish and closure recently, probably around the same time these other utilities were getting their fines. It was like getting ISO certified, except maybe even more invasive. They audited everything--every operational piece of the company from paperwork handling procedures to physical device specifications--for CIP compliance, so admittedly cyber security and pentesting was only one piece of the overall process, but they were still thorough with that piece too. Even, dare I say it, annoyingly fucking nitpicky in fact. They did find a number of little things, yes, because nothing is ever perfect, especially with the nitpicking. The recommendations report however was quite small, because our overall operational security was found to be excellent, by their rankings. "No significant issues", in bureaucratic speak.
It may not sound like much, but I'm pretty damn proud of that, especially as this is not some tight little office network. It's an industrial communications system spanning tens of thousands of square miles, with a network link in every substation. That's a lot of access control, just physically, before you even start considering all the layers above that.
So yeah, some utilities do care. And the idiots that don't, I hope they get their asses fined until it's too goddamn expensive for them not to care. If anything, $10 million for 127 violations is way too modest in my opinion.
The problem with your logic is that most people cut the cord to cable in order to save money. Most cable services are very expensive, probably averaging $100/month in many locales. Whereas you can get a lot of useful content with only one service, or go with two services if you want to splurge. Going for 18 different services is too many.
Well, keep in mind the increasing fragmentation in the streaming market. So sadly, you're not getting as much useful content from one service as you used to, like Netflix here losing the entire Disney/Marvel/Pixar catalog (well most of it; they do have some Marvel TV production deals that stay). Nonetheless, I do understand what you mean and I don't disagree with that.
Part of the tasks one does when cutting the cord is to also cut back on the amount of television they watch. Don't expect to cut the cord and get exactly the same content that you used to get. You will actually get more content over all, it just won't necessarily have all the shows you previously watched on a regular basis. The easiest way to do this is to realize that you can afford to wait a year to see the next season of your favorite show. Otherwise if you need the same content then you'll find yourself justifying paying the extra $90 just for some silly sitcom you like.
That's fair. I didn't mean to imply the only choices were all or nothing. I was merely trying to go a bit more "apples to apples" comparison of having all the content of a cable subscription versus these streaming services. By all means, if you only want to watch Marvel stuff say, then cut the cord and just subscribe to Disney+ and be done with it. I do not begrudge anyone that.:)
#2: Cable TV is broadcast on it's schedule and that's it. Miss a show/forget to DVR it? Too bad, so sad - better hope they decide to re-air it at a later date and time. Streaming let's you pick anything from the library to watch whenever and wherever you want it.
Streaming has been integrated with cable for a long time. First it was called "on-demand" and today that is available on virtually every cable service at almost all price tiers. However it's even been expanded such that a huge number of television networks (both broadcast and cable-only) have their own streaming services that are available at no extra cost to cable subscribers (and are often ONLY available to cable subscribers, not sold direct, which is why they don't get any press like these standalone services). That includes not just the existing on-demand stuff, but also location-agnostic streaming through their apps on mobile devices, and via boxes like Roku and FireTV and all that. NBCUniversal just announced they are also launching a streaming service, and said it will also be no extra charge to cable subscribers (or you can pay $12/mo for it alone, which I think is an absurd price).
So no, by and large you are not beholden to a broadcast schedule.
To be honest, I think it's this sort of integration that may even save cable. Why pay 18 different streaming services a separate monthly fee, when you can pay one cable bill and still get access to most (admittedly not all) of those? And with the prices of the streaming services going the way they are, together they're going to end up costing as much as, if not more than, that "f'ing expensive" cable bill anyway.
If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and sending random voltages down them... and the results of THAT will not leave my own network anyways.
No. If this requires technology on MY end as a consumer, then this is not about preventing spoofing, it is about tracking and gathering data, presumably to monetize it.
I gather you did not even glance at the linked whitepapers? I'll quote the relevant line. "Using STIR/SHAKEN, the call is authenticated by the calling party’s service provider that digitally signs the calling number. The called party’s service provider validates the digital signature to verify the calling party identity. The SHAKEN governance framework defines how service providers are authenticated and authorized by a certificate authority to digitally secure the calling number of telephone calls." Emphasis mine. STIR/SHAKEN in and of itself works between providers, and does not require technology on the consumer end device.
However, until (or rather, a big if..) STIR/SHAKEN becomes universal (or at least reaches a point where a critical mass/majority of providers have implemented it), a service provider can't feasibly block unverified calls wholesale. They could certainly offer the customer that as an option perhaps, with plenty of warnings about the caveats, but doing it by default would block tons of legitimate calls that are unverified through no fault of the calling party, but rather because their telecom provider simply hasn't implemented the tech yet. So, bearing that in mind, the end user needs some way to know which calls have been verified and which haven't so they can decide for themselves whether to answer or not. The small piece that does require the phone's participation is the part that makes the phone aware that this STIR/SHAKEN transaction is going on in the background between the service providers. i.e., the part where the phone literally displays "Call Verified" or "Call Unverified" on the screen. That's all. The actual verification process itself requires no participation on the phone's end. Basically, it's the same concept as Caller ID. CID signalling works whether your phone supports it or not. You only need tech in your phone if you want to actually see the CID data.
There is a reply from an AC on this thread too that linked to responses from telecom providers about their implementation status. They make plenty of mention that they will begin signing/verifying calls all calls originating from their networks, regardless of whether the customer can see it or not, though several mention working on "displays" for the customer to see the verification results.
That limitation is temporary. I wish the summary had bothered to mention anything about the technical side of what T-Mobile's doing, because it's news for nerds after all.
What T-Mobile is implementing is a technical standard known as STIR/SHAKEN which is explicitly designed to prevent spoofed calls, among other things. Even the FCC itself (PDF) back in 2015/2016 was big on this particular framework for combating robocalls. So much so that one of the very, very few things Ajit Pai managed to do right for consumers was have the FCC require (PDF) that U.S. telecoms implement STIR/SHAKEN, and do so "without delay". Oh yeah, and they're required to interoperate.
So right now the Note9 is the first phone to support it. Others will follow. I'm sure Apple devices will get it quickly, probably with iOS 13 this year. And to respond to your specific complaint, it's "only TMo to TMo" right now because they're the first to implement the framework. Once the other telcos get their STIR/SHAKEN setups going, calls between networks should also be able to be verified.
And just for funsies, here's a full hour-long (!) video on the framework and how it works, as well its status in various countries, not just the U.S.
It's acceptable because no one is home to receive the package.
Sometimes I have packages sent to work, but inevitably they'll try for a Saturday or Sunday delivery so it's a bit of game of roulette. Sometimes I send them to my retired parents' address who have a greater chance of being home, but they live thirty miles away and their home is even more exposed if they're not around to receive the packages directly, so it's also imperfect.
Not being home is indeed a common issue for so many, but there are existing solutions. UPS and FedEx both have "hold for pickup" options. This isn't great for everyone but the local distribution centers are both on my way home from work, so I'm quite happy to use that option and just grab them on the way. What royally pisses me off, however, is that I am not allowed to use this option with at least 60% of the packages I receive. I've called (when I can't do it from the automated website) and asked about this several times, and I usually get one of just two responses: a) you can only select this after the first delivery attempt fails, which is useless for no-sig packages; b) the seller/shipper has ACTUALLY SPECIFIED THIS ISN'T ALLOWED, which is the one I find even more ludicrous. Amazon is particularly bad for this. It's their "default contract option" one UPS agent told me.
You'd think shippers and the shipping companies both would be falling all over themselves to allow this. It's secure which is good for the shipper, and it puts the onus on me instead of the shipping company's driver, which saves them manhours and other costs. Yet they make it absurdly difficult or impossible to use this option.
Eventually I ended up just getting a P.O. box from one of the many companies that offers them with standard mailing addresses (so they don't look like P.O. box addresses, getting around the other issue of companies that don't ship to P.O. boxes), and accepts package deliveries. So basically I'm paying extra out of my own pocket to deal with an issue that has simpler, cheaper (for all parties) solutions. We live in a great society.
With you there. I'm not fanboy but I've enjoyed their hardware for years, and I have a lot of it too. Yet I feel like they're going out of their way to deliberately sabotage the "low end" (well, their version of it). Started seeing it first in the iPhones, with the lower models getting horrible base storage options for one, and reserving arbitrary features for the "flagship" phones. Now their other hardware lines too.
I really, really wanted the Air. Or rather, I wanted what the rumors suspected of it. A lower-power machine with the features I personally needed. The machine that came out though feels.. purposely hobbled. Most especially the two USB-C ports, on only one side of the machine, and nothing else. Power, external video, everything goes through those two ports. God forbid I'm right-handed and have a need for some kind of wired input device..
Other than Lenovo (also Dell XPS 13), consider the System76 Galago Pro (itself a re-branded Clevo machine). It's almost the same dimensions and weight as the new Air (about an inch bigger on one side, and like 150 grams heavier; so some difference but not much). In that almost-the-same form factor they managed to offer a significantly better CPU (with slightly better on-board graphics because of it, for what that's worth), a 13" 3K screen (which has higher DPI and more resolution than the Air's new Retina screen). They offer a USB-C port with Thunderbolt 3 on it, which is capable of power input/charging, external video output, and all the rest that the Air's two ports offer, so there's feature-parity there. However, in that same chassis they also offer USB3 Type-A ports (on both sides!), HDMI and mini-DisplayPort, a DC power input, an SD card slot the Air removed, and even a wired Ethernet port. Most of the other things like the webcam and such are parity with the Air, no better but no worse. The Galago admittedly does not offer fingerprint reading or Secure Enclave or such that the Air has, so there is that. The Galago does offer faster NVMe M.2 options for storage, up to 2TB. A Galago Pro configured with the same RAM and storage space (at the high-end NVMe option) still manages to be $300 less than the Air.
Oh, and it did all this in a machine that was released over a year before the Air (early-to-mid 2017), by the way.
Is it necessarily a better machine than the Air? That's a matter of opinion. The port options I sure as hell think so. It doesn't get nearly as good battery life as the Air though thanks to that much more powerful processor. However I also don't have to eat up one of only two precious USB-C ports to connect power to it, unlike the Air. The Galago also isn't unibody aluminum, which tends to make it less durable (though reports are it isn't fragile either). On the flip-side, the Galago can also be opened and serviced, and its RAM and storage are swappable by the user. Hell, the damn CPU isn't even soldered down.
Anyway, I'm quickly rambling off-topic here. Point is, I think stuff like the Galago shows Apple could've fucking done better, and easily so. They have the design prowess, I don't think there's much question of that. It just feels like they didn't give a shit about something "lower end" and less profit margin like the Air, so they pissed out a hobbled design, had the gall to up the price on it, and then called it a day. And I don't blindly throw money at that.
...Facebook is not required to have or provide access to systems to technically facilitate a wiretap like a Telecom provider would be required to do...
Though speaking of Telecom, I'm particularly curious about a recent court ruling that decided VoIP was an "information service" not a phone service. Sort of curious if this means VoIP companies like Charter as mentioned in the linked article, or say Vonage, can now have their systems set up so as not to be able to "technically facilitate" a wiretap. I mean if Facebook isn't required to, and VoIP providers aren't providing Telecom anymore..
What i do not understand is why the merger requires Chinese approval.
They required approval to continue operating within China after merging. Pretty much every major economic power reviews mergers of foreign companies that operate within their markets, US and EU included. Usually there's a threshold I think; they review it if the foreign companies have a large enough market influence/impact.
Both Qualcomm and NXP do business in China. What they need approval from China for is to continue doing business in China, as a merged company. China couldn't directly stop the merger itself, no, but they could stop the newly combined company from operating within their borders.
As TFS summary itself mentions, China represents 30% of Qualcomm's revenue. NXP similarly does significant business in China. Losing that market would be a massive loss, so they chose not to merge rather than lose access to the Chinese market.
This is not at all unique to China. The EU and the US also do this sort of merger review of foreign companies that do business within their respective markets.
So... is there a criminal charge that can be applied here?
That would be the big question. The article mentions the woman represented herself for the civil case, so I'd be curious if she ever consulted a lawyer about criminal charges. I suspect what this whole thing revolves around is a case of the TSA "doing its job" (regardless of whether you or I think it's a job they should be doing), and so she has no grounds for a criminal charge. Just based on the limited description in the article, it seems what she's more or less claiming is that the TSA used the authority it does actually have under the law, but used it maliciously against her. i.e., they didn't necessarily break the law, they just applied the law incorrectly.
Considering the article also mentions that criminal charges were filed against her, but says she was acquitted (which I'm assuming they use that specific word because she outright won a "not guilty" and not just that the case was dismissed), that bolsters my guess that the TSA used "lawful" authority, rather than break the law, but did not use it appropriately. That would mean no criminal charges against them.
In such a situation, tort would be there specifically for a check-and-balance against such abuse of lawful authority, same as it's used against police. And that seems to be exactly what the dissenting judge was saying in his dissent.
There's quite a bit of confusion over this ruling and what the Federal Tort Claims Act actually covers.
To start with though, no, they are not immune to prosecution. Neither is law enforcement, for that matter. This case does not deal with that at all. It deals with TORT, which is a civil case, not a criminal case, and is not a "prosecution" procedure. When you sue, you're pursuing a civil case, for civil damages typically, and the civil tort is usually aimed at a specific person and not just the whole organization (though the organization can be included). It's often forgotten that very often a civil "sue" case will run concurrently (or immediately after) a criminal case; when you hear about a person seeking "damages" for a criminal act, that "damages" portion is done as a tort in civil court, totally separate from the criminal court case. This is almost never talked about in, say, media coverage of a major criminal case, so it's very easy to conflate the two and think the whole thing was all one criminal case, when it fact there were two separate actions happening: a criminal suit and a civil suit.
Of course, the civil tort can totally happen without any criminal case at all, which is the situation with this person against the TSA. She sued them, but there were no criminal charges against the TSA so there was only the civil suit.
However, more specifically this case dealt with whether the TSA was a law enforcement organization, because law enforcement officers are not immune to tort claims; they are specifically exempted from FTCA protection. They CAN be held personally liable, and sued directly. The ruling here declared that the TSA is not law enforcement, and is therefore immune to civil suits under tort (which I will agree, is fucking bullshit). However, as far too many seem to be confused about, if they break the law they CAN still be criminally charged and prosecuted, just like any LEO can too, or anyone else in government (supposedly..) could be.
In practice though, of course, good fucking luck as a private citizen in being able to press criminal charges against a TSA agent.
While I'd agree that the vast, vast majority of U.S. consumers get their service from the Big Four (or an MVNO under them), they aren't the only games in town. U.S. Cellular and C-Spire are #5 and #6 for example. Granted, yes, they're way smaller and regional, but nonetheless other independent wireless companies do exist, and even being "small" they still represent millions of customers each.
Let us know you when you *actually* block autoplay and when you can do it more like 80+% of the time, like I can do in Firefox right now with the "Disable HTML5 Autoplay" addon.
You may not need that plug-in anymore. Firefox also has built-in autoplay blocking, and has had it for quite a number of versions now. It is however still an experimental, hidden feature. It can be turned on in about:config by toggling "media.autoplay.enabled" to false.
I forget exactly when I found that setting and started using it, but it's been years now. While it's not perfect, and getting videos that you WANT to see to actually play can occasionally be a little finicky (Twitter takes a few clicks usually, for example), it in general works very well. At least, it has for my needs. It prevents most types of autoplay, even animated GIFs (sometimes, not always), and definitely prevents HTML5 autoplay, since even YouTube won't autoplay with that enabled. Most things are a simple click-on-it to get them playing if you actually want to see them; that's all I have to do in YouTube. It even prevents goddamn CNN from autoplaying.
Certainly, it more than exceeds the 80+% you want. For the stuff I personally browse I'd say 90-95% even, and generally speaking the stuff it slips up on are silent, animated GIFs. Crap wth audio, damn near 100% catch rate. Definitely a great feature of Firefox, and one I hope they eventually unhide and roll out into the mainstream Options area.
Linux Mint itself has not "ditched" anything. Mint, being Linux, still supports both Intel and AMD just fine. The Mint Team also did not ditch anything, because this machine is not made by the Mint Team. As they note in their own press release that the summary failed to link to, the Mintbox is based on Compulab's Fitlet microcomputer.
The recently-released Fitlet2 is what switched from an AMD SoC to an Intel SoC. The Mintbox is simply a branded Fitlet, with SSD and RAM included (Fitlet can be bought barebones) and Linux Mint pre-installed. Nothing more than that. So the Mint Team didn't really have a say in what SoC the new generation unit used.
That being said, I have a Fitlet 1 myself and I love it. I'm quite a fan of Compulab's whole range of micro and mini computers. Which is why I'd like to see them actually get credit for this machine, which they make.:P At least Mint Team's press release credited them.
This isn't just streaming. I use disc service also and now have over a dozen moves waiting in my queue with "Unknown" as the availability.
I currently have about 80 movies in the "Unknown" availability section, and you're right, plenty of them are not in any way small or obscure. Several of them have literally been "Unknown" for over five years. I even have one that was released in 2005 and it's still unknown availability.
However, it's even worse than that. Since the beginning of 2018 (almost on the dot, Jan 1st), even the movies that ARE in the supposedly-available part of the disc queue, they all list as "Short wait" on my queue, rather than actually available to ship immediately.
I don't know what Netflix's definition of a "short" wait is, but I haven't received any of those since the start of the year. It reached the point that, if I wanted to actually GET any disc service I'm fucking paying for (yeah, even if they don't ship you anything, you still pay), I had to review my streaming queue and add all those movies to my disc queue too. Wouldn't you know, streamable movies are all available for immediate-ship as discs too. No "short wait" on any of those.
The timing of this right at the start of the year makes me feel like this was something deliberate, their latest attempt to sabotage the disc service to justify ending it. I mean I can see a lot of people having that thought, "Why pay for disc service when all I'm receiving are movies I could just stream anyway?" I don't know if it's different for anyone else, but I sure can't get any non-streamable movies in the last two months.
Active links are attack vectors. It's bread and butter for most phishing attacks. "Your account will be disabled unless you click here" is not "plain text only". That it only shows text does not mean it is not processing things other than plain-text email.
Passive links; or at least what I'd consider "active" would be if the program were handling and opening them itself. Even old-school PINE had a "url-viewers" setup option though, and Alpine keeps this. It doesn't follow those links itself, it just sends them to an external program (and since it doesn't follow links internally, you're protected from auto-load nonsense). Plus it only sends them out if you want it to; you can turn that function off. It also asks you to confirm you want to open a link if you try to do so, and in that confirmation dialog it tells you the precise URL it's going to send to the external viewer program, no obfuscation--rendering one of the primary attack vectors moot.
I mean, sure, plain-plain-plain-text only isn't really a thing anymore even in Alpine, I'll grant you that, but it's still not something Alpine is opening internally. And if such an attack makes it past the confirmation to open it, on top of it telling you the exact and explicit URL it's going to pass to the viewing program, well.. Then yeah, I'll be honest: I do reach a point where I can only accept so much stupidity before I leave a user to their own failure. 100% idiot-proof doesn't exist, even in plain-text only (witness how many e-mails will keep text-only in mind and offer a URL you can copy & paste).
Surprise! Alpine now renders HTML for you. Text-only Alpine is history. It may be limited to showing text because you're using it in an xterm, but it's showing the text from the HTML version.
Not history at all. You said it yourself: it's showing you the text out of the HTML. And only the text, because Alpine is still text-only. It's a compromise for the modern world (where getting HTML-only e-mails is far too common, even from places you might REALLY NEED to read messages from) but without the attack vectors that come with it. It doesn't render images, it doesn't follow tracking pixels. It doesn't do JS or any of that other dangerous, unnecessary bullshit. Just text.
I can't speak for you of course, but that's a compromise I can live with, since my bank ain't going to send me text-only e-mails no matter how much I complain to them. I'd rather be able to read the text of their messages.
I started with PINE, moved to Alpine when that became the replacement, and to this day that is still the one and only e-mail client I use. It has come a long way since the earliest PINE days, but it's still overall just as familiar as it was. It's made some compromises over the years to maintain usability in the modern day (it renders HTML for example, but only the text out of it, not the rest, so no HTML attack vectors), but overall I still think it's one of the most secure e-mail clients out there.
apache, postfix and nginx come to mind as common packages that use openssl.
Good point. I don't run web services on that server so I didn't even think to look at those packages. That'd be a pretty big deal if the major web servers in Debian need it.
I did do some digging around after making that earlier post. I can definitely see from the client end it'll really make an impact for sure. In particular it's rather frightening how many SMTP servers out there don't do TLS 1.2 at all, so good luck being an MTA talking to other servers. Even Apple and Google/Gmail SMTP servers only talk TLS 1.0. No 1.1 or 1.2 support. Those are two companies I'd have figured would be at the forefront of such support. Amusingly their IMAP servers support 1.2 just fine. So, with those two, you can GET your mail but you can't SEND your mail in a 1.2-only environment.:)
Slashdot Mirror
PSA for those who dont already know: don't waste your money on PreCheck alone. If you're going to do it, buy Global Entry, which is only $15 more, includes PreCheck, and will get you through immigration incredibly quickly, sometimes without a single question.
Also PSA for those who don't already know: it's NOT a waste of money depending on your circumstances. PreCheck's.. checks.. are cursory at best, and its requirements are embarrassingly low, hence why I say it's basically "pay to win" because you're practically guaranteed approval unless you're El Chapo or something. However, Global Entry is actually the real thing, with an extensive background check including detailed criminal history, and it has very strict and generally unforgiving qualification rules. Many of those rules are unpublished too, they admit this openly that they don't provide a full list of disqualifiers for "security reasons". PreCheck does provide a full list.
I myself am barred for life from GE (I found out about one of the rules they don't list when my application was denied) because I was arrested once when I was young for misdemeanor possession. Charge was dropped, so I have no convictions just the one arrest, but that alone disqualifies me from Global Entry because it's drug-related, and that was stated plainly on the denial letter I received. I think it's bullshit, since I wouldn't be surprised if a quarter of the entire fucking country has an experience like that, but hey. War on Drugs(tm) and all that.
PreCheck is basically "Pre9/11". You go through metal detectors rather than the nudie scanner, you don't get fondled, you leave everything in your bag and your shoes on and it's pretty much just like the old days. Which was my point about how it reinforces the fact that the rest of the shit is pure theatre.
We never NEEDED to in the first place. That was just a bit of security theater against conveniently unspecified "threats". Just like the liquid restrictions. It made no sense that laptops were somehow special devices that had to be scanned differently from every other piece of electronics sent through the scanner.
A notion further reinforced by anyone who has ever ponied up the $85 "pay to win" fee for PreCheck, since those people for years now have already not had to remove liquids or electronics from their bags, nor take their shoes off. Especially considering it's damn near impossible not to get approved for PreCheck.
It doesn't take much to get a kid to decide not to go to school. But are they willing to make real sacrifices for the environment? Probably not. You have to give up meat. You can't buy electronics devices. You can't use plastics. Can't drink milk or consume many other animal products unless they are expensive sustainable varieties. You have to give up on shopping at the mall and do all your clothes shopping at thrift stores buying only highly durable clothing that lasts more than a season. Give up any sports or extracurriculars that require you to travel by bus.
When kids do those things, they will be standing on firm moral ground.
I wish TFS had bothered to link another Guardian article from earlier this week, that was specifically about Greta herself. Because.. yes, she did do those things. And not only did she make those sacrifices, she convinced her parents to as well. She even got her mother to give up flying, which had a severe impact on her career, for example.
So yeah, at least in Greta's case, she's practicing what she preaches. Her whole family is.
The country's grid is one giant 0-day. Best not to pics details or even identities until it is mitigated.
I wouldn't call the grid "one giant 0-day". While there are plenty of utilities with their heads up their asses about cyber security (or "cyber" anything, honestly), there are plenty of others that DO take it seriously. Mine is one of them (no I will not name them either).
NERC literally spent Two. Years. auditing us. Top to bottom. We just officially got the finish and closure recently, probably around the same time these other utilities were getting their fines. It was like getting ISO certified, except maybe even more invasive. They audited everything--every operational piece of the company from paperwork handling procedures to physical device specifications--for CIP compliance, so admittedly cyber security and pentesting was only one piece of the overall process, but they were still thorough with that piece too. Even, dare I say it, annoyingly fucking nitpicky in fact. They did find a number of little things, yes, because nothing is ever perfect, especially with the nitpicking. The recommendations report however was quite small, because our overall operational security was found to be excellent, by their rankings. "No significant issues", in bureaucratic speak.
It may not sound like much, but I'm pretty damn proud of that, especially as this is not some tight little office network. It's an industrial communications system spanning tens of thousands of square miles, with a network link in every substation. That's a lot of access control, just physically, before you even start considering all the layers above that.
So yeah, some utilities do care. And the idiots that don't, I hope they get their asses fined until it's too goddamn expensive for them not to care. If anything, $10 million for 127 violations is way too modest in my opinion.
The problem with your logic is that most people cut the cord to cable in order to save money. Most cable services are very expensive, probably averaging $100/month in many locales. Whereas you can get a lot of useful content with only one service, or go with two services if you want to splurge. Going for 18 different services is too many.
Well, keep in mind the increasing fragmentation in the streaming market. So sadly, you're not getting as much useful content from one service as you used to, like Netflix here losing the entire Disney/Marvel/Pixar catalog (well most of it; they do have some Marvel TV production deals that stay). Nonetheless, I do understand what you mean and I don't disagree with that.
Part of the tasks one does when cutting the cord is to also cut back on the amount of television they watch. Don't expect to cut the cord and get exactly the same content that you used to get. You will actually get more content over all, it just won't necessarily have all the shows you previously watched on a regular basis. The easiest way to do this is to realize that you can afford to wait a year to see the next season of your favorite show. Otherwise if you need the same content then you'll find yourself justifying paying the extra $90 just for some silly sitcom you like.
That's fair. I didn't mean to imply the only choices were all or nothing. I was merely trying to go a bit more "apples to apples" comparison of having all the content of a cable subscription versus these streaming services. By all means, if you only want to watch Marvel stuff say, then cut the cord and just subscribe to Disney+ and be done with it. I do not begrudge anyone that. :)
#2: Cable TV is broadcast on it's schedule and that's it. Miss a show/forget to DVR it? Too bad, so sad - better hope they decide to re-air it at a later date and time. Streaming let's you pick anything from the library to watch whenever and wherever you want it.
Streaming has been integrated with cable for a long time. First it was called "on-demand" and today that is available on virtually every cable service at almost all price tiers. However it's even been expanded such that a huge number of television networks (both broadcast and cable-only) have their own streaming services that are available at no extra cost to cable subscribers (and are often ONLY available to cable subscribers, not sold direct, which is why they don't get any press like these standalone services). That includes not just the existing on-demand stuff, but also location-agnostic streaming through their apps on mobile devices, and via boxes like Roku and FireTV and all that. NBCUniversal just announced they are also launching a streaming service, and said it will also be no extra charge to cable subscribers (or you can pay $12/mo for it alone, which I think is an absurd price).
So no, by and large you are not beholden to a broadcast schedule.
To be honest, I think it's this sort of integration that may even save cable. Why pay 18 different streaming services a separate monthly fee, when you can pay one cable bill and still get access to most (admittedly not all) of those? And with the prices of the streaming services going the way they are, together they're going to end up costing as much as, if not more than, that "f'ing expensive" cable bill anyway.
If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and sending random voltages down them... and the results of THAT will not leave my own network anyways.
No. If this requires technology on MY end as a consumer, then this is not about preventing spoofing, it is about tracking and gathering data, presumably to monetize it.
I gather you did not even glance at the linked whitepapers? I'll quote the relevant line. "Using STIR/SHAKEN, the call is authenticated by the calling party’s service provider that digitally signs the calling number. The called party’s service provider validates the digital signature to verify the calling party identity. The SHAKEN governance framework defines how service providers are authenticated and authorized by a certificate authority to digitally secure the calling number of telephone calls." Emphasis mine. STIR/SHAKEN in and of itself works between providers, and does not require technology on the consumer end device.
However, until (or rather, a big if..) STIR/SHAKEN becomes universal (or at least reaches a point where a critical mass/majority of providers have implemented it), a service provider can't feasibly block unverified calls wholesale. They could certainly offer the customer that as an option perhaps, with plenty of warnings about the caveats, but doing it by default would block tons of legitimate calls that are unverified through no fault of the calling party, but rather because their telecom provider simply hasn't implemented the tech yet. So, bearing that in mind, the end user needs some way to know which calls have been verified and which haven't so they can decide for themselves whether to answer or not. The small piece that does require the phone's participation is the part that makes the phone aware that this STIR/SHAKEN transaction is going on in the background between the service providers. i.e., the part where the phone literally displays "Call Verified" or "Call Unverified" on the screen. That's all. The actual verification process itself requires no participation on the phone's end. Basically, it's the same concept as Caller ID. CID signalling works whether your phone supports it or not. You only need tech in your phone if you want to actually see the CID data.
There is a reply from an AC on this thread too that linked to responses from telecom providers about their implementation status. They make plenty of mention that they will begin signing/verifying calls all calls originating from their networks, regardless of whether the customer can see it or not, though several mention working on "displays" for the customer to see the verification results.
Really? Why bother, TMo?
That limitation is temporary. I wish the summary had bothered to mention anything about the technical side of what T-Mobile's doing, because it's news for nerds after all.
What T-Mobile is implementing is a technical standard known as STIR/SHAKEN which is explicitly designed to prevent spoofed calls, among other things. Even the FCC itself (PDF) back in 2015/2016 was big on this particular framework for combating robocalls. So much so that one of the very, very few things Ajit Pai managed to do right for consumers was have the FCC require (PDF) that U.S. telecoms implement STIR/SHAKEN, and do so "without delay". Oh yeah, and they're required to interoperate.
So right now the Note9 is the first phone to support it. Others will follow. I'm sure Apple devices will get it quickly, probably with iOS 13 this year. And to respond to your specific complaint, it's "only TMo to TMo" right now because they're the first to implement the framework. Once the other telcos get their STIR/SHAKEN setups going, calls between networks should also be able to be verified.
And just for funsies, here's a full hour-long (!) video on the framework and how it works, as well its status in various countries, not just the U.S.
It's acceptable because no one is home to receive the package.
Sometimes I have packages sent to work, but inevitably they'll try for a Saturday or Sunday delivery so it's a bit of game of roulette. Sometimes I send them to my retired parents' address who have a greater chance of being home, but they live thirty miles away and their home is even more exposed if they're not around to receive the packages directly, so it's also imperfect.
Not being home is indeed a common issue for so many, but there are existing solutions. UPS and FedEx both have "hold for pickup" options. This isn't great for everyone but the local distribution centers are both on my way home from work, so I'm quite happy to use that option and just grab them on the way. What royally pisses me off, however, is that I am not allowed to use this option with at least 60% of the packages I receive. I've called (when I can't do it from the automated website) and asked about this several times, and I usually get one of just two responses: a) you can only select this after the first delivery attempt fails, which is useless for no-sig packages; b) the seller/shipper has ACTUALLY SPECIFIED THIS ISN'T ALLOWED, which is the one I find even more ludicrous. Amazon is particularly bad for this. It's their "default contract option" one UPS agent told me.
You'd think shippers and the shipping companies both would be falling all over themselves to allow this. It's secure which is good for the shipper, and it puts the onus on me instead of the shipping company's driver, which saves them manhours and other costs. Yet they make it absurdly difficult or impossible to use this option.
Eventually I ended up just getting a P.O. box from one of the many companies that offers them with standard mailing addresses (so they don't look like P.O. box addresses, getting around the other issue of companies that don't ship to P.O. boxes), and accepts package deliveries. So basically I'm paying extra out of my own pocket to deal with an issue that has simpler, cheaper (for all parties) solutions. We live in a great society.
With you there. I'm not fanboy but I've enjoyed their hardware for years, and I have a lot of it too. Yet I feel like they're going out of their way to deliberately sabotage the "low end" (well, their version of it). Started seeing it first in the iPhones, with the lower models getting horrible base storage options for one, and reserving arbitrary features for the "flagship" phones. Now their other hardware lines too.
I really, really wanted the Air. Or rather, I wanted what the rumors suspected of it. A lower-power machine with the features I personally needed. The machine that came out though feels.. purposely hobbled. Most especially the two USB-C ports, on only one side of the machine, and nothing else. Power, external video, everything goes through those two ports. God forbid I'm right-handed and have a need for some kind of wired input device..
Other than Lenovo (also Dell XPS 13), consider the System76 Galago Pro (itself a re-branded Clevo machine). It's almost the same dimensions and weight as the new Air (about an inch bigger on one side, and like 150 grams heavier; so some difference but not much). In that almost-the-same form factor they managed to offer a significantly better CPU (with slightly better on-board graphics because of it, for what that's worth), a 13" 3K screen (which has higher DPI and more resolution than the Air's new Retina screen). They offer a USB-C port with Thunderbolt 3 on it, which is capable of power input/charging, external video output, and all the rest that the Air's two ports offer, so there's feature-parity there. However, in that same chassis they also offer USB3 Type-A ports (on both sides!), HDMI and mini-DisplayPort, a DC power input, an SD card slot the Air removed, and even a wired Ethernet port. Most of the other things like the webcam and such are parity with the Air, no better but no worse. The Galago admittedly does not offer fingerprint reading or Secure Enclave or such that the Air has, so there is that. The Galago does offer faster NVMe M.2 options for storage, up to 2TB. A Galago Pro configured with the same RAM and storage space (at the high-end NVMe option) still manages to be $300 less than the Air.
Oh, and it did all this in a machine that was released over a year before the Air (early-to-mid 2017), by the way.
Is it necessarily a better machine than the Air? That's a matter of opinion. The port options I sure as hell think so. It doesn't get nearly as good battery life as the Air though thanks to that much more powerful processor. However I also don't have to eat up one of only two precious USB-C ports to connect power to it, unlike the Air. The Galago also isn't unibody aluminum, which tends to make it less durable (though reports are it isn't fragile either). On the flip-side, the Galago can also be opened and serviced, and its RAM and storage are swappable by the user. Hell, the damn CPU isn't even soldered down.
Anyway, I'm quickly rambling off-topic here. Point is, I think stuff like the Galago shows Apple could've fucking done better, and easily so. They have the design prowess, I don't think there's much question of that. It just feels like they didn't give a shit about something "lower end" and less profit margin like the Air, so they pissed out a hobbled design, had the gall to up the price on it, and then called it a day. And I don't blindly throw money at that.
...Facebook is not required to have or provide access to systems to technically facilitate a wiretap like a Telecom provider would be required to do...
Though speaking of Telecom, I'm particularly curious about a recent court ruling that decided VoIP was an "information service" not a phone service. Sort of curious if this means VoIP companies like Charter as mentioned in the linked article, or say Vonage, can now have their systems set up so as not to be able to "technically facilitate" a wiretap. I mean if Facebook isn't required to, and VoIP providers aren't providing Telecom anymore..
What i do not understand is why the merger requires Chinese approval.
They required approval to continue operating within China after merging. Pretty much every major economic power reviews mergers of foreign companies that operate within their markets, US and EU included. Usually there's a threshold I think; they review it if the foreign companies have a large enough market influence/impact.
Both Qualcomm and NXP do business in China. What they need approval from China for is to continue doing business in China, as a merged company. China couldn't directly stop the merger itself, no, but they could stop the newly combined company from operating within their borders.
As TFS summary itself mentions, China represents 30% of Qualcomm's revenue. NXP similarly does significant business in China. Losing that market would be a massive loss, so they chose not to merge rather than lose access to the Chinese market.
This is not at all unique to China. The EU and the US also do this sort of merger review of foreign companies that do business within their respective markets.
So... is there a criminal charge that can be applied here?
That would be the big question. The article mentions the woman represented herself for the civil case, so I'd be curious if she ever consulted a lawyer about criminal charges. I suspect what this whole thing revolves around is a case of the TSA "doing its job" (regardless of whether you or I think it's a job they should be doing), and so she has no grounds for a criminal charge. Just based on the limited description in the article, it seems what she's more or less claiming is that the TSA used the authority it does actually have under the law, but used it maliciously against her. i.e., they didn't necessarily break the law, they just applied the law incorrectly.
Considering the article also mentions that criminal charges were filed against her, but says she was acquitted (which I'm assuming they use that specific word because she outright won a "not guilty" and not just that the case was dismissed), that bolsters my guess that the TSA used "lawful" authority, rather than break the law, but did not use it appropriately. That would mean no criminal charges against them.
In such a situation, tort would be there specifically for a check-and-balance against such abuse of lawful authority, same as it's used against police. And that seems to be exactly what the dissenting judge was saying in his dissent.
It is because TSA are not law enforcement they are immune to prosecution.
No, this case declared TSA are immune from TORT, which is a civil case ("suing"). They are not immune from criminal charges ("prosecution").
There's quite a bit of confusion over this ruling and what the Federal Tort Claims Act actually covers.
To start with though, no, they are not immune to prosecution. Neither is law enforcement, for that matter. This case does not deal with that at all. It deals with TORT, which is a civil case, not a criminal case, and is not a "prosecution" procedure. When you sue, you're pursuing a civil case, for civil damages typically, and the civil tort is usually aimed at a specific person and not just the whole organization (though the organization can be included). It's often forgotten that very often a civil "sue" case will run concurrently (or immediately after) a criminal case; when you hear about a person seeking "damages" for a criminal act, that "damages" portion is done as a tort in civil court, totally separate from the criminal court case. This is almost never talked about in, say, media coverage of a major criminal case, so it's very easy to conflate the two and think the whole thing was all one criminal case, when it fact there were two separate actions happening: a criminal suit and a civil suit.
Of course, the civil tort can totally happen without any criminal case at all, which is the situation with this person against the TSA. She sued them, but there were no criminal charges against the TSA so there was only the civil suit.
However, more specifically this case dealt with whether the TSA was a law enforcement organization, because law enforcement officers are not immune to tort claims; they are specifically exempted from FTCA protection. They CAN be held personally liable, and sued directly. The ruling here declared that the TSA is not law enforcement, and is therefore immune to civil suits under tort (which I will agree, is fucking bullshit). However, as far too many seem to be confused about, if they break the law they CAN still be criminally charged and prosecuted, just like any LEO can too, or anyone else in government (supposedly..) could be.
In practice though, of course, good fucking luck as a private citizen in being able to press criminal charges against a TSA agent.
While I'd agree that the vast, vast majority of U.S. consumers get their service from the Big Four (or an MVNO under them), they aren't the only games in town. U.S. Cellular and C-Spire are #5 and #6 for example. Granted, yes, they're way smaller and regional, but nonetheless other independent wireless companies do exist, and even being "small" they still represent millions of customers each.
Let us know you when you *actually* block autoplay and when you can do it more like 80+% of the time, like I can do in Firefox right now with the "Disable HTML5 Autoplay" addon.
You may not need that plug-in anymore. Firefox also has built-in autoplay blocking, and has had it for quite a number of versions now. It is however still an experimental, hidden feature. It can be turned on in about:config by toggling "media.autoplay.enabled" to false.
I forget exactly when I found that setting and started using it, but it's been years now. While it's not perfect, and getting videos that you WANT to see to actually play can occasionally be a little finicky (Twitter takes a few clicks usually, for example), it in general works very well. At least, it has for my needs. It prevents most types of autoplay, even animated GIFs (sometimes, not always), and definitely prevents HTML5 autoplay, since even YouTube won't autoplay with that enabled. Most things are a simple click-on-it to get them playing if you actually want to see them; that's all I have to do in YouTube. It even prevents goddamn CNN from autoplaying.
Certainly, it more than exceeds the 80+% you want. For the stuff I personally browse I'd say 90-95% even, and generally speaking the stuff it slips up on are silent, animated GIFs. Crap wth audio, damn near 100% catch rate. Definitely a great feature of Firefox, and one I hope they eventually unhide and roll out into the mainstream Options area.
Linux Mint itself has not "ditched" anything. Mint, being Linux, still supports both Intel and AMD just fine. The Mint Team also did not ditch anything, because this machine is not made by the Mint Team. As they note in their own press release that the summary failed to link to, the Mintbox is based on Compulab's Fitlet microcomputer.
:P At least Mint Team's press release credited them.
The recently-released Fitlet2 is what switched from an AMD SoC to an Intel SoC. The Mintbox is simply a branded Fitlet, with SSD and RAM included (Fitlet can be bought barebones) and Linux Mint pre-installed. Nothing more than that. So the Mint Team didn't really have a say in what SoC the new generation unit used.
That being said, I have a Fitlet 1 myself and I love it. I'm quite a fan of Compulab's whole range of micro and mini computers. Which is why I'd like to see them actually get credit for this machine, which they make.
This isn't just streaming. I use disc service also and now have over a dozen moves waiting in my queue with "Unknown" as the availability.
I currently have about 80 movies in the "Unknown" availability section, and you're right, plenty of them are not in any way small or obscure. Several of them have literally been "Unknown" for over five years. I even have one that was released in 2005 and it's still unknown availability.
However, it's even worse than that. Since the beginning of 2018 (almost on the dot, Jan 1st), even the movies that ARE in the supposedly-available part of the disc queue, they all list as "Short wait" on my queue, rather than actually available to ship immediately.
I don't know what Netflix's definition of a "short" wait is, but I haven't received any of those since the start of the year. It reached the point that, if I wanted to actually GET any disc service I'm fucking paying for (yeah, even if they don't ship you anything, you still pay), I had to review my streaming queue and add all those movies to my disc queue too. Wouldn't you know, streamable movies are all available for immediate-ship as discs too. No "short wait" on any of those.
The timing of this right at the start of the year makes me feel like this was something deliberate, their latest attempt to sabotage the disc service to justify ending it. I mean I can see a lot of people having that thought, "Why pay for disc service when all I'm receiving are movies I could just stream anyway?" I don't know if it's different for anyone else, but I sure can't get any non-streamable movies in the last two months.
Active links are attack vectors. It's bread and butter for most phishing attacks. "Your account will be disabled unless you click here" is not "plain text only". That it only shows text does not mean it is not processing things other than plain-text email.
Passive links; or at least what I'd consider "active" would be if the program were handling and opening them itself. Even old-school PINE had a "url-viewers" setup option though, and Alpine keeps this. It doesn't follow those links itself, it just sends them to an external program (and since it doesn't follow links internally, you're protected from auto-load nonsense). Plus it only sends them out if you want it to; you can turn that function off. It also asks you to confirm you want to open a link if you try to do so, and in that confirmation dialog it tells you the precise URL it's going to send to the external viewer program, no obfuscation--rendering one of the primary attack vectors moot.
I mean, sure, plain-plain-plain-text only isn't really a thing anymore even in Alpine, I'll grant you that, but it's still not something Alpine is opening internally. And if such an attack makes it past the confirmation to open it, on top of it telling you the exact and explicit URL it's going to pass to the viewing program, well.. Then yeah, I'll be honest: I do reach a point where I can only accept so much stupidity before I leave a user to their own failure. 100% idiot-proof doesn't exist, even in plain-text only (witness how many e-mails will keep text-only in mind and offer a URL you can copy & paste).
Surprise! Alpine now renders HTML for you. Text-only Alpine is history. It may be limited to showing text because you're using it in an xterm, but it's showing the text from the HTML version.
Not history at all. You said it yourself: it's showing you the text out of the HTML. And only the text, because Alpine is still text-only. It's a compromise for the modern world (where getting HTML-only e-mails is far too common, even from places you might REALLY NEED to read messages from) but without the attack vectors that come with it. It doesn't render images, it doesn't follow tracking pixels. It doesn't do JS or any of that other dangerous, unnecessary bullshit. Just text.
I can't speak for you of course, but that's a compromise I can live with, since my bank ain't going to send me text-only e-mails no matter how much I complain to them. I'd rather be able to read the text of their messages.
I started with PINE, moved to Alpine when that became the replacement, and to this day that is still the one and only e-mail client I use. It has come a long way since the earliest PINE days, but it's still overall just as familiar as it was. It's made some compromises over the years to maintain usability in the modern day (it renders HTML for example, but only the text out of it, not the rest, so no HTML attack vectors), but overall I still think it's one of the most secure e-mail clients out there.
apache, postfix and nginx come to mind as common packages that use openssl.
Good point. I don't run web services on that server so I didn't even think to look at those packages. That'd be a pretty big deal if the major web servers in Debian need it.
:)
I did do some digging around after making that earlier post. I can definitely see from the client end it'll really make an impact for sure. In particular it's rather frightening how many SMTP servers out there don't do TLS 1.2 at all, so good luck being an MTA talking to other servers. Even Apple and Google/Gmail SMTP servers only talk TLS 1.0. No 1.1 or 1.2 support. Those are two companies I'd have figured would be at the forefront of such support. Amusingly their IMAP servers support 1.2 just fine. So, with those two, you can GET your mail but you can't SEND your mail in a 1.2-only environment.