Somebody in the police knows that, but his memo was summarized 83 times before it became part of the PM's briefing papers, and so she couldn't figure out what "his phone knows" meant.
They need to serve the warrent on the sender, as he's the person wih the keys, not whatsapp. Of course, he's dead, so it's not going to be very helpfull.
I think you've misunderstood: the law permits vendors to sue anyone, good guy or not, who releases a security hole. The law does not require they sue anyone: that's voluntary.
W3C is a voluntary organization: they can make it a membership requirement that members not sue people who publicize secuity breaches. A company that wants to use the law can resign, at the cost of doing so publicly.
It's called "moral suasion", and is a tradition way of protesting a law. One famous example is from the fight against slavery in the US, https://en.wikipedia.org/wiki/Moral_suasion
If Google.au is removed, it's quite true that no-one will notice.
If, on the other hand, Google stops indexing businesses in Australia, then no-one will notice... except the businesses in Australia, notably newspapers, who really want to be indexed.
The proposal was that W3C should require "its members promise not to use DRM standardization as a way to get new legal rights to sue people for legitimate, legal activities like reporting security defects", close captioning and the like (EFF's wording).
It's the reporting of security holes that's at risk: the researcher can be legit or a crook, but if they publish, they've admitted a DMCA breach and can be sued.
The security community strongly objected to the W3C terms when they were proposed, but their concerns have explicitkly beeen discarded. Vendors can now criminalize bug reporting and whistle-blowing. See also http://boingboing.net/2017/03/...
CASL, our anti-spam law, specifically requires informed consent before anyone installs anything on someone else's computer. There's a class action suitin the wings, waiting for "private right of action" to allow suits this summer.
The CRTC is the only organization that can lay charges, and you should see the rats scurrying around trying to keep the right to lay suits from coming into force (;-))
Spam has economic, legal, technical and psycological causes. That suggests that if you try and treat it as a technical problemalone, you're going to wonder why it isn't fixed already.
I live in Canada, where spammers get fined, over the loud objections of the sleasy side of the business community, and it's having an effect in tle legal and pyscological domains. This summer, the law will also allow suing spammers, which takes it into the ecomomic dimain as well.
If this, along with technical solutions like spamcop.net, starts to significantly cut it down, then I expect other countries will start doing the same things.
Hey, in ten or twenty years, we might get past spam!
If you use your username as a password, don't be surprised if you open yourself up to a police- or borderguard-ordered search. And of course, next week crooks will get your print and 3d-print a thumb.
I'm pre-unix: ftping messages and then submitting them into a local-only mail system was how we first implemented inter-machine mail. In fact, you can still do that on an IBM by ftping a file and specifying it is jcl. That's how I used to submit jobs a few years back, from S390 Linux to MVS.
Email was a direct outgrowth of ftp, and in that era (not later in the uucp era) was endpoint-to-endpoint. I implemented SAML and SOML in gcos smtp and it happily interworked with unix (and I think tops-10, but that was a while ago (:-)).
It fell out of use when people started setting up mail-hubs, and was long dead by the time MX records came along.
If you go back to the RFC, you'll find SAML and SOML as smtp keywords: they mean deliver as mail or immediate message (unix write(1)) or as both mail and IM.
A surprising amount of the resistance is plain fear: if you describe a solved problem in computer science, some number of the PHBs and some of the engineers will be frightened, and push back. Others will cover their ears and say "naa, naa, naa, can't hear that". After all, if they knew it was a solved problems and did the wrong thing, they could get in trouble!
The frightened folks need to keep an eye on the news: I reccomend the morning paper.
The person proposing a known fix should do so either very early in the project's life when it's easy to change, or very late, after a fiasco when it has to change. The middle is A Bad Time to change horses.
Slashdot Mirror
Something must be done: this is something, so ...
Somebody in the police knows that, but his memo was summarized 83 times before it became part of the PM's briefing papers, and so she couldn't figure out what "his phone knows" meant.
Postal chess was forbidden in the US during WWII, putatively becaue it might be a secret code...
They need to serve the warrent on the sender, as he's the person wih the keys, not whatsapp.
Of course, he's dead, so it's not going to be very helpfull.
I like fixing the root cause too.
Alas, the program that's running is in the head of people, and I don't have a debugger for that (;-))
This the kludge using moral suasion: think if it as a voluntartily-loaded virus.
--dave
I think you've misunderstood: the law permits vendors to sue anyone, good guy or not, who releases a security hole. The law does not require they sue anyone: that's voluntary.
W3C is a voluntary organization: they can make it a membership requirement that members not sue people who publicize secuity breaches. A company that wants to use the law can resign, at the cost of doing so publicly.
It's called "moral suasion", and is a tradition way of protesting a law. One famous example is from the fight against slavery in the US, https://en.wikipedia.org/wiki/Moral_suasion
If Google.au is removed, it's quite true that no-one will notice.
If, on the other hand, Google stops indexing businesses in Australia, then no-one will notice... except the businesses in Australia, notably newspapers, who really want to be indexed.
The proposal was that W3C should require "its members promise not to use DRM standardization as a way to get new legal rights to sue people for legitimate, legal activities like reporting security defects", close captioning and the like (EFF's wording).
It's the reporting of security holes that's at risk: the researcher can be legit or a crook, but if they publish, they've admitted a DMCA breach and can be sued.
The security community strongly objected to the W3C terms when they were proposed, but their concerns have explicitkly beeen discarded. Vendors can now criminalize bug reporting and whistle-blowing. See also http://boingboing.net/2017/03/...
CASL, our anti-spam law, specifically requires informed consent before anyone installs anything on someone else's computer. There's a class action suitin the wings, waiting for "private right of action" to allow suits this summer.
The CRTC is the only organization that can lay charges, and you should see the rats scurrying around trying to keep the right to lay suits from coming into force (;-))
... Catch a spammer, go through his spam history and fine those companies that paid them.
Follows naturally from opening it up to lawsuits: "if you were paid to do this, testify against the payer and we'll let you off easy".
Thanks, that's a good arguement for opening it up ti suits.
Where I come from, "twit" is by no means a compliment (;-))
Therefor it must be done
I'm pleased to say we're doing this in Soviet Canuckistan. We're only fining them, though (;-))
Spam has economic, legal, technical and psycological causes. That suggests that if you try and treat it as a technical problemalone, you're going to wonder why it isn't fixed already.
I live in Canada, where spammers get fined, over the loud objections of the sleasy side of the business community, and it's having an effect in tle legal and pyscological domains. This summer, the law will also allow suing spammers, which takes it into the ecomomic dimain as well.
If this, along with technical solutions like spamcop.net, starts to significantly cut it down, then I expect other countries will start doing the same things.
Hey, in ten or twenty years, we might get past spam!
My theatre (Cineplex, in Canada) hosts video game finals.
WorldGaming.com, my old customer, is now part of the Cineplex chain.
There's nothing like a theatre full of gamers cheering their heroes on!
I'm a motocrossman, myself, but these folks are serious
When my job is mostly tech lead, a small open office with dev, ops and qa adjacent is wonderfull: you get "small office telepathy".
When I'm trying to drill down and find a subtle bug, its a consant clamor of "oooh, shiny!"
If you use your username as a password, don't be surprised if you open yourself up to a police- or borderguard-ordered search. And of course, next week crooks will get your print and 3d-print a thumb.
We had the programs before the RFCs
I'm pre-unix: ftping messages and then submitting them into a local-only mail system was how we first implemented inter-machine mail. In fact, you can still do that on an IBM by ftping a file and specifying it is jcl. That's how I used to submit jobs a few years back, from S390 Linux to MVS.
Email was a direct outgrowth of ftp, and in that era (not later in the uucp era) was endpoint-to-endpoint. I implemented SAML and SOML in gcos smtp and it happily interworked with unix (and I think tops-10, but that was a while ago (:-)).
It fell out of use when people started setting up mail-hubs, and was long dead by the time MX records came along.
If you go back to the RFC, you'll find SAML and SOML as smtp keywords: they mean deliver as mail or immediate message (unix write(1)) or as both mail and IM.
He's saying that it was tested on Redis, MongoDB, PostgreSQL and some odds and ends, not that mongo is good or bad
A surprising amount of the resistance is plain fear: if you describe a solved problem in computer science, some number of the PHBs and some of the engineers will be frightened, and push back. Others will cover their ears and say "naa, naa, naa, can't hear that". After all, if they knew it was a solved problems and did the wrong thing, they could get in trouble!
The frightened folks need to keep an eye on the news: I reccomend the morning paper.
The person proposing a known fix should do so either very early in the project's life when it's easy to change, or very late, after a fiasco when it has to change. The middle is A Bad Time to change horses.
We call this a "push" survey. It usually ends with a question like "now that you know X, will you do Y?"