Does the "delete the file and create a directory in its place, or vice-versa" trick work to prevent the Windows 10 Update package from successfully downloading?
I'm talking about cases where but for acts by law enforcement that I read as illegal, law enforcement would not have known who committed the crime in the first place.
Anyone granted "immunity" under the proposal I made would be a public pariah. Sure, they wouldn't have a criminal record or sex-offender status but they would be all over the news. That alone makes it almost impossible for them to hang around any kid or teen whose parents or adult neighbors are paying attention. It's also removes a barrier for those people caught up in child porn who want to get therapy - I would imagine many of them are afraid to see a therapist because they are afraid that "mandatory reporting" laws apply to the crimes they committed, whether or not they really do (I think all U.S. states have mandatory-therapist-reporting for "contact" abuse, but I don't know if any, some, or all have such a laws if a patent admits to viewing child porn or admits that they are likely to do so in the future - my guess is some or all do - I am not a lawyer).
Again, the big reasons I'm not wholly in favor of this proposal is that it's obviously unfair to the victims and (because it is correctly-perceived as being unfair to victims) it encourages "vigilante justice" - which means it encourages future crimes (albeit with an unsympathetic victim).
I'm talking about something I don't know about here, and will take steps not to know about, but some activities in child porn seem also likely to physically harm the victims as well as causing mental harm. We shouldn't forget about that.
By the time the photograph is taken, the physical harm has already been done (I'm not saying more physical harm won't happen in the moments after the camera is turned off, but it's not directly related to the child porn being created).
The danger of distribution of child porn outside of controlled environments (law enforcement, clinical/therapeutic environments, etc.) is that it may create a demand for new child porn, which does mean kids getting hurt.
Distribution of child porn of still-living victims (and we hope all of them are still alive, save for those who have already died of old age) is that the knowledge that photographs were taken and that they either are definitely "floating around" out there or the uncertainty as to whether they are "out there" or not is a lifelong psychological burden.
The distribution of child porn also puts a psychological burden on the loved ones of the children in the photographs (assuming of course that those loved ones weren't involved in the creation or distribution of the porn and weren't involved in abusing the children in any other way).
But as far as distribution creating "new" physical harm to the original victims, no it doesn't (for this purpose, I'm not counting secondary physical harm, such as ulcers or harm resulting from attempted or successful suicides - those come from the BELIEF that the image is or may be circulating, not the actual circulation of the image, and they are at their root a psychological problem and the long-term treatment is, at its root, psychology-based).
Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?
Probably in the 19th century, but it might have been a telegraph pole.
I'm sure there have been some one-off cases of people taking out utility poles in the 20th and maybe even the 21st century that could be classified as "a terrorist act" by modern "definitions" which sweep lost of "acts done in anger/for revenge" under the "terrorism" label, but as someone else mentioned, they probably used something faster than an ax.
I'm glad that the site was (eventually) shut down. The article didn't mention it, but I hope the kids in the pictures are all identified, located, rescued if they were still in an abusive situation, and offered a lifetime supply of mental-health help (yeah yeah, I know, some number > 0% of abused children don't need mental help later, but the offer should be there for those who do need it).
I have little or no problem using these types of warrants if they are used to prevent crimes or identify victims, but I have a real problem with the "fruits" of the warrants being used to actually prosecute people. If the feds had simply seized contraband, helped kids that needed help, and made the perps who were stung publicly admit what they did in exchange for no criminal prosecution, that would seem to be a better solution from civil-liberties point of view. Unfortunately, it would stink from a fairness-to-the-victim point of view and it would also likely incite vigilante behavior from neighbors and others, leading to a net increase in criminal behavior. It would also be an incentive for a false confession for people who were really innocent ("So, my wifi got hacked but if I don't admit guilt and submit myself to unearned public ridicule you will send me to trial and at best my lawyers will bankrupt me? Where do I sign?") Hence my mixed feelings.
I also blame the buggy Tor bundle for making this easy for the feds:
Why wasn't it designed with an intermediate layer that filtered out any traffic not destined for the TOR network?
Example:
* Initialization from boot CD: Go to known locations and retrieve canonical, signed list of TOR entry points and download signed version of current TOR software.
* Start "lowest layer", which block all traffic except to/from known Tor entry points.
* Start TOR software. Even if there is a bug in the TOR software that would allow contacting an IP address other than known-good entry points, it would be blocked by the lower layer.
Start "mid-layer" which blocks all traffic except to the local TOR interface that is running in the immediately-lower layer.
Start a "high-layer" which applications run in. Applications are all socks/proxied to the local TOR software running at a lower layer. Exploits at this layer would not be able to get "out" to the "real internet" as they would be blocked by the lower layers. They couldn't even determine the machine's "real" local-LAN IP address that the lowest layer can see, they only know what they are told by the TOR layer, which is probably a NAT or other fake address.
"Do unto others as you would have them do unto you."
I had that drilled into me as a kid.
But it doesn't work. I'm an outlier. Most people take offense at the very things that I find helpful.
Until I learned that I had a blind spot and the normal rules of behavior such as the Golden Rule don't apply to me, I ticked people off without even knowing it.
It's very possible, even likely, that guys - especially relatively young or immature guys - have blind spots regarding women they don't know about. They (we) may be treating women in ways that we would welcome, unaware that it just drives the women away from us and makes them not want to play in our sandboxes.
If that's the case, then maybe the "fix" is to teach kids and teenagers that not everyone sees the world like they do and they should try to empathize with those who see the world differently rather than assuming everyone is like them or assuming those who "think and act differently" (whether it's because of a gender-correlated difference or not) "are 'the other'/have a problem/are wrong/etc." and "should just get over it/think and act like me/are unworthy of respect/aren't worth spending time and effort to accommodate/etc."
Is it A: * Get America to panic and voluntarily give up their civil rights under the guise of "zero tolerance," at which point the bad guys have already won.
or B: * Get America to accept that kids will bring electronics to school and when questioned about them, make bomb-jokes * Sneak a terrorist into the country with kids and send the kids to school with bombs that look like science experiments or backpacks-with-batteries
QA can be divided into different skill-sets, and some of these skill-sets come cheaply. You do get what you pay for though.
Long version:
Finding the wrong labels ("search here" mis-spelled) is a good task for someone who has a good eye for what looks good visually. You don't have to have a customer's or developer's eye for that. While this is something that people tend to either have or not have, it's a common-enough skill that you can use relatively low-paid, low-trained, or community-college-intern-level people who aren't on a track to become programmers do to it. Such talent command more than a McJob, but far less than a full-fledged QA person. You could pay a recent high school graduate with demonstrated experience doing this work $MID-TEENS/hour (higher in expensive-to-live cities) in most of the US and get good results and have a happy employee.
Finding logic bugs (search function doesn't work) takes a bit more brains. $MID_TEENS isn't going to cut it unless there are special circumstances (a family business, a startup where the "real pay" is an equity stake, a charity where the employee is willing to work for peanuts, etc.).
Finding user-interface design issues (where to put a search box, how many clicks does it take to do a search, etc.) takes someone who can see things through a customer's eyes. This isn't going to be cheap either. The bulk of the UI work should be done before initial coding (exception: If you are using any kind of rolling-prototype-that-becomes-the-product-over-many-iterations development technique, you will be tweaking or even re-designing the UI throughout, so plan accordingly). Having a UI person on board at this early stage is very useful, especially for a product that will see wide release. Having a UI person look over the product as it goes through development and testing to find bugs (where the implementation doesn't match the design, or where the design turns out to be flawed or infeasible) is also useful, but ideally by this time they won't have much to say other than "it's working as designed."
To some degree seeing things through your customer's eyes is an innate talent in the sense that it "come easy" to some people and it's "hard to teach" to others. Some programmers have it. Some don't. Some non-programmer have it, some done (non-programmers should at least be aware enough about programming and the tools the programmers are using to know what is and isn't feasible to do on a given project, or they might "demand" a seemingly-simple change that just isn't feasible).
--
The above is for a project that's getting large-scale release or where failure in any one area will be very expensive. In-house software projects, projects that are small enough that it's okay for the business if the project is a marketplace flop, etc. don't necessarily need this level of testing.
Too much double-checking just gets in the way. Not enough is a recipe for disaster. "None" is the extreme of "not enough."
The questions are:
* Will the limited quality-assurance work that developers are already doing by themselves be "enough"? Very doubtful.
* Will the developers and development teams have the desire and time/resources to "step up to the plate" and do the necessary QA work that needs to be done? My guess is "Probably" and "Who knows?"
Insecure device directly accessible from the open Internet? BAD. If that device can be programmed to hurt or kill someone or take away a critical service, VERY BAD.
Insecure device sitting comfortably behind a dedicated security device whose only job is to protect the one insecure device? POSSIBLY OKAY for an at-home-save-buying-electricity-from-the-evil-power-company wind turbine but probably insufficient for industrial equipment or for your home-nuclear-bunker wind turbine.
Insecure device on a private network that sits behind a dedicated security device, where other machines on the network (such as PCs) may be vulnerable to attack due to a user visiting a random web site that happens to host a "0-day" vulnerability? NOT OKAY.
Best solutions are (in order of security): * Stand-alone device, but frequently this is impractical. * Device on a dedicated network, but unless it's all on a single campus (home-wind-turbine) or you can lease truly-isolated fiber or copper from a telco or use an encrypted/authenticated/secure radio link, this may not be practical. Even then, you'll want to encrypt your copper or fiber traffic to prevent physical-access line-snooping/injection. * Device only accessible through a secure VPN or similar setup.
... there are a couple of under-$10 computers out there that fit on my desk.
One isn't available yet and the other was available briefly but it sold out within $24 hours. Accessories^H^H^H^H^H^H^H^H^H^H^HSome essential items not included.
It's usually* not [BUZZWORDOFTHEDAY]'s fault, it's usually the fault of incompetent, cheap, or lazy people.
The same thing can happen with yesterday's [BUZZWORDOFTHEDAY] and the same thing will probably happen with tomorrow's [BUZZWORDOFTHEDAY]. Sigh.
---- *Sometimes it is the fault of [BUZZWORDOFTHEDAY]. In that case, it might actually be "news for nerds," assuming [BUZZWORDOFTHEDAY] is a tech-related buzzword.
The most obvious are the serial, parallel, and PS2 connectors used for mice, keyboards, printers, and the occasional device that in the past would have used some variant of the RS-232 serial port.
Less obvious is a reduced reliance on video connectors and special-purpose buses like PCMCIA, eSATA, and MIDI.
USB-based cabling has also replaced the old-school "Laplink" cable connectors for connecting two computers directly to each other, although Ethernet and WiFi long ago reduced the need for such connections.
I can't blame the paper for going the cheapest route. I can blame them for believing patently false info fed to them by their content-management software experts and going with what they THINK is the cheapest route.
I assume their goal is to have a non-anonymous content system going forward, keep their existing comments, and keep the "comment history" of non-anonymous commenters intact and so future comments are connected to past ones made by the same person.
I also assume they want to have all of this done by a certain date and under a certain budget.
Given the short time-frame I assume the remaining work, if any, is expected to take less than a few months.
Their options are:
* Stick with their existing configuration (does not meet the criteria above) * Dump their existing comment system and start over with a brand new one, possibly losing their entire comment history (does not meet the criteria above) * Dump their existing comment system and NOT replace it (does not meet the criteria above) * Keep their existing comment system as an archive but not allow any new comments (does not meet the criteria above) * Pay $BIGBUCKS to "do the impossible" and get a system that can keep historical comments anonymized but give them what they want going forward (likely does not meet the time and budget criteria above, by a longshot) * Pay $BIGBUCKS in direct, measurable costs of lawsuits and lost customers and $MOREBIGBUCKS in lost goodwill (likely does not meet the budget criteria above, by a longshot)
The question is, which criteria are they willing to sacrifice? If they continue on their current path, they are choosing to sacrifice the "budget" criteria. I hope they have good legal insurance and enough capital to survive the public relations nightmare that lies ahead of them, or they may wind up needing to hire a good bankruptcy lawyer.
Slashdot Mirror
...the Dolphins leave and say "So long, and thanks for all the fish."
Does the "delete the file and create a directory in its place, or vice-versa" trick work to prevent the Windows 10 Update package from successfully downloading?
I haven't tried it myself. Yet.
I can go to a brick-and-mortar store and play the demo (maybe).
I can play a friend's copy (maybe).
I can borrow a copy from a public library (maybe).
I can play an official free demo (maybe).
I those options are gone, there are 2 real options left:
I can "steal" a copy and buy it if I like it.
I can do without.
There is one more option but it's not gonna happen for anything more than a few bucks: I can buy it and risk getting screwed.
I think you missed my point:
I'm talking about cases where but for acts by law enforcement that I read as illegal, law enforcement would not have known who committed the crime in the first place.
Anyone granted "immunity" under the proposal I made would be a public pariah. Sure, they wouldn't have a criminal record or sex-offender status but they would be all over the news. That alone makes it almost impossible for them to hang around any kid or teen whose parents or adult neighbors are paying attention. It's also removes a barrier for those people caught up in child porn who want to get therapy - I would imagine many of them are afraid to see a therapist because they are afraid that "mandatory reporting" laws apply to the crimes they committed, whether or not they really do (I think all U.S. states have mandatory-therapist-reporting for "contact" abuse, but I don't know if any, some, or all have such a laws if a patent admits to viewing child porn or admits that they are likely to do so in the future - my guess is some or all do - I am not a lawyer).
Again, the big reasons I'm not wholly in favor of this proposal is that it's obviously unfair to the victims and (because it is correctly-perceived as being unfair to victims) it encourages "vigilante justice" - which means it encourages future crimes (albeit with an unsympathetic victim).
I'm talking about something I don't know about here, and will take steps not to know about, but some activities in child porn seem also likely to physically harm the victims as well as causing mental harm. We shouldn't forget about that.
By the time the photograph is taken, the physical harm has already been done (I'm not saying more physical harm won't happen in the moments after the camera is turned off, but it's not directly related to the child porn being created).
The danger of distribution of child porn outside of controlled environments (law enforcement, clinical/therapeutic environments, etc.) is that it may create a demand for new child porn, which does mean kids getting hurt.
Distribution of child porn of still-living victims (and we hope all of them are still alive, save for those who have already died of old age) is that the knowledge that photographs were taken and that they either are definitely "floating around" out there or the uncertainty as to whether they are "out there" or not is a lifelong psychological burden.
The distribution of child porn also puts a psychological burden on the loved ones of the children in the photographs (assuming of course that those loved ones weren't involved in the creation or distribution of the porn and weren't involved in abusing the children in any other way).
But as far as distribution creating "new" physical harm to the original victims, no it doesn't (for this purpose, I'm not counting secondary physical harm, such as ulcers or harm resulting from attempted or successful suicides - those come from the BELIEF that the image is or may be circulating, not the actual circulation of the image, and they are at their root a psychological problem and the long-term treatment is, at its root, psychology-based).
Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?
Probably in the 19th century, but it might have been a telegraph pole.
I'm sure there have been some one-off cases of people taking out utility poles in the 20th and maybe even the 21st century that could be classified as "a terrorist act" by modern "definitions" which sweep lost of "acts done in anger/for revenge" under the "terrorism" label, but as someone else mentioned, they probably used something faster than an ax.
I'm glad that the site was (eventually) shut down. The article didn't mention it, but I hope the kids in the pictures are all identified, located, rescued if they were still in an abusive situation, and offered a lifetime supply of mental-health help (yeah yeah, I know, some number > 0% of abused children don't need mental help later, but the offer should be there for those who do need it).
I have little or no problem using these types of warrants if they are used to prevent crimes or identify victims, but I have a real problem with the "fruits" of the warrants being used to actually prosecute people. If the feds had simply seized contraband, helped kids that needed help, and made the perps who were stung publicly admit what they did in exchange for no criminal prosecution, that would seem to be a better solution from civil-liberties point of view. Unfortunately, it would stink from a fairness-to-the-victim point of view and it would also likely incite vigilante behavior from neighbors and others, leading to a net increase in criminal behavior. It would also be an incentive for a false confession for people who were really innocent ("So, my wifi got hacked but if I don't admit guilt and submit myself to unearned public ridicule you will send me to trial and at best my lawyers will bankrupt me? Where do I sign?") Hence my mixed feelings.
I also blame the buggy Tor bundle for making this easy for the feds:
Why wasn't it designed with an intermediate layer that filtered out any traffic not destined for the TOR network?
Example:
* Initialization from boot CD: Go to known locations and retrieve canonical, signed list of TOR entry points and download signed version of current TOR software.
* Start "lowest layer", which block all traffic except to/from known Tor entry points.
* Start TOR software. Even if there is a bug in the TOR software that would allow contacting an IP address other than known-good entry points, it would be blocked by the lower layer.
Start "mid-layer" which blocks all traffic except to the local TOR interface that is running in the immediately-lower layer.
Start a "high-layer" which applications run in. Applications are all socks/proxied to the local TOR software running at a lower layer. Exploits at this layer would not be able to get "out" to the "real internet" as they would be blocked by the lower layers. They couldn't even determine the machine's "real" local-LAN IP address that the lowest layer can see, they only know what they are told by the TOR layer, which is probably a NAT or other fake address.
In times past when you wanted to "hack" the power lines you used an axe or something similar.
Or maybe those were "whackers" *whackwhackwhack*.
"Do unto others as you would have them do unto you."
I had that drilled into me as a kid.
But it doesn't work. I'm an outlier. Most people take offense at the very things that I find helpful.
Until I learned that I had a blind spot and the normal rules of behavior such as the Golden Rule don't apply to me, I ticked people off without even knowing it.
It's very possible, even likely, that guys - especially relatively young or immature guys - have blind spots regarding women they don't know about. They (we) may be treating women in ways that we would welcome, unaware that it just drives the women away from us and makes them not want to play in our sandboxes.
If that's the case, then maybe the "fix" is to teach kids and teenagers that not everyone sees the world like they do and they should try to empathize with those who see the world differently rather than assuming everyone is like them or assuming those who "think and act differently" (whether it's because of a gender-correlated difference or not) "are 'the other'/have a problem/are wrong/etc." and "should just get over it/think and act like me/are unworthy of respect/aren't worth spending time and effort to accommodate/etc."
"I am not a number. I am a free man."
Well, I was a free man until I logged in with my Microsoft account on my Windows 10 PC.
Social media and email and for that matter group-texting are great for organizing pop-up/short-notice real-world street protests.
Local (to me) groups have used Facebook and other tools to arrange last-minute events at least twice in the last few months.
The first rule of Hypnotoad is you don't talk about
[eyes glaze over]
Sorry, carry on.
"I'll believe corporations are people when Texas executes one."
Well, they've "executed" (shut down) more than one school district since the turn of the century. Does that make school districts people?
Don't worry, the kids and school buildings (and taxing authority) all got merged into a neighboring school district.
But hopefully a few years before this guy takes over Earth.
Well, let's hope not.
Is it A:
* Get America to panic and voluntarily give up their civil rights under the guise of "zero tolerance," at which point the bad guys have already won.
or B:
* Get America to accept that kids will bring electronics to school and when questioned about them, make bomb-jokes
* Sneak a terrorist into the country with kids and send the kids to school with bombs that look like science experiments or backpacks-with-batteries
TL;DNR version:
QA can be divided into different skill-sets, and some of these skill-sets come cheaply. You do get what you pay for though.
Long version:
Finding the wrong labels ("search here" mis-spelled) is a good task for someone who has a good eye for what looks good visually. You don't have to have a customer's or developer's eye for that. While this is something that people tend to either have or not have, it's a common-enough skill that you can use relatively low-paid, low-trained, or community-college-intern-level people who aren't on a track to become programmers do to it. Such talent command more than a McJob, but far less than a full-fledged QA person. You could pay a recent high school graduate with demonstrated experience doing this work $MID-TEENS/hour (higher in expensive-to-live cities) in most of the US and get good results and have a happy employee.
Finding logic bugs (search function doesn't work) takes a bit more brains. $MID_TEENS isn't going to cut it unless there are special circumstances (a family business, a startup where the "real pay" is an equity stake, a charity where the employee is willing to work for peanuts, etc.).
Finding user-interface design issues (where to put a search box, how many clicks does it take to do a search, etc.) takes someone who can see things through a customer's eyes. This isn't going to be cheap either. The bulk of the UI work should be done before initial coding (exception: If you are using any kind of rolling-prototype-that-becomes-the-product-over-many-iterations development technique, you will be tweaking or even re-designing the UI throughout, so plan accordingly). Having a UI person on board at this early stage is very useful, especially for a product that will see wide release. Having a UI person look over the product as it goes through development and testing to find bugs (where the implementation doesn't match the design, or where the design turns out to be flawed or infeasible) is also useful, but ideally by this time they won't have much to say other than "it's working as designed."
To some degree seeing things through your customer's eyes is an innate talent in the sense that it "come easy" to some people and it's "hard to teach" to others. Some programmers have it. Some don't. Some non-programmer have it, some done (non-programmers should at least be aware enough about programming and the tools the programmers are using to know what is and isn't feasible to do on a given project, or they might "demand" a seemingly-simple change that just isn't feasible).
--
The above is for a project that's getting large-scale release or where failure in any one area will be very expensive. In-house software projects, projects that are small enough that it's okay for the business if the project is a marketplace flop, etc. don't necessarily need this level of testing.
Too much double-checking just gets in the way. Not enough is a recipe for disaster. "None" is the extreme of "not enough."
The questions are:
* Will the limited quality-assurance work that developers are already doing by themselves be "enough"? Very doubtful.
* Will the developers and development teams have the desire and time/resources to "step up to the plate" and do the necessary QA work that needs to be done? My guess is "Probably" and "Who knows?"
Insecure device directly accessible from the open Internet? BAD.
If that device can be programmed to hurt or kill someone or take away a critical service, VERY BAD.
Insecure device sitting comfortably behind a dedicated security device whose only job is to protect the one insecure device? POSSIBLY OKAY for an at-home-save-buying-electricity-from-the-evil-power-company wind turbine but probably insufficient for industrial equipment or for your home-nuclear-bunker wind turbine.
Insecure device on a private network that sits behind a dedicated security device, where other machines on the network (such as PCs) may be vulnerable to attack due to a user visiting a random web site that happens to host a "0-day" vulnerability? NOT OKAY.
Best solutions are (in order of security):
* Stand-alone device, but frequently this is impractical.
* Device on a dedicated network, but unless it's all on a single campus (home-wind-turbine) or you can lease truly-isolated fiber or copper from a telco or use an encrypted/authenticated/secure radio link, this may not be practical. Even then, you'll want to encrypt your copper or fiber traffic to prevent physical-access line-snooping/injection.
* Device only accessible through a secure VPN or similar setup.
... there are a couple of under-$10 computers out there that fit on my desk.
One isn't available yet and the other was available briefly but it sold out within $24 hours. Accessories^H^H^H^H^H^H^H^H^H^H^HSome essential items not included.
It's usually* not [BUZZWORDOFTHEDAY]'s fault, it's usually the fault of incompetent, cheap, or lazy people.
The same thing can happen with yesterday's [BUZZWORDOFTHEDAY] and the same thing will probably happen with tomorrow's [BUZZWORDOFTHEDAY]. Sigh.
----
*Sometimes it is the fault of [BUZZWORDOFTHEDAY]. In that case, it might actually be "news for nerds," assuming [BUZZWORDOFTHEDAY] is a tech-related buzzword.
The most obvious are the serial, parallel, and PS2 connectors used for mice, keyboards, printers, and the occasional device that in the past would have used some variant of the RS-232 serial port.
Less obvious is a reduced reliance on video connectors and special-purpose buses like PCMCIA, eSATA, and MIDI.
USB-based cabling has also replaced the old-school "Laplink" cable connectors for connecting two computers directly to each other, although Ethernet and WiFi long ago reduced the need for such connections.
A Beowulf cluster of these babies might work, and it's cheap, too!
(no, I'm not being serious, not for a typical gaming rig anyway)
I can't blame the paper for going the cheapest route. I can blame them for believing patently false info fed to them by their content-management software experts and going with what they THINK is the cheapest route.
I assume their goal is to have a non-anonymous content system going forward, keep their existing comments, and keep the "comment history" of non-anonymous commenters intact and so future comments are connected to past ones made by the same person.
I also assume they want to have all of this done by a certain date and under a certain budget.
Given the short time-frame I assume the remaining work, if any, is expected to take less than a few months.
Their options are:
* Stick with their existing configuration (does not meet the criteria above)
* Dump their existing comment system and start over with a brand new one, possibly losing their entire comment history (does not meet the criteria above)
* Dump their existing comment system and NOT replace it (does not meet the criteria above)
* Keep their existing comment system as an archive but not allow any new comments (does not meet the criteria above)
* Pay $BIGBUCKS to "do the impossible" and get a system that can keep historical comments anonymized but give them what they want going forward (likely does not meet the time and budget criteria above, by a longshot)
* Pay $BIGBUCKS in direct, measurable costs of lawsuits and lost customers and $MOREBIGBUCKS in lost goodwill (likely does not meet the budget criteria above, by a longshot)
The question is, which criteria are they willing to sacrifice? If they continue on their current path, they are choosing to sacrifice the "budget" criteria. I hope they have good legal insurance and enough capital to survive the public relations nightmare that lies ahead of them, or they may wind up needing to hire a good bankruptcy lawyer.
Highly P0wnable Fsck'd-up System????
(Bonus points to any reader that gets the double-entendre)
For those of you who need a hint:
I think my sense of privacy is saying "I've been manhandled."