Agreed; easier to link the signal to something else you can control in thought that doesn't distract too much; sub-vocalization of specific words would probably do the trick (although you couldn't talk while doing that) or linking it to imagining yourself floating, falling rising, going left, etc (which would be an extremely weak signal for an EEG to relay in any meaningful way).
While shouting is not going to get a protest message across, you can't expect everyone to magically dress like a lawyer when they protest.
Actually, that'd be an EXCELLENT flashmob protest: get everyone to dress like a trial lawyer (complete with briefcase.... I bet the media would LOVE it, and the police would think twice before treating them like riot fodder.
I think what this thread is missing is that Computer Science and Computer Programming are not the same thing; if your college/university only has a BSc degree in CompSci and no BA/BASc/etc., then maybe you need to try for a different degree if you don't want/need the maths.
If you graduate with your Computer Science degree, people will expect you to know the maths behind the computers, and understand how the system works, from building state machines to optimizing data sorting algorithms. Programmers who have this knowledge have a leg up on people who just know that if they tell the compiler to use certain libraries in certain combinations, a certain result will occur; it's like being able to create your own recipe from scratch vs. being able to use a recipe to create a good meal.
That said, ask your faculty regarding the required courses -- when I went to university, we challenged the faculty on some of the maths requirements, and the result was that the next semester, those courses were no longer required. I'd already taken them, but hey... future years didn't have to. And surprisingly, I find I still use those maths skills today (although not for writing software).
Seems to me that those two factors combined could be the cause... impact plus solar winds. Result: no magnetosphere, not enough mass to sustain atmosphere, and solar winds slowly doing the rest.
With more mass and different geologic pre-impact conditions, it likely had enough of everything to maintain an atmosphere.
The bigger question is why our ancestors abandoned the planet and then nuked it and stole the atmosphere, but left the water....:D
Why should anyone care about making an open source Windows now, anyway?
Because Windows owns the business world, most of the power-user world, and most of the PC gamer world. If you want OSS to make any inroads on the business desktop or with gamers, it has to run their software on their terms. And that means Windows binary compatibility.
Which is why we have WINE -- we want binary compatibility, not the ability to load up an entire OS that looks like Windows 95 and behaves like Windows XP.
IMO, WINE got it right; it provides a compile target for developers who don't want to re-develop for Linux, and a runtime wrapper for developers who don't even want a Linux build. Plus, WINE itself is platform agnostic, so it'll run on any POSIX compliant OS (read: almost every OS that isn't Windows, and even Windows for that matter), providing binary compatibility to everyone, not just the adopters of a particular distribution.
Of course, WINE and ReactOS have an interesting co-dependant relationship; ReactOS is a great platform for testing stuff out before it gets rolled into WINE, and that's the reason I'm very happy it's still around (even after the whole source integrity issue a few years back).
This "solves" the major gun issue in the world: kids playing with guns and casual handling of guns.
Most gun-related deaths are due to improperly stored guns being mishandled by someone else in the household. We've tried education and legislation as far as how you store your gun and ammo, and while it has slightly decreased the injuries and deaths statistics, it hasn't made a significant impact. I think the idea with 'safe guns' is that even if the gun is stored on the kitchen table fully loaded, Mikey grabbing the shotgun to show off in front of his friends won't work, as he won't be able to fire the thing.
Of course, this has the possibility to undo all the education that's already been put in place, and if the safety on these things ever malfunctions, there's a false sense of security (and when you're dealing with a cap and packed powder, it doesn't really matter if the gun won't fire the hammer -- environmental forces can still do it for you).
The best "safe" gun I've ever seen is one where the firing pin is removed and worn around the neck of the owner, along with the key to the ammo safe.
Glass is scary because it is always on, and integrates the internet into real life. Most people are not the same in person that they are online, and Glass will flag this dual-life syndrome to anyone wearing them.
So basically, what's scary is not so much that it lets people be more tightly integrated with the internet, but that it lets the internet be more tightly integrated with society. People probably wouldn't be too upset with Glass if it was an offline device, or even if it was streaming everything it saw to some online site -- what scares people is the tight integration that leaves no loopholes for anonymity online or offline, and removes the ability for you to be a slightly different person when people can't "see" you.
Even if Glass doesn't live up to all this, this capability is what scares people. The fear is that suddenly, every interaction you've ever had online is instantly available to every. person. in. the. room. with. you. Everyone looking at you knows all about that post you made about LOLcats 10 years ago. They know about the school recital where your wardrobe malfunction was photographed and put online. They can see all the things your less privacy conscious friends have been saying about you. You can no longer don a new persona by entering a new social setting -- Glass potentially levels the playing field so that there is only ONE social setting, ever.
As someone not fluent in German, I used to use the graffiti in the German tunnel system to figure out where I was; the artwork is very localized, with different areas having different tags. I probably would have got lost many times if not for the graffiti that made the various tunnels in places like Koln look unique.
As for the at-grade rail system though; the signage is generally good enough so that I know where I am. As long as the informational signs aren't being defaced, this is probably not all that useful a program. However, it's a better idea than throwing people at the problem, and will end up with a few kids getting some neat electronics to play with instead of wasting an evening going tagging....
Of course, that doesn't tell you all that much either.
You could probably view it by signing up as a day labourer and joining a work crew; other than that, it's unlikely you'll see it in your lifetime for any ticket value approaching reasonable.
Good reason why the government needs stricter background/personality checks. Also monitoring their employees and keeping them on a short leash would probably help too. Too many cases of police brutality, corrupt judges, and what not that seems to be on a continuous rise.
Actually, I'd guess that government employees are about average with all other employees. More monitoring just means more ways to evade monitoring. Better prescreening and established policy is really what's needed.
As for the continuous rise of police brutality and corrupt judges... I take it you are under the age of 30? Things have been getting continually better over the past 60 years or so; part of that "continually better" is that more of these cases are being reported to the public. Even 30 years ago, a case like this would have been handled by the local precinct, maybe appeared in a local paper (but probably not) and that would have been the end of it. 100 years ago, the entire precinct would have been on the payroll of some local gang boss.
Oil industry? Integrity? You're joking, right? The industry with a history rife with collusive price fixing, rampant bribery, environmental devastation, shitty working conditions, throwing their weight around to overthrow governments, etc? Yeah it's quite the industry full of people with the utmost integrity.
Sounds like they've got integrity to me, based on your examples. Maybe you need to look up what "integrity" means....
The oil industry can be counted on to operate in the manner you described, and everyone in the industry knows what's what and who's who. There are very few variables (hence the integrity). The Green energy industry, however, is one where anyone with a new idea can undercut the others and make a quick buck at the expense of everyone else. There are very few defined standards or processes, and virtually no price fixing (as everything's so new that the price is already inflated).
Now if you're talking about sociological or environmental integrity, they're both pretty bad taken as a whole.
um if you can't afford a lawyer then you can't afford to retain one.
Lawyers are only for the rich, if your not rich you are going to get screwed. Same goes for health insurance. if your rich enough that you don't need health insurance you can actually afford to pay for it.
I presume you're talking about the US -- this is all happening in Canada, where everyone has health insurance and cases like this would go to small claims court where you have to represent yourself, and loser pays (no lawyers fees involved).
The fact that these would end up in small claims is why their campaign for bulk suits will fail... that and the fact that Canadians have a very different cultural view of using/abusing the court system (which is already overloaded) than is generally held in the US -- and that includes judges in the system.
But guns aren't illegal in the United States. Why would our congress be concerned with this?
Because you are attempting to manufacture something that they cannot track or tax appropriately. The latter probably has them more up in arms than anything.
No, it's because distributing plans allowing anyone to make guns steals profits from time-honoured companies like S&W, Remington, Winchester and Colt. They'll want a piece of this action, and the ability to only trade DRM'd gun plans.
There are a lot of progressives around here, and many of them are opposed to personal firearms ownership.
I really wish that word would stop getting associated with the Democrats. They've already ruined the meaning of "liberal", was that not enough?
In Canada, it's been associated with the Conservatives, not the liberals.
In Canada, the Conservatives are progressive, the Democrats are new, and the Liberals party. If that's not enough to make you Green, I'm not sure what is.
I've been doing this for years via fail2ban; just doing blacklisting, not honeynet redirecting, but still...
fail2ban is great, but it has flaws. Slow crawl attacks evade it pretty easily, and real users sometimes get locked out because they forget their password and commit too many failures. This approach has none of those flaws, and gives you significantly more flexibility.
One thing I used to have set up was a redirect to a secondary firewall table for hosts entering the wrong passwords; the secondary firewall table had redirects to a dummy server that was configured with a completely fake network and service topography...
Yep, that's a high interaction honeypot. Great and valuable stuff, but slightly different methodology with some different applications than this. One nifty thing with honeywords is the theoretical capability to detect actual data exfiltrations in progress.
Indeed. I've been thinking of tweaking my fail2ban jails to add a script checking for specific username login attempts. If I then seed my password file with these accounts, it should be similar to what they're doing with honeywords, with minimal effort on my part.
My setup wasn't a high interaction honeypot though; there was no actual network, just a set of canned responses for the scanners. I had a tarpit going for a while, but got bored with that, as my assets have never had enough visibility for that to be at all educational or a deterrent for attackers.
If I make a copy of the password database and place it on my machine then how will an alarm reach the admins?
I'll answer the "How does this work?" part, as your comment has nothing to do with the information provided.
If you have a copy of the password db, good for you. If you crack the accounts and try to use an elevated account to access something, and that elevated account is a dummy account, alarm bells will go off everywhere. That's how this works. And everyone should be doing it.
Back in the day, I did something "similar" where I created a bunch of "default" accounts using common usernames and passwords, and gave those accounts no access. Syslog was set to send an alert and blacklist the incoming IP for 3 hours. In the 3 years I had this running, I only caught a handful of attackers, but hey... that shows that they would have got through had those accounts actually been in use.
I'm actually a bit annoyed right now: I've been working on this concept for about a month now. I guess I should be honored by the "great minds think alike" thing, but damnit, I wanted to finally get my name out there.
It's a good start and part of the technique I've been working with... great way to catch exfiltrations in progress, but we could go a bit further. Patches to critical services like SSH could be developed that would accept lists of common bruteforced passwords and automatically block and alert, or even pass the connecting client over to a honeypot.
I've been doing this for years via fail2ban; just doing blacklisting, not honeynet redirecting, but still...
One thing I used to have set up was a redirect to a secondary firewall table for hosts entering the wrong passwords; the secondary firewall table had redirects to a dummy server that was configured with a completely fake network and service topography... so if someone started attacking using an IP, the information they gleaned would be completely misleading without actually providing an active honeypot. Dummy server has since been repurposed and now I just block though; don't have the time to waste examining what people/bots are up to these days.
Right in the First fucking line of the Summary that you didn't comprehend
"Industrial control minded researchers from the security firm Cylance launched a custom exploit against a building management system deployed at Google's Sydney, Australia
so the god damn CFTA doesn't apply so take a deep breath and count backwards from 1Google until you fall down, blue in the face from not breathing before you post after such a reading comprehension failure
One other thing to point out: the reason that a security firm doesn't get the book thrown at them but individuals do, is that security firms have policies and procedures in place for how they conduct themselves; they notify the appropriate people and perform due process. Most individuals who try a stunt like this aren't even aware of all the protocol and disclosure hoops they should be jumping through -- and so when they make a mistake (which is almost inevitable, doing something by yourself, unless you're already a trained security researcher who has spent time in the system -- at which point it's just highly likely), they end up with the industry and government coming down on them like a tonne of bricks.
Any individual who creates a reputation for honesty and fully documents their investigation and discloses their intentions and action plan to the right people before they start will usually get a quiet kudos and never be noticed in public. Those trying to make headlines, will.
Think of it like the girl who was doing a "science experiment" behind the cafeteria during out of school hours -- she did something against policy, and got smacked down for it. I'm sure there were many other students who did similar things through proper channels and had nothing but a mediocre science experiment to show for it.
That said, in this case, the security researchers did a really bad job covering the bases, and are pretty much riding on their reputation alone to avoid the smackdown. Doing something illegal to make headlines to fix a problem should always be a last resort (accepting that you may face jailtime and fines for doing it and calculating that that's worth it), not a way to gain advertising.
Doesn't need reassembly -- your web browser already does that. On Macs, the display sent from the application to the graphics processor goes through DisplayPDF... which converts whatever's in the window to PDF. Doesn't take much to script taking window contents and buffering to disk, then changing the page. The result is a PDF with the actual original contents (text, images, etc) which beats screenshots.
I'll do you one better and compare it to "sure, and the teachers should notice when it's getting too hot in the classroom and call the janitor."
People tend to have issues with computer literacy... they don't want to admit to having issues until something negative affects them directly -- then it's the computer's fault. Nevermind that the issue usually has nothing to do with understanding how to use the tool, but was just compounded due to the effectiveness of the tool chosen.
Mining isn't free - the cost of mining is actually less than the cost of electricity on normal desktop machines (otherwise everyone would be doing it already).
As most people probably figured out, in this case less is more.
Slashdot Mirror
Maybe it's just that it's late, but I have no idea what that summary was trying to say.
When this article was posted yesterday, you understood it completely. Unfortunately, I can't seem to find the uri anymore to prove it to you....
Agreed; easier to link the signal to something else you can control in thought that doesn't distract too much; sub-vocalization of specific words would probably do the trick (although you couldn't talk while doing that) or linking it to imagining yourself floating, falling rising, going left, etc (which would be an extremely weak signal for an EEG to relay in any meaningful way).
While shouting is not going to get a protest message across, you can't expect everyone to magically dress like a lawyer when they protest.
Actually, that'd be an EXCELLENT flashmob protest: get everyone to dress like a trial lawyer (complete with briefcase.... I bet the media would LOVE it, and the police would think twice before treating them like riot fodder.
I think what this thread is missing is that Computer Science and Computer Programming are not the same thing; if your college/university only has a BSc degree in CompSci and no BA/BASc/etc., then maybe you need to try for a different degree if you don't want/need the maths.
If you graduate with your Computer Science degree, people will expect you to know the maths behind the computers, and understand how the system works, from building state machines to optimizing data sorting algorithms. Programmers who have this knowledge have a leg up on people who just know that if they tell the compiler to use certain libraries in certain combinations, a certain result will occur; it's like being able to create your own recipe from scratch vs. being able to use a recipe to create a good meal.
That said, ask your faculty regarding the required courses -- when I went to university, we challenged the faculty on some of the maths requirements, and the result was that the next semester, those courses were no longer required. I'd already taken them, but hey... future years didn't have to. And surprisingly, I find I still use those maths skills today (although not for writing software).
Seems to me that those two factors combined could be the cause... impact plus solar winds. Result: no magnetosphere, not enough mass to sustain atmosphere, and solar winds slowly doing the rest.
With more mass and different geologic pre-impact conditions, it likely had enough of everything to maintain an atmosphere.
The bigger question is why our ancestors abandoned the planet and then nuked it and stole the atmosphere, but left the water.... :D
Why should anyone care about making an open source Windows now, anyway?
Because Windows owns the business world, most of the power-user world, and most of the PC gamer world. If you want OSS to make any inroads on the business desktop or with gamers, it has to run their software on their terms. And that means Windows binary compatibility.
Which is why we have WINE -- we want binary compatibility, not the ability to load up an entire OS that looks like Windows 95 and behaves like Windows XP.
IMO, WINE got it right; it provides a compile target for developers who don't want to re-develop for Linux, and a runtime wrapper for developers who don't even want a Linux build. Plus, WINE itself is platform agnostic, so it'll run on any POSIX compliant OS (read: almost every OS that isn't Windows, and even Windows for that matter), providing binary compatibility to everyone, not just the adopters of a particular distribution.
Of course, WINE and ReactOS have an interesting co-dependant relationship; ReactOS is a great platform for testing stuff out before it gets rolled into WINE, and that's the reason I'm very happy it's still around (even after the whole source integrity issue a few years back).
Funny thing there... I have 4 windows open right now: one is OS X, one is Windows 7, one is Ubuntu 10 and one is Ubuntu 12...
Ubuntu 10 is slightly blockier than the others, but with the right fonts, it's not that noticeable.
I'm definitely doing a lot more than staring at browser windows :)
This "solves" the major gun issue in the world: kids playing with guns and casual handling of guns.
Most gun-related deaths are due to improperly stored guns being mishandled by someone else in the household. We've tried education and legislation as far as how you store your gun and ammo, and while it has slightly decreased the injuries and deaths statistics, it hasn't made a significant impact. I think the idea with 'safe guns' is that even if the gun is stored on the kitchen table fully loaded, Mikey grabbing the shotgun to show off in front of his friends won't work, as he won't be able to fire the thing.
Of course, this has the possibility to undo all the education that's already been put in place, and if the safety on these things ever malfunctions, there's a false sense of security (and when you're dealing with a cap and packed powder, it doesn't really matter if the gun won't fire the hammer -- environmental forces can still do it for you).
The best "safe" gun I've ever seen is one where the firing pin is removed and worn around the neck of the owner, along with the key to the ammo safe.
Really??? overrated for something that's on topic, addresses the thread and poses an opinion people can agree/disagree with?
Oh well....
Glass is scary because it is always on, and integrates the internet into real life. Most people are not the same in person that they are online, and Glass will flag this dual-life syndrome to anyone wearing them.
So basically, what's scary is not so much that it lets people be more tightly integrated with the internet, but that it lets the internet be more tightly integrated with society. People probably wouldn't be too upset with Glass if it was an offline device, or even if it was streaming everything it saw to some online site -- what scares people is the tight integration that leaves no loopholes for anonymity online or offline, and removes the ability for you to be a slightly different person when people can't "see" you.
Even if Glass doesn't live up to all this, this capability is what scares people. The fear is that suddenly, every interaction you've ever had online is instantly available to every. person. in. the. room. with. you. Everyone looking at you knows all about that post you made about LOLcats 10 years ago. They know about the school recital where your wardrobe malfunction was photographed and put online. They can see all the things your less privacy conscious friends have been saying about you. You can no longer don a new persona by entering a new social setting -- Glass potentially levels the playing field so that there is only ONE social setting, ever.
As someone not fluent in German, I used to use the graffiti in the German tunnel system to figure out where I was; the artwork is very localized, with different areas having different tags. I probably would have got lost many times if not for the graffiti that made the various tunnels in places like Koln look unique.
As for the at-grade rail system though; the signage is generally good enough so that I know where I am. As long as the informational signs aren't being defaced, this is probably not all that useful a program. However, it's a better idea than throwing people at the problem, and will end up with a few kids getting some neat electronics to play with instead of wasting an evening going tagging....
https://local.google.com/maps?q=Roden+Crater&hl=en&ll=35.425884,-111.258831&spn=0.000811,0.001206&sll=37.0625,-95.677068&sspn=51.177128,79.013672&hq=Roden+Crater&t=h&z=20
Of course, that doesn't tell you all that much either.
You could probably view it by signing up as a day labourer and joining a work crew; other than that, it's unlikely you'll see it in your lifetime for any ticket value approaching reasonable.
Good reason why the government needs stricter background/personality checks. Also monitoring their employees and keeping them on a short leash would probably help too. Too many cases of police brutality, corrupt judges, and what not that seems to be on a continuous rise.
Actually, I'd guess that government employees are about average with all other employees. More monitoring just means more ways to evade monitoring. Better prescreening and established policy is really what's needed.
As for the continuous rise of police brutality and corrupt judges... I take it you are under the age of 30? Things have been getting continually better over the past 60 years or so; part of that "continually better" is that more of these cases are being reported to the public. Even 30 years ago, a case like this would have been handled by the local precinct, maybe appeared in a local paper (but probably not) and that would have been the end of it. 100 years ago, the entire precinct would have been on the payroll of some local gang boss.
Why wait for a tree to grow it when you can just print the stuff?
Why print the stuff when you can do it electronically? Think of the carbon waste when you burn through your money!
Oil industry? Integrity? You're joking, right? The industry with a history rife with collusive price fixing, rampant bribery, environmental devastation, shitty working conditions, throwing their weight around to overthrow governments, etc? Yeah it's quite the industry full of people with the utmost integrity.
Sounds like they've got integrity to me, based on your examples. Maybe you need to look up what "integrity" means....
The oil industry can be counted on to operate in the manner you described, and everyone in the industry knows what's what and who's who. There are very few variables (hence the integrity). The Green energy industry, however, is one where anyone with a new idea can undercut the others and make a quick buck at the expense of everyone else. There are very few defined standards or processes, and virtually no price fixing (as everything's so new that the price is already inflated).
Now if you're talking about sociological or environmental integrity, they're both pretty bad taken as a whole.
um if you can't afford a lawyer then you can't afford to retain one.
Lawyers are only for the rich, if your not rich you are going to get screwed.
Same goes for health insurance. if your rich enough that you don't need health insurance you can actually afford to pay for it.
I presume you're talking about the US -- this is all happening in Canada, where everyone has health insurance and cases like this would go to small claims court where you have to represent yourself, and loser pays (no lawyers fees involved).
The fact that these would end up in small claims is why their campaign for bulk suits will fail... that and the fact that Canadians have a very different cultural view of using/abusing the court system (which is already overloaded) than is generally held in the US -- and that includes judges in the system.
But guns aren't illegal in the United States. Why would our congress be concerned with this?
Because you are attempting to manufacture something that they cannot track or tax appropriately. The latter probably has them more up in arms than anything.
No, it's because distributing plans allowing anyone to make guns steals profits from time-honoured companies like S&W, Remington, Winchester and Colt. They'll want a piece of this action, and the ability to only trade DRM'd gun plans.
There are a lot of progressives around here, and many of them are opposed to personal firearms ownership.
I really wish that word would stop getting associated with the Democrats. They've already ruined the meaning of "liberal", was that not enough?
In Canada, it's been associated with the Conservatives, not the liberals.
In Canada, the Conservatives are progressive, the Democrats are new, and the Liberals party. If that's not enough to make you Green, I'm not sure what is.
I've been doing this for years via fail2ban; just doing blacklisting, not honeynet redirecting, but still...
fail2ban is great, but it has flaws. Slow crawl attacks evade it pretty easily, and real users sometimes get locked out because they forget their password and commit too many failures. This approach has none of those flaws, and gives you significantly more flexibility.
One thing I used to have set up was a redirect to a secondary firewall table for hosts entering the wrong passwords; the secondary firewall table had redirects to a dummy server that was configured with a completely fake network and service topography...
Yep, that's a high interaction honeypot. Great and valuable stuff, but slightly different methodology with some different applications than this. One nifty thing with honeywords is the theoretical capability to detect actual data exfiltrations in progress.
Indeed. I've been thinking of tweaking my fail2ban jails to add a script checking for specific username login attempts. If I then seed my password file with these accounts, it should be similar to what they're doing with honeywords, with minimal effort on my part.
My setup wasn't a high interaction honeypot though; there was no actual network, just a set of canned responses for the scanners. I had a tarpit going for a while, but got bored with that, as my assets have never had enough visibility for that to be at all educational or a deterrent for attackers.
If I make a copy of the password database and place it on my machine then how will an alarm reach the admins?
I'll answer the "How does this work?" part, as your comment has nothing to do with the information provided.
If you have a copy of the password db, good for you. If you crack the accounts and try to use an elevated account to access something, and that elevated account is a dummy account, alarm bells will go off everywhere. That's how this works. And everyone should be doing it.
Back in the day, I did something "similar" where I created a bunch of "default" accounts using common usernames and passwords, and gave those accounts no access. Syslog was set to send an alert and blacklist the incoming IP for 3 hours. In the 3 years I had this running, I only caught a handful of attackers, but hey... that shows that they would have got through had those accounts actually been in use.
Now I just use fail2ban.
I'm actually a bit annoyed right now: I've been working on this concept for about a month now. I guess I should be honored by the "great minds think alike" thing, but damnit, I wanted to finally get my name out there.
It's a good start and part of the technique I've been working with... great way to catch exfiltrations in progress, but we could go a bit further. Patches to critical services like SSH could be developed that would accept lists of common bruteforced passwords and automatically block and alert, or even pass the connecting client over to a honeypot.
I've been doing this for years via fail2ban; just doing blacklisting, not honeynet redirecting, but still...
One thing I used to have set up was a redirect to a secondary firewall table for hosts entering the wrong passwords; the secondary firewall table had redirects to a dummy server that was configured with a completely fake network and service topography... so if someone started attacking using an IP, the information they gleaned would be completely misleading without actually providing an active honeypot. Dummy server has since been repurposed and now I just block though; don't have the time to waste examining what people/bots are up to these days.
Right in the First fucking line of the Summary that you didn't comprehend
"Industrial control minded researchers from the security firm Cylance launched a custom exploit against a building management system deployed at Google's Sydney, Australia
so the god damn CFTA doesn't apply so take a deep breath and count backwards from 1Google until you fall down, blue in the face from not breathing before you post after such a reading comprehension failure
One other thing to point out: the reason that a security firm doesn't get the book thrown at them but individuals do, is that security firms have policies and procedures in place for how they conduct themselves; they notify the appropriate people and perform due process. Most individuals who try a stunt like this aren't even aware of all the protocol and disclosure hoops they should be jumping through -- and so when they make a mistake (which is almost inevitable, doing something by yourself, unless you're already a trained security researcher who has spent time in the system -- at which point it's just highly likely), they end up with the industry and government coming down on them like a tonne of bricks.
Any individual who creates a reputation for honesty and fully documents their investigation and discloses their intentions and action plan to the right people before they start will usually get a quiet kudos and never be noticed in public. Those trying to make headlines, will.
Think of it like the girl who was doing a "science experiment" behind the cafeteria during out of school hours -- she did something against policy, and got smacked down for it. I'm sure there were many other students who did similar things through proper channels and had nothing but a mediocre science experiment to show for it.
That said, in this case, the security researchers did a really bad job covering the bases, and are pretty much riding on their reputation alone to avoid the smackdown. Doing something illegal to make headlines to fix a problem should always be a last resort (accepting that you may face jailtime and fines for doing it and calculating that that's worth it), not a way to gain advertising.
Doesn't need reassembly -- your web browser already does that. On Macs, the display sent from the application to the graphics processor goes through DisplayPDF... which converts whatever's in the window to PDF. Doesn't take much to script taking window contents and buffering to disk, then changing the page. The result is a PDF with the actual original contents (text, images, etc) which beats screenshots.
Just saying.
I'll do you one better and compare it to "sure, and the teachers should notice when it's getting too hot in the classroom and call the janitor."
People tend to have issues with computer literacy... they don't want to admit to having issues until something negative affects them directly -- then it's the computer's fault. Nevermind that the issue usually has nothing to do with understanding how to use the tool, but was just compounded due to the effectiveness of the tool chosen.
Mining isn't free - the cost of mining is actually less than the cost of electricity on normal desktop machines (otherwise everyone would be doing it already).
As most people probably figured out, in this case less is more.