Google does the same thing, including hamlets. In my case, they mis-drew the line for the end of the hamlet to include about 50 homes that aren't a part of it. Results in a ton of confusion for local delivery drivers who aren't regulars, yet Google refuses to fix the issue.
In cases where the SMB exploit fails, Petya tries to spread using PsExec under local user accounts. (PsExec is a command-line tool that allows users to run processes on remote systems.) It also runs a modified mimikatz LSAdump tool that finds all available user credentials in memory.
It attempts to run the Windows Management Instrumentation Command-line (WMIC) to deploy and execute the payload on each known host with relevant credentials. (WMIC is a scripting interface that simplifies the use of Windows Management Instrumentation (WMI) and systems managed through it.)
So on networked systems, if a host has the "vaccination" gets hit but has credentials for other systems that permit logon/execution saved, then it can still spread. If you don't save networked credentials for other PCs on your network on a given PC, then it shouldn't be an issue on a fully patched network.
I could see this being an issue on corporate networks if Windows Server is not fully patched and a server like AD has a network logon that is valid across a wide number of client PCs/other servers, but the impact on most home networks is likely minimal.
Still wouldn't hurt to apply the 'vaccination' to each PC you own as a precaution though.
Basically, Qualcomm has thousands of patents that are required to implement basic wireless standards. They have a lot of key patents relating to CDMA, which Verizon and Sprint use in the US. For example, they made Apple agree to use their modems exclusively for years to get decent rates. For other manufacturers, they threatened to refuse giving Qualcomm's modems (required to work on the CDMA networks) unless the company also used the Snapdragon processors or agreed to not use Basebands from other modems. This is why Apple started by suing Qualcomm, because after they started using Intel modems in some phones Qualcomm started withholding "incentive payments" (essentially pre-agreed upon discounts) which may have totaled a billion dollars.
If Qualcomm just competed under the quality of their products and made the patents available under FRAND terms then there would be no controversy. Instead, manufacturers are tired of Qualcomm using their patents to take unfair advantage of them (either ridiculous non-FRAND terms for standards essential patents, or making them sign exclusivity agreements on phone SoCs/modems in order to get more fair pricing).
The ban is on laptops/large electronics in passenger cabins (carry on baggage/personal items brought in the passenger cabin) You're allowed to check it in your checked baggage and hope that airline/airport staff don't steal it.
To scan for prohibited items, but a CT scanner (used on checked baggage) can see everything three dimensionally which (according to the articles I've read) makes it a lot easier to distinguish prohibited/dangerous items in baggage, versus x-rays which see from one angle that cannot be easily changed. They're piloting CT scanners in the US at passenger security screening checkpoints but this is barely anywhere yet.
I'm not sure how generally it would help in this case, e.g. how a normal battery would appear versus one filled with something else.
Never mind, misread your comment. In equipment is okay, those would qualify as in equipment.
The rule (laptop ban) still seems mind boggling to me. Will affect tons of people from the company I work for. And batteries in equipment are still subject to issue. Look at the Galaxy Note 7.
There has to be a pick priority so when you order something for $4 overnight, it actually arrives the next day. That being said, it's clear that Amazon could ship items faster to Prime members. Over 50% of my orders with two day shipping end up sitting on the order for the day it's placed, shipping it the next day, and while it still arrives in two days, it could have been one day if Amazon wanted.
That's fine by me since I pay for unlimited two day and the value is getting the item within two days. But what they do with the free shipping now is pretty criminal, and I think a way to basically force people into trying Prime and getting addicted to the unlimited two day gravy train.
Amazon prime is a hard value prop depending on your household size. They used to allow you to share it with "four household members", which was anyone with an email that you knew the MM/DD birthday of (meaning you could split it four ways and get $25/person prime, even if they lived at totally different addresses). Now you can only share with one other account AND both accounts share all saved payment methods, which most people who aren't engaged/married/closely related aren't going to want. The music and video and photo backup benefits are nice but it's still a hard pricetag to swallow.
Amazon is basically great if you have Prime now and sucks if you don't. Their delivery acumen and warehousing operations are nothing short of amazing in scope. A lot of the time when you pick "free two day prime shipping", they wait an entire day to ship it because it's in the warehouse a state over and they can just slap a USPS First Class mail label on it for cheap and get it to you two business days later (or same but same day for $4/next day shipping). If you don't then Amazon waits forever to pick your items and sends them from the warehouse at the other side of the country so it takes weeks to get your item.
That being said, fulfilled by Amazon is great for avoiding tax in some states and getting some third party products that are quality quickly (e.g. a third party makes some of the best USB-C/Apple Lightning cables I know of and fulfills via amazon), but it's also made buying certain things impossible because the stock gets contaminated by counterfeits. Amazon goes to Apple and buys real iPhone chargers, someone else goes to China and gets cheap counterfeits, then Amazon says "they're the same item so we can put them on the same spot on the shelf", and then you end up in a situation where 90% of "real" Apple chargers sold by Amazon are fakes. It's made buying certain items on Amazon totally not worth it. I used to get Energizer/Duracell coin cell batteries in large packs for a fraction of the price per battery you'd pay at a brick and mortar store. Now most of those are fake too (same stock contamination as the iPhone cables) and they last maybe a week or two before you throw them out. I just buy them at the store now, because counterfeits aren't worth the hassle.
Numerous articles are now reporting that the Pebble brand will be phased out. Given Fitbit's history of buyouts (e.g. their acquisition of Coin earlier this year was a technology buyout, and they left everyone who bought the Coin 2.0 payment hardware SOL) I believe that Fitbit is going to drop support/development of the Pebble hardware. And my Pebble Time 2 (bought earlier this year via Kickstarter) is late, and probably deprecated before I receive it.
My Pebble Time Steel - other than the giant bezel - is my ideal smartwatch. Great battery life, intuitive controls, looks nice, price was right, battery life means I don't have to charge it daily (sometimes as little as once a week, with a lot of notifications). I thought that Pebble Time 2 would solve my main gripe. But with the buyout, I'm probably going to cancel my order. Why buy into something that's going to be dead from a development perspective before I get it?
I realize this may not be clear given the above post, but I forgot to explicitly say I was talking about the Frequent Flier number in my prior comment.
Fair enough for the name and record locator, but on many boarding passes (e.g. United) it's not plainly printed in plaintext (E.G. MileagePlus Gold, Star Alliance Gold, ******ABC). Just scan the boarding pass with a barcode reader (it's in the standard BCBP format, so the frequent flier # is in plaintext) and then you have a username, and an idea if the account is worth breaking into (global services or 1K [top two tiers] would have that status printed on the BP).
Combine that with United's horrible security (requiring you to have a four digit PIN = weak to bruteforce) and you end up with a recipe for disaster if you leave your BPs laying around.
I know that many would ridicule that such a program is necessary/useful on windows, and some others might rather avoid software with bundled crapware checked by default in the installers, but Unchecky is a great, lightweight (less than 1MB RAM) freeware that watches installers and automatically unchecks the boxes for things like offers in the Java installer, Bing toolbar/bing default in the Skype installer, and other unwanted bundled installs.
I run it as a convenience to not uncheck the boxes manually, but for relatives (e.g. grandma) it's fantastic because it saves me from removing five toolbars every month.
I've personally found that the majority of people don't really make any judgment on having an AOL address but people who are tech oriented tend to think the person is backwards for using a really old service that's associated with old times, not as much storage or features as some newer entrants (e.g. Gmail, etc.)..
My parents and grandparents started on the internet for AOL and spend 5+ years regularly using it, signing up for sites, giving out contact info, etc. before getting cable and 9 or more years before Gmail ever existed. My grandparents actually maintain email pretty well (delete what they don't need so smaller storage amount is OK) so they just use AOL via IMAP (switched to iPads as primary internet device).
One of my parents gave up the AOL mail (used another email more) and the other still uses their AOL address - but all email is pulled via POP into Gmail on a 5 minute basis (Greasemonkey script automates the fetch on that interval, clicking the refresh button in gmail will force a check sooner) and that is how she consumes it. This system works pretty well because you can switch even formerly paid AOL accounts to the free plan and not lose anything. This may eventually not become required because all outgoing email goes out via Gmail on the personal domain (Gmail for your Domain), so most people who would care to contact her have the new email address nowadays.
The merchants already know what you're buying. Target takes any information they can and ties it to a guest ID. You use a coupon you got emailed with a credit card- they tie the email and credit card to your guest ID. You use the same credit card and buy tobacco when they scan your drivers license - they append the info from the driver's license to your guest ID. With your physical address from your driver's license, they mail you a coupon and you use that with your debit card - they tie the debit card to your guest ID.
The big win of CurrentC for the merchants is that it gives them a platform to share this information from each other and build up this information across stores. Now Walmart knows what you bought at Rite Aid.
It's been said in a variety of ways, but this article assumes that the carrots offered by the retailers will trump all the problems with this system. Let's think through this:
It requires you to give your bank account number, driver's license number, and social security number to a random app. Competing mobile wallets require none of these. Additionally, this is being asked by an app for a group of people who consumers have relatively low amounts of trust for right now - retailers, currently reeling after huge breaches.
It requires you to unlock your device, enter a PIN, and either scan a QR code, or have the cashier scan yours off your screen. This is far more hassle than placing the phone to the reader and entering the PIN/using a biometric ID on Apple devices.
It forces you to use a checking account, which many people don't want since they want the benefits of credit cards.
Beyond the obvious other pitfalls for people in the know (consumer liability is far worse, privacy is far worse with the retailers getting more data- the terms and conditions even require you to approve the collection of health related data), there are huge red flags. I just don't see it happening with sustainable "carrots" to keep consumers using the app - it's too high maintenance for it to be worth it except for massive discounts far in excess of what the merchant fees are. Not to mention one would expect the credit card companies to fight back.
MX Greens have been used with MX Blue switches for a while. Usually the only green switch on the keyboard is the spacebar, it's meant to be a stronger (heavier, requiring more actuation force) version of the blue for that purpose.
The use of MX Greens for an entire keyboard is new though.
As others indicated, you can buy a Unicomp if you want a "real Model M" anyways. The click is not as tactile and the feel from the tactility is different between buckling springs and MX switches (a click leaf is different from the THWACK of a buckling spring buckling and hitting the wall). If you want a heavier actuation cherry switch with a lighter click, get an MX. If you want a Model M-like keyboard, get a Model M or Unicomp Customizer...
Bad editing with the recent Fricosu case (foregone conclusion reached, judge compelling decryption) and the Doe case (what headline refers to, no foregone conclusion, judge rejecting compelled decryption) both in the summary.
They'd still have to prove that you had the USB drive that decrypted the drive. If they had it already, they could decrypt it without you; if they don't, they would need to confessing to having it somewhere in some form or otherwise proving it exists and is yours.
Also in Boucher's case they were able to get specific, and in Boucher's case, he only used a container, so files with names suggesting CP were there, and the defendant voluntarily decrypted them so they could be viewed.
The ICE agent examined the computer and saw a file labeled “2yo getting raped during diaper change,” but was unable to open it. After the suspect navigated to the encrypted portion of the hard drive, the ICE agent located and examined several videos or images that appeared to be child pornography. Id. The district court concluded that the “foregone conclusion” doctrine applied under those facts because any testimonial value derived from the act of production was already known to the Government and therefore added nothing to its case
The circumstances are different here, hence why a foregone conclusion was not found.
The Anon I replied to alleges that addons cover extensions (ABP, Betterprivacy, Ghostery, Skype, etc.) AND plugins (Flash, Shockwave, java - anything that uses the NPAPI).
So if my initial interpretation was correct (same as yours- this is for extensions not plugins), that won't be a problem; if his interpretation is correct (keeping in mind that he challenged mine - plugins/extensions are under the addons umbrella, both appear in the addon manager, etc.) it would be.
I guess the only way to find out will be to install a copy of the beta and then a plugin or two.
The development cycle is better but using major numbers is stupid and has rendered it meaningless IMO. Chrome ratchets up the version number similarly, they just don't trumpet it and instead silently update (which Mozilla is deeply opposed to).
Honestly I think the default option should be default stealth update like Chrome and, during install, ask if people want continuous silent updates. Let the nerds opt out if they have concerns and let everyone who doesn't like to know about every update get it.
If that's true, then it's as comprehensive as I'd hope. I just wonder if Firefox will whitelist certain addons at the risk of seeming to play favorites (if people don't check to enable Flash and then try to go to Youtube, it won't work).
Either that or prompt when a plugin that's present but default disabled would be used and ask if they want to enable it with a notification. Not sure of the handling code for that, but I can't imagine it being impossible.
Mozilla blog mentions that it's for addons, which are different from plugins (plugins use NPAPI - Flash, Java, Shockwave, etc. - vs XPIs). They are separately listed in the addons manager for that reason. At this point, I'd say it probably doesn't apply to plugins, but the page doesn't give enough context to determine that.
Slashdot Mirror
Google does the same thing, including hamlets. In my case, they mis-drew the line for the end of the hamlet to include about 50 homes that aren't a part of it. Results in a ton of confusion for local delivery drivers who aren't regulars, yet Google refuses to fix the issue.
Via Sophos:
In cases where the SMB exploit fails, Petya tries to spread using PsExec under local user accounts. (PsExec is a command-line tool that allows users to run processes on remote systems.) It also runs a modified mimikatz LSAdump tool that finds all available user credentials in memory.
It attempts to run the Windows Management Instrumentation Command-line (WMIC) to deploy and execute the payload on each known host with relevant credentials. (WMIC is a scripting interface that simplifies the use of Windows Management Instrumentation (WMI) and systems managed through it.)
So on networked systems, if a host has the "vaccination" gets hit but has credentials for other systems that permit logon/execution saved, then it can still spread. If you don't save networked credentials for other PCs on your network on a given PC, then it shouldn't be an issue on a fully patched network.
I could see this being an issue on corporate networks if Windows Server is not fully patched and a server like AD has a network logon that is valid across a wide number of client PCs/other servers, but the impact on most home networks is likely minimal.
Still wouldn't hurt to apply the 'vaccination' to each PC you own as a precaution though.
FTC alleges Qualcomm forced Apple into iPhone LTE chip deals
Basically, Qualcomm has thousands of patents that are required to implement basic wireless standards. They have a lot of key patents relating to CDMA, which Verizon and Sprint use in the US. For example, they made Apple agree to use their modems exclusively for years to get decent rates. For other manufacturers, they threatened to refuse giving Qualcomm's modems (required to work on the CDMA networks) unless the company also used the Snapdragon processors or agreed to not use Basebands from other modems. This is why Apple started by suing Qualcomm, because after they started using Intel modems in some phones Qualcomm started withholding "incentive payments" (essentially pre-agreed upon discounts) which may have totaled a billion dollars.
If Qualcomm just competed under the quality of their products and made the patents available under FRAND terms then there would be no controversy. Instead, manufacturers are tired of Qualcomm using their patents to take unfair advantage of them (either ridiculous non-FRAND terms for standards essential patents, or making them sign exclusivity agreements on phone SoCs/modems in order to get more fair pricing).
The ban is on laptops/large electronics in passenger cabins (carry on baggage/personal items brought in the passenger cabin) You're allowed to check it in your checked baggage and hope that airline/airport staff don't steal it.
To scan for prohibited items, but a CT scanner (used on checked baggage) can see everything three dimensionally which (according to the articles I've read) makes it a lot easier to distinguish prohibited/dangerous items in baggage, versus x-rays which see from one angle that cannot be easily changed. They're piloting CT scanners in the US at passenger security screening checkpoints but this is barely anywhere yet.
I'm not sure how generally it would help in this case, e.g. how a normal battery would appear versus one filled with something else.
Never mind, misread your comment. In equipment is okay, those would qualify as in equipment.
The rule (laptop ban) still seems mind boggling to me. Will affect tons of people from the company I work for. And batteries in equipment are still subject to issue. Look at the Galaxy Note 7.
A lot of laptops these days like modern Macbooks and many PC Ultrabooks like the Lenovo X1 Carbon / X1 Yoga don't have removable batteries.
There has to be a pick priority so when you order something for $4 overnight, it actually arrives the next day. That being said, it's clear that Amazon could ship items faster to Prime members. Over 50% of my orders with two day shipping end up sitting on the order for the day it's placed, shipping it the next day, and while it still arrives in two days, it could have been one day if Amazon wanted.
That's fine by me since I pay for unlimited two day and the value is getting the item within two days. But what they do with the free shipping now is pretty criminal, and I think a way to basically force people into trying Prime and getting addicted to the unlimited two day gravy train.
Amazon prime is a hard value prop depending on your household size. They used to allow you to share it with "four household members", which was anyone with an email that you knew the MM/DD birthday of (meaning you could split it four ways and get $25/person prime, even if they lived at totally different addresses). Now you can only share with one other account AND both accounts share all saved payment methods, which most people who aren't engaged/married/closely related aren't going to want. The music and video and photo backup benefits are nice but it's still a hard pricetag to swallow.
Amazon is basically great if you have Prime now and sucks if you don't. Their delivery acumen and warehousing operations are nothing short of amazing in scope. A lot of the time when you pick "free two day prime shipping", they wait an entire day to ship it because it's in the warehouse a state over and they can just slap a USPS First Class mail label on it for cheap and get it to you two business days later (or same but same day for $4/next day shipping). If you don't then Amazon waits forever to pick your items and sends them from the warehouse at the other side of the country so it takes weeks to get your item.
That being said, fulfilled by Amazon is great for avoiding tax in some states and getting some third party products that are quality quickly (e.g. a third party makes some of the best USB-C/Apple Lightning cables I know of and fulfills via amazon), but it's also made buying certain things impossible because the stock gets contaminated by counterfeits. Amazon goes to Apple and buys real iPhone chargers, someone else goes to China and gets cheap counterfeits, then Amazon says "they're the same item so we can put them on the same spot on the shelf", and then you end up in a situation where 90% of "real" Apple chargers sold by Amazon are fakes. It's made buying certain items on Amazon totally not worth it. I used to get Energizer/Duracell coin cell batteries in large packs for a fraction of the price per battery you'd pay at a brick and mortar store. Now most of those are fake too (same stock contamination as the iPhone cables) and they last maybe a week or two before you throw them out. I just buy them at the store now, because counterfeits aren't worth the hassle.
Numerous articles are now reporting that the Pebble brand will be phased out. Given Fitbit's history of buyouts (e.g. their acquisition of Coin earlier this year was a technology buyout, and they left everyone who bought the Coin 2.0 payment hardware SOL) I believe that Fitbit is going to drop support/development of the Pebble hardware. And my Pebble Time 2 (bought earlier this year via Kickstarter) is late, and probably deprecated before I receive it.
My Pebble Time Steel - other than the giant bezel - is my ideal smartwatch. Great battery life, intuitive controls, looks nice, price was right, battery life means I don't have to charge it daily (sometimes as little as once a week, with a lot of notifications). I thought that Pebble Time 2 would solve my main gripe. But with the buyout, I'm probably going to cancel my order. Why buy into something that's going to be dead from a development perspective before I get it?
I realize this may not be clear given the above post, but I forgot to explicitly say I was talking about the Frequent Flier number in my prior comment.
Fair enough for the name and record locator, but on many boarding passes (e.g. United) it's not plainly printed in plaintext (E.G. MileagePlus Gold, Star Alliance Gold, ******ABC). Just scan the boarding pass with a barcode reader (it's in the standard BCBP format, so the frequent flier # is in plaintext) and then you have a username, and an idea if the account is worth breaking into (global services or 1K [top two tiers] would have that status printed on the BP).
Combine that with United's horrible security (requiring you to have a four digit PIN = weak to bruteforce) and you end up with a recipe for disaster if you leave your BPs laying around.
I know that many would ridicule that such a program is necessary/useful on windows, and some others might rather avoid software with bundled crapware checked by default in the installers, but Unchecky is a great, lightweight (less than 1MB RAM) freeware that watches installers and automatically unchecks the boxes for things like offers in the Java installer, Bing toolbar/bing default in the Skype installer, and other unwanted bundled installs.
I run it as a convenience to not uncheck the boxes manually, but for relatives (e.g. grandma) it's fantastic because it saves me from removing five toolbars every month.
I've personally found that the majority of people don't really make any judgment on having an AOL address but people who are tech oriented tend to think the person is backwards for using a really old service that's associated with old times, not as much storage or features as some newer entrants (e.g. Gmail, etc.)..
My parents and grandparents started on the internet for AOL and spend 5+ years regularly using it, signing up for sites, giving out contact info, etc. before getting cable and 9 or more years before Gmail ever existed. My grandparents actually maintain email pretty well (delete what they don't need so smaller storage amount is OK) so they just use AOL via IMAP (switched to iPads as primary internet device).
One of my parents gave up the AOL mail (used another email more) and the other still uses their AOL address - but all email is pulled via POP into Gmail on a 5 minute basis (Greasemonkey script automates the fetch on that interval, clicking the refresh button in gmail will force a check sooner) and that is how she consumes it. This system works pretty well because you can switch even formerly paid AOL accounts to the free plan and not lose anything. This may eventually not become required because all outgoing email goes out via Gmail on the personal domain (Gmail for your Domain), so most people who would care to contact her have the new email address nowadays.
The merchants already know what you're buying. Target takes any information they can and ties it to a guest ID. You use a coupon you got emailed with a credit card- they tie the email and credit card to your guest ID. You use the same credit card and buy tobacco when they scan your drivers license - they append the info from the driver's license to your guest ID. With your physical address from your driver's license, they mail you a coupon and you use that with your debit card - they tie the debit card to your guest ID.
The big win of CurrentC for the merchants is that it gives them a platform to share this information from each other and build up this information across stores. Now Walmart knows what you bought at Rite Aid.
Beyond the obvious other pitfalls for people in the know (consumer liability is far worse, privacy is far worse with the retailers getting more data- the terms and conditions even require you to approve the collection of health related data), there are huge red flags. I just don't see it happening with sustainable "carrots" to keep consumers using the app - it's too high maintenance for it to be worth it except for massive discounts far in excess of what the merchant fees are. Not to mention one would expect the credit card companies to fight back.
MX Greens have been used with MX Blue switches for a while. Usually the only green switch on the keyboard is the spacebar, it's meant to be a stronger (heavier, requiring more actuation force) version of the blue for that purpose.
The use of MX Greens for an entire keyboard is new though.
As others indicated, you can buy a Unicomp if you want a "real Model M" anyways. The click is not as tactile and the feel from the tactility is different between buckling springs and MX switches (a click leaf is different from the THWACK of a buckling spring buckling and hitting the wall). If you want a heavier actuation cherry switch with a lighter click, get an MX. If you want a Model M-like keyboard, get a Model M or Unicomp Customizer...
Bad writeup here. First article is for Fricosu where a foregone conclusion was found, what OP summary is referring to is a different John Doe case.
Bad editing with the recent Fricosu case (foregone conclusion reached, judge compelling decryption) and the Doe case (what headline refers to, no foregone conclusion, judge rejecting compelled decryption) both in the summary.
They'd still have to prove that you had the USB drive that decrypted the drive. If they had it already, they could decrypt it without you; if they don't, they would need to confessing to having it somewhere in some form or otherwise proving it exists and is yours.
The circumstances are different here, hence why a foregone conclusion was not found.
The Anon I replied to alleges that addons cover extensions (ABP, Betterprivacy, Ghostery, Skype, etc.) AND plugins (Flash, Shockwave, java - anything that uses the NPAPI).
So if my initial interpretation was correct (same as yours- this is for extensions not plugins), that won't be a problem; if his interpretation is correct (keeping in mind that he challenged mine - plugins/extensions are under the addons umbrella, both appear in the addon manager, etc.) it would be.
I guess the only way to find out will be to install a copy of the beta and then a plugin or two.
The development cycle is better but using major numbers is stupid and has rendered it meaningless IMO. Chrome ratchets up the version number similarly, they just don't trumpet it and instead silently update (which Mozilla is deeply opposed to).
Honestly I think the default option should be default stealth update like Chrome and, during install, ask if people want continuous silent updates. Let the nerds opt out if they have concerns and let everyone who doesn't like to know about every update get it.
If that's true, then it's as comprehensive as I'd hope. I just wonder if Firefox will whitelist certain addons at the risk of seeming to play favorites (if people don't check to enable Flash and then try to go to Youtube, it won't work).
Either that or prompt when a plugin that's present but default disabled would be used and ask if they want to enable it with a notification. Not sure of the handling code for that, but I can't imagine it being impossible.
Mozilla blog mentions that it's for addons, which are different from plugins (plugins use NPAPI - Flash, Java, Shockwave, etc. - vs XPIs). They are separately listed in the addons manager for that reason. At this point, I'd say it probably doesn't apply to plugins, but the page doesn't give enough context to determine that.