It seems to me that you're the one who doesn't understand what free speech is about. The First Amendment applies to government action.
The government is forbidden from arresting people for writing offensive blog posts. But private companies are not required to provide domain name service to them.
I mean, if every single public forum is owned by a company, this would mean that any company could dictate what can be talked about on their forums.
This is, potentially, a good argument for some sort of common-carrier regulation of DNS providers (which is, of course, what we're talking about). But I can't see applying it to, say, hosting providers or private forums.
That's their excuse, but nah, incitement has a very narrow legal definition. There's a good article at Ars that quotes a couple of free speech lawyers:
But that justification doesn't make much sense to First Amendment lawyer Ken White, who runs the popular Popehat blog.
White describes the Daily Stormer as a "sewer of humanity." In a statement to Ars, he argued that the article about Heyer "is repulsive, and arguably advocates for killing people in general, but it's not actionable incitement under the law. GoDaddy, of course, can kick Nazis off its platform as it likes, though."
James Grimmelmann, an Internet law expert at Cornell University, didn't find GoDaddy's explanation very convincing either. He noted that the Daily Stormer has posted equally inflammatory content for years.
"It's rare for companies in these kinds of suspension disputes to be honest to own up to the fact that 'we tolerated this for years but now we've concluded we were wrong,'" he said. Admitting that you've changed your mind can be awkward. So often companies choose instead to use dubious interpretations of their own rules to insist they haven't changed at all.
So no, we don't have to let hateful organisations say whatever they want
Define your terms.
Who's "we", what's "let", and what's "whatever they want"?
Most kinds of speech are protected. Private individuals and entities are free to respond to speech they don't like with free speech of their own, whether that's a reasoned criticism, childish name-calling, boycotts, or, as in this case, telling their customers that they don't want their business. They're not free to respond with violence or other illegal behavior.
Some forms of speech aren't protected. Those are the forms that the government is allowed to punish.
One: You're conflating government restrictions with private companies exercising their right to free association.
Two: You're ignoring that there are several categories of speech that are not protected by the First Amendment. (That's probably fair under these circumstances, though, as we're not talking about defamation or true threats here, we are talking about protected speech.)
A password stored in a password manager's file is only as strong as the file's master password.
Yes, but remembering one secure password is a lot easier than remembering fifty.
And don't password managers that synchronize new or changed passwords between machines cost money?
As far as I know, yes, though using a sync solution like Dropbox shouldn't be a problem if your password table is properly encrypted. (Especially if there's a separate keyfile that you don't include on shared storage and instead copy to every client device manually.)
I sync my password file using an Owncloud instance that's only accessible from my LAN. It's not the most convenient solution, but it's secure enough that I'm confident I'm safe unless a sophisticated attacker targets me personally. And password complexity isn't about protecting you from a sophisticated, targeted attack, it's about protecting you against brute-force attacks.
(Hint: Password complexity rules are a good way to prevent the dumbest of passwords from being used.)
Comparing against a blacklist of common passwords, and having a few modest length requirements (and maybe an entropy counter), are good rules. I'm not convinced that complexity rules are.
I used to work at GoDaddy. The security tutorial I had to pass on my first day actually recommended satisfying the "mixed-case/symbol" requirement by starting with an initial capital letter and ending with an exclamation point -- in other words, reducing a six-character password with mixed case and special characters to exactly the same complexity as a five-character, all-lowercase password.
That's a dumb damn thing for a security tutorial to advise users to do, but in its defense, even if it didn't, users would just do that anyway.
Requiring mixed-case passwords may prevent users from using password, but it just means they're going to switch to Password. Require numbers? Then it'll be Password1. Require symbols? Password1!. And so on.
Meanwhile, complexity rules interfere with actual secure passwords. I once had a site reject K"Nb\:uO` as too weak but accept P@55w0rd without issue. And who can blame it? Just look how secure P@55w0rd is. It's got mixed-case, numbers, and a symbol. Not like K"Nb\:uO`. Look at it. No numbers anywhere!
Algorithms for determining password strength are uniformly terrible, too. I once set up an account in Plesk and it rejected K"Nb\:uO` as too weak but accepted P@55w0rd without complaint.
As far as I've observed in Android, autocomplete doesn't work on password prompts. This is one of those things that seems like a good idea but isn't, because it discourages passphrases made up of common English words.
Now, some autocomplete features -- like training the keyboard to predict the next word based on commonly-used combinations -- shouldn't work in password prompts, obviously. But just being able to predict a common word based on the first couple of characters (or swiping) should.
I know the headline is Fox News's and not yours, but it really should be "delayed", past tense, not "delaying". The article is talking about the delays the show has already experienced, not a new delay. The show is still scheduled to premier on September 24, as the closing graf makes clear.
Now that modals are behaving exactly like popups, they should be treated like popups: if they're triggered by anything other than user action, they get blocked. (Look for functions that create elements with a fixed position and a high z-index.)
And I want my mobile browser to give me the option to ignore position: fixed. There is not enough room on my fucking screen for a site to overlay a navbar, social buttons, etc. on top of the content. (Firefox's Reader button is great but doesn't work everywhere.)
I don't have the kind of free time I used to, but fortunately Linux doesn't take nearly as much of my free time to run as it used to. I worked with Slackware and Gentoo when I was younger; now I run OpenSUSE Leap and GalliumOS (an Xubuntu derivative).
And sometimes, the major software vendors just force your hand (subject to what your tolerance for their behavior is, mind). Some years back, I built an HTPC; I started it out as a Hackintosh, but it was too much upkeep, so I switched to Mythbuntu for awhile, but I wanted to play games on it, so I switched to Windows 7, and eventually to Windows 10.
Windows 10's spyware and adware finally wore me down. I bought a new HTPC, and it runs Antergos.
Proprietary firmware and binary blobs remain a pitfall, and I think the coprocessors on the current Intel and AMD chips are going to cause some real security problems in the long term. And that's before we get into phones...
I tried the UBPorts version of Ubuntu Touch a few weeks back. Setup was easy, and I thought its software stack was impressive and stable and actually would have been good enough to work as a daily driver...if only the phone part had worked. LTE didn't work, and I couldn't make calls or send text messages. I asked for help on their forums and got no response. So I switched to LineageOS. But maybe I'll try Ubuntu Touch again when they switch to 16.04.
Lineage still has the binary firmware/drivers and a lot of the other issues common to most versions of Android. But I'm trying it without Gapps and finding I don't miss that stuff much.
I think Ubuntu Touch was a good idea marred by poor decisions (the famous Canonical NIH attitude) and bad timing. I wish the UBports crew the best in turning it into something that's a lot more niche than what Canonical was going for but, ultimately, a decent alternative.
I'm keeping my eye on Plasma Mobile, Sailfish, and LuneOS, too.
It's tedious enough just grinding at the endgame. The last time I played it, I got all the Master Materia; my takeaway from the experience was that it was a gigantic waste of time and I will never do it again. (Maybe just Yellow. That one wasn't so bad.)
What we're talking about here is way, way more tedious.
The web isn't suddenly locked down and all browsers must be closed source now.
No, it's just that all browsers that comply must include closed-source components, and most of the major browsers (all but Firefox AFAIK) have EME enabled by default.
The mandatory online security training we did the first day at GoDaddy actually recommended satisfying the mixed-case/symbols requirements by using an initial capital letter and an ending exclamation point.
Course, Go Daddy is also the company where they fired one of the five guys on my team, didn't replace him, and then the next week started having daily meetings to discuss how our productivity had gone down 20%. Math was not management's strong suit.
I do think there's a problem with our tendency to dumb down complex, subjective reviews into simplified, equally subjective scores.
But what the hell do they think "thumbs up"/"thumbs down" was when Siskel and Ebert were doing it?
Simplifying a critic's review down to a simple "I liked it"/"I didn't like it" isn't new. The only thing that's new is that now we're aggregating those reactions from dozens of critics instead of just two.
(And yeah I'm gonna go out on a limb here and say that if you could somehow magic Rotten Tomatoes out of existence, the result would not be Pirates of the Carribean 5 and Baywatch: The Movie instantly becoming massive successes.)
Right, #6 pretty much sums it up. The thing about any form of passive media is that it has to come with the decryption keys. Obfuscate all you want, but the only way playback works is *if you are giving the end user the means to copy it into memory, in the clear*. You can hide the keys, but eventually somebody's going to find them.
The only situation in which I can foresee DRM ever truly working is with software that runs entirely on the server side: basically, the user is running a client program that accepts inputs from the client and audio and video from the server. The software is never loaded, even partially, into the end user's memory; all the actions are performed on the server. Under *those* circumstances, you can prevent a user from making a local copy of the software and cracking any protection measures on it.
But that only goes for interactive software. For any kind of passive media -- movies, music, books, etc. -- the entire work has to be copied into the end user's device's memory. If it can be copied into memory, it can be copied into long-term storage, and if you include the decryption keys, someone's going to find them and distribute them.
Slashdot Mirror
https://xkcd.com/1357/
It seems to me that you're the one who doesn't understand what free speech is about. The First Amendment applies to government action.
The government is forbidden from arresting people for writing offensive blog posts. But private companies are not required to provide domain name service to them.
I do too.
And I defend Google's right to choose whether or not to do business with them.
And are you under the impression that GoDaddy is "blatant radical left-wing peecee" too?
This is, potentially, a good argument for some sort of common-carrier regulation of DNS providers (which is, of course, what we're talking about). But I can't see applying it to, say, hosting providers or private forums.
That's their excuse, but nah, incitement has a very narrow legal definition. There's a good article at Ars that quotes a couple of free speech lawyers:
Define your terms.
Who's "we", what's "let", and what's "whatever they want"?
Most kinds of speech are protected. Private individuals and entities are free to respond to speech they don't like with free speech of their own, whether that's a reasoned criticism, childish name-calling, boycotts, or, as in this case, telling their customers that they don't want their business. They're not free to respond with violence or other illegal behavior.
Some forms of speech aren't protected. Those are the forms that the government is allowed to punish.
One: You're conflating government restrictions with private companies exercising their right to free association.
Two: You're ignoring that there are several categories of speech that are not protected by the First Amendment. (That's probably fair under these circumstances, though, as we're not talking about defamation or true threats here, we are talking about protected speech.)
Google is not a public utility.
Yes, and you know what limits your customers? Getting your brand associated with nazis.
Yes, but remembering one secure password is a lot easier than remembering fifty.
As far as I know, yes, though using a sync solution like Dropbox shouldn't be a problem if your password table is properly encrypted. (Especially if there's a separate keyfile that you don't include on shared storage and instead copy to every client device manually.)
I sync my password file using an Owncloud instance that's only accessible from my LAN. It's not the most convenient solution, but it's secure enough that I'm confident I'm safe unless a sophisticated attacker targets me personally. And password complexity isn't about protecting you from a sophisticated, targeted attack, it's about protecting you against brute-force attacks.
Comparing against a blacklist of common passwords, and having a few modest length requirements (and maybe an entropy counter), are good rules. I'm not convinced that complexity rules are.
I used to work at GoDaddy. The security tutorial I had to pass on my first day actually recommended satisfying the "mixed-case/symbol" requirement by starting with an initial capital letter and ending with an exclamation point -- in other words, reducing a six-character password with mixed case and special characters to exactly the same complexity as a five-character, all-lowercase password.
That's a dumb damn thing for a security tutorial to advise users to do, but in its defense, even if it didn't, users would just do that anyway.
Requiring mixed-case passwords may prevent users from using password, but it just means they're going to switch to Password. Require numbers? Then it'll be Password1. Require symbols? Password1!. And so on.
Meanwhile, complexity rules interfere with actual secure passwords. I once had a site reject K"Nb\:uO` as too weak but accept P@55w0rd without issue. And who can blame it? Just look how secure P@55w0rd is. It's got mixed-case, numbers, and a symbol. Not like K"Nb\:uO`. Look at it. No numbers anywhere!
Algorithms for determining password strength are uniformly terrible, too. I once set up an account in Plesk and it rejected K"Nb\:uO` as too weak but accepted P@55w0rd without complaint.
As far as I've observed in Android, autocomplete doesn't work on password prompts. This is one of those things that seems like a good idea but isn't, because it discourages passphrases made up of common English words.
Now, some autocomplete features -- like training the keyboard to predict the next word based on commonly-used combinations -- shouldn't work in password prompts, obviously. But just being able to predict a common word based on the first couple of characters (or swiping) should.
I'm neither a lawyer nor a Californian, but I read Popehat, and Ken White frequently describes California's anti-SLAPP statute as "robust".
Perens will, presumably, file for dismissal on the grounds that his remarks were protected opinion supported by cited facts.
I know the headline is Fox News's and not yours, but it really should be "delayed", past tense, not "delaying". The article is talking about the delays the show has already experienced, not a new delay. The show is still scheduled to premier on September 24, as the closing graf makes clear.
Now that modals are behaving exactly like popups, they should be treated like popups: if they're triggered by anything other than user action, they get blocked. (Look for functions that create elements with a fixed position and a high z-index.)
And I want my mobile browser to give me the option to ignore position: fixed. There is not enough room on my fucking screen for a site to overlay a navbar, social buttons, etc. on top of the content. (Firefox's Reader button is great but doesn't work everywhere.)
There are a lot of different variables at work.
I don't have the kind of free time I used to, but fortunately Linux doesn't take nearly as much of my free time to run as it used to. I worked with Slackware and Gentoo when I was younger; now I run OpenSUSE Leap and GalliumOS (an Xubuntu derivative).
And sometimes, the major software vendors just force your hand (subject to what your tolerance for their behavior is, mind). Some years back, I built an HTPC; I started it out as a Hackintosh, but it was too much upkeep, so I switched to Mythbuntu for awhile, but I wanted to play games on it, so I switched to Windows 7, and eventually to Windows 10.
Windows 10's spyware and adware finally wore me down. I bought a new HTPC, and it runs Antergos.
Proprietary firmware and binary blobs remain a pitfall, and I think the coprocessors on the current Intel and AMD chips are going to cause some real security problems in the long term. And that's before we get into phones...
I tried the UBPorts version of Ubuntu Touch a few weeks back. Setup was easy, and I thought its software stack was impressive and stable and actually would have been good enough to work as a daily driver...if only the phone part had worked. LTE didn't work, and I couldn't make calls or send text messages. I asked for help on their forums and got no response. So I switched to LineageOS. But maybe I'll try Ubuntu Touch again when they switch to 16.04.
Lineage still has the binary firmware/drivers and a lot of the other issues common to most versions of Android. But I'm trying it without Gapps and finding I don't miss that stuff much.
I think Ubuntu Touch was a good idea marred by poor decisions (the famous Canonical NIH attitude) and bad timing. I wish the UBports crew the best in turning it into something that's a lot more niche than what Canonical was going for but, ultimately, a decent alternative.
I'm keeping my eye on Plasma Mobile, Sailfish, and LuneOS, too.
C'mon, man, even Ned Flanders once let Todd by some red hots with a cartoon devil on the box.
I don't think "despite" is the correct word.
It's tedious enough just grinding at the endgame. The last time I played it, I got all the Master Materia; my takeaway from the experience was that it was a gigantic waste of time and I will never do it again. (Maybe just Yellow. That one wasn't so bad.)
What we're talking about here is way, way more tedious.
...if I don't have Gapps installed?
No, it's just that all browsers that comply must include closed-source components, and most of the major browsers (all but Firefox AFAIK) have EME enabled by default.
is Apple doomed, or will it be the Year of the Linux Desktop?
The mandatory online security training we did the first day at GoDaddy actually recommended satisfying the mixed-case/symbols requirements by using an initial capital letter and an ending exclamation point.
Course, Go Daddy is also the company where they fired one of the five guys on my team, didn't replace him, and then the next week started having daily meetings to discuss how our productivity had gone down 20%. Math was not management's strong suit.
I do think there's a problem with our tendency to dumb down complex, subjective reviews into simplified, equally subjective scores.
But what the hell do they think "thumbs up"/"thumbs down" was when Siskel and Ebert were doing it?
Simplifying a critic's review down to a simple "I liked it"/"I didn't like it" isn't new. The only thing that's new is that now we're aggregating those reactions from dozens of critics instead of just two.
(And yeah I'm gonna go out on a limb here and say that if you could somehow magic Rotten Tomatoes out of existence, the result would not be Pirates of the Carribean 5 and Baywatch: The Movie instantly becoming massive successes.)
Right, #6 pretty much sums it up. The thing about any form of passive media is that it has to come with the decryption keys. Obfuscate all you want, but the only way playback works is *if you are giving the end user the means to copy it into memory, in the clear*. You can hide the keys, but eventually somebody's going to find them.
The only situation in which I can foresee DRM ever truly working is with software that runs entirely on the server side: basically, the user is running a client program that accepts inputs from the client and audio and video from the server. The software is never loaded, even partially, into the end user's memory; all the actions are performed on the server. Under *those* circumstances, you can prevent a user from making a local copy of the software and cracking any protection measures on it.
But that only goes for interactive software. For any kind of passive media -- movies, music, books, etc. -- the entire work has to be copied into the end user's device's memory. If it can be copied into memory, it can be copied into long-term storage, and if you include the decryption keys, someone's going to find them and distribute them.