Is this what people want? I mean, I know a lot of people like their wireless ones... but I prefer wired. I hate charging the stupid things. I hate pairing the stupid things. I like just being able plug them in and go. I like that by being plugged in the headphones stay with the phone; and don't get left behind. I like that they are cheap and easy to replace.
Plus I still occasionally connect it to aux inputs and such in cars. My daughter uses headphones with her iphone all the time. Everyone i know has wired headsets and headphones... only a handful prefer wireless/bluetooth solutions.
Because leaving stuff that is incompatible is a good idea?
When you try to rollback, these programs do not get reinstalled
Oh noes. I have to reinstall CPUZ myself. Meanwhile your ios device once rolled forward... never goes back. But we're busy hating on microsoft here so we'll give that a pass.
In some cases such as Microsoft's own Media Center, once its been removed, its been removed forever.
That's actually interesting. Cite? I found several articles that discussed reinstalling Media Center after it was uninstalled; so that's possible. I didn't see anything specifically addressing the rollback from windows 10 scenario though... so as I said... Cite?
All I could find when i tried searchingwere articles on how to get it installed and running on Windows 10... which apparently is quite easy to do...if you wanted it... which is itself sort of a weird thing for someone called msoftsucks to want... i'd think if you were using windows at all, you'd be on kodi or something.
Yes, that is quite annoying. It happens a lot less often in windows 10 with the improvements to the notification area that doesn't steal the focus when notifications popup.
Its one of the (many) actual improvements in Windows 10.*
If Microsoft would pull its head out of its ass and let 10 sell it self it would. All the negative word of mouth about 10 are connected to the telemetry being forced on, and the windows updates from 7/8 being obnoxious.
The part where I know family members who have to cancel their unwanted ios update every single day? Or the part where I sourced that article that shows that 4 ridiculous workarounds?
At least there are easy 3rd party apps one can use with windows to shut it up, or one can turn off windows updates entirely.
If you take this route, get used to pressing Later and Remind Me Later repeatedly, as in 24 hours you'll be asked about it again. And 24 hours later, again. And another 24 hours later, you can go through the process yet again, until you either give in or move along with another of the options below.
That was option 1. The other options are even more awesome.
Option 2: delete update and avoid wifi forever.
This deletes the available iOS update which stops the iOS update from popping up every day, however, the moment you're on a sustained wi-fi connection for a while the iOS update will download itself again automatically and start sending pop-ups to install it again.
Option 3: Accept the update.
Avoid the upgrade reminders by accepting the update. yay solution!
Option 4: Block the update domains on your firewall.
Of course this means blocking all updates for all apple devices on the LAN... and only works while you are at home; so hardly a solution at all really.
First off, your off topic. This article has nothing do with Apple.
He's commenting on the heavy, biased, and relative over-reporting of the Microsoft windows 10 upgrade push issue while any one else who does it is given a free pass.
Apple is just an example.My mom's ipad nags her to upgrade every single day. Where are the stories that apple is pushing unwanted upgrades with no way to shut them off?
It wrong with Apple does it and it's wrong when Microsoft does it.
Quite. But it's apparently only newsworthy when Microsoft does it?
That said, what Microsoft is doing would be the equivalent of installing the update when you hit no/cancel in your iPad.
Its really not.
Suppose Adobe flash pops up and says it will complete the flash upgrade install when you reboot your PC. with a single button that says: "OK"
Clicking the window corner close-window "X" or even hitting "Alt-F4"... only an idiot would think these actions some how would ever "Cancel" the flash upgrade next time it the computer reboots. That's not how it works, and everybody with half a brain knows that's not how it works. Expecting doing that to cancel windows 10 upgrade is just... silly. Spilling a bunch of ink over it is even sillier.
Complain rightfully that Microsoft is being aggressive, belligerent, and ought to stop, or even be sanctioned... but there's no reason to imagine nonsense about the X button, which is doing exactly what its always done: dismiss the window. Whether or not it cancels the action... some times it does, other times it doesn't...it depends. You can't assume it's cancelled and there are countless examples where dismissing a notification window doesn't cancel...
Here's another... If outlook pops up a window saying you have a meeting in an hour, and you click the 'x' in the corner, or alt-f4 outlook... it doesn't cancel the meeting.
All you did was dismiss the window. Spilling ink with headlines like "clicking X on outlook notifications doesn't cancel the event! waaaaahhhh!" is just silly.
For one thing, they'd need a time machine to travel into the future to the moment when the text is pasted to see which application is on the receiving end so the copying application and the operating can do their filtering job, and secondly there is no way that any application writer can foresee all possible troublesome situations
I don't care that it can't foresee all possible troublesome situations, you are raising the bar to absurd levels.
The browser should be responsible for sanitizing what goes into the clipboard to the best of its ability.
I also note that so far you have given no concrete suggestions on how to go about your solution.
Except I did exactly that. Numerous times in numerous posts now.
1) Plaintext only from the browser to the clipboard by default. If the destination app can be tripped up by plaintext that's on the destination app - we can't solve everything unless we unplug the computer and take the battery out. But we can eliminate a lot of attack vectors by only supporting plaintext by default.
2) What is selected by the user only to the clipboard, to within its best ability -- so no firing a copy event to allow javascript to append shit to the selection. And make a browser best effort to exclude that which cannot be seen -- if the 'selection' can't be scrolled to and isn't visibly rendered, then it doesn't go. There are some issues. By default -- err on the side of caution.
3) If the user wants to copy and image, they have to use the copy image right click menu or a 'snipping tool' by default.
Scenario 1... Scenario 2...
4) At the OS level when pasting things FROM an the browser, a preview should be displayed that has to be approved before it's passed to the destination app. So the user can see and even edit the plaintext they are about to paste regardless of what app it goes to.
Make this customizable; make it intelligent. I've got a dozen ideas-- whitelisting apps, greylisting apps -- pasting plaintext to Word is safe... to cmd.com; terminal.app; RStudio.exe etc... is not safe. etc. Yes you won't know about every app... etc. But defaulting to 'unsafe - requires preview' and whitelisting the 1000 most common apps that are safe out of the box would make it pretty innocuous. Users could whitelist apps as needed... it could be managed online "antivirus style" where the default clipboard handler for apps are subscribed to...
I read your post, and i see a defeatist attitude. IF you can't easily do it perfectly then throw your hands up and walk away. Mitigated in nearly all cases is easily achievable. There simply aren't THAT many command/terminal applications in common usage. Get the most common 100 and its probably mitigated to the point of being worthless to even try to exploit.
Your argument fails for the same reason ActiveX was an atrocity. As long as everybody ELSE does their job properly activeX was fine. But reality doesn't work like that and ActiveX was a horrible security mess as a result.
The operating system and the browser need to take ownership of the problem and ensure the clipboard is safe.
The web should be assumed hostile by default. The browser runs in a sandbox by default, and everything coming out of it needs to be carefully screened and sanitized at the point it comes out of the browser. That means the copy from the browser INTO the clipboard needs to be as sane as possible.
Yes, it can't catch everything; but it should be designed to minimize the possibility of anything unwanted coming out of the browser.
Yes you are right, that every application that accepts input should sanitize it. But its not realistic, and its not responsible.
People will earn good wages designing and building those robots, and maintaining them, and programming them, and so on.
If these people could be getting good wages designing and building robots... what are they doing working at mcdonalds in the first place?
Yes, some people will earn good wages doing robotics. But probably not these people. What is your plan for them exactly?
Or do you think the 55 year old Filipino immigrant with weak english skills working the fryer during the noon lunch rush is a candidate for robotics? Programming robots? Get real.
What about the 17 year old student doing fries at 8pm? Maybe one day... but not today.
"Either a position is automatable, or it is not". Well said.
The robot, being new technology, is still rapidly coming down in price. Even if the break-even point isn't today, it WILL be tomorrow. And a few years after that not using a robot will be finanicially idiotic.
" Basically, automating that position will either be super-cheap or super-expensive."
No, you had it right the first time. Either a position is automatable or it is not. If it can be automatable it will be cost effective sooner or later.
Its disingenuous to tie it to the current debate over moving the minimum wage back up to a living wage.
Yes.
But not completely. It moves the line. Sure it only moves it forward or backward a few years, but it does move the line. And moving it back a few years to ease a transition is worthwhile... assuming anyone had any interest in figuring out a transition strategy.
That seems a rather drastic solution for working around a very, very minor problem in the first place.
Clipboard attacks could do all sorts of nastiness. What if they used javascript to dynamically attach a media container with a malicious file, knowing that you are pasting it into word or excel or something which will activate that container outside of the browser sandbox.
For one thing, if you run Windows none of this is a problem, so 99% of the worlds' population is already safe by default...
Because there is no command prompt in windows? And there aren't any sites on the web where you might be instructed to open a command prompt and copy/paste a bit of script... to clean up a virus infection, or disable telemetry, or whatever.
There's aren't any sites on the web where admins are given snippets of powershell to copy and paste... to setup some feature of hyper-v server; configure some firewall rules, or whatever.
There aren't any sites on the web where programmers are copy and pasting bits of script and code to tools like R Studio? Or an interactive shell for ruby, python, javascript.
Not to mention the ability to craft malicious content and tack it onto to the clipboard that can crash office suites, etc. (sneak in a deliberately corrupt embedded image, or media container...)
Actually the browsers need to be updated to fix this.
The Javascript oncopy event maybe shouldn't even be fired by default on untrusted sites.
The default copy to clipboard action should ignore hidden divs, inline spans to offscreen locations, etc.
The default copy to clipboard action should perhaps ignore html/css entirely and just copy selected plaintext. Because I can see other vectors for attack, not just the terminal.
, which is as much of an intrusion as a guy walking into an open store to buy something and being overheard by the sales clerk.
Yup, because when I walk into the grocery store, talking about video cards, and the clerk overhears me he quickly jots down my name, and what i was talking about and then support staff scurry about the store erecting signs for video cards next to the peaches, bread, and frozen yogurt aisles.
Wait... no... that never happens. So maybe some random clerk overhearing me at the store; where 99% of the time it goes in one ear and out the next and the company as a whole never acts on it at all is actually ENTIRELY different from a system that automatically and systematically notes what is said and advertises to you based on what you said as part of its corporate strategy.
Apparently you lot that hate Apple talk more about them than the fans do.
I'd say that most of the people complaining here are using apple and are frustrated that the the macbook pro has become steadily less useful for doing anything a pro would like to do with it.
I still like my early 2015 macbook pro; it runs faster and cooler than my old one, and the battery lasts longer. But I sorely miss the ethernet port. The fact that it is lighter and thinner, though was of no value. I'd gladly have bought it thicker and heavier with an ethernet port and even more battery life.
And what do they do this generation? Lighter and thinner again. They already have a macbook air for people who have made that their top priority. But other people have other priorities, and right now Apple only caters to exactly one group.
I'm not married to OSX. I use a windows desktop (in large part because apple doesn't make a single one worth owning.) Yeah, I game with it, but I'd have bought an apple and used bootcamp for when i felt like gaming if they actually made a desktop worth owning. I like the build quality of the macbook pro... and i like having at least one OSX device aruond to keep my hand in OSX; but the device is becoming steadily less than what I want from a laptop with each iteration. I don't want finger print id. I dont' want lighter and thinner again. I do want actual function keys. And I still want my ethernet port back.
billions in the bank... maybe its time for them to introduce a new line of laptops, you know for pro/power users. And just rename the current pro the macbook air+ or something.
If I find a way into your house, get in and walk around and don't damage anything, that's no harm either right? If I pick your lock because it wasn't very good, what's wrong with leaving you a note on your fridge? What's wrong with trespassing?
And what if you do harm? What if your 'hack' does damage the data, whether you intended to or not? You can't know for certain you won't crash the system or corrupt data.
If you hack in and accidentally wipe my server, then you are liable.
I don't tolerate good Samaritans wandering around in my kitchen either, whether they wreck the place or not is beside the point. They don't belong in my kitchen, and they aren't welcome.
You seem hung up on this notion that a 'hack' can't or won't do damage unless you intend it too, and that's plainly wrong. Sooner or later you are going to crash a system, corrupt some data, or worse whether you intend to or not. And that's real actual harm you are causing to stuff that simply doesn't belong to you.
Meanwhile, like the stranger in my kitchen, you are simply unwelcome. You shouldn't be there. Legally you are not allowed to be.
I agree that 'harmless' trespassing is a lesser crime than breaking and entering followed by arson. And the electronic equivalents should be similarly structured. But I don't agree that it should be legal.
Additionally, you compared hacking a server with rape
Not exactly. I compared pen testing a server with testing the security of a rape whistle; where in either case the target wasn't notified. However, nobody was going to actually get raped. So at worst it was a rape threat, which I agree is still pretty bad -- but remember, it was for a good cause, for their own good even. I was just making sure their rape whistle worked. But if picking a lock and rummaging around in my kitchen is a better analagy, I'm fine with that too.
Where amazon was paying paramedics to pick people up after they collapsed rather than fix or address the root problems...
I'm still not going to go as far as to say it compares with plantation slavery; but the conditions amazon was imposing were WAY out of line; and there was real basis for the comparison:
Amazon 'modern warehouses', where you are worked until you collapse.
I don't think you understand software, nor does the government. No one gets hurt with white hat hacking.
No one got hurt in my rape whistle scenario either. That was part of my point. It was a just a "white-hat" test to see if the rape whistle was going to work.
Everyone doing white-hat external security audits knows that you need permission to do it up front. That consent is what transforms it from a 'an illegal criminal activity' to a 'legitimate service'.
Comparing it to rape is like comparing a snow cone to a blizzard.
Except nobody got raped, or was ever at risk of being raped. Don't you see my hat! Its WHITE! I'm here to help! I'm not going to actually hurt you.
External security audits are the best way to find vulnerabilities, and when the results are given to you for free, it's even better.
That's what I tried to explain to the women I was accosting after they called the police on me. This is for your own good! Don't you want to know how well your rape whistle works? This is the best way to find out. I'm doing you a favor... you should be grateful I'm doing this for free. I wasn't going to hurt you or anything... it was just a test. Nobody got hurt! Why am I going to jail?
Hacking systems, even with good intent, can lead to service outages, system downtime, etc. And by its very nature is a form of trespass and break in. I don't care what your intentions are whether you are electronically slinking around in my networks, or physically slinking around my home looking for ways in. And you are doing it without my permission... you shouldn't be doing it, and it should be (and is) illegal.
And what do you call conflating red-tape procedure with criminal law?
You can't try to assault a woman wearing a rape whistle, just to find out if it works or not. Claiming after the fact that you weren't really going to actually rape her even if nobody came to her rescue isn't going to fly.
You want to test the efficacy of rape whistles, or bank security, or anything else that's fine, but the methodology needs to be legal. That's not bureaucratic red tape; that's just common sense.
The DOE "money" was a loan guarantee and you'd have to be a fucking moron to think a Loan guarantee involves the expenditure of a single dollar.
It most certainly can. If you gaurantee someone elses loan, and they don't pay, it involves the expenditure of a lot of your dollars.
Why is the DOE gauranteeing these loans? If there is no risk of default, and the companies fronting the money are good for it... they wouldn't need a loan gaurantee. Typically loan gaurantors are only necessary when the lender feels there is a significant likelihood that the loans won't get paid, and it wants someone else with money on the hook to go after if/when that happens.
This is literally a case of privatising the reward while pushing the risk on the public. IF the venture succeeds the investors get to reap the rewards, if the venture fails, the investors flee and the public (DOE) is left holding the bag.
Sweet deal if you can get it. Best case the DOE (public) get nothing; worst case we pay for everything and still get nothing.
I should be able to do my due diligence that this third party is actually doing its job.
Your due diligence doesn't entitle you to break the law, or attempt to break in, or gain fraudulent access to the safety deposit boxes.
Instead get them to produce reports by a security audit services company they pay to audit their security.
If the reports do not satisfy you, and you are a big enough fish, you can insist they hire the auditor of your choice, at your expense, or perhaps your a big enough fish to demand they even do it at their expense. Being a big fish opens a lot options.
If you aren't a big enough fish, you can go find another bank that's has something in place you are satisfied with.
"But I think he was unduly arrogant, didn't understand the limitations of his own knowledge and basically decided to usurp the authority of a democracy"
That argument fails basic logic.
Because of Snowden we know the NSA routinely misled and outright lied to the democracy it was supposedly acting under the authority of?
The "authority of the democracy" had been thoroughly undermined by the NSA. Snowden brought this fact to light.
Slashdot Mirror
"and the headphone jack will be removed"
Is this what people want? I mean, I know a lot of people like their wireless ones... but I prefer wired. I hate charging the stupid things. I hate pairing the stupid things. I like just being able plug them in and go. I like that by being plugged in the headphones stay with the phone; and don't get left behind. I like that they are cheap and easy to replace.
Plus I still occasionally connect it to aux inputs and such in cars. My daughter uses headphones with her iphone all the time. Everyone i know has wired headsets and headphones... only a handful prefer wireless/bluetooth solutions.
it auto uninstalls quite a few programs
Because leaving stuff that is incompatible is a good idea?
When you try to rollback, these programs do not get reinstalled
Oh noes. I have to reinstall CPUZ myself. Meanwhile your ios device once rolled forward... never goes back. But we're busy hating on microsoft here so we'll give that a pass.
In some cases such as Microsoft's own Media Center, once its been removed, its been removed forever.
That's actually interesting. Cite?
I found several articles that discussed reinstalling Media Center after it was uninstalled; so that's possible. I didn't see anything specifically addressing the rollback from windows 10 scenario though... so as I said... Cite?
All I could find when i tried searchingwere articles on how to get it installed and running on Windows 10... which apparently is quite easy to do...if you wanted it... which is itself sort of a weird thing for someone called msoftsucks to want... i'd think if you were using windows at all, you'd be on kodi or something.
No, it really isn't the same thing at all.
On the other hand, Microsoft makes it easy to roll back to your existing version of windows after you update; good luck doing that with Apple.
Yes, that is quite annoying. It happens a lot less often in windows 10 with the improvements to the notification area that doesn't steal the focus when notifications popup.
Its one of the (many) actual improvements in Windows 10.*
If Microsoft would pull its head out of its ass and let 10 sell it self it would. All the negative word of mouth about 10 are connected to the telemetry being forced on, and the windows updates from 7/8 being obnoxious.
Which part is the lie "macs4all" ?
The part where I know family members who have to cancel their unwanted ios update every single day? Or the part where I sourced that article that shows that 4 ridiculous workarounds?
At least there are easy 3rd party apps one can use with windows to shut it up, or one can turn off windows updates entirely.
Neither is an option with ios.
http://osxdaily.com/2016/01/04...
Option 1: Punt the iOS Update for 24 Hours
If you take this route, get used to pressing Later and Remind Me Later repeatedly, as in 24 hours you'll be asked about it again. And 24 hours later, again. And another 24 hours later, you can go through the process yet again, until you either give in or move along with another of the options below.
That was option 1. The other options are even more awesome.
Option 2: delete update and avoid wifi forever.
This deletes the available iOS update which stops the iOS update from popping up every day, however, the moment you're on a sustained wi-fi connection for a while the iOS update will download itself again automatically and start sending pop-ups to install it again.
Option 3: Accept the update.
Avoid the upgrade reminders by accepting the update. yay solution!
Option 4: Block the update domains on your firewall.
Of course this means blocking all updates for all apple devices on the LAN... and only works while you are at home; so hardly a solution at all really.
This is just as shite as Microsoft, if not worse.
First off, your off topic. This article has nothing do with Apple.
He's commenting on the heavy, biased, and relative over-reporting of the Microsoft windows 10 upgrade push issue while any one else who does it is given a free pass.
Apple is just an example.My mom's ipad nags her to upgrade every single day. Where are the stories that apple is pushing unwanted upgrades with no way to shut them off?
It wrong with Apple does it and it's wrong when Microsoft does it.
Quite. But it's apparently only newsworthy when Microsoft does it?
That said, what Microsoft is doing would be the equivalent of installing the update when you hit no/cancel in your iPad.
Its really not.
Suppose Adobe flash pops up and says it will complete the flash upgrade install when you reboot your PC. with a single button that says: "OK"
Clicking the window corner close-window "X" or even hitting "Alt-F4"... only an idiot would think these actions some how would ever "Cancel" the flash upgrade next time it the computer reboots. That's not how it works, and everybody with half a brain knows that's not how it works. Expecting doing that to cancel windows 10 upgrade is just... silly. Spilling a bunch of ink over it is even sillier.
Complain rightfully that Microsoft is being aggressive, belligerent, and ought to stop, or even be sanctioned... but there's no reason to imagine nonsense about the X button, which is doing exactly what its always done: dismiss the window. Whether or not it cancels the action... some times it does, other times it doesn't...it depends. You can't assume it's cancelled and there are countless examples where dismissing a notification window doesn't cancel...
Here's another... If outlook pops up a window saying you have a meeting in an hour, and you click the 'x' in the corner, or alt-f4 outlook... it doesn't cancel the meeting.
All you did was dismiss the window. Spilling ink with headlines like "clicking X on outlook notifications doesn't cancel the event! waaaaahhhh!" is just silly.
For one thing, they'd need a time machine to travel into the future to the moment when the text is pasted to see which application is on the receiving end so the copying application and the operating can do their filtering job, and secondly there is no way that any application writer can foresee all possible troublesome situations
I don't care that it can't foresee all possible troublesome situations, you are raising the bar to absurd levels.
The browser should be responsible for sanitizing what goes into the clipboard to the best of its ability.
I also note that so far you have given no concrete suggestions on how to go about your solution.
Except I did exactly that. Numerous times in numerous posts now.
1) Plaintext only from the browser to the clipboard by default. If the destination app can be tripped up by plaintext that's on the destination app - we can't solve everything unless we unplug the computer and take the battery out. But we can eliminate a lot of attack vectors by only supporting plaintext by default.
2) What is selected by the user only to the clipboard, to within its best ability -- so no firing a copy event to allow javascript to append shit to the selection. And make a browser best effort to exclude that which cannot be seen -- if the 'selection' can't be scrolled to and isn't visibly rendered, then it doesn't go. There are some issues. By default -- err on the side of caution.
3) If the user wants to copy and image, they have to use the copy image right click menu or a 'snipping tool' by default.
Scenario 1... Scenario 2...
4) At the OS level when pasting things FROM an the browser, a preview should be displayed that has to be approved before it's passed to the destination app. So the user can see and even edit the plaintext they are about to paste regardless of what app it goes to.
Make this customizable; make it intelligent. I've got a dozen ideas-- whitelisting apps, greylisting apps -- pasting plaintext to Word is safe... to cmd.com; terminal.app; RStudio.exe etc ... is not safe. etc. Yes you won't know about every app ... etc. But defaulting to 'unsafe - requires preview' and whitelisting the 1000 most common apps that are safe out of the box would make it pretty innocuous. Users could whitelist apps as needed... it could be managed online "antivirus style" where the default clipboard handler for apps are subscribed to...
I read your post, and i see a defeatist attitude. IF you can't easily do it perfectly then throw your hands up and walk away. Mitigated in nearly all cases is easily achievable. There simply aren't THAT many command/terminal applications in common usage. Get the most common 100 and its probably mitigated to the point of being worthless to even try to exploit.
Perfect is the enemy of good.
Read your post again.
Your argument fails for the same reason ActiveX was an atrocity. As long as everybody ELSE does their job properly activeX was fine. But reality doesn't work like that and ActiveX was a horrible security mess as a result.
The operating system and the browser need to take ownership of the problem and ensure the clipboard is safe.
The web should be assumed hostile by default. The browser runs in a sandbox by default, and everything coming out of it needs to be carefully screened and sanitized at the point it comes out of the browser. That means the copy from the browser INTO the clipboard needs to be as sane as possible.
Yes, it can't catch everything; but it should be designed to minimize the possibility of anything unwanted coming out of the browser.
Yes you are right, that every application that accepts input should sanitize it. But its not realistic, and its not responsible.
People will earn good wages designing and building those robots, and maintaining them, and programming them, and so on.
If these people could be getting good wages designing and building robots... what are they doing working at mcdonalds in the first place?
Yes, some people will earn good wages doing robotics. But probably not these people. What is your plan for them exactly?
Or do you think the 55 year old Filipino immigrant with weak english skills working the fryer during the noon lunch rush is a candidate for robotics? Programming robots? Get real.
What about the 17 year old student doing fries at 8pm? Maybe one day ... but not today.
"Either a position is automatable, or it is not". Well said.
The robot, being new technology, is still rapidly coming down in price. Even if the break-even point isn't today, it WILL be tomorrow. And a few years after that not using a robot will be finanicially idiotic.
" Basically, automating that position will either be super-cheap or super-expensive."
No, you had it right the first time. Either a position is automatable or it is not. If it can be automatable it will be cost effective sooner or later.
Its disingenuous to tie it to the current debate over moving the minimum wage back up to a living wage.
Yes.
But not completely. It moves the line. Sure it only moves it forward or backward a few years, but it does move the line. And moving it back a few years to ease a transition is worthwhile... assuming anyone had any interest in figuring out a transition strategy.
That seems a rather drastic solution for working around a very, very minor problem in the first place.
Clipboard attacks could do all sorts of nastiness. What if they used javascript to dynamically attach a media container with a malicious file, knowing that you are pasting it into word or excel or something which will activate that container outside of the browser sandbox.
For one thing, if you run Windows none of this is a problem, so 99% of the worlds' population is already safe by default...
Because there is no command prompt in windows? And there aren't any sites on the web where you might be instructed to open a command prompt and copy/paste a bit of script... to clean up a virus infection, or disable telemetry, or whatever.
There's aren't any sites on the web where admins are given snippets of powershell to copy and paste ... to setup some feature of hyper-v server; configure some firewall rules, or whatever.
There aren't any sites on the web where programmers are copy and pasting bits of script and code to tools like R Studio? Or an interactive shell for ruby, python, javascript.
Not to mention the ability to craft malicious content and tack it onto to the clipboard that can crash office suites, etc. (sneak in a deliberately corrupt embedded image, or media container...)
Actually the browsers need to be updated to fix this.
The Javascript oncopy event maybe shouldn't even be fired by default on untrusted sites.
The default copy to clipboard action should ignore hidden divs, inline spans to offscreen locations, etc.
The default copy to clipboard action should perhaps ignore html/css entirely and just copy selected plaintext. Because I can see other vectors for attack, not just the terminal.
, which is as much of an intrusion as a guy walking into an open store to buy something and being overheard by the sales clerk.
Yup, because when I walk into the grocery store, talking about video cards, and the clerk overhears me he quickly jots down my name, and what i was talking about and then support staff scurry about the store erecting signs for video cards next to the peaches, bread, and frozen yogurt aisles.
Wait... no... that never happens. So maybe some random clerk overhearing me at the store; where 99% of the time it goes in one ear and out the next and the company as a whole never acts on it at all is actually ENTIRELY different from a system that automatically and systematically notes what is said and advertises to you based on what you said as part of its corporate strategy.
This was *always* a mis-feature and it should simply be disabled at the browser level to permanently ignore.
Apparently you lot that hate Apple talk more about them than the fans do.
I'd say that most of the people complaining here are using apple and are frustrated that the the macbook pro has become steadily less useful for doing anything a pro would like to do with it.
I still like my early 2015 macbook pro; it runs faster and cooler than my old one, and the battery lasts longer. But I sorely miss the ethernet port. The fact that it is lighter and thinner, though was of no value. I'd gladly have bought it thicker and heavier with an ethernet port and even more battery life.
And what do they do this generation? Lighter and thinner again. They already have a macbook air for people who have made that their top priority. But other people have other priorities, and right now Apple only caters to exactly one group.
I'm not married to OSX. I use a windows desktop (in large part because apple doesn't make a single one worth owning.) Yeah, I game with it, but I'd have bought an apple and used bootcamp for when i felt like gaming if they actually made a desktop worth owning. I like the build quality of the macbook pro... and i like having at least one OSX device aruond to keep my hand in OSX; but the device is becoming steadily less than what I want from a laptop with each iteration. I don't want finger print id. I dont' want lighter and thinner again. I do want actual function keys. And I still want my ethernet port back.
billions in the bank... maybe its time for them to introduce a new line of laptops, you know for pro/power users. And just rename the current pro the macbook air+ or something.
If you hack in and do no harm
If I find a way into your house, get in and walk around and don't damage anything, that's no harm either right? If I pick your lock because it wasn't very good, what's wrong with leaving you a note on your fridge? What's wrong with trespassing?
And what if you do harm? What if your 'hack' does damage the data, whether you intended to or not? You can't know for certain you won't crash the system or corrupt data.
If you hack in and accidentally wipe my server, then you are liable.
I don't tolerate good Samaritans wandering around in my kitchen either, whether they wreck the place or not is beside the point. They don't belong in my kitchen, and they aren't welcome.
You seem hung up on this notion that a 'hack' can't or won't do damage unless you intend it too, and that's plainly wrong. Sooner or later you are going to crash a system, corrupt some data, or worse whether you intend to or not. And that's real actual harm you are causing to stuff that simply doesn't belong to you.
Meanwhile, like the stranger in my kitchen, you are simply unwelcome. You shouldn't be there. Legally you are not allowed to be.
I agree that 'harmless' trespassing is a lesser crime than breaking and entering followed by arson. And the electronic equivalents should be similarly structured. But I don't agree that it should be legal.
Additionally, you compared hacking a server with rape
Not exactly. I compared pen testing a server with testing the security of a rape whistle; where in either case the target wasn't notified. However, nobody was going to actually get raped. So at worst it was a rape threat, which I agree is still pretty bad -- but remember, it was for a good cause, for their own good even. I was just making sure their rape whistle worked. But if picking a lock and rummaging around in my kitchen is a better analagy, I'm fine with that too.
Working in a modern warehouse
Where amazon was paying paramedics to pick people up after they collapsed rather than fix or address the root problems...
I'm still not going to go as far as to say it compares with plantation slavery; but the conditions amazon was imposing were WAY out of line; and there was real basis for the comparison:
Amazon 'modern warehouses', where you are worked until you collapse.
Hacking into a system and letting the company know about it is good. Hacking into a system and destroying there database is bad
Intending to do the former, still risks doing the latter.
Blindly applying a law without hearing the circumstances of the case is moronic and does not constitute justice.
Agreed. Consideration of Intent absolutely matters for justice. But that still doesn't make it ok.
Bottom line, this is basic property law. Its NOT your property, so if you want to fuck around with it, get permission from the owner first.
What exactly do you disagree with about that statement?
That is a crime.
Hacking into computers that aren't yours is also a crime.
You can even kill someone with a weak heart.
You can inadvertently corrupt a critical database that wasn't being properly backed up and destroy a company.
You are hurting a person
You are causing harm.
The day you can teach a computer to feel fear, I'll change my tune.
Why does the computer itself need to feel fear for you to realize causing harm to it causes harm to the company and the people who own it?
I don't think you understand software, nor does the government. No one gets hurt with white hat hacking.
No one got hurt in my rape whistle scenario either. That was part of my point. It was a just a "white-hat" test to see if the rape whistle was going to work.
Everyone doing white-hat external security audits knows that you need permission to do it up front. That consent is what transforms it from a 'an illegal criminal activity' to a 'legitimate service'.
Comparing it to rape is like comparing a snow cone to a blizzard.
Except nobody got raped, or was ever at risk of being raped. Don't you see my hat! Its WHITE! I'm here to help! I'm not going to actually hurt you.
External security audits are the best way to find vulnerabilities, and when the results are given to you for free, it's even better.
That's what I tried to explain to the women I was accosting after they called the police on me. This is for your own good! Don't you want to know how well your rape whistle works? This is the best way to find out. I'm doing you a favor... you should be grateful I'm doing this for free. I wasn't going to hurt you or anything... it was just a test. Nobody got hurt! Why am I going to jail?
Hacking systems, even with good intent, can lead to service outages, system downtime, etc. And by its very nature is a form of trespass and break in. I don't care what your intentions are whether you are electronically slinking around in my networks, or physically slinking around my home looking for ways in. And you are doing it without my permission... you shouldn't be doing it, and it should be (and is) illegal.
And what do you call conflating red-tape procedure with criminal law?
You can't try to assault a woman wearing a rape whistle, just to find out if it works or not. Claiming after the fact that you weren't really going to actually rape her even if nobody came to her rescue isn't going to fly.
You want to test the efficacy of rape whistles, or bank security, or anything else that's fine, but the methodology needs to be legal. That's not bureaucratic red tape; that's just common sense.
The DOE "money" was a loan guarantee and you'd have to be a fucking moron to think a Loan guarantee involves the expenditure of a single dollar.
It most certainly can. If you gaurantee someone elses loan, and they don't pay, it involves the expenditure of a lot of your dollars.
Why is the DOE gauranteeing these loans? If there is no risk of default, and the companies fronting the money are good for it... they wouldn't need a loan gaurantee. Typically loan gaurantors are only necessary when the lender feels there is a significant likelihood that the loans won't get paid, and it wants someone else with money on the hook to go after if/when that happens.
This is literally a case of privatising the reward while pushing the risk on the public. IF the venture succeeds the investors get to reap the rewards, if the venture fails, the investors flee and the public (DOE) is left holding the bag.
Sweet deal if you can get it. Best case the DOE (public) get nothing; worst case we pay for everything and still get nothing.
I should be able to do my due diligence that this third party is actually doing its job.
Your due diligence doesn't entitle you to break the law, or attempt to break in, or gain fraudulent access to the safety deposit boxes.
Instead get them to produce reports by a security audit services company they pay to audit their security.
If the reports do not satisfy you, and you are a big enough fish, you can insist they hire the auditor of your choice, at your expense, or perhaps your a big enough fish to demand they even do it at their expense. Being a big fish opens a lot options.
If you aren't a big enough fish, you can go find another bank that's has something in place you are satisfied with.
"But I think he was unduly arrogant, didn't understand the limitations of his own knowledge and basically decided to usurp the authority of a democracy"
That argument fails basic logic.
Because of Snowden we know the NSA routinely misled and outright lied to the democracy it was supposedly acting under the authority of?
The "authority of the democracy" had been thoroughly undermined by the NSA. Snowden brought this fact to light.