What are the options, then?

1. 1. A small handful of individuals who manage to work things out in an amicable way amongst themselves.
2. 2. A project headed by a benevolent dictator for life (e.g. Slackware).
3. 3. A governance model that is not dependent on a BDFL, and can scale better than "a small handful of individuals".

Even though option 2 works well for some projects, it's not always ideal. This doesn't seem to be a problem with a simple solution (and it probably doesn't help that not many techies are great at politics).

According to WaPo, she claims that this iPhone video was taken in September 2013, and not related to the alleged December 2012 incident. It looks like crooksandliars jumped the gun here.

The rather blatent Dancing with the Stars episode playing in the background may have even been intentional to provide additional credence to the video (the timing is dead on with her claim).

That's not to say she's not otherwise mistaken (or outright dishonest), but this isn't the smoking gun you're looking for.

Maybe, but this has been argued to death, no need for a repeat.

First, if you're going to have that crap on your tablet
First, if you're going to have that crap on your laptop
First, if you're going to have that crap on your home PC
First, if you're going to have that crap in your car
First, if you're going to have that crap in your home

Is that really what you're implying?!? Without more context, it's hard to tell if you're uninformed or just trollin.

Microsoft isn't doing the same thing, though. You're right that the (real) hotmai.com site does redirect to outlook.com, however it doesn't have a certificate, nor does it even have https enabled.

Furthermore, the packet capture shows that whoever created it was trying to visit "login.live.com" (it's in the SNI field of the SSL Client Hello message), and so the server should have responded with a cert for that domain, not for hotmail.com nor hotmai.com.

I'll stick by my interpretation that this was amateurish, I just don't know if it was intentionally so.

Just an FYI... I've no reason to disbelieve the story, but it would be simple to fake the evidence presented...

I also wonder why the hotmail.com certificate was mistakenly created for the hotmai.com domain... that seems rather amateurish for a nation state. (Of course, perhaps plausible deniability is the reason.)

Regardless of whether or not it's fake, it does serve to point out the intentional flaws of Qihoo’s Chinese 360 "Secure Browser" pointed out by Rosyna above -- certainly a good thing to publicize.

:-) Very nice pun there, thanks for that.

Oops, missed a "print" in there, but you get the point.

This also affects other scripting languages executed via CGI if the code spawns a shell, e.g.:

#!/bin/perl

`cat header.html`

It doesn't necessarily affect scripting languages executed via other means, e.g. mod_*

I do believe that's called an iSmack.

A "zero-knowledge" service provider (allegedly) has no access to most of the digital assets stored by their service (e.g. LastPass, SpiderOak, etc.). They store encrypted blobs of data on your behalf, and send you these encrypted blobs at your request. Your PC (and not their servers) then decrypts this data using your password (of which the service provider has no knowledge).

I scanned through the bill, and it doesn't seem to acknowledge that such services exist. It doesn't even acknowledge that passwords themselves may not be retrievable, and instead groups passwords into the same category as other "digital assets."

Now IANAL, and it's entirely possible that some other bit of language in the bill or in a service provider's ToS could help to alleviate this, but if I ran such a service, I'd be a bit concerned....

When a provider needs to decide on it's next 100,000 "free" routers to provide to new customers, it shouldn't come to anyone's surprise when "cost-effectiveness" turns out to be its first priority. So I'm all for removing as much functionality as possible from any ISP-provider CPE; no wireless, just simple bridging.

But I really must respectfully disagree when it comes to separating out the wireless from the NAT box.

From a security point of view, having two manufacturers and two devices where one would suffice increases the attack surface -- it increases the likelihood that you have a security-related bug somewhere.

It increases the management burden -- now you have twice the number of devices whose firmware you have to keep up to date (if you're security conscience).

It doesn't scale well if you want more than one extra guest SSID or VLAN - sure you could attach a USB hub and half a dozen usb nics, or buy a VLAN-capable smart switch, but do you really want 3 Wi-Fi boxes, 3 unmanaged switches, and one router when just one Wi-Fi router would have worked fine?

There are definitely some advantages to separate wireless boxes. You can run guest SSIDs on different frequencies than your trusted SSID for example for better spectral efficiency. There are also cases where it's more convenient to have a NAT box near the CPE, and a separate Wi-Fi box centrally located. However in the average home setting, a single Wi-Fi/NAT box from a manufacturer with a decent track record is more practical.

I own an RB2011 at home too, and I've used both it and other RouterOS-based products professionally, and although they're not perfect, I can certainly recommend them for many cases. Here are a couple of random thoughts off the top of my head:

• New major firmware versions (once every couple of years) are always buggy, avoid. That said, they're pretty good about releasing regular bug fixes, and they continue to support older routers for quite a while (the 500 series, released in 2006ish, is still supported on their latest firmware for example).
• They can't seem to get a good OpenVPN implementation, which is a common complaint (but they have a lot of other styles of VPN which generally work well).
• They use some open source software (e.g. it's Linux kernel based), but they only release the bare minimum required source code. This is definitely not an open tinker-and-recompile OS.
• It does support virtualization, so you can run e.g. OpenWRT as a guest of RouterOS (yup, your router can have a router). You can also replace RouterOS with OpenWRT without worry of brickage. I haven't done either in a while, so I'm making no claims of either being easy or stable, but it can be done, and reverting back is easy.
• It's really more business-oriented than consumer-oriented. That means its configuration is very flexible, but also rather complex unless you're used to configuring non-web-based routers.
• Despite being complex, I find the configuration quite logical. It has no fewer than 4 different configuration interfaces (Web, CLI, Windows-based client app, and an API for automation). All present pretty much the same set of options in similar hierarchical arangements.
• The documentation is much better than it once was, for most uses it's quite good.
• The support community (via forum) is pretty good. Occasionally one of the Mikrotik staff will be a bit rude/condescending, but for the most part they're friendly (as are other posters).