Of course embassies use their own microcells - running and monitoring their own is the only way they have any assurance that somebody else isn't doing it to them. And in that line of work, you can guarantee other groups would at least be trying - and you have to worry about the host country (especially US / China / Russia / Israel / etc) tapping the cellular and telco switches.

And don't hold your breath waiting for more secure cellular communications (a reasonably straightforward exercise) - our Wise Overlords enjoy being able to snoop when they feel like it. Why do you think they're so upset about peer-to-peer encryption? They've been secretly abusing insecure standards for decades, and they want their unconsitutional toys back...

It depends on your needs and your budget. If you're a typical home user that doesn't have people specifically targeting them then your needs are very different than a corporate executive who is regularly hit with espionage attempts.

I'll answer for a typical home user: Turris Omnia. It's a bit pricey ($339 on Amazon), but it runs a modified version of OpenWRT. It's easy-to-use, reasonably powerful in terms of features and capabilities, and is updated frequently.

You thought pop-over ads and auto-play videos were bad before?!?? Hopefully this can be disabled...

Yeah, because if there's one thing foreign intelligence organizations are totally incapable of and stymied by, it's creating a fake ID.

One of the foundations of contract law has always been that a valid agreement requires a "meeting of the minds" - that both parties essentially agree upon and desire the outcomes specified in the contract. Somehow this got thrown out the window with the "click agree to continue" mode of doing business. I'm not going to knock long lists of terms and conditions - from a technical, legal standpoint they are often necessary to protect both sides and allow business to be conducted in a reasonable manner, and there are plenty of instances they are honest and straightforward parts of the bargain.

That being said, there are also many instances companies are sneaking in stuff that has nothing to do with the other party's conception of the agreement. Courts have been upholding this bullshit, and they should not. Virtually every case where privacy issues become problematic involve these situations.

My suggestion would be to have three or four "standard forms" for Internet agreements that are reasonably easy to understand (the idea modeled very loosely on the Creative Commons concept - straightforward options, with icons indicating what is included / excluded). I would start with "free as in beer," "pay with money," "pay with ad viewing," and "pay with your life data." These can contain the overwhelming majority of the "boilerplate" and be explained fairly easily. This leaves the exceptions, which in most cases should be short enough for a person to deal with. If you can't start with this and have a humanly manageable agreement, then your product or service is probably sketchy as fuck and people should stay away.

You can't have security and backdoors. Let's just say, for the sake of argument, that Ray Ozzie's approach - assuming it worked perfectly (heh) - of vendor-held key escrow was legislated and implemented. This is a huge leap for the industry, but they could do it. It would never be reasonably secure, and it would be near impossible to fix the flaws, but let's say it was done. The next step would be Fed-held key escrow. This is an almost microscopically tiny incremental step - just moving some boxes, folks - but at that point the concept of digital privacy is as dead as the rest of the Bill of Rights. Don't kid yourself that that isn't the end game here.

So let's call this bullshit what it is: "Flat Earth Encryption." It's technically infeasible, practically infeasible, and politically infeasible to have any sort of key escrow system that won't be abused like an underage Congressional intern.

It seems to me that the only point of having an autopilot would be so that you could take your hands off the wheel and not pay attention to the road. This is sorta-kinda-an-almost-but-not-quite autopilot that works ok most of the time but has failure modes involving death and / or dismemberment. Who the hell would sell a half-assed, half-baked "feature" like this? And from the other side, it's not exactly a little-known fact that Tesla's autopilot will occasionally fail and kill people in the car if it's used as an actual autopilot. Who the hell would buy and use a half-assed, half-baked feature like this?

This whole Tesla autopilot thing is like a ramped-up version of that show "Jackass," plus crunchy flaming death. At least these idiots aren't taking many innocent people with them.

In the mean time, I frequently get asked why I haven't bought a Tesla (I'm a geek and it's in my price range). My response is always that I don't buy beta-quality capital goods.

There seems to be a thing among the progressive / neo-liberal camp that requires them to screech down at any occupation or practice that they, from their loftier economic perch, would not personally engage in. Hey, I don't want to be an Uber driver either. It's fine. I have several friends who do it for extra cash (or, in one case, because they actually enjoy it - weird, but that's their thing), and none of them are anywhere near dumb enough to do it for a net of $3 and change. That number should, literally, be unbelievable, and yet many people believed it anyway because it fit a highly (absurdly) hyperbolic narrative. There are two problems here: 1) that these people need to be more skeptical (especially when such strong confirmation bias is involved), and 2) they need to check their fucking privilege. Not everybody has the immediate option of an awesome job, has good spending / saving habits, etc. Just because you wouldn't do something doesn't mean that nobody else should, and fabricating evidence to the contrary is both dishonest and cruel.

Seriously. Most of us have cores sitting idle. Instead of being abused / tracked / annoyed / occasionally infected by advertising, why not let sites do a small amount of mining while we visit?

I don't have bad Mondays, in general. I love my job - not ever moment of it; people and situations will occasionally annoy, but in general I'm a happy camper at work. If you don't love your job, then you should either find something else or find a way to love it. There's no extra reward for going through life miserable.

If you rate yourself based on other people's outcomes compared to your own (basing your self-esteem on parity or superiority), you will always be vulnerable to depression. The only thing worse than this is equating money with happiness and / or satisfaction in life.

Want to be happy? Rate yourself on your own progress in life. Make yourself a little bit better each day. Wash, rinse, repeat.

Apple throws in a Lightning-standard headphone jack adapter with each new iPhone. That being said, having switch to Bluetooth headphones and earbuds awhile ago (V-Moda Crossfade 2 Wireless and V-Moda Forza Metallo), I would say it's like switching to a cordless mouse. You really don't want to go back.

I have some (extremely limited) sympathy for patching "deep applicaiton infrastructure" things like Struts, because it can take quite a bit of QA to make sure that the patches don't break the application or make the problem worse. That being said, it's a top priority and companies - especially in a PCI or similar compliance environments - need to budget the time and resources to deal with issues like this, because they will pop up on a regular basis.

That being said, this problem could have been blocked without patching. First of all, an application-level proxy / API that sanity checks the types and rate of requests should have been between the public web application and the database back end. All sorts of mischief can be either stopped or at least slowed down here, and the failure to have something list this is a major architectural error. Secondly, a reverse-proxy (or load balancer) could look for attacks of this nature and block them before the get to the web server. F5's products are explicitly capable of stopping this CVE, and I'm sure some of their competitors can do it as well.

Security needs to exist in layers, because at some point people will screw up at one layer or another. That's just human nature, and it will not change until AIs take over the world and enslave us, but that's a problem for 2019.

Maersk claimed that “updates and patches applied to both the Windows systems and antivirus were not an effective protection.” Garbage. The patches against this attack were released in mid-March and April. They got hit at the end of June. There's no good reason to delay patching endpoints for more than a week at most, Most problematic patches for mainstream operating systems are pulled within 24-48 hours, so even three days is fairly conservative now.

The laws of supply and demand have been well-understood for generations. Both ends of the political spectrum regularly enact legislation based on them (sin taxes, etc.). For some reason certain people feel that this one area "needs" to be exempt from what is basically a law of nature, because it's politically inconvenient to them. Ironically, it's the folks that tend to go around insisting that they are a "reality-based community." The pseudointellectual contortions required to do this are pretty funny to watch, even though they're wrecking the portion of the economy most important to the most financially vulnerable. Maybe the whole "Fight for $15" thing is just a world-class troll by the 0.1%.