Either the shop owner is horrible at training and needs to sell the business if it hasn't gone under already, or they need to retrain/fire the clerk. No other store does this so I don't know why the clerk would think it reasonable.

Of course not. The clerk asked you, and you answered. It was a dumb question to begin with and certainly not your fault.

The shop owner is at fault for poor training or hiring an untrustworthy clerk. Given that I can think of no reason a clerk should think this a reasonable question to ask customers, it's probably their fault unless the shop keeper specifically trained them to do so. But if that's the case, obviously there is no problem as it was intended. Again, you'd be out of business as soon as word got out.

No, I don't that at all. The website isn't asking the customer how much they would like to pay. It's presenting the price to be paid (the sticker), and the customer is changing that price (with a counterfeit sticker), and the site is trusting that the price is the same as what it sent to the client. Most clerks would be trained to apply brain power to decide if the sticker is correct, and you'd be an idiot not to have your server do the same thing in 2017, something it could do with 100% accuracy and minimal development effort.

But that doesn't make it acceptable any more than applying counterfeit price stickers in a brick-and-mortar store would be.

Online stores have no expectation that their shopping cart will work the way they implemented it? That's a tough sell. Do you think they also expect their site navigation links to fail and their images not to load? If so, can you please email my boss and tell him that all those bug tickets the QA team submitted last week are invalid because we should have no expectation that our code works.

You're equating trusting that the data sent from the server was not altered by the client with a cashier ignoring the price stickers and asking every single customer what price they'd like to pay. Those simply aren't the same case—not even close. The end result may be the same, but that would apply to having the stocker attach the wrong prices to the products. I think we can both agree that would be the fault of the store owner or stocker, using the same reasoning I laid out above.

TFS makes it sound like you pay cash to buy tokens which you may hold or sell yourself for Ethereum, and at some point in the future, the company that sold them originally may decide to buy them back for Ethereum. Hold them if you think the company will go up in value faster than Ethereum or cash (and that the company won't let them get stolen); otherwise, sell them for Ethereum.

I agree that the SEC probably should be involved here.

I'm sure you can present plenty of links to stories mishandled in such a way.

Even worse, it sounds like the software was inserting ads into the Atom feeds it produced. You publish three new stories on your blog, but the feed has a fourth which is an ad for the software. It would be like gcc inserting display ads into your compiled application.

By that logic, shoplifting is not a crime. If a store is going to be stupid enough to just leave its wares lying unattended on the shelf with no security at the door, who are they to complain when I walk out with an armload without paying?

A prosecutor would be stupid to bring charges against this man, but this is technically hacking their system, even though he didn't penetrate it in the usual sense. The software worked perfectly well under normal circumstances, but he chose to tinker with the underlying data structures exposed by the browser. Of course, involving the police given that he sent an email explaining the problem and how to solve it was just asinine, and I hope they do something to compensate him for their overreaction.

This hack was akin to changing the price stickers on items in a store and then buying them for the lower price. Should the sales associate know the prices of everything in the store? For a small clothing store, sure, but for a giant place with hundreds of thousands of products like WalMart, that's a big ask.

They'd like their client-side shopping cart software back.

How does even the most novice developer not know that you can't trust anything from the client?

I should have phrased that better. Obviously, those laws are older. I was responding to the OP's shock that Europe would pass this law when we have the same law in the offline world. My question should have been "Why hasn't the U.S. passed the same law given the similar offline law?"

I'm unconcerned with accidental knowledge. It is not illegal to overhear that you're married at a job hunting mixer. It is illegal to seek that knowledge in an interview. Reading the newspaper is a normal activity. Searching for my social profile is not. If you come across it because we have friends in common, that's accidental.

I agree that you can't expect privacy. That doesn't mean you shouldn't be allowed to ever have it. When there are specific laws in one domain, it makes sense to apply them to other domains lest they become useless.

What if you share posts about ending the drug war or politics? If the HR person disagrees with your stance, they may not hire you. Is that acceptable? Those things won't affect your ability to do the job, but it gives an unscrupulous employer the opportunity to discriminate against you.

Or maybe you have a photo of you with your spouse of the same gender or a different race? Again, that person can now discriminate against you which would actually be illegal.

It's easy to avoid posting things that will obviously show you in a bad light like party photos or you drawing a dick on your passed-out friend's face. I still think you should be protected, but a lot of people probably side with you on that count.

The reason to disallow employers from poking their noses into your social life is discrimination. Some forms have legal protection while others do not. Better to just block the possibility.

There are a variety of personal questions that employers are barred from asking a candidate:

* How old are you?
* Are you married?
* Are you LGBTQ?
* Do you have kids?
* Do you own a car? (unless the job requires a personal vehicle)

That's just the tip of the iceberg. Yet the employer is free to look you up on social media and find the answers to many of those questions without your knowing. They can find even more personal details and possibly see who your friends are. This is way more invasive than the seemingly innocuous questions above.

Why do we in the U.S. disallow one but not the other?

I'm sure the first argument is that it's your own fault for posting publicly, but that would only make sense if you were shouting room the rooftops. The employer has to take specific action to view your social profiles. Similarly, if you blurt out, "I'm 37 and married with two kids," in the interview, that's on you. They still can't use that information to discriminate, but potential discrimination is the reason they can't ask themselves.

How is searching for your social profiles any different from asking probing questions?

No, the reason this isn't Linux malware is that it only works on the Raspberry Pi with the default password. You could easily build a Windows-based version with the same flaw, but that wouldn't make it Windows malware. Your Windows malware example only requires Windows, making it Windows malware. This is Raspberry Pi (model A?) malware.

When people use the term Windows malware correctly, they mean malware that requires only a Windows host to function. You cannot deny that there are hundreds of malware programs that can infect a generic Windows install.

For the record, I use Windows and Linux for both work and play.

Don't forget, the first thing the malware does after gaining access is change the default password of the pi user. You can't tell being immune from already infected based solely on being able to log in.