By the same token, if you securely encrypt your credentials and refuse to give them the key despite any threats they may bring, they can't meaningfully seize those assets. Of course that "sharing" may come involuntarily via surveillance software surreptitiously installed on your computer.

If it's a legal case (and not some black-ops) and they have a legitimate order, they can compel you to transfer the money or throw you in jail for contempt (note, I didn't say you have to give them the key, only transfer the money). This sort of thing happens all the time in nasty divorce cases where one spouse tries to lock the money up where the court and the other spouse cannot find it. A few persist and spend a long time in jail.

That is, most people have a really way-too-technical notion of what "seizure" usually entails. In most cases that don't involve the SWAT, it just means ordering someone to do something. In the case of divorcees that don't want to abide the decision of the Family Court, this seems like the expedient way to do it.

The tension between KISS and DRY has always been there. Both are fundamental principles and yet at some level they are incompatible, since writing reusable code necessarily involves increasing its complexity. And the less you want to RY, the more complexity you have to build in.

The C++ STL is a shining example of this. Everyday developers shouldn't be writing their own lists and array and hashmaps. They definitely shouldn't write their own string utilities. And they shouldn't have to change those implementations whether they are working on regular strings or wide strings or with a HPC memory allocator. To deal with the genericity, STL is horrendously complex and Thor help me if I have to sit down with an error-page that's 5 pages long and 5 levels of template deep.

At the end of the day, you've just got to deal with that tension and decide what level of repetition (and the incumbent bugs and maintenance costs) you are willing to put up with to increase simplicity. If all you need is a simple array, don't use a library. If you are manipulating XML by using apos, on the other hand ...

Borderline NSFW

The fact that the rebels resorted to bombing theaters instead of trying to take and hold territory is itself evidence that they were pretty utterly defeated. But that evidence isn't even necessary, since all the Chechen leaders are dead or have laid down their weapons and the army has long since withdrawn. There's probably more separatists in Montana than Chechnya these days.

Face it, Russia won. They lost a few thousand troops and a couple hundred civilians and won the province back by brute force. Sometimes crime pays.

Game scenarios should not reward players for actions that in real life would be considered war crimes.

So if you are playing as Russia, you should turn the capital into the most destroyed city on earth and kill tens of thousands of civilians and a few ICRC members too. And the accurate-to-real-life consequences of that is that the Chechens laid down their arms and we haven't heard peep from them about independence for a while. Oh, and the political status of the leaders in charge was buoyed by the success, which was seen as redeeming Russia after the loss of status during the dissolution of the USSR.

And before anyone someone jumps on the idea that criticizing Russian conduct in the war is an endorsement of the rebels, they were also guilty of many crimes. This isn't about taking sides, it's about how in real life there are plenty of instances where committing war crimes leads to very positive tactical and strategic advances. I could say it would be nice for cosmic justice to ensure that the guilty never profit from their crimes, but so far that ain't how it is.

The Westgate attackers were, afaik, all captured or killed. Had they struck, killed a bunch of people, and then faded away into the shadows, then I think there would be a lot more fear shown by the Kenyan people.

The attackers themselves were pawns. The guys at Al-Shabab that rented the storefront, got the weapons and organized the attack and the twitter-coverage are still very much alive and probably still capable (perhaps not immediately) of striking again in the future.

Don't confuse the mastermind with the poor shmuck that he sends off to kill and die.

They are doing the least risky thing they can come up with. Right the ship, partially re-float it and haul it off to be scrapped some place else where it will be easier, safer and/or less likely to be a problem for the environment.

I agree with your post except that for this last sentence, and I think we should be honest: the goal is to scrap it in a place where no one cares about the environment or the health of the workers. That's why Alang gets so much business -- no one cares where the waste goes or if there are injuries. In the first world, that sort of work would cost many times as much.

The "Burn Notice" feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient's device.

No, it can't. The recipient could be using a tampered application that ignores the timeout directive. Or it could modify the JVM to lie to the executable about the time or refuse to fire timers. Or modify the JVM to write all the memory transactions to disk (or host) even after the application frees (or GCs) it. Or modify the screen rendering APIs to capture the rendering. Or attach with JDB over ADB and halt the executable while the plaintext is in memory and slurp it out. And, of course, there are apps in the store that will just take a video of the screen.

FWIW, I support the app and I believe the encryption-in-transit is a very worthwhile feature. But the "Burn Notice" is, from a security point of view, useless. If you trust the recipient with the plaintext, you trust the recipient with the plaintext, end of story. Anything else is DRM-esque attempts to put restrictions on a device that you do not own.

Vermont Yankee is the oldest running plant. It should be decommissioned in favor of newer designs.

Part of the dysfunction of the current nuclear regulatory regime is that it's so expensive and difficult to open a new plant, that we end up with an older set that has a worse operating-cost and safety record than could be achieved with new technology. It's a bit like setting new-car safety and economy requirement so high that people continue to repair and drive their decades-old models -- sure it looks good on paper, but the reality is a net decrease in safety and economy.

So yeah, Vermont Yankee, please shut it down. And let's build something from the last few decades to replace it (and maybe some of the other 60s-era designs) which will undoubtedly be a huge safety increase.

So why now? Why not in Rwanda in the 90s? Why not in Burma in the 80s? Hell, why not when Assad Sr bombed the shit out Hama in 1982, killing 20 thousand of his own people?

The perfect is not the enemy of the good. In the perfect case, we would intervene in all the cases which intervention was warranted (in Rwanda*) and skip the ones that would be failures (Iraq v2). In the real case, we have to decide in each instance whether our invention is likely to do more harm than good, independently of our other fuckup actions or fuckup in-actions.

The alternative is to throw our hands up and say that because we are fallible humans, we can never try to do the right thing because we might (and definitely do sometimes) fuck it up and make it worse than if we did nothing at all. There are a lot of muslims alive in Kosovo that might regret that position.

* Rwanda present another real-world complication: it's far from our bases in the ocean and so harder to hit. Meanwhile we could strike Libya and former-Yugoslavia from land bases in Europe and floating bases in the Med.

NSA what? I'm sorry I can't hear you over all this FREEDOM.

You know, one doesn't have to be pro-NSA to imagine that the contemporaneous events really don't have anything to do with each other. The Syrian civil war started before Snowden. The NSA didn't order Assad's goons to use chemical weapons.

ETags on the other hand store an arbitrary attacker-provided string, which is an outright security vulnerability.

I hate to break it to you, but the entire browser is nothing but a device for storing (and then parsing!) arbitrary attacker-provided strings. It's even got a perverse sort of link-chaining mechanism where, after receiving one such string, it will go out and fetch (and parse!) another one at the attacker's choice of address.

This is not a security vulnerability, it's the design of the system in which there was never a requirement to ensure that a client could visit a server multiple times without the server knowing (or inferring) that it was the same client. It's meaningless to say that a protocol is vulnerable because it doesn't meet a property that it was never designed for (any more than RSA is broken because it doesn't offer repudiation).

Now a client can always elect to send random e-tags, slowing himself down (most dynamic content is not time-cached) and adding to the bandwidth load on the server. I'm sure someone will cook up an extension that does this, and we'll be back to where we were before this non-story.

3taps [...] believes that by making public information publicly available on the Internet, without a password, firewall, or other similar restriction, craigslist has authorized, and continues to authorize, everyone to access that information.

This sounds plausible until you realize the subtle trick they are pulling in conflating the information itself with the instance of the information stored on CL servers. 3T does, in fact, have every right to access and publish that information. What they do not have is the right to use any particular server to access that information against the express desire of the owner of that server.

It's a bit like confusing the contents of a book with a particular copy of it. Anyone can read Shakespeare, but if the library forbids you from entering, you can't read the particular copy that is on their shelf -- even if they generally let everyone in without checking ID. Craigslist has not forbidden 3T from accessing the information, they have forbade them from accessing CL's servers.

If I put up a web site that forbid anyone working for or on behalf of any TLA or law enforcement agency from accessing any publically accessible content on my site could I use CFAA against the government when they ignore my wishes and suck the whole thing into a NSA database?

No. Read the opinion.

Now, if you gave notice to the individual agencies that they weren't welcome and instituted a technological control measure to block them from accessing it and they circumvented that block, then it would fall within the four corners of the opinion.

[ And anyway, there's probably a provision in the CFAA exempting law enforcement, but even if there weren't, your hypo doesn't even being to cover the fact pattern necessary here. ]