Well, it is a "surprise" in the sense that the connection between intelligence agencies sniffing wire traffic and stopping DDoS attacks is tenuous at best and non-existent at worst. I do not recall any intelligence agency stopping a DDoS attack, ever. That's up to the companies and network operators handling the traffic.
Yes there were several exploits, but they were all patched with good success up until the very last round, I think. A lot of them were based on glitching attacks and similar. Quite advanced stuff.
It does not matter. Console security systems are designed to sandbox code written with the SDKs, game developers are seen as adversaries for the purposes of security because otherwise a hacked game makes it too easy to "level up" to full control and then piracy. For example an early Xbox 360 exploit was based on replacing an unsigned shader file in a specific game, which allowed arbitrary shader execution and from that control over the CPU.
The Xbox 360 security system was very impressive and only encountered truly serious problems right at the very end of the consoles much extended lifespan. I've got an interest in computer security so I'm eagerly awaiting talks on how the Xbox One is done, but given the general success of the 360 architecture I suspect the One is very similar, with some tweaks and additional defence in depth.
Anyway at least for germany I support the regulation and uber being forced to obey it.
And I suspect that eventually they will, for things like that, unless they are forced out by explicit bans. As you say, most of those regulations are not particularly bothersome
The problem Uber has is that it's a global brand. When Uber and their drivers do things like ignoring medallion systems in the USA, and get slated for ignoring the law, that impacts their brand in other parts of the world where maybe they aren't ignoring it or are coming into compliance. On the other hand, a global brand gives great economies of scale. I suspect they can't win.
To be fair, either Uber needs to meet the same requirements as traditional taxi companies, or the conditions need to be lifted for all firms wishing to offer cars and drivers for hire.
Well, let's face it, the latter isn't going to happen. Last time Uber came up we were discussing India where the regulations spell out how many phone lines you need going to your (New Delhi based) HQ. The people running taxi licensing there hadn't even heard of Uber before some local media blowup. Taxi licensing is so sclerotic, so fragmented and so beholden to the existing taxi companies that the chances of the system reforming itself appear to be zero.
That leaves option (1), Uber complying with the existing regulations. There are two different issues here.
One is, do Uber customers get the same protections that customers of existing taxi companies do? Although I've never used Uber, from what I can tell the answer seems to be yes
Two is, do the regulations Uber ignore even make sense? Frequently the main regulation they're violating is lack of a license, which is not itself any consumer protection at all. In a lot of American cities licensing seems to have become some kind of horribly corrupt and utterly unreformable racket. To get upset about Uber drivers ignoring the New York medallion system for example, you would have to believe that law is the same as morality and that driving without a medallion is ipso facto unethical, as opposed to "just" illegal.
Medium doesn't have ads, so I'm not sure where you're going with that
What's wrong with Medium? It's essentially just a blogging platform, right?
It's not quite that easy. You need multiple sources of evidence, you need up to date feeds of VAT changes from every EU authority, and then you need to (unless your local government does it for you) fill out tax returns for every EU country, assuming you have customers all over the place.
I am not yet aware of equivalents to the UK VAT MOSS in other countries, though I'm sure they'll get it together. But bear in mind by registering with the MOSS you forfeit your "too small to matter" VAT registration exemption. And you still have to collect all the evidence. There are other catches too that I don't remember. But mostly it doesn't help anyone not in the UK.
They have fake certificates from trusted authorities for some major sites
I believe at this point I have read all Snowden documents, especially all that are relevant to SSL. Only one of them has even mentioned fake certificates, and that was a GCHQ presentation saying that they spotted the Iran attack using the hacked DigiNotar certs in their metadata databases.
So far there is zero evidence that western IC's are compromising certificate authorities. I know that this was the favourite conspiracy theory of the last ten years, but Snowden happened, and it turned out to be false.
What there is LOTS of, is talk about stealing the private keys through hacking and decrypting TLS intercepts that way.
We know that GCHQ loves doing the latter, so it's a question of working out which certificate authorities have been compromised and deleting them.
You are referring to QUANTUM INSERT. There is no requirement to break SSL for this system to work, because it relies on browser exploit kits. It just waits until you visit a non-SSLd protected website (any will do) and redirects you to an exploitation server.
That said, I anticipate that NSA/GCHQ might be tempted to start using forged certificates in future as strong TLS becomes more widespread and they keep losing visibility into consumer web traffic. There wasn't much incentive until now because most encrypted traffic they cared about is VPN traffic where there are no CAs anyway, it's all pre-shared keys. But this is what certificate transparency is for. It forces CAs to make public logs of all certificates that can then be data mined by anyone.
Speak for yourself. Hating on HTML and web tech because you're bad at it is the lamest of the lame excuses. My users much prefer our HTML GUI over our shitty old desktop apps
Sounds like you're hating on desktop apps because you're bad at them
Upper management are making these arguments because they're afraid of exactly that - if they can't hire the best people, their competitors will and their company will lose out (i.e. they will lose out).
Silk Road did a spinoff where guns were being sold as the primary goods (the Armory) and they closed it because it wasn't profitable enough.
You're probably unaware that the GP specifically used 'HSBC' because they were caught laundering trillions of dollars of drug money and nobody was indicted.
He probably isn't unaware of that. He may well have actually read the indictment itself or a detailed summary of it, which made clear that the US case was very weak to the point of hardly working at all. In particular, not only did they fail to clearly establish that drug money was really moving (their case was "there is so much cash, some of it must be from cartels") but in particular they failed to show intent by HSBC execs to help drug cartels. Actually their case boiled down to HSBC didn't try hard enough, they weren't suspicious enough, etc. (I'm ignoring the Iranian transactions here which gets into issues of international jurisdiction, as you only brought up drugs).
The reason you think the are guilty is twofold. Firstly US anti money laundering laws are unbelievably extreme. The PATRIOT Act removed the need to have intent to be found guilty of money laundering. Bankers can now be found guilty of AML violations even if they genuinely tried hard and had no intent to break the law. Hence the accusations from the DoJ that were of the form "HSBC should have designated Mexico as high risk", etc. Secondly as part of the plea agreement HSBC had to act guilty and accept whatever the DoJ said about them. So you only heard one side of the story, the prosecutions side (except there was no court case). No surprises that you think the whole thing is cut and dried.
It's no crime to be ignorant of such things, but just try not to hold any policy positions on the subject.
Given that there was never any court case and HSBC was never able to defend themselves, pretty much everyone is ignorant in this case because we never heard the full story. But I'm pretty sure if DoJ had emails from HSBC execs that looked like the ones from BitInstant there would indeed have been prosecutions.
> First, there is no reason to believe that we can built robots that can reproduce themselves.
What? This is exactly the technology humans are trying to reach! We're already a significant way down this path!!
> Second, there is no evidence that we or anyone else can build intelligent machines, as the original story seems to presuppose.
Nature did it. We can do it.
> Third, biological organisms are so many orders of magnitude more efficient and flexible than machines that it barely makes sense to put them into the same qualitative category "form of life".
This whole conversation is about extrapolating on the cosmic scale. If you look at the path robotics has taken in the last century it does, as pointed out, actually support the premise of this article.
> Hint: A human consumes only about 2.9 kilowatt hours per day, the equivalent of 1-2 light bulbs
Not relevant. Once machines are replicating and repairing themselves they'll do exactly what we do and find other sources of energy.
Frankly I agree with you that it's hard to picture Transformers inhabiting the universe, but OP did make a really good point that extrapolation isn't even in the ballpark of refuting this clown. Honestly I'm shocked he didn't come back with that XKCD cartoon.
"Regardless of the legal speed limit, your Buick must be operated at speeds faster than 85 MPH (140kph)." -- 1987 Buick Grand National owners manual.
