Based on the concentration of government and defense contracting in Virginia, I'm going to guess that the slowpokes from Virginia had to finish intercepting and storing your traffic before they could waste time on the internet and generate theirs...

If the Americans are too expensive why would you enter a clandestine agreement to keep recruiters away from yours? Wouldn't you want the overpriced guy to be somebody else's problem? On the other side, why would your competitor be willing to offer a higher salary than you do if you are already paying too much?

This sort of agreement (especially given the legal risk involved) just wouldn't make much sense if you thought that the employees in question were already overpriced.

There's also the difficulty of what counts as 'a zero day' for purchasing purposes. An unpatched exploit in any software? Do I need X thousand installs? Are just five enough, if they are paying a lot for it? How do we tally users of other things that are indirectly related to the issue?

People buying them to weaponize them have a fairly straightforward set of incentives(which may vary depending on what they are looking to access, whether they are after money or information, and so on). People looking to buy them for disclosure don't get the same, because virtually any exploit on the market is theoretically within that goal; but actually establishing the value of a specific one is harder unless you go down the troublesome road of defining your priorities(in terms of what systems, users, and activities you consider more or less high priority when assigning a value to exploits that would affect them).

If you are selling dangerous ones, to be used, you'll have some trouble getting repeat customers if your stuff is nonsense or works on things that aren't worth attacking. If you are selling to someone with a 'buy up the exploits' mandate you potentially have much more flexibility to haggle over stuff you more dangerous buyers aren't interested in. In the same vein, various vendors, users, and organizations would be inclined to try to lobby their way up the priority list in order to score an outside QA team.

There are likely some unambiguous cases; but telling the spooks 'do what you think best' is obviously a terrible plan, while trying to codify a reliable and unambiguous set of criteria to be followed seems quite difficult and prone to influence.

That's exactly the goal: ensure that as many people as possible continue to have nothing happen to them, rather than exciting hemorrhagic fever or Quarantine Zone.

Are hash rates something varies enough for the realtime updates to be worth paying attention to?

I had been given the impression that each hashing operation was either of identical computational cost or close enough that a reasonably representative GH/s rate could be established quickly. Is there mining hardware/software with meaningful variation between 'working' and 'offline'?

They might be perfectly adequate drives, I haven't heard much about post-Toshiba OCZ; though it seems a bit crazy to buy company bankrupted by horrendous quality issues and then continue following its strategy; but I'm just baffled as to how they could end up being anything other than as or more expensive than the Toshiba equivalents.

The market has certainly matured to the point where there are relatively cheap options that aren't a disaster or some JMicron mess that underperforms the HDD it replaced; but anyone buying in the low or mid range is probably going to be doing so on price. 'Adequate' would be a potentially viable strategy if you sell flash and you want to sell even more flash; but if you bring nothing to the table except ordering the parts and telling Foxconn to bang them together, that seems doubtful...

As with any good bullshit "metadata" is not quite technically a lie; but is almost entirely misleading in use.

The headers arevery arguably 'metadata' with respect to the body; but 'metadata' are data too; and tend to be data that are also quite powerful for drawing inferences about you even in absence of the body data.

That aside, I think the grandparent point was that, if Team Fed is actually only interested in 'metadata' and definitely not lying about the scope of their extralegal spying, they should be untroubled by wide-scale encryption of email bodies. In the (likely) event that they are lying, the encrypted bodies will displease them and they'll either have to step up covert activity elsewhere(maybe hit Yahoo's key-handling mechanisms, maybe keyloggers or browser attacks that grab the email before it is encrypted, mabybe all of the above) or come up with some flavor of 'compliance' request that gets Yahoo to give them what they want.

This is unlike the current system, where it is easy to suspect that they are gathering even more than they claim; but trickier to prove without the sort of experiments that will prevent you from boarding an aircraft without a bag over your head and a CIA torture squad for company ever again.

Hopefully they'll manage to make "Keysocial! The social network for crypto keys!" a less insecure proposal than it sounds on first glance. I'm not optimistic; but it would be nice.

Assuming the spec sheet is accurate, the drive will use Toshiba flash and a 'Barefoot 3' controller(Indilinx, formerly OCZ, deathbed acquisition by Toshiba).

Unsurprisingly enough, Toshiba also sells SSDs with Toshiba flash and Indilinx controllers(the only surprising part is keeping the 'OCZ' brand to do so). Where does AMD come in? I assume they aren't hoping to lose money by doing this; but I am having some trouble figuring out how.

There have been a number of proposals to do carbon sequestration with algae or plankton. I think they often revolve around 'fertilizing' nutrient-poor; but deep, bits of ocean further out, in order to increase the likely duration of the biomass' stay on the bottom of the ocean and to avoid creating oxygen depleted areas in waters with more robust seabed ecology and proximity to people, fisheries, and so on.

I don't know how viable the proposals are; but the notion has come up.

It isn't a pricing structure logically incompatible with also telling the truth about what you are selling; but it certainly is a pricing structure that rather neatly matches the one you would use if you were exercising a little creative license in describing the magnitude of your findings. According to TFA they haven't even clarified how fresh the various accounts that make up the 1.2 billion are. That's the sort of thing that is quite valuable in estimating how useful the collection is; but also wouldn't compromise its commercial value(unless it suggested that the product was junk; but it wouldn't be a direct substitute for the product in any case).

Even if they've avoided making directly false statements for legal reasons, they've left a fair amount of room for the quality of the data to...vary...without directly contradicting the claims made.

What happens in Vegas stays in Vegas, and who hacks in Russia stays in Russia, seems to be the general rule.

I certainly can't think of any possibilities that wouldn't be 145,345 counts of CFAA violation if you did them to somebody the feds actually cared about even slightly; but team prosecutor has shown very, very, little interest in pursuing even the most blatant counter-intrusions (and it isn't too surprising, the victims are always unsympathetic and vanishingly unlikely to want to raise the issue or even enter US jurisdiction, while the law enforcement side doesn't exactly have the necessary expertise to take over the job); which makes pulling them off operationally more or less legal.

It's not even clear that anyone gets to see the list itself(short of buying out the company or aggregating data from enough individual buyers of 'monitoring services'. 30 days to evaluate the actual data and $120/year for continued access would be quite generous indeed for a collection even markedly less interesting than the hype makes it sound. $120/year for 'we'll bother to tell you if your name pops up on the scary secret list.' is less compelling in absence of a more convincing demonstration of the value of the dataset, their desire and ability to continue expanding and updating it, and so on.

Sophos may well still be blowing smoke; but my understanding of the service is that it's $120/year to know if your site is on 'the list', not $120/year for access to the list itself(which is probably something you can buy, if you write a check large enough; but the price will look distinctly different.)

With that pricing structure it is markedly less practical for any sort of 'peer review' process to go on, or any accurate survey of "Site X was added to the database after being compromised by Y, how large was Y's contribution to the total pool of hacked credentials?" or similar questions. The offer appear to be 'We have a giant scary database of people that bad things are going to happen to. For $120/year, we'll tell you if your name shows up on it at some point during your subscription.'

Only in the limited sense that two parties agreeing to an armistice are 'colluding'. Perhaps if they agreed to a delightful cross-licensing and then started suing every non-Samsuing android OEM into the ground; but if there isn't any licensing going on it's likely just a recognition that neither side has really gained much in the litigationdrome. Apple has won some; but not nearly the damages they wanted (and they've been more or less entirely unsuccessful in actually stopping Samsung from churning out and shipping large quantities of hardware), Samsung has at least blunted most of Apple's advances, possibly won some of its own suits; but kept all very large damage claims and attempts to ban devices that are commercially relevant away.

Without a clear legal edge for either side, they could keep slinging shit at each other; but it becomes an effort in throwing billable hours down the drain while other Android OEMs continue to put pressure on prices and Samsung's attempts to pull a 'fireOS'-style independence bid from being Google's pet board stuffer continue to mostly suck.

If Apple had actually managed to knock out a meaningful collection of Samsung devices or firmware features, or even just score some settlements of the size they wanted, they'd have much less incentive to stop; and if Samsung had managed to score a win or wins that conclusively got Apple off their back they wouldn't need an agreement; but neither party has. Apple likely has (between the number of patents and the number of venues for fighting about it) unlimited lawsuit fodder; but they haven't been able to make any of it hit has hard as they would like; while Samsung has been able to whittle down Apple's demands quite substantially; but has no chance in hell of getting a 'the court has proven that Apple needs to stop suing you now' decision.