I hope too. Even with the best intention in the world, doing this would only have negative consequences (and not the expected one).

• Filtered content would still exist and grow happily with at most the small annoyance of hiding it slightly. Or simpler yet use a vpn that even a grandma could set up nowadays and proxy to an unfiltered ISP.
• People responsible for "drawing the line" of what is forbidden will go haywire. Any situation where the lines are fuzzy need dedicated examination and reaction, not a handful of guys saying "hey, block me this just 'cause".

But I'll admit I might be a bit optimistic trying to use logic and basic thinking about what will be a political discussion.

For desktop users.
Most "not power" user simply want their computer to access "the internet" and don't care much about anything in between. NetworkManager does just that: plug the ethernet, you get a working connection. Input a wifi password in a simple, straighforward input dialog, and it works.
I don't know if it was designed explicitely for this usage, but it work wonderfully there. In other scenarios... not so good. On a dev system, or a server, you'll want to remove it. Bet let's not forget the desktop users :)

The proposition to have multiple init system in Debian was promptly rejected with arguments ranging from infeasible to "who is going to make all these packages compatible with sysv init" (although they were compatible a few month ago).
I don't think doing it anyway in Debian was a good choice in that ambience.

Story time... A few days ago (less than a week!) the SCPP (the french RIAA) finally got a ruling forcing ISP to block TPB. At the time, we all laughed at both the idea that blocking a website is useless, and at the price we payed for this (it took a lot of court time to get this result, which translate into taxpayers money). Fastforward yesterday, TPB disappear. If the situation stay this way it will truly be a ridiculous ruling on all account. Fantastic.

No problem, he's not saying there are bugs in the Linux kernel. He's saying there were bugs in the Linux kernel.

There's some middle-ground to find. Sure, there is no 100% foolproof way to secure your network, but if a company get hacked and preliminary investigations shows that this company used debug configurations with outdated software, coupled with bad habits of storing sensitive information in a plaintext, unprotected database, then this company is guilty of something.

Why should you rely on others opinion when it's free on every major system for you to test it out, and install almost instantly given you don't have an internet connection from the third-world?

As per tradition, I didn't RTFA, but Microsoft have a nasty history with opensource and licensing. It's so bad, that some developer take care of not *seeing* any MS source to avoid future litigation... I would be very careful with the condition attached to using .Net.

You.... don't?

This one is too hard to defend. Sometimes I've been really enthusiastic about small and/or useless stuff on crowdfunding sites and early access stuff, but this is simply overpriced off the shelve hardware with a sticker...

Well, as long as there are people willing to send money to them, I suppose it's a "good" idea from a commercial point of view...

Ah, I get it you don't take the subway (or other crowded public transportations) too often...

Regarding the time needed for this, when I put my own card behind my phone, it really worked in roughly a single second. And it does work as fast through multiple layers of clothing as long as there's nothing metallic in the way. Now, in very crowded area, peoples get pushed on each others. If it was enough in the past for a skilled pickpocket to steal your wallet without you noticing, clearly it's enough promiscuity to do a contactless swipe over your pocket.

Now, the question of multiple NFC cards is real, but you assume that people who have multiple contactless cards hold them all in the same place. Unfortunately, for it to mitigate this "attack", all the card need to be on the same technology (for example, my transportation card doesn't talk NFC and don't seem to interfere with my phone NFC reading capabilities). And some people find it more convenient to "spread" their contactless card, so they can just push their wallet/handbag/whatever on the NFC reader instead of taking out the card itself. Again, convenience my very well be in the path of security.

So, all in all, yes, I have evidence that reading an NFC card through clothes can be done efficiently and go unnoticed. Also, since you mention tinfoil wallet time, for NFC it might be enough. I said it in another post, but a "simple" metallic card holder render my cards invisible as far as my phone NFC reader is concerned, so it might be a short term solution. But I also don't doubt that it's infaillible, as boosting the signal from the receiver side might be enough to get through that. YMMV.

Don't know about "faraday cage" wallets, but I carry most of my cards in a simple metallic case that loosely close (it's not airtight or anything). It is enough for my phone to not pick up the card inside when I put them together, so I suppose it would be a severe hindrance to people trying to read an NFC card with a quick bump.

Still, some tweaked hardware to boost the signal on the receiver side might get through. Hmm I need to run some more tests...

Don't have to. Bump into a person every few minutes in a crowded subway area, and get $20 out of any of them that have a card that happen to be close enough to the "bump".IF you do this every two minutes, and only 1 out of 5 person get you a result, a 7-hour day of work will yield 42 card details, or $840 of "chump change".

Now, think about this: this contactless payment system is not going away soon (I'm not even talking about the "vulnerabilities" exposed there). If you manage to get a channel for all these card numbers, it seems like you're running a very profiteable business. Only fixes are changing the contactless cards to something with actual security (not gonna happen soon), or putting them in some metal wallet to avoid unwanted readings (and people won't care for such small quantities of money).

I didn't RTFA (because this is slashdot after all) but if the topic is really about a way to bypass the small limit on contactless operations, even by a small amount, it can get huge very fast.

To be even more fair, the data on a passport are somewhat encrypted, so it's not as easy as reading a card number ;)

That is the thing I find the most infuriating with these contactless payment systems. We *have* the technology to produce contactless smartcards, and yet their new big thing is just sending all data in plaintext to whatever reader is available. When my mother got her new credit card, I put it on the back of my phone, and on screen popped all the informations needed to use the card on any website not using stuff like 3DSecure (and there are still a fair number of them).

Feels like banks actually want to help pickpocket: now when they bump into you, they won't need to get your wallet.

Yeah... or, just putting the damn card in the card reader.

Not sure about the state of payment cards in the US, but in France (and likely most of Europe) we've had smart cards that actually discuss with the payment terminal. While not that secure at times, you needed an actual/intended physical interaction between the card reader and the card.

Fast forward to nowadays, we've introduced contactless cards, so anyone with an NFC phone can read your card info through your pocket. Like reading the magnetic track. Except there's no physical interaction needed. All of this for what? So it could be easier. Why didn't they *simply* use *existing technology* and implemented a protocol that allowed fast payment (without entering a PIN code) through traditional readers instead?

I'm not saying that these new "vulnerabilities" related to contactless/NFC cards are not a problem: the protocols should've been secure from the start. But they actually had something that prevented all these loopholes, and said "nah, let's go with NFC even though it don't speed-up the payment process in the least." What a joke.

There probably were warnings. But the question is, how important where they, and how long before did they happen. If a magma stream crawled through an earthcrack, if could have triggered minimal seismic activity for 10-15 minutes before the event, which is both too short and too small to be noticed.
Remember that Japan is located in a very active place regarding underground activities.