So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.

I think using intent as a basis for this judgment is a slippery slope, though. My counterargument is, for instance, having a website which links to videos of people committing vandalism. Regardless of whether it's a site by some graffiti artist who admires the content they're linking to, or some "get off my lawn type" documenting crimes being committed, it should be allowed either way, even if it could be construed as supporting something illegal.

What if the site name was different, say, "scumbagcopyrightinfringingwebsites.net", from someone who works in the movie industry and wants to generate a public list of sites of copyright infringers for his employer to take down (unlikely, I know, but an example nonetheless)? The intent is wildly different, but the end is the same--someone could use it to find streams or what have you of shows they want to watch or songs they want to listen to.

What if the site just blindly compiles video results from the Google Custom Search API allowing people unfamiliar with Google hacks to find TV shows? Different intent, but no attempt to limit those who obviously intend to use it for copyright infringement. Should a site like this have to take into consideration the copyright holders?

I like using rlslog.net to conveniently find torrents. They host no copyrighted content whatsoever, only link to sites which link to torrents which in a sense link to a swarm of people who have parts of the file of interest.

I imagine that, just following random links on the internet from nearly any given site, I could eventually get to the site I mentioned above. How many links is enough degrees of separation? Surely if liability is introduced simply by linking to a website, you are liable for anything sites you link to also link to. I wonder how many government sites link to Google as their site search provider? Google can get you anywhere, so surely the government would in those cases be liable for linking to Google which links to torrent sites. And that's why this idea is completely absurd.

And how the hell is what this kid did worthy of extradition, or even a felony in the US? Our copyright policy is so ridiculous.

Yes it is; you're innocent until proven guilty, regardless of how much prosecutors, police, and the government don't want to believe it sometimes. If the government can't be burdened to prove that he's guilty, he's innocent.

Last I checked, Canada was a country in the North American continent. But please, take the opportunity to bring up the US for no discernible reason.

Schools in North America at least--if not everywhere in the West--seem to think that their disciplinary powers extend to any actions committed by students anywhere during their years of attendance.

In my opinion, the only time a school should have the ability to initiate disciplinary action for an act committed off school premises should be after trial and conviction of a crime. Free speech protections often don't apply in schools (don't get me started on that), but a school has absolutely no right to restrict a student's speech off school grounds, and this would be aptly enforced by requiring disciplinary sanctions for off ground behavior be the result of a conviction in a court of law. This school would get laughed at if they even mentioned prosecution of this student for this behavior to a DA, so there's no reason they should be allowed to do this.

And instead rejoiced in seeing the the editors selected non-overlapping poll options.
Hopefully no pedants complain about not having (20,21) %, (40,41) %, and so on.

And those apps require that all location data be recorded and saved to a file all the time?

Did you mean to say unlike lazy people in general?

If you can get the symmetric key negotiated between the two hosts, what's stopping you from using it to decrypt subsequent traffic?

I'm pretty sure DD-WRT doesn't generate a new certificate every reboot, and if it did, generating a new private key would be a required part of that (the private/public keypair are generated in tandem as a necessary step of RSA).

I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.

1) Router administrator negotiates an HTTPS or SSH session with a router or other hardware
2) Attacker is either listening passively or is a man in the middle (via ARP poisoning or what have you). Because they have the private key, they can advertise themselves as being the router without raising the alarm with your SSH client or browser
3) You provide credentials to the router (or MITM). The credentials are logged by the attacker
4) You proceed to do whatever you intended to do in the router's configuration, and log out.
5) Some time later, the attacker logs into the router as you, and makes nefarious changes to the router configuration (such as uploading compromised firmware which logs traffic, or has a backdoor, etc). Any changes done look like they've been done by the router administrator.

I don't know how likely this is in a work scenario though; I haven't searched the database for common mid-level to enterprise routers/remotely configurable switches. More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.

Presumably it will allow an attacker the ability to listen passively for traffic between a router administrator and the router itself, allowing the attacker to gather login credentials and use them to whatever ends they intend.