Actually there was only one important caveat: "Pass a law that if a service provider says that they offer service to an address they must do so by law." So the goal is not to get service to every address in the US, the goal is to make paying the fines more painful than generating a correct national broadband map. Correct map in hand, consumers can make a more informed choice and national providers will have a more flimsy straw man from which to argue behind.

Any civilisation that after 5000 years still makes food so hard to eat that it needs to be poked, chopped, ripped, etc AFTER the chef is done, isn't that great. Chopsticks are not a symptom of lack of refinement, the food that passes as "prepared" in western cultures is.

/flame on

The thing is, if they did, you would never know about it. It may seem like they don't even try, and they might not be, but they could also be defeating 95% of it. With a mission that is by design clandestine, no one may ever know until our kids get a peek at the public records dump 50 years from now.

Given that they had to redact a good bit of the material in the suit, my guess is that they are doing both. And why not? Trade secrets are internationally recognized as property, and property law is pretty easy to assert. If they can show a clear paper trail, they will probably win.

Of course any passwords that get cracked are cracked offline, it has been a long long time since even the most poorly architected of sites had an auth service capable of responding fast enough to brute force. The point is that more often still, passwords are lifted out of databases that don't bother to encrypt them at all, or passwords are "Cracked" by exploiting a poorly built password reset system to overwrite them. In those cases (which account for almost all of the malicious per-account activity), it doesn't matter at all how complex (or uncomplex) your password is.

Both are farcical. Good catch.

The point is that a site could very easily be giving you great password strength advice and then proceed to do something totally stupid with it (storing it with such a poor cipher that can be bruteforced in seconds.)

This is my exact point. You are right if and only if the provider didn't bother to use an effective salt, which renders rainbow tables pointless. Why isn't that part of the meter? "Your password is stored in a hash of type XXX that is ### bits long, hashed for ### rounds, and salted with ### bits during each round." would tell the user all they need to know about how well their password is going to be protected, and they can make a more informed decision.

That's my exact point. If a system is compromised and they are going after user data unnoticed, you are boned even if can't brute force your 5000 character epic passpoem, detailing the life and works of seven mythical Norse heroes (apologies to http://www.schneierfacts.com/f...). The only thing keeping you safe in that instance is staying the fuck away from downright terrible and negligent providers.

Not sure how that got butchered but the link to the article about passwords being stored by providers in clear or near-cleartext is http://techcrunch.com/2015/01/...

Brute forcing offline is only a scenario that can take place after a breach has occurred. In that case, even a password of 'veronica' should be strong enough to last until the breach is discovered (days?), the user notified(http://techcrunch.com/2015/01/...) make complexity 100% pointless, which is what I am getting at here.

As long as it's not one of either this list: http://gizmodo.com/the-25-most... or just a copy of your exact username, then yep it will probably suit you just fine. Dictionary attacks don't happen in break ins nearly as often as exploiting password resets (via social engineering or otherwise) or other blatant sidesteps of security (token reuse, etc), since everyone tarpits bad logins, sometimes after as few as 3 attempts.

The plain simple truth is that complexity of a password is barely relevant at all when compared to the threat of an outright data breach at a provider. Who cares if your password is 'veronica' (your daughters name) or `myL1ttleBr0ny%` since an attacker isn't going to bother with brute forcing anything but '123456' and 'password' because they will get tarpitted by any reputable provider before they can guess anything out of a dictionary more than 5 entries long.

What we need is a meter on a web site describing how much effort they put into server security, how big their target profile is (how many entry points they have) and a sign that says "??? days since a total data breach!", and then the user can decide if they want an account there at all. How's that coming?

Via a handy catch-all called an NDA. Facebook is in trouble if it stipulated something like "BRG is presenting designs in confidence and all material is proprietary and not to be copied for any reason... Facebook will be held liable for any material/tangential loss due to disclosure of included designs..." etc since Facebook has allegedly shared their "secret modular designs" with the construction firm that won the bid, and Open Compute Project.

Doesn't matter (but would help their case if it were). Note that the lawsuit isn't for infringement (patent or copyright) but for breach of contract and theft of trade secrets (that Facebook allegedly only had access to in confidence, i.e. via aforementioned contract). It all depends on if Facebook's agents signed anything similar to a NDA when negotiating with BRG for a design contract, in order to review a proposal using their "modular techniques". If BRG was smart they would have papered it up very specifically before they showed any sensitive bits to Facebook.

Like TFS says we don't have enough info to know if something super specific about the design was copied (like some allegedly optimal ratio of airflow to floorspace to TDP). This is most likely just a contract chase, hoping that the words of whatever Facebook signed are broad enough to catch them for designing anything similar to what BRG had proposed.

Next up, BRG will abandon their ridiculous claims, be put on trial for fraud, cut off their monitoring anklets and tape them to a broom handle mounted on a ceiling fan. You know, for fun. CYA in Belize!!!