Okay, but if $600k is a rounding error to Marriott, then it’s not even a phantom bit flip on the LSB of a double to the US Federal government. This wasn’t a profit making exercise.

s/Tor/Security Technology/g

Tor, encryption, any kind of tunneling... Basically any kind of security or privacy enhancing technology is one wrong move away from breaking. Check your Facebook on the Tor connection? Oops... Type your disk encryption key into the wrong window? Oops... Etc.

Dirty little secret: OS X is held together with something that smells disturbingly like systemd...

It’s really not a gamble for the majority of their customers. Default install ships with neither SSH, nor Apache, nor anything else that could possibly route network input to a copy of Bash enabled by default (both OpenSSH & Apache are included, just turned off). To be expoitable would require manually enabling Apache, then manually editing httpd.conf to enable some kind of CGI binding (none enabled in default shipped config file).

The number of their customers who were actually vulnerable to this is probably single digit percentages. I’m glad to have the patch available, but none of the dozen or so Apple machines I’m responsible for at home or work were actually configured such that they were vulnerable to this.

You misread that. The comma is important. “nor shall be compelled in any criminal case to be a witness against himself,” is the relevant part to encryption. “nor be deprived of life, liberty, or property, without due process of law,” is separate from that. The second clause has to do with warrants, but the first clause is not qualified by the second. IE not even a warrant can compel you to be witness against yourself. Nothing (legally) can compel you to do so.

The source of argument with regard to encryption keys is whether revealing the key is being a witness against yourself or if it’s the same as turning over the key to a physical lock. US courts were conflicted on that, but especially after the recent SCOTUS decision that warrantless searches of cell phones aren’t acceptable, it seems the tide is turning and compelled disclosure of an encryption key is going to be considered compelled testimony. The basis of the cell phone decision was that as use of cell phones and other personal technology has evolved, people have begun to store data on them of a far more personal and private nature than what would be stored in a safe or a lock box. The expectation of privacy that the common person has for those devices is quite high, and thus it’s proper to require LEO to seek a warrant when they feel it necessary to invade that privacy. Similarly, revealing an encryption key is seen to be a much more profound invasion of an individual’s privacy than simply handing over the key to a lock or combination to a physical safe. The analogy to a private code written in notebooks is also on point. You could never be compelled to translate your private papers to aid the police, and I see no reason that providing an encryption key to “translate” the encrypted data should be any difference just because there’s a machine involved in the process.

Assuming that continues to be the case, then no warrant can legally compel you to aid in your own prosecution. The warrant can take the phone away from you for searching in the first place, but nothing can force you to aid in conducting the search. If they can break in, they get it. If not, oh well.

Amen!

Obama has had ample opportunity where bad policies of the previous administration have been brought to light and rather than fix them, he’s repeatedly reaffirmed the bad acts by his predecessors. The buck stops at this desk, ultimately. He gets a tiny little bit of a pass if he could claim he didn’t know about abuses of privacy, but as soon as they’re front page news and he lets them keep going, I don’t care who started it. Obama owns it.

After all, if you’ve managed to go through your whole life without doing something suspicious enough to get on the watch lists, that’s pretty suspicious all by itself...

Mr. Orwell, please come to the view screen.

I wouldn’t be the least bit surprised if that $389 payment was on an 8+ year old car. “No credit / bad credit” used car stealerships tend to inflate the prices of the crap they’re selling by a significant margin. They depend on customers too ignorant and/or financially desperate to realize they’re paying double or more the fair market price or who have no other options that they can “afford”. Add a nice high “bad credit” interest rate on top of that, and it’s a pretty lucrative business to be in, assuming you have no remorse for taking advantage of people.

Be sure to thank Microsoft for teaching you the value of robust error checking. Assume any other host you need to talk to was nuked from orbit five seconds ago. Write your code to bounce back from that to the degree possible.

At the very least, DB *connections* should be assumed to have evaporated since the last time you accessed them. Use some sort of pooling library that can deal with that transparently if you like, or just catch & retry if necessary.

Seriously though, sounds like the environments you’ve worked in have been simple enough with low enough transaction volume that you got lucky & everything just worked. DB & app server on the same box maybe? Dealing with temporarily unavailable external hosts is just part of writing multi-tier code.

Can you even FIT the 6+ in the pocket of a pair of skinny jeans???

Unless you’ve counted every single calorie & macronutrient in and compared them to times you’ve been balanced versus imbalanced, I frankly don’t believe you that you’ve seen large swings in weight while eating the same number and makeup of calories.

I definitely agree with the imbalance aspect. There are days when I’m low on protein or for whatever reason really craving some carbs at the time or needing potassium or something. I’ll eat everything in sight and still not be satisfied until I find the one thing that I needed, then I’m good. I’ve been getting better at consciously recognizing that “EAT ALL THE THINGS!” mode and either recognizing that a particular “off” feeling equates to a particular nutritional need or else just nibbling a little of the common triggers to see what makes me start to feel better.

Bottom line though is that when you’re not eating the nutrients your body needs, you just feel starved and eat waaaay more calories until you satisfy whatever the nutrient need was. It’s really easy to not notice that you’re eating way more calories since they tend to be snacks rather than meals, but it adds up in a hurry.

I’d be willing to bet that’s what caused you to gain weight when doing the veg thing. You were eating more calories than you realized trying to meet (or is that meat?...) whatever deficiency your body was feeling. And ESPECIALLY going veg, you’re inevitably going to fill up on sugars and starches. Compared to eating more of your same-number of calories from proteins and fats, just about everyone would gain weight eating the same number of calories in mostly carbs.

the game doesn’t have much going on it unless you make something happen

But... But...... Then children might learn that they can make their own entertainment without needing to pay Hollywood to imagine it for them! You monsters! What are you doing to our children???!!!!

=)

Of all the things my 14 year old could have gotten hooked on, Minecraft doesn’t even register in the “lesser of evils” category. A little moderation is a good thing, but compared to having his brain rot in front of the TV, I’ll take Minecraft any day. He’s imagining & implementing the things he imagines, and he’s communicating and cooperating with his peers. Most of them are even in our geographical area and/or in his school which puts his online social interactions a good bit better than my own at his age where my closet emotional connections were to people I’ve never seen who lived on the other side of the country.

And as far as TFS’ assertion that, “Setting a child free on the Internet is a failure to cordon off the world and its dangers,” may I just say, “Fuck you!” I’ve never once felt the need to shield my son from reality. We’ve talked to him throughout his life about the fact that there are bad people and that there are things you should never do online because they could put you at risk in the real world (sharing personal information, arranging to meet people, etc.). I think my son is a much better adjusted young human being for the trust and faith that we’ve shown that we have in him. Teaching, guidance, and trust are much better tools than surveillance and censorship. It’s the same approach that my parents took with me (admittedly more out of ignorance of what the Internet was at the time on their part). It worked out alright for me, and my son has never done anything to make me regret taking the same approach with him.

There are two things you as a soon-to-be defendant can do:

1) Power down your phone if you believe you are about to be detained. On power-up, the device requires your passcode to unlock. TouchID doesn’t work after reboot until the passcode is entered once. You can do this without unlocking the device by holding the power & home button for 10 seconds.

2) Either before arrest while you can still surreptitiously access your phone or after when they’re trying to get your finger on the screen, use the wrong finger (one you haven’t enrolled in TouchID) or move your finger enough to smudge and get a bad read. You only get five attempts before the phone stops accepting TouchID, and you need to provide your passphrase again. If successful, the screen will say, “Touch ID does not recognize your fingerprint,” so it’s detectable to someone who knows what they’re doing, but also confirmation to you that it worked. As far as I know, there’s no timeout to this status. You will not be able to use TouchID until the passcode is entered.

Either way, TouchID is disabled and they need to get your passcode out of you. Assuming you’re still in ordinary LEO territory, a $5 wrench isn’t going to work out when it comes to admissibility. If you’re already in TLA non-citizen territory, you’re done for anyways. Your call if “making it easier on yourself” is a good play or not...

You can only be charged with contempt if you refuse to do something that you’re actually capable of doing. If it’s not possible for you to do it (and the court can’t prove that you can), contempt isn’t an issue.

Apple’s announcement states that they are not capable of unlocking users’ devices. You can’t (yet) be punished for creating a secure computer system that you can’t break into yourself.

Prior to iOS 8, Apple was capable of subverting their own security and did so when compelled to do so by law enforcement. Starting with iOS 8, it’s not possible for them to do that any longer.

A judge can’t hold you in contempt if he orders you to fly and you don’t (unless you’re Superman). Ordering Apple to break the raw 128-bit AES key on the flash chips is equivalent to ordering them to fly for all intents & purposes.

I’m not sure if you’re a US citizen or not; but if you are, please leave now.

I’ll gladly buy your plane ticket to any country that considers it acceptable to use punishment to coerce someone into assisting police so they can prove a crime and punish them some more.