Since 2002, the STARTTLS extension to SMTP, RFC 3207, has been a standard. In this particular case, the vendor's domain appears to be hosted on Google Sites, so if the OP has a gmail account the message won't even leave Google's network until he picks up the message via HTTPS or SSL-secured IMAP.

Wish I would have heard about this during the comment period, the article says it ended Friday. Anyway, the case is RM-11737 in FCC's ECFS.

Well, technically he still hasn't suspended deportations (or otherwise changed immigration policy) through an executive order. His "My fellow americans..." speech last Thursday was explaining a policy that the Department of Justice had told the Department of Homeland Security it could follow. He's taking credit for it for the purpose of arguing with Congress, and he would certainly veto anything that actively undoes it ("let's deport people by a random lottery", "let's deport everyone who has an anchor baby and is not yet a citizen", "let's deport everyone, Citizen or not, with a Muslim-sounding first name or an Irish-sounding last name"), but he hasn't done anything that the next President couldn't undo.

1981 version

2014 version

Difference in clause (i):
@@ -1,7 +1,8 @@
(i) Sell any new motor vehicle directly to a retail customer other than
-through its franchised dealers, unless the retail customer is a nonprofit
+through franchised dealers, unless the retail customer is a nonprofit
organization or a federal, state, or local government or agency. This
-subdivision does not prohibit a manufacturer from providing information to
-a consumer for the purpose of marketing or facilitating the sale of new
-motor vehicles or from establishing a program to sell or offer to sell
-new motor vehicles through the manufacturer's new motor vehicle dealers.
+subdivision does not prohibit a manufacturer from providing information
+to a consumer for the purpose of marketing or facilitating the sale of
+new motor vehicles or from establishing a program to sell or offer to
+sell new motor vehicles through franchised new motor vehicle dealers
+that sell and service new motor vehicles produced by the manufacturer.

No, they're not allowing gmail accounts to use non-ASCII local parts yet. However, mail to/from other domains can have non-ASCII local part and domain name. If that other domain allows a random user to create an account "róót", that's about the extent of the possible phishing.

There is value. If the creator wrote it on his free time after working 30 years in a probably thankless job he couldn't tell his family about, there's hope for me to do something similar, or at least I should advise my sons to get a good education and a stable job. On the other hand, if he was a 15-year-old kid who flunked most classes in school and spent the majority of his nights playing video games, I'd better get my sons each a latest-model gaming rig, because that ship has sailed for me.

My GMail (and Yahoo! as well) username is (first name)(middle name)(last name), all fairly common [in fact at my current employer there are multiple matches of (first name)(last name), and my father has the same (first name)(last name) as well], and I have not had this problem with either service. Perhaps using initials instead of full names is part of it; or your last-name may have different demographic connotations.

I did, however, recently have that problem with a Comcast account. When the tech visited our home for installation, he created an account (first name)(last name) @comcast.net . I didn't actually give it out anywhere, yet within a few months it was filled with a hundred or so messages for someone in another state. I did try responding to one item that seemed moderately important, and whoever got the response [the help-desk of some organization] didn't seem to grasp that I had no connection with the intended recipient. Since I hadn't advertised it anywhere, it was easy to change the username, to (my first initial)(wife's first initial)(my last initial)(wife's last initial)(string of digits) @comcast.net. While this address appears to have been reused, apparently Comcast no longer allows address reuse; I tried using a previous ID that I had used a long time ago, and it was not available.

Since you ask for advice, I recommend two courses of action:

• 1. As long as you still have access to that address, when you receive anything that is clearly misdirected and potentially of high value, deal with it politely. Don't use a "form response", instead personalize the response to the content of the message. CC the intended recipient on the response, if you are able to divine who it is. Once you've dealt with the matter, delete the whole thread. For newsletters, try following an "unsubscribe" action, if that's not available mark as spam.
• 2. Consider an exit strategy from your current e-mail address, no matter how much is attached to it. See the Google help posting "Change your username". For the new address, try a long nickname or full first name instead of first initial; or maybe add a string of numbers, a city your contacts will recognize, or a title. Give your important contacts plenty of advance notice, post the new address with the reasons you're switching [perhaps with a list of the confusing other identities as well] on your "old" Google+ profile. After a reasonable time (say six months or a year), delete your old account. Make sure you change your address at all the "various sites" you've registered at before doing so, in case you need to use a password reset function.

I wouldn't want to trust just the secretary of the other org. However, with public keys (HTTPS, PGP, SSH, anything else similar), it's good for the information on "how to verify" the key to be widely disseminated. For example, the org could put its key fingerprint, and a screenshot of the same as used in common applications, on an indexable part of its HTTPS-protected public website. An individual could put his PGP key fingerprint on his (paper) business card, as fine-print on his resume or CV, and in his e-mail signature. The secretary should be able to say what the key is, and how to verify that.

Right now, GMail, YouTube and Maps are all mixed together (not necessarily 100%, probably possible to do IP filtering, but Google may be moving away from that) ... take maps away and it's easier to block the other two.

On the Android platform, there are third-party, open-source apps available for encrypted voice and SMS. Those are just the ones I'm familiar with; there may be others.

... rnfvre guna qvttvat hc gur pbqr V cebonoyl qvq jevgr ng bar gvzr ...

Hibernation actually is a security hole. I'll ignore the kexec issue for now, but encrypted and checksummed hibernate images would be a good thing, and would be nice on a non-SecureBoot system as well. At a minumum, the hibernation image should carry a checksum of { the image data + the kernel that loaded it + relevant platform data }. That would at least prevent partially booting a suspend image with random corruption. Can SecureBoot also provide a secret key used only to encrypt the suspend image and decrypt it during boot? Or some additional data to feed into the checksum that securely identifies the platform? Or keep the suspend checksum in nonvolatile memory that can only be written to by a trusted operating system?

Basic "student" visa, yes. However, there are exceptions/special cases that allow work outside the school. One whole school in the SF bay area was shut down for visa fraud; see this article and this article.

... except that bona-fide work visas for random foreigners are pretty hard to come by. For many international students, a student visa is the only way to be in this country until they graduate, after which if their grades were good enough they have a shot at an H-1B or a sponsored visa. Then there are the schools that are diploma-mills whose main purpose is to allow their students to work in "practical training" as soon as possible...

Several of your arguments are either false these days, or not as bad (especially versus the alternatives) as you make them sound:

-take 30 seconds to a minute to load

This load-time is for the first applet in a browsing-session, not each one; and "30 seconds to a minute" is an outer figure, on a reasonably modern system it will be less. I've seen Flash-based games that took a long time to initialize, as well.

- fonts and widgets are not native and look weird

Actually, you can have native widgets, with the old AWT components; it's the (slightly newer, still around for a long time) Swing that looks the same on every platform. Whether it's "ugly" is a matter of opinion.

Now, it's true that some people never need to run applets, those who do don't do so every day, and some applets look like something from 1995 because they really were written in 1995, and still work; but the Java plugin is not totally going away any time soon, and I think it's still a good choice for applications with unusual UI requirements that need to run "in" a browser.

Applets aren't just games, either. From my current needs:

• The GIS browser for the city I live in;
• My employer's expense-submission program;
• The VPN clients (from two different vendors) for systems I access for work

And that doesn't even include JNLP (Java Web Start) programs, which aren't the same "sandbox" but which also depend on Java platform security for their sandbox.