Nice nitpick on an analogy. Can we discuss the point the analogy is making instead please?

I never gave my opinion on the matter. Your ignorant political stereotypes led you to make assumptions about what things I never even commented on. This is common amongst political ideologues and other loudmouths and pundits.

If it were mindless tripe you'd swallow it without a second thought. The fact is you've completely failed to grasp the points which were being made. Calling it "mindless tripe" because you don't understand it is ... pretty childish. Reminds of the hick I met down in the bible belt who called evolution "mindless tripe". You two would get along great.

I know nothing about satellite receivers or equipment purchasing options for digital DVRs. Generic DVRs for years have included IR blasters to control a library of set top boxes including satellite receivers. A bit lame...

Cable cards are backwards compatible, have been around for a decade thus far and currently in no danger of going anywhere anytime soon.

SDV compliments rather than replacing cable card and still required to use SDV. For most people SDV means an additional box plugged into any available receiver/DVR USB port.

There is no prohibition against storage of PAN (e.g. card number) in the PCI-DSS. You are forbidden only from storing CVV2 and full track data from the mag stripe.

I don't think you know what that fallacy actually means. Nothing I wrote is even close to an excluded middle fallacy. The particular bit you quoted might be considered a sweeping generalization, if it weren't so blatantly evident that I was mocking your kindergarten-level understanding of economics.

Hurr, durr, ad-hominem fallacy!

I'm fine with http. I'm just stating my opinion. If that is grounds to lock me up, you can as well lock me up for then I'm in a prison already.

Would July 14th be ok?

The breeze around your neck that you feel shouldn't worry you...

If you think I'm conservative and pro-gun, then you've clearly never read any of my other posts. In fact, if your entire reply is not just an ad hominem, but one attacking views that are diametrically opposed to the ones that I've publicly stated on numerous occasions, I can only assume that you are completely lacking any meaningful responses.

That's what strong encryption is for.

The strange thing is that I trust the Russkies more by now than I trust the US...

If someone told me that 30 years ago...

Considering who owns Mega, I wouldn't trust it further than I can throw that blob.

With MJ? Yeah. Sure. MDMA? Umm... maybe. Crack? No effin' way!

People who want to enjoy drugs are not necessarily insane...

I thought the judged dinged them only for using the data, not retaining it. I am under the impression retaining it is standard practice. Is that not the case?

Who holds and filters the data in a civil case?

This "long-established practice" has always been a violation of the 4th amendment. The recent case where the US government used hard drive data from a *different* case is proof that they should not do this. They should never get the entire hard drive contents. A neutral 3rd-party should copy the drive, perform an appropriate search, then erase the copy. There's no reason for the government to indefinitely hold copies of data they should never have had in the first place.

Just imagine if they had a warrant to get your address book, but they kept a copy of every piece of paper in your entire home, just in case it became relevant later. There is no way that would be allowed. But the digital equivalent is somehow acceptable.

There are two parts to that.

The first part is that the network log-in source can be grouped as an infinite number of terminals--lots of connections--so a per-connection rate limit is useless; thus all network service log-in (caveat: Active Directory handles console log-ins... over network) must be grouped as one thing to be effective. Console log-ins are separate so that a network attack can't function as a DOS; as well, the risk is mitigated because you can't enter passwords fast enough for any use.

The second part is that a console brute-force is slow. Your concern about what amounts to typing really, really fast (i.e. programmed HID plugged into USB) isn't a real concern because of password complexity. It's not that passwords are necessarily that complex; it's that a password which isn't complex enough can be readily brute forced under strong password policies like "3 passwords per minute", it just takes a week or two.

No, I dismiss the possibility that short lock-out intervals help with weak passwords.

You can attack 129,600 passwords per 30 days if you have a 3 failure per minute policy. Basic English 1250 extends out to about 5000 words with conjugations and domain language (medical, legal, whatever) for most people. Weak passwords in the traditional complexity scheme are like "rainman" becomes "Rainman1", so 100,000 attempts has a fair chance of getting it eventually. That's within the realm of a hardware keyboard typist. Common policy is 60 or 90 day retention, which increases the risk into strong viability; while public kiosks are too visible for a multi-hour console log-in attack, which makes these attacks less viable even at high rates.

Complex passwords reach 10^14 theoretically, and four-word passwords reach 10^16. Reasonable rate limits of 20 attempts per minute carry this out to hundreds of thousands of years. A human can type barely that fast. Remember the original argument:

If the attacker tries to log in over RDP or telnet or such, and locks the account, the actual console log-in box no longer works. That's dumb, because no attacker can possibly brute force the password through that, unless the password is laughably weak--in which case, as stated above, the rate limiting doesn't actually help.

tl;dr: I can lock you out of your server by constantly trying to log into your server, so you can't apply patches anymore. Then I hack it on Tuesday.