The exception to this is if you are in debt to the private business. In that case, they must take cash, as it is "legal tender for all debts, public and private".

Not necessarily. Read the snopes link i posted. It covers that too.

" However, legal tender is the default method of payment assumed in contractual agreements involving debts and payments for goods or services unless otherwise specified."

unless otherwise specified

If the contract that put you in debt specifies a different method of payment, then the alternate method is legally binding, and other party is NOT obligated to take legal tender as payment. (ie you could enter a rent agreement that requires cheques; and the landlord could refuse your offer to pay in nickles without discharging the debt -- ie he could suggest you take the nickles to the bank, count them, and have them issue cashiers cheque instead. And the courts would uphold that.

That said, legally you can pay the IRS in pennies. But legally they can make you count them, in front of them, to make sure they are all there.

As for employees, there's not a lot you can do about that other than monitor their activity on the production server and restrict access.

Only storing individually salted hashes instead of plaintext passwords goes a long way to mitigating what even a disgruntled or corrupt employee can do with the password database.

Granted if the employee corruption (or hacker) runs long enough and deep enough, they could add code at front end to capture and dump passwords as they are being submitted prior to being hashed.

As a bit of a tangent...

I ran a web forum for a while once (relating to a competitive multiplayer game), and it occurred to me at the time just how trivial it would be for me to log login attempts and build a database of email account + passwords.

Based on the likelihood of password reuse, that list would likely prove valuable in general (and would probably have given me access to game accounts of a disturbingly high percentage of my fellow players, allies and opponents.

Even failed login attempts precding successful ones may be valuable, under the assumption that they used one of their real passwords on my site by accident. (I know I've done that... tried to log into site x with password for site y.)

Never use the same password on two sites that matter to you even in the slightest.

The only thing they are not allowed to do is to decline to accept legal tender. I.e. they legally aren't allowed to reject a $100 if it is a genuine bill, regardless of what store policy is.

This is false.

This article is only tangentially related to your claim, but it explicity addresses your particular variation.

http://www.snopes.com/business...

"private businesses are still free to specify which forms of legal tender they will accept. If a shop doesn't want to take any currency larger than $20 bills, or they don't want to take pennies at all, or they want to be paid in nothing but dimes, they're entitled to do so"

The general issue with Bennett Haselton is simple.

Everyone else in the world submits articles, slashdot summarizes them, links back to the full article, and the comments here ensue.

In some cases the article links are just a link back to the article submitters own blog (and this is gently mocked but usually tolerated), in other cases the links are broken (also mocked), in some cases they are linked to an unrelated article (you bet we mock this too), and very occasionally for those people who enjoy the thrill of the hunt, they do go back to an original article in some legitimate or quasi-legitimate source of news. (Hooray!) (In which case we can mock everyone who didn't read TFA.)

Bennett however, as if you've read any of his articles you will know, is special. He read about the virtues of conciseness, efficiency, brevity and then wrote a short epic about how why they really shouldn't apply to him.

When he looked at what it would take to get his very own blog up and running he quickly realized that it was a pretty serious undertaking. He'd have to register somewhere, choose a password, maybe even pick a theme. Do you know how much that would cut into his actual writing time? Several minutes, at least, and he really just doesn't have that kind of time to spare, what with already being slammed just keeping up with writing down every thought that pops into his brain.

So, long story slightly less long, he decided why not just use slashdot itself as his very own personal blog? It saves him having to sign up for one, and better still he argues, saves us a mouse click by eliminating that superfluous step of having to click through to get to the full article.

After having this explained to him, Bennett rejected the argument and suggested we should be delighted at being able to reach his thoughts without having to make that one extra click to an external source.

So now we just mock Bennett.

I think that sums it up fairly concisely, at least relative to what Bennett would have said. ;)

So yes, you can probe all day with a random mac. Just expect to have to reveal a session-consistent mac when you try to connect.

But that's the use case most of us actually have. If I'm at the mall, I'm not in range of any known network. Of course my phone doesn't know that -- so it needs to probe.

Meanwhile, I'm at the mall, and the mall is very interested in where I am, how long I spend there, how often I come back, etc... so they are tracking those probes, and building a profile on the activity from that MAC.

I'm not actually connected to any network. Nor do I expect to connect to any network.

Therefore the probes should always be random.

Once that's determined that HEY there IS a known network in range, THEN and ONLY THEN it can use a non-random mac. If I connect to a network, then I implicitly submit to some level of tracking -- the network implicitly needs to know where I am and whether I am connected so it can route traffic to me.

I used to work at a financial company where the web server didn't have physical connectivity to the DB,

I suspect you meant something entirely different from what you said. The webserver cannot be air-gapped from the password database unless you literallly have a person sitting between the two systems keying requests from one into the other and back again. Otherwise they most assuredly ARE physically connected in some way.

Personally, I think passwords should be stored in plain text in the DB as a reminder to all developers

Then your DBA has all the passwords, and your one bribed, disgruntled, or incompetent DBA away from a massive leak.

suggesting that storing your DB credentials in your web code was OK as long as you "secured" it

I'm generally ok with this. You shouldn't be embedding your root or sa or whatever database credentials in the website but its not necessarily improper to embed limited access credentials to the database in the web app that needs that access.

On windows, for example, one can put database credentials (for a limited account that only has access to specified views and or stored procedures) in the web.config and encrypt it. This seems entirely reasonable to me.

How did you get to 90% if you're only using 2.5-5% per year?

a) I'm not at 90%; as it happens I'm at around 50%. I said when I reach 90% it will take a year or 2 to reach 95%

b) I didn't start at 0% and then average a couple percent a year. I was at 30-40% within a week of setting up the new home PC.

I copied my 10,000 track music library. So 50GB or so right there. And another several thousand digital images, scans, and so forth. I have a small library of ISOs I keep on the drive worth another 20-30GB. A handful of movies. A couple dozen games and large applications installed... the steam folder alone is 300GB. (And I have only a fraction of my library installed; but its the fraction I always go back to plus what's new that I'm playing now. So although its was 250GB+ within a week of setting up the PC... its only grown another 50GB in the last couple years.

And now that its all set up, it grows, but not especially quickly. I add a few hundred audio tracks, and a few hundred photos a year, email, documents, tax records, etc... everything else is fairly steady state.

do we have any pieces by Bennett Haselton on the Ebola outbreak or diseases in general?

Indeed, perhaps he could present us with 'A Modest Proposal' that came to him whilst reading the messages in his alphabits.

But you are four years past the safe lifespan of your disk, and when needed, it could fail.

Hence... backups.

Hoarding capacity for a decade is as foolish as running out of space tomorrow.

Hoarding capacity? I don't even really know what that is supposed to mean.

In my experiences, a 90 percent full drive has as much time left before running out as it did a decade ago.

In your experience maybe. Not in mine.

I don't use 10s of GB at a time. If I start a new torrent, dump my phones camera onto my computer, or install a new game that eats a several GB. But everything else is pretty steady state with very slow steady growth. I don't download a lot of torrents on this particular PC, and sometimes remove old ones, I install a few new games a year and sometimes uninstall old ones...

When I hit 90% full on my current data drive, I'm probably 1 to 2 years out from hitting 95%.

If you've got a recent iPhone, it's already randomizing the MAC used for background scans:

Sort of.

http://www.imore.com/closer-lo...

The key is 'device's processor is asleep'. Any time it wakes up, it probes with its real mac. So if your in line at the store, phone is in your pocket, and twitter gets an update (over cellular data), that still wakes your phone up, and it probes with its real mac.

Or, since your in line at the store and bored, you pull out your phone and check the time, and respond to an sms... its awake and it probes wifi with its real mac.

It turns out its a lot less useful at protecting your privacy than you think.

How do probes with random macs break it? If a known network it wants to connect to is present it can use its real address.

But for probing -- for determining what available in-range SSIDs are present; so that location services can use the SSID list to assist positioning, and so that it can decide whether it wants to present its real address in a follow up / probe / connection request... that seems like something simple that shouldn't break anything.

And beyond that other than filtering by mac (which is idiotic) even the real mac should be randomizable between sessions with the same network SSID. (And should work with vlans, bridges etc)

People with a deep knowledge of 802 protocols are looking at this and it isn't simple or easy.

probing without connecting should be simple and easy.
I concede that maintaining any sort of connectivity needs some thought.

I disagree. Although i do think my phone should change its mac address regularly so that the tracking is at most session based. They know -a phone- was in line for 30 minutes. They don't know the phone is my phone. And when they see a phone a for 30 minutes next week they won't know its the -same phone-.

Also, just a heads up to those excited about Apple's ios mac randomization -- its proving to be not remotely as good as they led us to believe it would be. (It only sends out a random mac when a) not connected to a network, b) AND asleep.

Any time anything wakes up the phone it probes with its real mac. (So for example, if your on cellular data, and twitter or email or something gets a message to your phone, it wakes up and probes wifi with its real mac...) rendering the feature all but useless. Apparently the fake probes also include your recent SSID list too making them even more useless.

http://www.imore.com/closer-lo...

So... not worse than ios7 ... but not exactly useful either.

And on that note, does anyone recommend a good automatic mac randomizer for android?

Red light violation ticket costs are way out of proportion with the potential damage done. For example: I go through about 40 traffic lights as part of my daily commute. If I sneak through only one of them every day, then I could potentially owe about $40,000 in fines each year.

And if I go out at 2am drive to the nearest deserted red light and just drive backwards and forward through it, I can rack that up in a single evening. I'm not sure what your point is? That you can deliberately hang yourself on the law if you are an idiot? Ok... I'll give you that.

In 10+ years of red light cameras here, I've never gotten a ticket from one, ever, and I drive through at least 3 to 4 protected intersections a day. And I don't count myself as a qualified driver ed instructor or anything else. I go days even weeks at a time without seeing the camera flash at any one; so its not like the general public has a difficulty with the concept.

I'm certain the safety aspect of a few extra cars going through the end of a red doesn't constitute enough of a safety issue to warrant fines at that level.

It does if you want them to stop doing it. Because a normal person isn't going to get 40,000 in fines, they are going to get 1 or 2 and then "figure it out" and stop getting them. But if the fine is $5 they won't care unless they ARE getting them daily.

Anyone with $40,000 in annual red light camera fines shouldn't be on the road, because if nothing else, it means they are incapable of "figuring it out".

If a rule is being ignored, then it's probably a bad rule.

Like stopping for red lights? Is that a bad rule?

Also, I assure you that a few extra cars getting through a red light doesn't promote gridlock at the next one

Traffic jams can arise nearly spontaneously via something like 'butterfly' effects. A few cars sneaking through the red (and in turn delaying the traffic moving crosswise as a result) can disrupt traffic in both directions leading to congestion "waves" that lead to jams where it would otherwise not occur. It doesn't take much at all to disrupt traffic and create waves.

There's a demo on youtube where they asked drivers to simply drive on an even circular track at 30km/h maintaining the same distance from the car in front, and within a short time there was a conjestion wave causing cars to have to stop completely when it hit them.

http://www.youtube.com/watch?v...

Its amazing how little it takes to disrupt stable traffic flow.

The state of traffic engineering is pretty dismal.

No argument. But saying that, traffic is much more complicated than regular fluid dynamics, and good mathematical models are hard to come by. And then to top it off you've got various political meddling overriding otherwise good design.

Your opinion that red light cameras would help with traffic flow is just a gut feeling, not data

Within a couple months of red light cameras being added the situation where 1 to 10 cars would stream through the red light during each cycle during rush hour had ceased.

That much is a fact not an opinion. Sure, whether or not it improved traffic flow is question for debate. Presuming the traffic light timing is engineered properly its a reasonable speculation, but I'd be happy to see a study funded.

I strongly suspect that adding a red light camera to an intersection would not allow more people to go through per hour.

I don't think you realize how much congestion can be alleviated by regulating flow properly. Getting more cars through one intersection only to have them completely gridlock a little further in is a net negative.

I'd further suspect that enforcing the signals reduces aggressive driving and road rage -- because people get irate when they have a green light and a stream of traffic running the red light prevents them from starting, and only reinforces the urge to run the red light yourself when presented with the situation.

Even if it helped, a traffic circle would help more

Maybe. I like roundabouts, and traffic circles. I supported having one put on my street during the public consultation period when they were reassessing the intersection. But they don't work everywhere. Roundabouts aren't easy to navigate for large trucks so they don't make sense on truck routes, highways, etc. And and proper multi-lane traffic circles need space -- are you proposing we knock down downtown skyscrapers to put one in at every intersection? How exactly is that a simple cost effective solution without conflict of interest?

so why bother with a solution that costs good people money

That's just it. Red light cameras don't cost good people money. Good responsible people don't habitually run red lights*, so its a non-issue. The cameras, with the threat of a fine, were effective at altering good peoples behavior at intersections, which was the goal. I've never gotten a red light camera ticket; my wife has never gotten one. We both drive through camera protected intersections every single day, we aren't even conscious of them.

Policing should not be automated.

I generally agree. But I'm not outraged by red light cameras.

Alhtough I do think any enforcement revenue collected by automated systems should simply be paid back to the residents as a dividend against their property taxes. It shouldn't go to the police. It shouldn't go to general revenue. It shouldn't create entities dependent on the money.

* Speed enforcement is completely different because the conflicting objectives of driving with the flow of traffic combined with speed limit changes, terrain changes, vague signage, plus the imprecise nature of vehicle speed measurement means that yes, the majority of good responsible conscientious drivers DO habitually exceed the limit, at least sometimes, by a little.