It reads like it wasn't a subsidy to Google, it's that NASA sold fuel to all it's qualified partners at cost rather than at market rates. So the taxpayers didn't pay anything for a subsidy. NASA recouped what it paid for the fuel, it just didn't make a profit on the transaction. I don't see any compelling reason to require a government agency like NASA to turn a profit on it's deals, as long as it doesn't lose money on them either.
You don't have to save passwords. DD-WRT uses HTTP Basic authentication, so once you've logged in once the browser will continue to send the authentication header with every request for a path that the router's said requires authentication. The router doesn't need to remember any sessions for this to work, once you've entered the credentials for a given authentication realm and path the browser will retain them until you completely close and re-open the browser or clear the active logins data or until the router rejects your password and demands reauthentication.
In theory they should. But you have to trust Comcast to properly research the logs and determine that that IP address assigned to your modem (since the WiFi's part of the modem) was assigned to the public WiFi side and not your account. I'm not sure I'd trust Comcast with that when the consequences of them getting it wrong are so serious, I'd prefer to keep control over access. It may not stop all possibility of illicit access, but at least it'll be something I could have done something about.
And what exactly is stopping a bad guy from setting their network's SSID to 'xfinitywifi' and hijacking traffic? That's one reason I don't trust public hotspots in general, it's too easy for someone else to impersonate them and while I can and do protect my computer against attack from malware I can't protect my network traffic from the access point I'm connected to.
As far as "logging in" with their user ID, I doubt Comcast has set up the infrastructure to do 802.1x authentication and most clients aren't configured to handle it. They're using browser-based authentication, which means your computer will connect to any AP using SSID 'xfinitywifi' without prompting you and all your traffic will be accessible by that AP. A simple Web server mimicking the signon page coded to accept any password and you won't notice a thing.
Actually it is because of regulations. If someone hacks the bank's site and steals the money in your account, banking regulations make the bank liable for the loss not you. Banking regulations require the bank to have a minimum level of reserves to pay out withdrawals. Both of those make it less likely you'll have a problem getting your money. A bank can close it's doors and fold without paying depositors, but it can't do so without any legal liability to them for the money and the totals involved are large enough to make it lucrative for law firms to take on large groups of depositors and track the money down. And of course most people wouldn't put their money in a bank that wasn't FDIC-insured, so they'd get their money and the FDIC would handle tracking down the bank's owners.
And no, sadly the bank's web sites aren't any more secure than any others. It's just that laws and regulations make that not a problem for consumers, and the banks have an internal fraud-detection system that watches accounts for unusual activity. I've had more than a few times when something unusual caused a sudden large shift in my spending, and usually shortly after it starts I start getting calls from the bank's fraud department wanting me to verify the transactions. That system protects against any kind of fraud whether it be through the web site, an ATM, written checks or in-person at a branch.
No, as noted in the article they did not need to be logged into the router since the URLs used didn't require credentials. Yes, it's a horribly huge hole in security. Yes, it was left in undoubtably because "the only way to get to those pages is through the login page so it's secure". Yaright.
Some had the management UI accessible from the Internet, letting botnets probe routers and try common passwords directly (consumer routers have poor intrusion-reporting capabilities so the attempts are likely to go unnoticed).The majority, though, had URLs that can be accessed to change settings without requiring authentication. So the bad guys set up a site that exploits cross-site scripting bugs to cause your browser to access those URLs on the router when visiting the web site. That let them change the DNS servers without needing to crack the password, and the technique works no matter how strong a password you've set. The only way to avoid it's to avoid any router whose firmware's vulnerable. If you've got a vulnerable router that's supported by DD-WRT or OpenWRT, flashing the router with them's an option. The worst case is you brick the router and have to buy a new one, which is what you'd have to do if you didn't re-flash it.
It brews a cup of coffee. Exactly what functionality can they offer that changes that dramatically? The only thing I can think of is the ability to load several kinds of cups and have it programmatically select one. Remotely programming it... kind of pointless if I still have to walk down to get the mug, and if I've got the machine within reach to get the mug why do I need to program it remotely when I can just punch the Brew button? The only functionality I can think of they can add only benefits Keurig, and I'm not buying a brewer just for that.
Warning, Keurig: I'm attached to coffee, not your particular brand of machine.
He's not granting agreement, he's obliged to get her to agree. If she won't, he's obliged not to give her any details that if disclosed would breach his agreement.
Because if you reject a settlement that would've given you what you would've won if you prevailed in court, judges tend to take a very dim view of you wasting their time. And they aren't even very amenable to arguments like "The settlement would've covered my costs, but it doesn't have the plaintiff plainly saying I didn't do what they accused me of. I want that admission. I want my name cleared of the accusations made against me.". You have to show irreparable harm from that lack, and that's hard to do before the harm's actually happened.
You forget #3: The father is a party to the confidentiality agreement, therefore he has a legal duty to insure his daughter agrees to keep it confidential before he lets her know the details.
I do agree that if she found out on her own without her father giving her any details, the school should be out of luck. But even in that case the courts would probably hold that he still had a duty to make the situation clear to her and that once he had she'd be bound to keep information she found confidential.
How about a simpler idea: it's illegal to take your attention off the road and the act of driving. Doesn't matter why, only matters whether you're paying attention to your driving or not. That simplifies enforcement, if the cop sees you looking down inside the car rather than out the windshield at the road he doesn't have to worry about finding the right law for what you were looking at or even figuring out what you were looking at and you can't weasel out of it.
There's a distinction between the currency and the bank or other place you store your currency in. I can trust the currency while not trusting my bank, usually that results in my pulling my money out and putting it somewhere I do trust. That's actually one of the reasons we have the FDIC today in the US: at one point banks proved so untrustworthy that literally 90% of the country was trying to pull their money out to stuff into their mattress. We've been close to that happening again not too long ago. It's no surprise that we're running into the same thing with Bitcoin exchanges. It'll only get solved when, whether by technical or regulatory/legal means, the Bitcoin exchanges have a sufficiently hard time getting out of having to pay account holders their account balance and are required to have sufficient reserves to give confidence in their ability to do so. Right now the only place I'd trust to store Bitcoins is my own computer. Fortunately, that's possible.
As far as the currency goes, right now no I wouldn't trust it to retain it's value. It's spiked too hard and too high. That spike combined with exchange problems says to me it's going to be too volatile to trust until it settles down again.
That would've been my thought, but if you open up the NetBIOS ports through the VPN it still allows access to services that access to is forbidden so they'd have to block those ports over the VPN and we're right back where we started. And I gave up arguing the point with them because I could still get my work done and I had higher-priority things on my to-do list to spend my time on.
Simple: file shares on machines in the data center may not be accessible to users on machines in the office network and vice versa. Personally I consider that a sensible thing, people are going to use weak passwords and vulnerabilities are going to exist (and they're particularly rampant in the Windows services multiplexed over the NetBIOS and related ports) and the best defense is to simply not have those services accessible where access to them isn't needed. If anything, you'll find me arguing that this just highlights the desirability of environments and platforms that have less of an all-or-nothing approach to services and tools so that we don't have the problem in the first place.