In that case I prefer a security measure that doesn't require torture to overcome.

The fingerprint sensor uses space that can be used much better for other purposes.

Absolutely true. If your company has its own VPN server and allows you get on their network through VPN, that means you can get on their network through _their_ VPN server. This attack makes your computer try to get to your company's network without using the company's VPN server, and that will just not work.

So what will happen that you and your hundred colleagues working from home can't get on the company network and call IT to figure out what's wrong, and hopefully they can find out what happens and fix it. In this situation, it is a DoS attack, without security implications (except for anything where denial of service is a problem).

That's what you call "defense in depth". https and VPN are completely independent. If you wanted to use https over VPN, you get https without VPN instead and the hacker still has a huge problem. If you wanted to use http over VPN, you get http without VPN, and everything is in the clear.

You could even send encrypted data (data that you encrypted yourself) over http through VPN, so you get encrypted data, sent in the clear. The hacker still needs to decrypt your data.

If there is other encryption that cannot be broken by the hacker, then VPN just protects your identity. With VPN, a hacker only knows that someone using a certain VPN server used wikipedia. Without VPN, they know that _you_ used Wikipedia. For Wikipedia, nobody cares. A website giving advice about sexually transmitted diseases, you don't want a hacker to know that you visited it.

As an example, traffic to "office printer" which is the printer in my office shouldn't go through VPN. It should stay within my local network all the time.

Now if the guys at Wikipedia don't watch out, someone with access to the wikipedia network could tell my computer and every other computer "www.wikipedia.org is on your local network", just like "office printer". So traffic to this site goes directly and not through the VPN. If I'm sitting at Starbucks with a totally unsecured network, doesn't matter. What my VPN server does doesn't matter because I never connect to it.

I'm not connecting to the public wifi. I only use it to deliver the message. This attack seems to disable VPN by breaking into the site that I'm connecting to. Not the public wifi near to me, but the final receiver.

Forgot: But then if they are capable of disabling use of VPN for everybody connecting to www.sensitivecompany.com, then surely they can break in completely and get my messages when VPN on that site decrypts my message.

So if I use VPN to connect to www.amazon.com, the software on my computer will find out whether www.amazon.com is on my own network and should be contacted without VPN. Of course it isn't. So someone would have to get in front of www.amazon.com's servers, then when my computer asks "hey amazon, are you there", it replies "no, I'm on your local network", and there is no VPN.

So that allows an attacker to watch my traffic with www.amazon.com if they manage to get into amazon's server. Or my traffic with www.unprotectedcompany.com if they manage to break into the servers of www.unprotectedcompany.com. But if I understand this right, if I am in a hotel with awful IT security, there is nothing that they can do at that hotel, only on the end of the place I'm connecting to.

Of course if people connect to www.sensitivecompany.com, that would be a problem if they are not secure.

Are you sure you want to open the door to suing people contributing to open projects?

They are not contributing. They are vandalising. They are causing damage to a project that we all can benefit from without paying. It's not contributing, just like taking money out of a collection for starving children is not contributing.

The behaviour of this site when you use non-ASCII UTF-8 is an utter disgrace and utterly shameful.

There is an actress named Rachel True with a considerable entry on Wikipedia, who has similar problems with all kinds of software that doesn't like "true" in an SQL command.

Seems to may paranoid fear of SQL injections. I haven't been able to find out how this name could cause any problems unless you have totally broken code that wants a boolean value, gets a string, accepts it and turns it into a boolean.

Just because it doesn't cost money, doesn't mean it's free. OpenStreetMap has tons of value from contributors, but also massive amounts of data from several governments who think it is higher priority to give their taxpayers maps then to make a bit of money.

So they should try to catch these people and sue them for damages. At a rate of $100 per hour for fixing the damage they caused. Once the first Pokemon player gets a 5,000 dollar or euro fine, that kind of vandalism will stop.

That really isn't their concern, because they're not marketing to the automotive sector, where weight is an issue.

I think if weight were the primary concern with vehicles they woudn't still almost exclusively favor the heaviest optopn available (lead acid) and would be going with something more like lithium.

Lead acid isn't chosen for its weight - it's chosen for its cost, energy density, resilience to vibration, and cranking amps.

Check out FoxyTab... it solves the first two you mentioned:
https://addons.mozilla.org/en-...

I'd say its absolutely useless for that job. SO you have something you don't know how to do, and don't know how to evaluate, and you have a program that sometimes kind of can do things, but its trained on random data with no actual understanding of what it's doing, and you're trusting it to work? I'll take the result of a google search over that any day of the week. At least then I'll get several options and can compare them to see what feels right. About the only people who could use this are so technically clueless that they can't od the job anyway, and trusting the AI is rolling the dice with a random answer that may or may not work. Or have massive security holes. Or even remotely solve the problem. At current level it's at best a mediocre replacement for a google search, and it won't be much better in our lifetimes.