Since Ubuntu is covered by the GPL then removal of links to source and by extension compiled images for comparison is a violation of Ubuntu's GPL, thus Copyright infringement, thus The Ubuntu foundation needs to be sending a DMCA copyright infringement notice to Paramount to take down anything they have or use that could mistake their own rights of other protected under GPL.

Plus since the source domain of the request for reinstatement is suspect thet should be ignored until the owner physically presents himself for prolonged identity analysis, which must fail!

So the article did exist, but the claim it made was not substantiated by evidence. This leaves us with two alternatives:-

a) The article is false OR
b) Reality is at fault.

Now don't completely exclude b), because your experience of reality is only available to you via what information you can collect. If the information is incomplete then your view of reality will be at fault.

That said, pretty well everything said by all sides on this 'political' debate is a pile of fetid dingo's kidneys.

Specifically for Canada this may well be impossible, reason being is that much of the Canadian population lives within 100Km of the US border and much of the fat pipes that take data between Canadian cities go via carriers in the US.

BTW we talking US here as being the key aggressor of sovereign cybercrime.

To be perfectly clear, this attack IS just an update on normal authentication session phishing, where the attacker gets the target to authenticate a copy of the login form while the attacker is the custodian of the associated session cookie. If the user is inattentive it will work with all normal authentication methods and sadly also SQRL et-al when used in remote authentication (QR-Code) mode**. Thus most of these authentication methods exclude it from their designs as being out of scope.

That said, SQRL was not designed to address this currently intractable issue (people are lazy observers), it was designed to address the other big problem (people are bad at picking passwords). It does this by only sharing public information (site specific public key) with the server which it proves with zero knowledge that it has secret information (site specific private key) by signing a random challenge from the server. Which just happens to also have a 1:1 hidden relationship to the login page session cookie.

**Remote mode
This is when you use the QR-Code and client on a device separate from the device the browser is running on. In SQRL it is more common and more secure to have your client running on the same device such that instead of scanning the code you click/tap it and launch the associated sqrl:// scheme link. In that case hard same IP protections are enforced which would then refuse to complete an authentication unless the attacker is also present on the same WAN IP as the victim (a very much less likely scenario).

In closing, all these early zero knowledge and token authentication schemes will be updated soon after release to include methods and means to thwart this normally intractable attack mode but that will have to wait for parts of the client to be migrated into the browser agent codebase, where they can either respond more precisely to errors forced upon the attacker or be able to bypass the attacker altogether (see SQRL-V2 CPS mode).

Seems like we all need something evidentially tempting randomly added by us to our data that is way too good not to follow up, which is in actuality a honey trap.

For example, buried in your email is a URL associated with something like "Don't tell the cops but this is where/how you get the good stuff". If LEO follow this up by browsing to this URL, it captures all the info it can about the visitor and sends it to you or a trusted third party. Which suggests to them that interception is occurring.

I may be later to this post but I seem to remember, backed up by this page clipping from Apple (https://support.apple.com/en-us/HT204587)
"To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation:
After restarting your device
When more than 48 hours have elapsed from the last time you unlocked your device
To enter the Touch ID & Passcode setting"
Therefore, this is not this whole case moot, since 48 hours has most certainly expired since the phone was taken as evidence, thus the fingerprint is not a valid unlock and the legally protected passcode is back in play.

In consideration of:-

1/ the fact that due to massively expensive texting costs that Brazilian carriers place on customers ~96% of them use Whatsapp.

2/ Whatsapp just happens to offer full e2e strong encryption.

3/ Criminals want to save money also.

So criminals use whatsapp to communicate, thus thwarting legal interception.

I would suggest to the Judge that the root problem is not Whatsapp but the government supported telecoms carriers who forced this situation to exist.

Also, seriously Judges. Someone needs to go down there and teach them the meaning of impossible.

Although " You don't have to pay extra to sign up for the Google Play Family Library "

It turns out that if you try and do this now you WILL be stung for the full Family Plan $15/m, so best wait intil the real launch is announced.

Passwords are a passing fad they've only been around for about 45 years and it is my hope they will be a dead method within the next 5.

For now, I use a long random passwords with at least 44 bits of entropy (not telling you the character set or length, that leaks too much information). But as I said, the password must die because it is fatally flawed, it relies on having the service store a secret for comparison. Something that can be captured in transit or stolen on the server and brute force reversed from its hash (if used), then used repeatedly until revoked by an out of band repudiation method.

If the very near future only a per site unique zero knowledge proof of sufficient strength to preclude brute forcing will suffice, thus only public information is present on a server and by the nature of a zero knowledge proof against a unique challenge there is nothing useful to steal.

This is a well known optical issue, where a point source or illumination outside the field of view (sun) scatters light off the diaphragm edges inside the lens (almost square when fully stopped down). The light then passes back out the lens to reflect a second time of the front elements inside surface. This results in multiple images of the point source appearing at a point in the frame that are out of focus and appear to drift and merge.

Bet you anything you like, if the camera had been even slightly tilted during that clip the "UFO" would have shot across the frame at an integer multiple of the angular tilt.

This effect in a slightly different manner for UFO believers is repeated often when they insist on seeing Diamond UFO's in video footage taken with a camcorder at full zoom with the iris and focus on auto. What they see with their eyes is an unfamiliar point source of light (planet, plane etc), what the camera see's is an out of focus point source vignetted by the iris to a diamond shape with often the light meter filter giving the bottom half a red or green hue.

Because this bill would require any vendor, writer or provider of encrypted communications to have a way to decrypt it would also require any form of TLS connection to not have perfect forward secrecy. This would mean having like in the earlier DOD era, having a separate crypto' suites for US use that exclude the option.

I mention this because it is not going to happen, the cat is out of the bag and it would require rewriting the core of every TLS implementation everywhere.

Should we also mock Bruce for saying:-
"The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good."

I would say the latter is still suspect, what with Bad-USB firmware and other stuff, just because someone you trust gives you something, the trust does not extend to the something.

Almost the first requirement and already they excluded potentially 90% of us.

"You must have a U.S. taxpayer identification number and a social security number or an employee identification number and the ability to complete required verification forms."

Coming from the UK we had this same issue more than a century ago between the 4' 8.5" (Stevenson 'what was in the colliery, seemed like a good idea') Standard Gage and the GWR 7 foot (Brunel 'Scientifically researched with the help of Charles Babbage') gage.

In the end, even though accident statistics (no GWR train ever rolled over), fuel efficiency per passenger per mile and other criteria decreed the 7 foot gage superior, the government ruled that since there was more Stevenson gage track in existence that the Brunel gage would be phased out and replaced with the new Standard gage.

I have to say that if they had gone the other way the world would be a far better place, because the wider gage would have allowed much higher speeds at an earlier epoch while affording much grater loads without the need of technology to avoid the risks of rollover. Saying that, the Bart system was an ambitious but eventually fruitless move.