And be sure to double-check that the next update doesn't revert those settings on you...

I don't know if any implementations are stupid enough to implement this(at least without some very careful sanitizing); but(in addition to ramming in javascript and the ability to embed basically anything at all, thanks for nothing 'rich media annotations'), they even added: Launch Actions!

"12.6.4.5 Launch Actions
A launch action launches an application or opens or prints a document. Table 203 shows the action dictionary
entries specific to this type of action.
The optional Win, Mac, and Unix entries allow the action dictionary to include platform-specific parameters for
launching the designated application. If no such entry is present for the given platform, the F entry shall be
used instead. Table 203 shows the platform-specific launch parameters for the Windows platform. Parameters
for the Mac OS and UNIX platforms are not yet defined at the time of publication."

Your Standards Compliant Solution for executing arbitrary binaries with arbitrary parameters. No need for messy, version-sensitive, exploit code! Combine with javacript and web-interaction support to build documents that search the target's hard drive for interesting things upon being opened... Or(miracle of miracles!) build a PDF that runs the adobe update utility when you open it, you're sure to find something new every time!

Out of curiosity, were you dealing with enough fancy-forms-and-interactive-nonsense type PDFs that the 'just brutally rasterize it and let them eat .jpeg!' option wasn't an option, or were the attackers good enough that you didn't have a PDF renderer you could trust for the rasterizing duties?

That isn't really 'sanitizing', though: It's certainly good that you practice safe text on your computer; but if you are the mailserver guy, and may or may not have as much control as you'd like over the users and their filthy, weatherbug-encrusted, systems, you want to modify the file such that it no longer contains a potential payload, not merely use a reader that doesn't execute payloads.

Didn't that strategy experience 100% Great Success with the Latin American water systems?

Problem: The infrastructure build-out needed to produce cheap coal-fired electricity is never going to be justified by poor people as customers,and we can't afford it as a social or populist program.

Solution: As with so many things, the marginal value of going from 'nothing' to 'something' is a whole hell of a lot higher than the marginal value of going from 'something' to 'lots of something', so we can gain many of the benefits at a fraction of the cost by choosing a system that costs a lot per kilowatt-hour; but comparatively little in capital costs, and fuck-all in ongoing maintenance.

I realize that all the best insights fit on bumper stickers; but it is occasionally possible that ideas occupying several whole sentences are actually just elitist plots against honest common sense, rather than elitist communist plots against honest common sense and economic logic.

It's pretty mind blowing.

Commie. My skepticism about the invisible hand totally fucking vanished when I learned that I could spend other people's money to pay it to give me invisible handjobs.

Clearly, you are just a envy-driven agent of class warfare and collectivism.

California probably isn't the state to play that particular card in: their prison standards are so... exemplary... that they've been judged a violation of 8th-amendment prohibitions on cruel and unusual punishment. The not-notoriously-soft-on-crime feds have had them under oversight for a bit over 15 years trying to get the reckless negligence and massive overcrowding down to constitutionally-viable levels...

(Plus, of course, incarcerating somebody makes them your responsibility to a degree that you'd be accused of extreme nanny-stating for adopting with respect to free citizens. How popular would having the feds herd the locals out to protect them from the fungal menace be?)

It takes serious hutzpah, or a very dry sense of humor, for America's go-to guy on fun projects like 'Operation Condor' to describe academic politics as 'bitter...

Pretty much nothing in the publically available information on this guy suggests that he was anything close to a 'decent person'...

He didn't go to jail because somebody gives a damn about the class president, he went to jail because he compromized hundreds of access credentials and used them to gain unauthorized access to systems(and, unless the school's IT office is fairly conservative, the odds are increasingly good that you can hardly touch their system without crossing state lines).

His pitiful attempts at hiding probably didn't endear him to anybody, either.

Architecturally, anything that scans QR codes(or accepts any other sort of input that isn't trivially human-verifiable beforehand, mag-stripes, NFC, 2d barcodes, whatever).

In terms of UI/UX constraints, I assume that 'glass' is atypically vulnerable because it has severely limited space(in terms of both screen resolution and user input options) for showing the user the details of what, exactly, a given QR code is going to do and asking them whether they want to do it, which creates an incentive to just do it automatically.

Any computer can be made to do dumb things based on valid-but-malicious input automatically; but some computers are more equal than others when it comes to being able to inform the user(though user density creates a fundamental upper limit here).

Given that, at present, 'via the legal process' seems to consist of a variety of procedures that make getting a search warrant rubber-stamped by a handpicked sycophant look positively robust, I'm not sure how reassured I'd be even by 100% ironclad evidence that all data were divulged in accordance with 'legal process'.

Even aside from the high-volume shenanigans on the NSA side, whose legal justifications themselves are rather secretive, the good old 'National Security Letter' is a 'legal' process that essentially boils down to 'Somebody at a three letter agency asserts that the information demanded is in some way related to an investigation with national security implications. Pinkie Swear!'. No judicial involvement, no need to present any evidence for that assertion, a downright farcically bad record on recordkeeping(the FBI won't even tell congress how often they use the things), and a gag order that makes the operation essentially silent.

Sure, maybe Microsoft are better people if they are always complying under penalty of law, rather than as enthusiastic little quislings voluntarily cozying up to the spooks; but from the perspective of a potential customer, rather than an observing ethicist, what difference does it make?

Your measures are... outmoded.

Sure, cookies make things markedly easier(since data persistence is what they do, in a sort of feeble, hacky way); but there are so many more bits of information available if you want to fingerprint a user. Even better, the ones that squirm the hardest against the easy methods tend to end up with the most unusual configurations.

The astronaut is quoted as saying that it didn't taste like water from the drinking water supply. Could be that, once steeped in helmet-gunk and hair, it tastes different, could be from a coolant loop.