As much fun as it is to use Mylan as a punching bag these days, there's a final point in the Ars article that leads me to think this is hardly in the bag for the Feds.

The question of whether Mylan had misclassified EpiPens came up during a recent Congressional hearing of the House Oversight and Government Reform Committee. Mylan CEO Heather Bresch, defending the company's prices at the hearing, stood by the classification. She noted that EpiPen was classified as a generic before Mylan bought the drug in 2007.

And if that's true - that Medicare was already applying the âoenon-innovator multiple sourceâ rebate schedule to the EpiPen back in 2007 - then that makes this case a lot murkier. The Feds would then have to make a case as to why the drug can and should be reclassified at the higher âoesingle sourceâ tier. It's clear that in practice the EpiPen is a single source device, but the conflict at the heart of this is one of bureaucracy and not medical practices; the Feds would need to justify both the higher rate now, and why they're not culpable for approving the lower rate in the first place.

Given how long that this is going on, I suspect that this isn't an easy case to prove, otherwise the Feds would have done it already. Instead it's probably being brought back up now to either apply additional pressure to Mylan, or to strike while the political iron is hot.

My thoughts have been that these marketplace sellers think they are on EBay and need to get a positive on each and every sale

Forget the marketplace sellers. Even friggin Amazon itself thinks they're eBay. Worse, they want to be eBay!

The problem is that Amazon has separate feedback mechanisms for the product and the seller. And in the case of the former, they commingle all the product reviews together regardless of the seller. No matter if you buy a roll of tape from Amazon, Bob's Warehouse (fulfilled by Amazon), or Alice's Emporium (self fulfilled), the product review will be listed for all. So Amazon isn't wrong about negative seller feedback in a product review being unhelpful. The problem is that seller feedback isn't very obvious to buyers.

I wish I had a playlist from the audiophiles on Slashdot. I've heard what music is bad, I really want to know what is good.

I've started looking at Root and Intermediate CAs country of origin, and found that a lot of the big name guys don't actually reside within the US, and the Intermediate one might be in a different country. Really whenever inspecting a certificate within a browser, it might be a good idea for the interfaces to put pictures of little flags next to each one as to better identify their source.

So this is basically saying that we can no longer depend on the OS to protect us against privilege escalation attacks. The bad guys will have to concentrate on breaking out of VMs or, at least in this case, attacking through the access that the Edge VM has to system resources.

No modern OS is immune to privilege escalation attacks. Even a formally verified OS would probably still be susceptible to them due to unexpected interactions. Never mind hardware based attacks such as race conditions and rowhammer. If someone is dedicated enough, and has enough resources, sooner or later they'd find a chink in the armor.

Instead you try to do the best you can, and then you layer on defense in depth on top of that. If someone is going to break in, then you can at least slow them down and force them to fight another kind of complexity.

It's a shame the Cisco blog is linked second, because it's a great (yet short) read.

Since the end of last month one of my very low volume email accounts has been on the receiving end of a new spam campaign trying to give me malware. The emails I've received exactly match the emails in Cisco's graph So it's neat to see what's behind it - in this case the Necurs botnet running at full tilt.

Considering this account was receiving virtually zero spam before, it's definitely a major uptick in spam.

Interesting. Do you know how long ago that study was done? I"m curious if smaller manufacturing geometries have made newer processors more vulnerable.

To make it even harder to stop.

GNU's Not Unix!

What TFS doesn't do a good job of explaining is that with Swift 3, Apple has essentially forked the project into two parts. Besides the newer version 3, Apple is also continuing to develop/support Swift 2.x. The already-released Swift 2.3 is Swift 3's counterpart for developers who would like to stick with Swift 2.x code.

Swift 2.3 is a minor update from Swift 2.2.1. The primary difference between Swift 2.2.1 and Swift 2.3 is that it is intended to be paired with Apple's macOS 10.12, iOS 10, watchOS 3, and tvOS 10 SDKs. It also updates the underlying LLVM and Clang versions to match with those in the Swift 3 compiler.

I don't imagine Apple will support Swift 2.x forever. But for the time being, Swift 3 is only as source-breaking as you want it to be. Developers who need Swift 2 compatibility can roll on with 2.3.

Emacs users have more time for commenting on slashdot.
What else are they going to do while waiting for Emacs to load?

Meanwhile vi users have to post multiple times to make up for their small user base. Otherwise no one would remember that poor vi exists.

One of Snowden's complaints (and the chief reason, according to him, that he has not returned to the US to stand trial) is that he has been charged on two counts under the Espionage Act, which prevents him from defending himself in open court. Presumably you, too, would prefer that he was allowed to make a public interest defense?

My preference is to follow the letter of the law. If that includes charges under the Espionage Act, then so be it.

A pardon is the executive - the leader of the people - granting you leniency for what you did. However to be excused for your actions, one should first admit to them.

As someone who is displeased with how Snowden went about this, I'm not opposed to the idea of a pardon. However I don't believe a carte blanche pardon is appropriate, or sets good precedence.

What I'd like to see is Snowden return to the US of his own volition to stand trial. And then, once the trial is complete, a pardon can be issued if necessary. Even if what Snowden did was ultimately a good thing, I believe there still needs to be repercussions for it - that he needs to take responsibility for his actions. A trial to firmly establish the facts of the case and whether he did anything against the law, even if it can only end in not-guilty or a presidential pardon, is something I think would be a reasonable compromise.

It's radio. Anybody in the vicinity can listen in all they like. Back in the bad old days this was Industry Canada's position, that cellphones were not private and there was nothing anybody could do about it.

Unlike AMPS, the communications are digital. So what. If you are sufficiently determined you can decode the data you have captured.

...laura