Articles like this are why The Register is a joke amongst professionals in the field. This is a company using the media to create a PR stunt to drive business, and they are content to be complicit. ALL packages that you don't audit are to be untrusted - it doesn't matter _where_ they come from. Developers in the US and UK can easily be pressed to make code injections under existing national security laws. It doesn't matter _where_ code comes from, it matters if you're stupid enough to run it without auditing it yourself. The argument of Hunterlabs to claim that it matters where your code comes from is jingoistic and incredibly offensive - no one should ever work with these people.

They "discovered" a fact which was public on github for 5 years. If they were actually interested in cybersecurity they'd be sounding the alarm about the lack of trust of packages in general (obviously projects with tens of maintainers have never had security issues from within.......). This is a PR stunt by a firm that has little expertise and a lot of political pull (management of Mark Esper, among others). All they're doing is using the media to gin up business that they're obviously very bad at.

I fail to see your point here. The question here isn't whether you are a smart user of VPNs and browsers in general, it's whether your VPN provider is likely to undo your efforts. The "promise" here is that they won't make your situation worse, not that they are magical.

Many (but not all, for sure) of these requirements are for age, not full ID, and age can be verified without eliminating anonymity under some of the legal schemes.

Unless you give me a user contract that lets me sue you for failing to deliver the promised privacy, it's still useless.

The motherboard in question for this setup already has an AST2600 BMC that is capable of reporting real time power consumption for the machine (which makes sense - I can't imagine anyone producing a board of this class without an integrated BMC of some sort). The use of a "smart plug" is completely superfluous, consumes more energy, and requires more effort than using the linux kernel IPMI driver that is already there...

I particularly like the part where the author decides that one post on reddit will send them down the road of spending $400 on a rube-goldberg-like negative scanning adventure (not counting the cost of the DSLR and mount that they already owned), to get at most 4000x6000 pixels (the max single-shot of the a6000), while for the same price you can purchase an almost-certainly-better-quality-and-certainly-less-fiddly negative scanner that would give you 7200dpi (roughly 6800x10000 pixels on a full 135 frame).

Also of course why not write about your lack of understanding while not availing yourself of the hands-on training that is likely available in the major metro you live in (and skipping the step of black and white first to get experience with the pieces before you jump headlong into a more complex and expensive process while still being unfamiliar with the tools).

If you're actually paying attention and using these terms in specs and design, they're already called AuthN and AuthZ. If you don't know enough to know the existing industry terms, changing the terms isn't going to change the fact that you don't understand the difference between them, no matter what names you give them.

This fails in the face of *every factor* of the fair use test:

1) The use is not transformative - it does not create (nor even claim to create) new expression or meaning. In fact the entire point is to distill the *old* meaning.
2) The nature of the original work is published fiction, which slightly favors the original creator
3) A substantial part of the original work was taken, and the entire purpose of that taking was to get to the "heart" of the work, which would not be fair use even if the amount used was much smaller
4) The use creates a substitution effect in the market

While that is the US test for fair use the reality is that both Japan and the US are WIPO members and while there might be some play in the joints of the nuance of interpretation, the doctrine is largely consistent across parties.

The law doesn't ban algorithms that filter and organize content, it bans ones that *prioritize* and then *target* that content at minors. It may be a fairly blunt hammer, but it doesn't seem like a bad place to start, and it certainly doesn't do any of the drastic things that have been suggested like eliminating filtering of truly harmful content, etc, as that doesn't involve per-user targeting. It's not a ban on algorithms writ large, it's a ban on algorithms have a specific objective.

Not being liable in a civil suit is a far cry from being "cleared" of anything. It just means you won your lawsuit.

If (any) government thought these acts were crimes, they would be charging crimes. Those are the only things you get "cleared" of, and I wouldn't be surprised if criminal charges were brought in the future.

Someone would have to propose an actual system, preserving the (notional) guarantees of the current system (at least anonymity and without property or tax qualifications), for us to be able to comment on why we hadn't actually implemented such a system.

Estonia still uses paper ballots, a lot of people still use them - we could certainly (as some localities have done) implement a similar partial e-voting system, but that wouldn't answer the premise behind the question. Also of course at a bare minimum you'd have to establish what problems such a system would solve that actually exist in the current system (and not just imagined problems that don't actually exist).

It's not hard to imagine a PKI system disenfranchising more voters than we do now, but again, without an actual proposal it's all just speculation.

> A better metaphor might be a bank

Minus the two *most critical parts* of banking - there is *insurance*, and there is *liability*. You will never convince me that you are interested in maintaining your locks and 12" thick steel doors if you have no liability in the case of failure.

A proper risk assessment of federated SSO makes it a completely untenable solution as a practical matter given the current regulatory and legal environment.

Since when did papers on Arxiv get a claim of peer review? I mean, ok, I guess I read it. So sure.

Taskwarrior is fantastic. You can access the data from all of your devices, and although it will require some effort the upside is you have full control over all of your data, as well as a significant level of control over how tasks are prioritized, tagged, annotated, etc.

The server is a bit of a pain to set up, but it's worth it.