"Say it ain't so" /sarcasm

THIS.

It is a very straightforward approach to approach to 'personal' computing; either be your own OS and hardware Administrator by virtue of 'h4ving sk!llz' or you need to make the acquaintance of and/or hire one.

Either way, if your in-house geek is 'for real' about system security and privacy the conversation should at least include an option for QubesOS. (If your geek hasn't deployed it / hasn't heard of it, it might be because serious security geeks treat it like 'the first rule about fight club' - it might meansyou need a better geek.)

I've been the resident geek for most of my close associates for decades. Back in 2013 one of my brothers actually asked me not really in jest; "Where do i get my own foil hat, I always thought you were a bit over-sensitive to the whole network information security, but now I am too."

By now, even my centenarian grandfather uses a similar setup, including disposableVM's, domain specific vm instances, and windows in a network isolated use case for specific tasks. Yep, hes one of my first supported transitions after doing his own migration from Window$ to Ubuntu10.04 back when he was only in his 90's and some virus had messed up his Dell, "for the last time."

When helping someone move from being the product to owning their own systems a common question is "Why can't it still just be the way it was?" One line I use with pretty good results, is "It is not logically or realistically possible to be both better and the same."

Bytheway, Grandpa's 104, still walks the little dog for a couple miles every morning around dawn, and gets about better than most 70 year olds.

Actually, a skilled operator would have restored the logs to a state including all activity not-related to the incursion; left no traces within the compromised systems and the only (perhaps) discoverable traces would have been differences in total volume of network packet traffic as defined via the falsified logs and external network hardware/actual packet volume.

So, maybe this is a somewhat adept intrusion, but certainly not best skilled and only nation state type action. Plan B for that kind of hack; instead of false log trail; simply dd if=/dev/urand of=/target-system-root

So, for disclosure, i use PaleMoon, Waterfox, FF-ESR, FFQ, for various browsing activities. Yes, i have chromium, chrome, opera and even several IE browsers (in virtual boxxen) for testing purposes; hell i even have the arcane wonder songbird fork nightingale (i think it is still the best music library for most use cases - except for the slimp3/squeezebox scenario)... But i digress. I see quite a bit of trouble brewing in and around the browser; and while I'm not bothered by the task of using various browsers (and even various profile configurations within each of those browsers) i see how users just want to concentrate on a single browser to address all of their needs. If FFQ is the best performing OSS browser and yet certain XUL add-ons are essential for a users needs i see a simple method to resolve the conflict and it would appear that time is available at least until Aug 28 to address these problems. Continue to use FF-ESR for the tasks requiring those unported XUL extensions and while doing that: approach the XUL programmer regarding the cost/schedule for porting to FFQ; evaluate whether your needs justify supporting the porting process in some way, or if the original XUL is unportable for reasons beyond your influence, then assess the cost of creating a new add-on from scratch. For add-ons requiring functionality not provided by FFQ, ie "video downloadhelper" development may need to include an additional external program installation via .deb .rpm or package flavor du'jour. Include that task in the development plan. If the inconvenience caused by loss of an unported add-on does not justify your involvement as sole support for continued development; consider becoming involved in a crowdsourced funding pool or other distributed mechanism to provide support. In any case where those mechanisms won't justify your level of support then i would argue it is not a NEED. Free software is Free as in "Free Speech" not as in "Free Beer" : we should each reward the efforts of the people who make our lives better, this is an essential action of anyone who lives with integrity. Now, if it does justify your support but you would rather complain instead, well, please FFS Quitcherbitchin!

PREFACE: IANAL and IANATaxAccountant

In at least one state sales taxes are titled 'transaction priviledge tax' and the venue for taxation begins at the location of the origin of the transaction. Thus taxes arising from a transaction originating in another state are not locally collectable.

Currently the revenues from such online or mail order sales are reported in gross transactions and then listed as tax exempt with notation for the state of origin (or the shipping destination as it may be)... If the requirement is added to mandate that one state collect the tax revenue for other states and municipalities then the easiest solution for the small business vendor is to require customers to enter into a non-retail sale agreement and provide thier business FEIN or state tax ID... the reporting burden still remains to account for the non-taxed gross receipts, but the collection burden is back in the lap of the purchasers state and rests with the purchaser instead of the seller.

FWIW, thats my humble opinion.

~ shimo