Age is just a number..
Age is just a number..
My eyes aren't great and my fingers are fat, can we please have text readable at approximately the same apparent size and links that have reasonable bounding boxes across all devices?
... all without generating false positives and removing the posts or accounts of anyone besides the actual terrorist ISIS.
Where in the world did you get the requirement that there have to be exactly zero false positives?
Surely false positives are bad and should be avoided. But I venture that most people would find it an acceptable tradeoff if one in a million legitimate tweets gets rejected by filter. Systems don't have to be perfect to be usable. Heck, I bet that random network errors and other gremlins cause just as many failures anyway.
Seriously, does this bozo think that there is any security benefit if an attacker doesn't know your internal domain names? What in the world does that buy?
PS. Editors: reconnaissance != recognizance. Holy hell what a train wreck.
Quite the contrary. The closer adversaries are in their capabilities, the more likely they are to fight. This was the case in Europe for a few hundred years before WWI. Heck, from 1803 to 1871 (a lifetime!) there less than 10 years of peace.
Meanwhile every year now we are racking up a longer unprecedent period of peace -- one that has silently saved millions of lives without us noticing. And that's including both the idiotic ventures of the US into Vietnam and Iraq II (and some more-worthy interventions such as the Balkans, Iraq I) and the upswing of violent terrorism and the ensuing low-level conflict. These are bad, but they are nowhere near the horrors that were routine prior to the Long Peace.
So yeah, I think there's a lot of American bravado (and cost) in being decades ahead of the rest of the world. And surely it's not all coming from a benevolent heart (JFK's excellent speeches notwithstanding). But the empiricist in me is strongly leaning towards the idea that it's far superior to the kind of multi-lateral system that existed prior.
OTOH, given the inability to guarantee the erasure of all data on any drive, unencrypted data should never hit the drives at all, and the key should of course also never be stored on the same media (unencrypted).
You are absolutely correct though -- you should never rely on making data inaccessible via erasure instead of via encryption.
Incidentally, the ST8000DM002s that we are talking about here support for OPAL which makes it trivial to "throw away the key" by sending the drive a reset-DEK command.
I get that they think the CFAA is overbroad and this is a prosecutorial pile-on. And maybe it is.
At the same time (and to be fair), this may have a negative impact on privacy.
Consider a scenario where an individual (say, a police dispatcher) has authorization to use a computer system (say, court records, warrants, DMV records) for legitimate purpose (in dispatching the police). Now she goes and uses her access to that computer beyond the bounds of that authorization: to help a friend that is a PI, to stalk her ex, to get juicy leads so she can paparazzo some douchy D-list actor when he gets out of his DUI.
Once you think about it this way -- how many people need access to systems with personal information to do their jobs but for which it's not feasible to have technical solutions -- you wonder how to create a workable legal solution that doesn't need to be re-done for every possible use-case. CFAA may be a poorly drafted attempt, but the goal of criminalizing exceeding your authorization (if not your access) to a computer system makes sense and, I would argue, is privacy protecting.
But that's point! If it compiles into bog-standard JS then there's no actual "support" to be added anywhere.
Both TS and DART compile into JS that is compatible with the big 4 browser JS engines.
Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.
You could actually read about EMV, the specification is public. It's fairly clear you haven't.
Hopefully DART will get off the ground soon.
If I make a widget, and I know I can get people to pay $400 for it, I don't go "Well, it costs me 100 to make, so 150+tax = 180 is what I'll charge". I say "It costs 100 to make, people will pay 400, so my profit is 400-(tax+100). That's how I make the most profit. If tax goes up, people will still only pay 400 for it, so my profits may go down. If they go up high enough, it may make sense for me to charge more and sell fewer widgets, but the base price is set by what I know I can sell the item for.
No no no no no no. If it costs you 100 to make a widget then, at most, it costs your competitor 150 to make. In modern hardware a 1.5x comparative cost advantage is absolutely enormous actually -- real advantages are a few percentage points here and there.
So we'll be generous and assume you've got a huge head start on tooling, process -- you've got the whole supply chain set up and the QA working and everything. That buys you maybe 6 months, maybe a year, in which you can charge $400 (or whatever the market will bear) before your competitor undercuts at $200. You enjoy the good times immensely, you're making 400% margin, everything is peachy. But eventually it ends and you have to match the competitor's pricing or move on to the next thing.
Not a bad example. And likewise, if I wanted to send someone to the bank to retrieve or add to the contents of the safety deposit box, that would be my prerogative.
I agree and I don't agree. You have the power delegate authority to add or remove items from the box. That is surely your prerogative. So if you fall ill or move to another country, surely you can delegate your rights over the box itself to Bob.
The part where I don't agree is the idea that your authorization to Bob in any way impacts whether he is allows to use the bank lobby to access the box. Under no feasible reading of the safe-deposit-box-owner-protocol did you ever possess any authority over the bank lobby. As a consequence of not possessing those rights, you cannot delegate them to anyone.
For instance, if Bob was previously a nuisance at the bank lobby (say, he leafleted customers with Hare Krishna materials) and they served him official trespass notice, then he cannot set foot in the bank again. You can delegate to him rights over the box all you want, he still can't use the lobby.
Where the law varies significantly from people's expectations is where conflict arises, and the law is usually wrong or ultimately unenforceable, because society en masse simply ignores the law.
Really? I'm wondering how this could be true. Most people expect cantilever bridges to be stronger than suspension bridges because they intuitively (and incorrectly) believe that materials are stronger under shear than under tension. But surely material science is not something that society has the right to "simply ignore" because it violates their expectations.
If we let social expectations dictate bridge design (or medical practice, or
But does that principle automatically apply here? Does a normal person *consider* their Twitter account their own property or the property of twiiter.
No one is talking about ownership of the account, if that's even a well-formed concept. It doesn't matter either way, because what we are talking about is Twitter's actual physical servers.
Twitter has authorized everyone to connect to their servers to do certain operations (like read all tweets)
Twitter has authorized person A to use their physical servers to do other operations (like write a tweet or a DM). To enforce this authorization, Twitter and A agree an authentication token (password, whatever).
Twitter has not authorized person A to authorize new users to those protected operations on those servers.
They'll say it's 'my account'; they'll complain 'my account was hacked'... everything surrounding it is framed in that sense of ownership.
Indeed. And perhaps we can say that you have some ownership interest in the data present in the account and it's social status. But that ownership interest obviously doesn't extend to any sort of ownership in the server that hosts it.
By comparison, I might own all the items in my safe deposit box at the bank. But clearly I don't own the bank, or even the bank lobby. And yet I cannot access my owned items except by using the bank's property.
The notion that I would be delegating access to twitter's server infrastructure in a way analogous to Bob letting Jill use your pool...? That would NOT be a consideration at all. No normal person thinks of their twitter account in that sense. (even if technically and legally that's what it is.)
Well, OK. Then legally a legal court of law will come to a different legal conclusion than a person with no technical or legal expertise might come to. Also, civil engineer might build a bridge differently than a normal person would. News at 11!
This is not stupid at all. It mirrors the obvious principle that everyone here knows, which is that authorization to use a system does not necessarily confer authorization to authorize additional users. This has been a principle in UNIX since before most of us were born, and it continues to be a principle of every multi-user operating system since. There are distinct privilege levels between user and some form of super-user that has the right to authorize additional users.
Moreover, it's a principle of our daily lives that's so obvious we don't even mention it. I let my neighbor Bob use my pool whenever he wants, but I would be shocked if Jill was using it and just said "Oh yeah, Bob said I could".
There is no reason that the principle of non-delegation (that is to say, without explicit authority granted to delegate) shouldn't apply to the virtual world just as much as it applies everywhere else.
You realize we're talking about the CBP, not the TSA?
"Say yur prayers, yuh flea-pickin' varmint!" -- Yosemite Sam