Why make this offer? Just for publicity? Or could it be that many people have trouble upgrading and MS needs to counter the chatter by giving the press something? I've never heard of such an offer before.

Can you not recognize a trial balloon? More common in the UK, where someone less senior (_NOT_ the big cheese) throws out details for an established theme to see reaction. Easily deniable if excessively opposed, easily co-opted if insufficiently opposed. Look for a payoff as an Ambassadorship or Cabinet post.

As for legality, please show me the Feds care. They certainly did not when Senator Joe McCarthy abused subpoena power. Both before and since, the Feds have lawyers who will argue that zero is one.

While entrenched in British Common Law, the very notion of "soverreign immunity" is completely contradictory with the founding principles of the United States. The idea was whatever powers (sovereigns) were subject to limitations.

To now claim "sovereign immunity" is merely a complete about-face, and very likely corrupt.

I'm of two minds: on the one hand, HRC clearly violated Federal Law. Nevermind that the law is stupid (overspecific) and capriciously enforced (how tough is it to write a flagging filter for classification strings [NOFORINT] and non.gov addr?)

On the other, HRC could easily have been disgusted by the electronic tools imposed upon her, and worked around. If State's email servers are anything like the corp.servers I've seen, who could blame her for wanting more reliable and secure? Or do whe have a .gov netadmin who can say their servers are faultless? The geek in me says "BRAVO"!

Otherwise, the notion of secure email without e2e tools like PGP is a delusion. Sure, officials have to turn over offical papers, but afterwards -- they never had to cc'in some central office.

Sure, like everything else from the UNO this will be more honored in the breech than the observance. Don't you think the bureaucrats and diplomats know this? But if they say nothing, then by implication, depriving access becomes legitimate government policy.

What really happens is the depriving internet access becomes more grounds for sanctions and other measures that are desired for other reasons.

Please tell me how to distinguish this "bad Flash" info from Fear, Uncertainty and Doubt (FUD) disinformation from HTML5 advocates? Patching will inevitably be, well, patchy. So the only safe course seems to be elimination.

Have there really been statistically significant exploitation measured? If so, why haven't websites banned it themselves?

Certainly I understand the patrons can do little. The police, especially SWAT ought to be slightly more courageous. At least, they ought not be drunk. Of course assessment needs to be done, but continued fire and wounded victims indicates urgency. I would expect multiple-point breech (rip firedoors off) in about one hour.

While these are certainly the actions of a depraved individual, what do you call the 3 hour delay between first shots (at police) and last shots (by SWAT)? All the while victims were bleeding out (past Golden Hour) and shooting continued.

To me, the delay looks like egregious cowardice, depraved indifference or worse (false flag amplification).

Agreed. Even if the phone is secure (does not flash SMS when locked), the channel is not -- SMS are unencrypted. Even challenge / response is subject to intercept & replay / frontrunning if without a passwd.

z/70 is nouveau :)

Users should be able to choose their own level of security to match their individual situations (consequences). With just one provider-imposed level, the same compromises between security and useability have to be selected and imposed on all users.

For instance, a user could choose to set security very lax (pwd over phone) if they have little to protect and value convenience. Someone with something to worry about might set security very tight (long/rand pwds, resets only in meatspace with two forms of ID).

I was shocked when I saw how much CPU scripts take on many websites. Even an 3 GHz i5 can get 75% loaded. Small wonder the little tablet ARMs get overwhelmed. Also seriously missing is [mini/micro] HDMI output on nearly all.

I'm surprised lawyers aren't all over this. Granting anyone else access to your FaceBook, InstaGram, or worse, SlashDot account login information is against the Terms-of-Service, as is using it in an insecure way (known hazardous friends). FB lawyers actually have a cause-of-action as someone is inducing their customers to break their contracts.

No different from employers, landlords could easily face discrimination lawsuits. But more likely to fear FB who can marshall endless legions of lawyers. I'm somewhat surprised they have not to protect their userbase and reputation.

Thank you for the data. I believe it near-static IPs are also common in the US. But not for workplace computers, hotels or other hotspots. The idea is not to have absolute anonymity -- that can be abused. But tracing logs is work that would only be done for "cause". Harvesting MACs (via router unimplimented Privacy Extentions) is too easy, and would lead to automated commercial dragnets. Rather as the "Do Not Track" request is implemented as "Market with increased subtlety".

Yes, it can be done by those knowledgeable or motivated enough. What percent of users? 1%? Commercially, they can be ignored (sites don't work). For prosecution, they can be focussed upon.