>I wonder what the Internet smells like
819 posts • joined 4 Mar 2013
What kinda porn constitutes the "public emergency"? Regular, legal stuff, which is watched in their opinion by way too many people? But is... legal?
Or did they buy a 10k pooch to hunt for kiddie porn? Which is illegal but a bit like needle in a haystack for a dog-based approach because much less prevalent geographically.
What if they search you, find a big stash of legal porn and the missus files for divorce? Can you sue them?
Should be sued by their taxpayers for egregious waste.
Color me confused.
>I'm sick to death of the government taking my hard earned money and giving it away to lazy fucks
Then, this is you again:
>Has to get government cheese - really!
>ask for help and then claw your way out through hard work
Please decide. Do you think the government should never help? That would kinda meant you not getting any cheese, wouldn't it?
IMHO, even if one takes a fairly dim view of welfare, some things should be considered:
- For better (IMHO), or for worse (in your opinion?), people are not intentionally allowed to starve or die of curable illnesses in advanced countries. So, government is going to pick up the bill some ways down the road. Is it going to intervene at catastrophe time, at great cost, or is it going to do some cheaper prevention?
- Sometimes people just get down on their luck temporarily. Helping them may transform them back into tax payers at some point. That seems to have been your case and consider that not everyone has a family to help them out.
- One should be very careful not to transform the children of one generation of poor people into a another generation of poor. Promoting upward mobility is to the benefit of the general tax payer.
Having said all that, unbridled welfare spending sometimes creates massive problems - witness the banlieues around Paris (I lived there once). Or the projects in the US. So you do have a partial point - Canada's welfare spending is low by French standards, but I would be uncomfortable increasing it to French levels unless we were achieving Nordic, rather than French, social outcomes.
The question is not whether the government should help, but how it can do so without promoting too much dependence. I don't think a basic cellphone subsidy is a bad idea - think of how hard it is to look for a job without a way to be contacted. Subsidized broadband is waaaay more debatable - I am thinking more YouTube watching is going to happen than creative usage.
As many others have stated, this is microscopic peanuts in the US budget. Many other things should be considered first to save money, including pension reform & means testing, trimming down some of the military industrial complex's more egregious white elephants. Cutting subsidies to farmers and gold plated public servant retirement plans would be on my list as well. Not this.
Basically, you don't lose votes by cutting off service to the poor. They don't vote enough and won't lobby your ass out of office either. However, you will lose votes on Medicare reform or anything that upsets the unions. Trying to ditch that pig of a F35 will have lobbyists funding your opponents no matter what.
To paraphrase Bruce Schneier, as a politician, your safest bet is therefore budgetary restraint theater of this sort.
No need to be all cynical and snippy. There have been pretty useful dev-led solutions in things like refugee re-unification and disaster relief. A lot of open source stuff is not primarily about money though it may have self-promotion as an incentive.
If you insist on dismissing all open source as junk, which is your prerogative, that primarily leaves you with one consumer operating system these days that is not open source based in any form ;-) Hint: it is not universally loved by its users.
Not sure how well this app would have worked out in practice, but there was nothing wrong per se with wanting to help. Something similar was attempted with Steve Fossett, IIRC.
What was wrong was a) the team misrepresenting (rather pointlessly) the current state of the app, instead of stating it was a prototype. And b) whatever the team's error of judgment, all sorts of journalists in prestigious publications not doing their job correctly.
Yes, yes, we know about journalistic deadlines, but...
Didn't anyone check it out before singing its praises? Are we getting to be that gullible and lemming-like? No one a fan of Hans Christian Andersen anymore?
interestingly, I have a similar issue on my printer, a Brother with wifi capability. Configuring the wifi access password requires you to plug in a USB cable and then run their config utility which is ... Java based. Once the wifi login info is entered, you can delete the whole thing.
I avoid Java whenever possible and Java on Mac does not uninstall at all. And it actually also chokes on just turning off the Java applet capability, insisting that you need to be an admin to do it on other users' accounts. Never mind that I am the admin, using sudo. Instead of installing Java, I was thinking of launching the java configuration from a Ubuntu vm but there is no Brother config app for Linux.
However, I saw a Linux-oriented posting where someone saw that the printer actually runs an http server and you can you just enter the wifi info using a browser (if you are connected by wired at the time), bypassing the need for their config app. It's complicated, but it works. Need to try it on my printer.
Lesson learned? - sometimes what the config client talks to is still http/html-based, under the covers.
"A critical vulnerability exists: Adobe Flash Player
for Windows, Macintosh, Linux, and Chrome OS."
His articles were certainly among those who set this site apart, in a very good way and set the tone for clever levity and tech acumen.
My thoughts and condolences to the many people close to him.
True, but still less of a mess than going from case-sensitive to insensitive, I would guess ;-)
Slightly offtopic, but anyone have a clue what the upcoming more anal Gatekeeper settings mean in terms of Homebrew/Macport? We can still get our lovely OSS goodies, right?
Isn't there a plugin available - for at least some email systems - that would require a manual confirmation if a CC list is bigger than an arbitrary threshold, say 100?
To err is human, and it is rather silly that it is so easy to get caught out by this type of error.
I rather dislike using corp-speak if it can be avoided.
But in this case... synergy???
Even allowing that Linkedin is fairly dominant in its niche, what benefit do either parties derive from being together? What does LI do for MS and vice versa? They seem orthogonal in concerns unless MS wants to build a "community" for itself. Kiss of Death, as mentioned, still seems to apply - LI is goona be "less cool" and 26B is a biggish chunk to faff on a very questionable buy.
Bet LinkedIn shareholders are :) $$$ :)
Nad is a hard guy to pin down. You think him smart: Win 10 giveaway, Linux mssql, BSD, net core.
Then he signs off on sheer stoopids that are way more visible: Win 10 install nagware & telemetry. And now this?
Ah, my bad. Last I was looking at it, fairly casually, I saw mostly Ubuntus, AMIs and even some Windows stuff. Missed the BSDs :(
I stand corrected, but still think BSDs have a massive visibility gap in cloud & vm stuff. Vagrant/Chef seems to be mostly about Ubuntu for example. You are right in that it exists, but if you don't know to look for it, it is easy to miss. Azure usage is bound to improve that.
Take any combination of Googling <tech> ubuntu vs <tech> freebsd. Where tech in chef/vagrant/aws. You'll see 2x-3x the hits, easy, on the ubuntu searches. I assume it would be even worse on a specific Stackoverflow search.
Anyway, learned something, thx.
Poor lil mascot. Hope he's got some really warm clothes handy ; - )
Nice to see BSDs get some cloud love because they seem very suited to that type of use. Hopefully AWS will follow.
>I'd use a much more colorful adjective than "careless"
You are preaching to the converted. However, you misunderstood what I was saying.
Far as I understand, TC can be set up to allow remote connections over the internet. Those connections do not a) require TC to be manually started on the user's computer and b) do not require confirmation by the user that she accepts a connection.
Ease of use.
But, given that folks have repeatedly shown that they love 1234 as passwords, then, by default at least, another layer of protection on the user's computer should have been the need for manual user intervention to allow the TV connection to take place, at the time of the session being initialized. I think this is precisely what another poster mentioned wrt this hack - TV can be set up quite securely, it's just not its default mode.
(when I installed something similar on my work machine, the first thing I did was to set it up as launch-on-demand, not as a background service)
I assume (hope) TV had other safeguards in addition to a password, but were they 120% guaranteed never to fail? Apparently not.
Basically, don't trust your users to have good password habits - you know some won't. And you know that they will reuse their passwords. That's just the way it is. Run an attack tree scenario with more than 100 users and see if you don't get a fail on some of them.
Now, of course, that may come across as unfair to us poor IT folks. But what is now the risk to TV, the company, business because they assumed users would know better? This is not a Sony PSN account that they were protecting and trust
is was TV's main business asset.
It's not quite like password reuse and massive website credential breaches are a new phenomenon.
If even our Overlord the Zuck uses a really dumb password, repeatedly, then a software vendor that operates in as sensitive a context as TV should have taken a long, hard, look at what could go wrong on the user end and plan accordingly.
Blaming the users isn't good PR and in this case user failure of this type should have been anticipated and planned for. Even at the cost of less easy to use processes - a hostile remote logon is just too nasty to risk allowing on anything but the most extreme and unlikely user security mistakes (like telling someone your login credentials outright and then confirming you accept their connection).
IMHO they pretty much deserve their Ashley Madison moment. And hopefully other vendors will learn from it.
>unless you are a white man.
Surreal moment in Paris, years ago...
Two young men - one black, one Arab - arguing, not in a friendly way. Arab guy goes for the kill with a supreme putdown:
"Wanker! My grandfather would have owned your grandfather."
Not to say that many of us whites ain't racists. But the general consensus, even among whites, is getting more and more that being white and racist is a bit of a douchebag move. That's a very good thing but it'd be nice if that attitude trickled down to other ethnic groups as well.
Over the years I have come to realize that simple clean code is way harder to write than what looks like more complex code.
"I would have written a shorter letter, but I did not have the time." - Blaise Pascal.
>unless you actively protect it you will lose it
That's specific to trademark law.
Much more eloquent than me, but exactly what I was trying to express.
Doesn't matter where you are on the BSD/GPL/proprietary continuum, strict API copyrights have a lot of potential to create a mess and little economic upsides.
Must be why patents have expiry dates. And even copyrights have those as well, though Disney has lobbied mightily to extend those ad infinitum. Why US drug companies are under pressure when carrying out minor reformulations of their meds to re-set the patent clocks to zero.
IP protection does have try to strike a balance between remunerating innovation and not granting undue monopolies, even to deserving creators. One could argue that the 17 years of current US patents is inappropriate to the speed of modern innovation, but one can hardly argue that the laws were always intended to be creators-only.
BTW, APIs have little to do with stolen DVDs and CDs - which I no way condone - so please use better straw men ;-)
I disagree (without admittedly knowing much about the legal aspects) with the author, both about his opinion and about the Gottardammerung nature of allowing Google to get away with it. But I respect his posting an article detailing his opposition, fully knowing that supporting Oracle is not a popular position, even against cuddly cuttlefish Google.
These are some criteria to look at for fair use (easily found on the Net now):
Factor 1: The Purpose and Character of the Use
- Google is out to make $, not a charity or education.
Factor 4: The Effect of the Use on the Potential Market for or Value of the Work
- Google made a lot of $$$. Oracle may or may not have lost $$ - J2ME was hardly on the way to world domination beforehand and Sun was squarely to blame for that.
So, far, good for Oracle.
Factor 2: The Nature of the Copyrighted Work
- here's where we agree to disagree. An API is not like other bits of code and has a specific intent and nature. Making API copyright rigidly enforceable is likely to lead into even more legal shenanigans and limit competition. That's a naive, dev-only, viewpoint, but we don't see the level of weird IP infringement in too many industries, compared to ours. Think rounded corners, one-click purchases, etc...
I would hate to have APIs confirmed as an always-valid basis to sue. BTW, what was the original reason for Linux Samba, if not not to respond/appear somewhat like the imitated Windows networking services? Would that have been an API infringement?
Last, take note that Sun, and later Oracle, always were the first to preach that their darling language was an open standard.
Factor 3: The Amount or Substantiality of the Portion Used
We also disagree here. Oracle originally complained that Google had copied some implementation code. IIRC the quantity of copied code was rather trivial. Fine, let Google pay $$ (anywhere up to 100M$ or so) to atone for the code they copied.
Substantiality and amount is not high in the case of API (as opposed to implementation) copying.
IP protection was always intended to balance rewarding creators vs promoting the good for society as a whole. When ABS/airbags and all sorts of other innovations come out in cars, we don't expect them to be fought over as stupidly as our own industry has the habit of doing. When I look at a ferry unloading cars simultaneously from 2 decks, using 2 bridges, one for each deck, I don't think the shipbuilder got 17 years of exclusivity from that idea before competitors applied an "obvious solution" to an existing problem. Or that boy racer car rear fins were frequent ground for lawsuits, a la "rounded corners".
Also, it is easy to claim that Google only had to get a Java license, but it conveniently forgets that J2ME was the only Java implementation allowed on mobile devices at the time.
So, sorry if I am not as clever about the legalese as Andrew, but I have an instinctive distrust of the repercussions of making APIs strictly copyrightable a priori. Or, if you prefer, finding them generally not to be ground for a fair use defense.
In another industry, with saner IP behavior, I would leave wiser heads to decide. As it is, no sorry, I don't buy this.
Well, I'll keep an open mind, for now. Innocent until proven guilty and all that.
But if she was involved with, directed, or condoned, fraud in a medical testing (not just billing/stocklisting) context, then I would hope that she risks a lot of jail time. Rather than just having her professional prospects tarnished. And that's even if it was just to keep her company afloat pending resolution of technical glitches.
The Heist is a passable action movie, with Scarlett Johansson channeling Black Widow and Entrapment's buttock sequence very fetchingly.
Unfortunately, the movie is none too credible otherwise. Would multiple millionaires have their security systems connected to the internet? And it also beggars belief that TeamLock, the vendor of that alarm system would design a system hackable by default. And then go on public record stating it wasn't their fault even as multiple clients get burglarized.
Meanwhile - back in 2016 - if you have to use TeamViewer or the like, is it not a standard feature with that type of software to specifically have to activate/enable every time it before someone can remote in? Like, talk to your correspondent over the phone, activate it and then he/she can get in? After which you deactivate it again. As opposed to installing it with an always on setting? Would seem like a no-brainer, both on the feature existing and on making use of it.
Hopefully this will set a precedent about APIs and their standing wrt to IP considerations.
Having APIs copyrighted is both ignoring what the very notion of APIs are intended for and a disastrous invitation for all sorts of sueballs by companies frivolously protecting their products from better implementations or solutions. We have enough ridiculous and unproductive patenting going on in our profession without adding API copyrighting to the mix in the name of IP protection.
To be fair to the original judge's ruling for Oracle against Google, there was a precedent from about 20 years ago. See http://www.groklaw.net/articlebasic.php?story=20120531173633275
Sanity prevails. Not that I am a huge fan of either Google or Oracle - I'd have backed whoever was fighting against API copyrights.
p.s. screw East Texas. Just because.
>shed some preconceived notions
Not to mention that on Windows, it seems you have to shed preconceived notions of how to configure it from version to version.
As an example, why did they ever change the control panel's "Add/Remove Programs" to " Programs and Features"? Or whatever the heck they renamed it. Or the Charms-only approach to Win 8.x wifi configuration that is such a change from XP/7.
I am sure Linux grumblers will point out that various distributions change their configuration apps a fair bit. But a power user can usually fall back to command line configuration or at least use the command line to report system status. And, well, for better or worse, people who configure Linux are expected to be more flexible.
OSX's System Preferences are also quite stable from release to release - that's something MS could learn from because the majority of its user base is the equivalent of Windows consumer-side users.
Worth the effort? Depends on your needs, skills and expectations. But I will say that a Linux box, once configured, tends to be a lot easier to keep updated than Windows. Applications are generally transparently and centrally updated. You don't get a zillion startup programs all independently querying their respective vendors to see if a patch is available. Nor do you get the maybe/maybe not Windows patch reboot sing and dance. The home directory is not a confusing mix of user data + application stuff - you can copy it from machine to machine and be assured that things will work.
The OS is a lot better, I think it mostly depends on whether you have the programs you want to use on Linux. And a VM can help there as well.
Agree with you, but it doesn't make that much sense.
MS is a company with deep coffers and a serious likeability and hipness deficiency. It has a fair bit of strengths (at least to some people, if not our enlightened commentards).
Death-marching everyone to Win 10 achieves what, exactly? They still need to support Win 7 and 8.x until those 2 have reached end of support. Sure, there are some operating gains from supporting say 90% of users on Win10 and 10% on 7/8. As opposed to say 50/50. Your support staff can be on new technologies rather than legacy cruft. Easier troubleshooting? (we know telemetry isn't used to listen to what customers prefer).
But is it that much of a gain? At the cost of getting reviled day in, day out by a majority of IT influencers (argh, wish I could think of a better word here). And getting panned in general news coverage? Heck in 2 months, they can sell you what they're giving away for free now 8-/...
It's not like Win Phone is going anywhere that it still justifies the clever Win 8.x screw-desktop-users-to-promote-touch strategy. That horse has bolted.
What exactly is the point here? Is there so much value in the telemetry? I understand Google's hunger for your data - they've built a successful business on it. But MS isn't as ad-focused. And Win 10 usage telemetry is hardly going to be very useful to sell you toothpaste or cars, is it?
Why so much perseverance at what seems to be a self-defeating exercise that is steadily driving down public perception? What is the rational reason for it? Or is it just misplaced hubris and stubbornness?
WTF is for MS, not the OP's post.
“You have zero privacy anyway. Get over it."
- Scott McNealy
SVG is a markup spec, not a protocol. Canvas is an API to render graphics in a browser. Not sure what the protocol is doing here.
Compared to Flash bug counts to date, I'd say neither is doing too too badly.
I am all for finer grained controls about what runs in your browser. If you don't need/want SVG then it should be easy to turn it off. But don't think no one wants/has a valid reason for interactive web apps on the basis that you don't. Besides, it wouldn't be possible to turn the clock back to our "glorious 90s websites". Bit like comparing raw update speed of a VT100 data entry terminal system to a GUI-ified one. It's just not what 90% of users want.
I really like the idea of figuring out what is actually being used. Hopefully with an eye to deprecating some of the stuff that isn't.
However, when you flag Canvas and SVG as no-gooders, that leaves open what the suggested replacement is. I have little nostalgia for mid-90s websites and even less for sites using Flash. For better or worse, browser-based approaches have become a primary delivery mechanism for software services. Not least because much of our software now expects to have connectivity and would not operate well in pure standalone mode.
Leaving aside considerations about the cloud being a good or bad thing, if you need a network aware app that also provides rich interactivity, that leaves you with a few options. Locally-installed software, apps a la iOS/Android. Or a browser-based app with JS and SVG/Canvas support.
Personally, for all its weaknesses, I find browser-delivered apps with a suitably hardened browser and a sparse NoScript JS whitelist rather less dangerous than installing a lot of programs or apps locally. I actually trust open source repositories for Linux/OSX utilities/programming tools a fair bit, but not much else. Not app stores. And certainly not stuff floating around on the web waiting to be downloaded and installed.
The less stuff I install locally, the happier I am.
i.e. OK to jettison the unused cruft, but suggest rather than just criticize for the more useful bits. Doesn't make this study wrong per se, but it's only part of the picture. And website bloat/slowness is an coding issue, mostly not the fault of the tools themselves (Flash excepted).
p.s. maybe the SVG spec itself requires winnowing. I recall MS self-serving justification for not having SVG support in IE (prior to IE9) being that the spec was bloated with stuff like file uploading facilities, best left to HTML. Maybe they were correct in that instance.
Wow, that is incredibly underhanded, even by the standards of the Win 10 sneakware. Whoever authorized that should be terminated.
Quoting PC World:
"""Normally, closing the dialog box by clicking the red box in the upper righthand corner automatically opted out. Over the weekend, clicking that red box started opting users in to the upgrade
I wonder when MS is going to wake to the fact that, following the Win 8 debacle, they need to be perceived as nice. Spyware telemetry, for all the supposed intent to better known one's users, is not helping.
And this is just too far off the charts to be acceptable. It's not an obscure, for-geeks-only, discourse about sneaking in Win 10 via security patches. Everyone has certain expectations about dialog boxes and will not take kindly to being fooled.
How about as an Amazon fake reviewer?
>Actually the only online comments you can trust are nihilistic commentards.
Nope. They are just working for the competitors instead.
Up until recently, I'd gone with Dassault's blurb that a beautiful plane makes for a good plane.
Aesthetic abominations like the F117 have destroyed that faith however. In real life that thing looks like a low-budget prop for a bad scifi movie. Mind you, it did get retired rather quickly so maybe there is some truth left to this saying.
Might I also recommend the Museum of Flight and/or the factory tour @ Boeing when in Seattle?
(no great stress if one gets the wrong exit either)
I would argue that if you are doing a technical code review in a technical capacity then you ought to familiarize yourself with pointer/reference semantics for the language at hand.
But I also think that you are 110% right about readability. For such a core feature, I find it encouraging that they are willing to flag it as something they want to do, yet will defer until they have the feature and syntax better figured out. Easier to add stuff to a language than to take it out and harder yet to correct bad syntactic choices later on.
It's a feature in Python. You don't have to use it and in fact few seem to.
Personally, while I find it convenient sometimes to return multiple values into a tuple, I agree that it is a code smell. So I usually create an object instance on the fly, assign my values onto it as attributes and then return a single value.
There is a fine line between a language/framework pragmatically promoting clean and robust code on one hand. And uselessly nannying assumed-to-be-competent programmers on the other. A crappy coder will find a way to be crappy in almost any language.
I would argue that work on making pointers/references more robust falls squarely on the side of generally useful language engineering.
While a certain language which requires declaring exception throws on each and every function's signature comes to mind for an example of the second outcome.
Multiple return values? Meh, probably not a very necessary complication in most cases, but easy enough to avoid.
>so big and spread out
While I agree with your sentiment, this is another convenient Canadian big-business myth.
90% of Canadians live within 50 miles of the US border, mostly in big conurbations. Edmonton is another 2-3%. That's a probably fairly high concentration, at least compared to the US. I have no problem subsidizing (to an extent) rural services, but that should be done on the basis of open, competitive, contracts to provide services to remote areas.
Not on buddy deals to shaft 90% while investing as little as you can on the remaining 10%.
The term you are looking for is crony capitalism.
A free market isn't about highly paid CEOs. In an ideal free market system, the government has a generally hands off, but also adversarial when required, relationship with big businesses. That means that large incumbent businesses do not get to dictate market terms and stifle new competitors. And they certainly should not be allowed to use government power to frustrate either their customers or their competitors. That allows new entrants to provide new services, sometimes at the detriment of existing providers.
Totally on board with this excellent article that the CRTC is a poster child for regulatory capture!
One of the few areas where the CRTC can be aggressive is enforcing French language and Canadian content regulations. Something which I care very little about. But it can still be leveraged to incumbents' advantage, such as when the cable companies want Netflix regulated to produce more Canadian and French content. Conveniently driving up its costs.
Strangely enough, crony capitalism does rather well in nominally "socialist" countries. Having lived in France and Canada, they both have governments that are quite open to friendly regulations for big businesses.
When the US regulated "do not call" and forbade the printing of full credit card numbers on receipts, Canadian businesses managed to get extensive transition periods for our equivalent regulations, which are often more biz-friendly. The French also have a term for this, creating and protecting "national champions". That also plays well with the electorate - pretend to protect the national economy and independence - shaft the customers.
Never mind that the national champions often lag in innovation, service and costs. And that the general economy, domestic competitors and customers are often the first to suffer. France Telecom and Air Canada are typical rent seekers on top of regulators. Ditto when foreign ownership rules were used to keep a 4th mobile operator from creating a network in Canada. Thanks, CRTC.
The US, for all its governmental and regulatory dysfunction, does not have as much of a publicly trusted narrative of supporting big business. The lobbying, deals and back scratching happen and they happen a lot. But they are generally viewed as a bad deal by the public. Sometimes you see amazingly adversarial government activities - such as the break up of Ma Bell and the attempt at doing the same to Microsoft. There is also something to be said for this happening in courts, using open challenges, rather than just through backroom deals.
Point is: the interests of customers, citizens and competitors do not always line up with the interests of big incumbents. A suitably regulated free market is one where the government is able to step in and shake up businesses when they overplay their market domination. Not one where government power is used to further the interests of incumbents because its regulators have close relationships with industry.
So, lemme say that again: you are a twat! x3!
p.s. the picture is not universally bleak: I am moving from a $42 CAD /mo 20-30 mpbs to a $49 1gbps all-fibre ISP shortly. But that's because big cities can have competing networks. Something the CRTC probably had very little hand in.
p.p.s. one thing I disagree with Trevor on - the CRTC is already universally loathed here and rightly so. That just hasn't translated into a real shake up though.
>rectify the problem over the internet, rather than ensuring it's not happening to begin with
It seems Apple has been secretly drinking the Kool-Aid from El Reg's fail-fast, fail-often, DevOps articles.
And I used to think those 2 didn't get along.
+1 and agree with you, except...
>MS might change this technology in the future
Well, yes and this has been a problem with MS in the recent past. Lots of their tech gets spouted off as the next big thing and then they lose interest/switch to another thing. Silverlight being one of many examples.
For the rest, I'd be somewhat inclined to go along with you and give them the benefit of the doubt. But they have a tendency to clean-slate their tech at a rate most open source companies/projects would find totally incompatible with keeping credibility. Angular 2.x vs 1.x compatibility (nasty) is one thing, but MS is more like 3 doesn't work on 2 which doesn't work on 1. Across multiple product lines.
So, yes, if you are inclined to do so, keep an open mind about them, but let's not forget that their recent abandonware attitude is a real risk for those making long term bets. Hopefully they will wake up to that and be more careful about commitments, but in the meantime I'd be cautious.
>I wouldn't trust Russia Today at all.
+1 and agreed. Still, I'd recommend reading Chomsky's Manufacturing Consent at some point, if you need a bigger dose of cynicism.
Chomsky is not my favorite person, for many reasons. Not least that Manufacturing Consent happily let the USSR off the hook for far worse abuses.
But he did hit the nail on the head when he was comparing Western press coverage of the various 1980's death squad activities in Central America with the same press reporting on a slain priest in Poland, same period. One can agree with the need to resist Communism while regretting the lack of exposure that allowed egregious human right abuses to happen for far too long in Central America.
People prefer to hear coverage that confirms their biases and prejudices, so having a fully informative press is not as simple as "just" having a free and competitive press. That's just the most necessary ingredient.
On balance though? Yes, give me our imperfect press, politicians and economic systems any day over the modern cesspit of propaganda, lies, fear-mongering and corruption that seems to be growing each and every year since Putin took over. When's the last time a major opposition politician has been killed in any Western country? Would you expect your government to suffer for it if it did? Or would you expect the supine domestic press whitewash that followed Nemtsov's murder? Anna Politkovskaya's? Litvinenko's? The closest British equivalent that comes to mind is David Kelly's death and that's a stretch to compare. What would happen if one or two of those happened every year? Would you really expect your PM to remain in power?
Dissatisfaction with our own governments should not be a reason to pretend Putin is anything but what he is: a deeply amoral strongman who is setting Russia back by decades in terms of global and domestic behavior. And a population brainwashed into thinking he's the solution because there is no equivalent to our own, imperfect but critical, press.
-1 for left-wing idiot (center-right myself, not a lefty). No need for political insults, is there? Was there anything political in the article?
2nd, you mistakenly conflate your expertise (which I accept at face value) in issues involving high-profile, high-value targets, such as DoD and banks with its applicability in this case.
The situation is very different. In one case, the organization presumably has high value, sensitive information. And, one would hope, actual restorable backups somewhere. Along with a staff and consultants to deal with the damage. The perps are doing this on a low volume basis, so they may as well extract as much from one victim as they can, no reputation to manage.
On the other side is Joe Shmoe, homeowner. No significant value data, outside of confidential info whose confidentiality is fried either way, whether you pay up or not. No staff. Possibly no backup. Data which is many case is just going to be photo/video in nature.
The perps' best interest could be to "appear honest" and actually restore the data, since they cast a wide net and hit many victims.
i.e. you are in the right in your sphere of work. But it does not automatically transfer to the modern ransomware phenomena which seems to scale best with automation, many victims and minimal subsequent manual exploitation by the initial perps (though I wouldn't be surprised at selling off the data to other crims for future exploitation). Time will tell.
This article is food for thought. I don't agree with it entirely and I think planning and backups are the better plan. But I agree even less with your glib over-generalizations and dismissive disdain of those who don't have your expertise.
if no one paid, there would be no ransomware
if you pay you (may) get your data back
>turn off 80% of HTML5 and break 99% of websites
Your mileage. Not mine. If you don't want to use it, that is entirely your choice. But your claims are somewhat overblown.
Yes, it kills some sites, but not that many. Most sites work fine in degraded mode without their JS.
It's not that difficult to grant a temporary "all js for this page". And maintaining the whitelist is not that hard either. The only thing that's really hard is some/all of the advanced settings stuff. I usually don't bother by that point and just Chrome it. FB, which I rarely use, only works with Chrome at this point.
As a bonus, google analytics and its kin never quite made it onto my whitelist.
i.e. you don't like NoScript and I respect that. It's not for you. However, don't give everyone the idea that it won't work for them either. IMHO, it's a significant contributor to web-facing security for those who can be bothered to use it.
To be fair, 1+1 = 2
i.e. if you have a browser with a vuln quotient of x and then you add the y from Flash, you have x+y exposure instead of plain x. Note that in this equation, Flash's y is neither 0 nor negative. I would argue it is pretty high for its functionality compared to the Swiss Army knife of a modern browser.
Additionally, you can run NoScript quite effectively to harden your browser to random JS. And it's not like white-listing automatically makes NoScript happy - it's often that it whines, justifiably or not, for a white-listed site's JS doing something it thinks fishy.
In fact, as someone else mentioned a few days back, I tend to run FF w NoScript and fall back to Chrome when I can't be arsed to figure out what is irking NoScript on a site that I actually use.
Flash content is opaque in that regard and I would rather concentrate on just dealing with JS vulns, thank you very much.
Thank you, Chrome, anything that gets laggards like the BBC and CBC off Flash is most welcome. I haven't used Flash for years and I mostly don't miss it anywhere except for the 2 above. And that certainly includes YouTube which works fine without it.
p.s. one exception - Joel Spolsky's otherwise excellent FogBugz service has a estimates-vs-actual time feature that I would love to use, but is based on Flash for its reporting (hello, D3, please).
You know, it'd be nice if you didn't think all devs were idiots. I respect smart sysadmins and I find I learn a lot from them. And, though I have occasionaly seen incompetent ones, I would find it foolish to generalize against the profession.
We kinda depend on each other, so no need for the nastyness.
Me think there is a world of benefits from this type of idea. If you are gluing systems together, whether via Docker, VMs or package installers, that means you have atomic units of code that are versioned and IDed in repos. If versions subsequently are shown to have bugs, then, yes it'd be nice to use computer brainpower to flag it. And I don't think it's that big of a hassle to bump up versions for a good cause (rather than maniacally chasing latest across the board for no clear reason).
I don't want to be anal about it, but isn't this precisely the kinda site where you'd want to CYA? Security-wise.
>you were serious!
... or smart.
I use Pinboard. Very similar to old-timer Delicious. Normally I prefer to be off-cloud in most things, but bookmarks are an exception.
Very fast and reliable. A better vehicle than Evernote for small text annotations. One drawback is _adding_ bookmarks from tablet/phone. Been toying w idea of mass dumping exports from Chrome mobile (topin folder, easy to add to) via a Python script.
Not free, but I joined early enough that it was an $11 lifetime membership.
Noscript on FF and "open" Chrome FTW.