Regardless if it's a civil manner or not the police clearly had no intention on even working towards a solution. They didn't attempt to find out if it was a civil or criminal matter, because he refused to listen.
Find him annoying sure, but it was made very clear why they even had to call in a youtuber to be annoying and get attention. Clearly legally they would bury the original owner with legal fees. If you have a solution that doesn't involve fighting big corperations, that very clearly do have connections with morally questionable cops then go ahead because it is made very clear why "just get a fucking lawyer" doesn't work
I'd say the police did have a clear intention to works towards a solution, a solution that helped BAM and his leaders, not honoring the law or helping the victims. They are obviously colluding, part2 video leaves very small room for imagination.
I do agree that Ben has done a good thing exposing to the public the situation.
Excellent, I will try it straight away. I'll pay out 75% if it works (as it fixes my immediate problem), and the remaining 25% if it gets merged. I'll email you after my test.
I think one possible complaint you might get in the review is that when refreshing is fully disabled in the menu, people won't see new networks come up (e.g. when they had just enabled Wifi, or unsuspended).
Maybe a good solution would be to to have one unclickable menu entry pop up labelled e.g. "Networks changed, re-open this menu" to solve that. Probably in nm-applet's main context menu of which the list is a child, instead of in the list itself, so that its appearance doesn't move around the networks on which the user is currently intending to click.
It only stops refreshing if you are hovering the actual SSID list items which in my opinion is the cleanest way to do it, if you want new data you can reclick/rehover the "available networks". The Other option is putting the refresh on a global timer, but that would add magic which isn't clear to the user.
I agree that logic is sound, but it is also not discoverable to the user:
They might open the list (with the cursor resting on one of the items, or use the keyboard to navigate out of comfort or for accessibility reasons), then notice "oh wait, I haven't actually enabled my phone's Wifi hotspot yet", enable that, and wait forever for it to appear.
That's why I'm thinking something should visually (and non-visually) change so the user can notice.
Maybe even cleaner would be to add a tooltip to the currently-hovered entry? That might work for both mouse and non-mouse use cases, and might even work for screenreaders.
Yeah I think this is what OS X does (or used to do), you open the menu and it does its initial refresh, and only after quite some delay of the menu being open, it refreshes again. Easy enough to choose your network in that large amount of time. I may be missing some subtle details of it though, since I haven't used it in a while >_>
When I was still in university I reported a vulnerability and when the company started threatening me with legal action, my professor wrote a strongly worded email and they dropped it. Haven't had it since in 8 years. Feels like many companies understand what we do now, atleast compared to 10 years ago.
This seems depressingly common in universities. I know of a case where someone discovered anyone with a university account (so students, etc.) can edit DNS, and the IT tried to file charges until the head of CS department intervened.
Many years ago when I was at school, I found a paper on a table in the computing library with a list of root passwords for some of the machines at Yale, just sitting there. I tried one and it was valid (this was the old days when remote root logins were a thing). I sent the admins a message telling them, and I was entirely ignored. A month later I tried the password again and it was still good. Luckily for me, I guess, it was before the days of suing people for trying to be helpful.
Archaic company has archaic security. Well done on the RD, but boy does it not surprise me one bit. Would almost be willing to bet that the hash was MD5 too.
`bcrypt` is probably the "standard" in the sense that it has the widest adoption, but since 2015 [1] the "standard" in terms of what you should recommend for new work has been `argon2id` (and you can find parameter recommendations here [2]).
Also argon doesn't care about input length compared to bcrypt which only ever compares the first 72 bytes of a hash.
Okta actually fell victim to this because they concatenated userid + username + password. If userid + password were over 72 bytes then the password would never be checked thus you could login with userid + username.
It seems like this, but it actually not true. What's interesting in F1 is that you have to find the right balance between innovation and consistency.
James Vowles, current Williams TP ordered his team to "break everything" in order to improve and change: https://youtu.be/nYzwvTSffiY?t=3129
What is often forgotten is, that all F1 cars are prototypes, they NEED to constantly change and innovate, and every year it starts from the beginning (almost).
There is a fantastic book called Total Competition, which is a conversation between two ex-team principles, one of them Ross Brawn, probably most successful F1 engineer. In it, Brawn says: "But where I think Formula One is very strong is in the culture. If you wanted to develop a concept and to drive things forward at maximum pace, utilize it in Formula One. The composite companies love Formula One because we are willing to try things. If they’ve got a new resin system or a new type of fibre, they give it to the Formula One teams to explore for them, to look at the applications and come back with the feedback. If they put it in the aerospace industry, five years later they would have an answer. Put it into Formula One and five months later they have got an answer"
Apart from the many many times where a teams R&D department has come up with a radical new idea for a machine part which gives them an advantage, and then all the other teams copy it making it the new standard. This is how F1 has evolved forever, by taking risks and experimenting. Not by reliability and consistency!
Find him annoying sure, but it was made very clear why they even had to call in a youtuber to be annoying and get attention. Clearly legally they would bury the original owner with legal fees. If you have a solution that doesn't involve fighting big corperations, that very clearly do have connections with morally questionable cops then go ahead because it is made very clear why "just get a fucking lawyer" doesn't work
reply