It's not inconceivable to suggest that the people claiming that the CSAM hadn't been removed knew it was still there not only because they'd never actually sent the request for removal, but because they themselves put up the original site and requested the CSAM be indexed in the first place.
It's amusing how the article says it's "potentially" in violations of US hacking laws.
That practice is _definitely_ a violation of the Computer Fraud and Abuse Act. No employer's IT is going to have it not be a violation for a user to share their password with someone else, which even in the weakest boilerplate immediately revokes their rights to the account. At that point _any_ use of those credentials is very much a violation of the CFAA.
IT's policy is more for unauthorized credential sharing to a third party that is not legally acting as a designated data transfer agent. what argyle is doing is legal and fine.
Oh, one of my absolute favorite things is setting ServerTokens ProductOnly, so that scrubs will freak right out when they see their canned vuln scanner get bug-eyed and basically scream that the server might be vulnerable to every possible exploit ever written.
Oh that app did a huge thing just by showing how far the administration is willing to go with its delusional fascist nonsense. The app was _barely_ functional and available on a minority of the smart phones, and yet there the White House was, making hyperbolic claims on a regular basis about the massive "dangers" it posed. They even went so far as to go after the guy's wife since they didn't have any legal means to oppose him.
Things which take minimal effort but produce a massive response are what Trump's fire hose of duplicitous social media posts are all about. It's perfectly fine work to leverage that same asymmetry in response.
Yes, and the fact they responded so strongly shows the app IS definitely effective, and not mere "theater" as the author wants to claim (it may not be as effective as it could be, it might be many things, but it is definitely well above "...sound and fury, signifying nothing").
The "disclosure" was a big waste of time. It was vague and ill-informed, nothing that came after seems to give the impression that they actually knew what they were talking about.
The only serious vulnerability that might have applied would have required the man to be using Apache as a reverse proxy to another server, which is just _extremely unlikely_ considering where it was hosted and what it was being used to do.
Truth. A stripped down configuration of that running nothing but personally-written code on the backend would pretty much render those issues moot (as in "completely mitigated").
Considering how lacking in detail the reports were, I'd probably have just dismissed this man's claims as "AI slop". That he was relying on nmap to tell him the version of something that is easily discovered using openssl s_client (because those HTTP response headers are perfectly human-readable) is kind of telling in and of itself.
They're getting that rate because of the reduced cost to support their connection to the grid per kWh. It's essentially the cost of the "packaging". If this is resulting in a loss of revenue for the utility, the blame for that falls on the utility for not properly measuring costs.
These larger power-generation systems tend to be more efficient than smaller power-generation systems, not less, which should result in a cost decrease, not an increase.
Tennessee (for example) has fairly cheap electricity because the TVA uses a lot of hydroelectric, and since we have a ridiculous amount of rain and violent thunderstorms each year, every decade or two they build another hydroelectric dam and create a new lake, which generates more hydroelectric power (and a moderate increase in tourism/recreation). We don't have buried power lines (excepting in a very few places) but we've got a ton of redundant power substations and multiple transmission paths (because storms). The TVA and Corps of Engineers are kinda hardcore here otherwise the valley would flood about a quarter of the year and be sitting around in the dark for another quarter of the year.
Maintenance of the power transmission lines is paid for by the electrical customer as a part of paying for the electricity itself. This actually scales just fine. If your local electrical utility is not doing it this way, someone needs to explain to them how proper accounting works.
Calling a "hidden cost" is just a convenient way to say "We're making this up because we feel like it's right and we don't intend to show any proof."
Until there's a substantial number of driverless cars on the roads, LPR systems will always equate to tracking people. You might as well argue that exposing geospatial data about cell phone movements is fine because cell phones aren't people.
These systems, when abused, amount to warrantless monitoring of civilians over long periods of time. A judge can not and will not order someone's movements to be tracked over the last six months. They can facilitate someone's movements going forward to be monitored for a specific period of time.
...and these systems are always abused. To the degree that if you've put an RFP out there for a LPR system that disposes of the scan data after 30 days, suddenly no one wants to submit a proposal.
Abuse is pretty much the default state unless there are hard guardrails against it. That knucklehead in Millersville was pretty obviously using FINCEN data to go looking up the life details of people his political party didn't like, probably because the only safeguard was that someone had to enter a relevant case number to show that the search was legal. Lo and behold a regular audit being performed by the TBI resulted in a near immediate lockout of Millersville from their system and a warranted search of said knucklehead's residence because of "irregularities". It's not hard to figure out what was going on there.
It took months to get the LPR system in Mt. Juliet, TN to actually start disposing of the scanned data, and we've already seen reports of LPR systems being abused by ICE/CBP to search for people all over the nation. What's currently holding up Nashville getting such a system? I'm pretty sure it's the data destruction policy, because the state-level government is being run by people who think such Orwellian surveillance is just dandy.
> What's currently holding up Nashville getting such a system? I'm pretty sure it's the data destruction policy, because the state-level government is being run by people who think such Orwellian surveillance is just dandy.
Nashville has tons of Flock cameras now. I was just there over the weekend and noticed at least four on the interstates.
