Hacker News new | past | comments | ask | show | jobs | submit | chives's comments login

>>Because netflix is the biggest and may slowly become the place

The place each person watches is on their personal computers. When a user streams content or "looks" at a webpage, they are downloading it and viewing it on their personal computer. In this context, where is this place of public accommodation?

This case is like suing the sales man on the corner that you buy your newspaper from because he doesn't know sign language.

Of course this is all a rather technical interpretation of the situation, but think about it another way. Should this precedent be set, American businesses could be paying tens of thousands of dollars more than foreign business websites who need not comply with U.S. Law. The best part is closed captioning streaming video is just the tip of the iceberg. Once the ADA patent trolls get moving, we may our see(or what would have been our) tech start-ups incorporate abroad to lesson not only the direct web site costs, but the lawyer fees they will be paying once the ADA trolls think they are richer enough to be extorted.

Ammmerrricca, Fuck Yeah!


My understanding is that the ADA requirements are based on what can be reasonably expected of the company based on its resources. If you're a small company turning a modest profit and you rent a space, you don't need to worry as much about putting in ramps and whatnot as if you're Walmart and you build a building. For the man selling newspapers on the street corner, learning sign language is a big investment. Netflix has the resources to manage this.


Whether or not you download the content for viewing is really an implementation detail, the web is regarded as a place for public publishing.

The patent issue is a separate one, so I think if the government wants people to comply with this then they have some obligation to help protect people from patent trolls.


But Farsi is spoken by millions of people who are not from Iran, many of whom are United States citizens.

So no, it wouldn't make any sense. None.


-Taxes.

-Don't try to do everything yourself at first, if you can out source it for a nominal fee, do it. Focus on your circle of competence.

-Get a written contract. Always. No matter what. Not kidding.


Most people? Who are you referring? Any professional in her situation, male or female, would have spoken up if they had a problem. Period.

Those people may well have stereotyped her, but when she fails to speak up about it and sits there silently giving no indication that something is wrong, what would you expect. This isn't kindergarten. These people don't get paid to read minds. What it sounds like, is at least part of the time these people genuinely thought they were helping her, and she gave no indication yo the contrary.

She is not a professional, pure and simple. If you aren't a professional, then what are you doing at E3? What are you doing in any situation where assertiveness is expected in order to get your job done?


Are you serious? There are many reasons why one mightn't speak out at the time. I'm going to jump to the major conclusion that you're male and have never encountered a situation like this before. If you were female, with all the different social expectations that have been embedded in you since childhood, you might have a different perspective.


Argue for your limitations and sure enough, they're yours.


I do not think she is arguing in favor of her "limitations". You are completely missing her perspective. The way you seem to value assertiveness is a typically male perspective. The female perspective often devalues assertiveness and instead values community and acceptance. Why should she have to assert herself? Maybe the burden should be on the other party to create an accepting environment.


I'll say again as you appear to have missed it the first time:

"Any professional in her situation, male or female, would have spoken up if they had a problem. Period."

There are no exceptions to this rule. This is not male/female issue. If a male had written that article I would say the exact same thing.


This is a very culturally biased view of what "professional" means. You would probably get a different response if you were to go outside America. (this is more an argument against the "no exceptions" part of your point above)


You choose to make an argument around: since you assume I am a man, I therefore do not know and I am wrong.

Learn to form a valid argument before you open your mouth. Your comment is not even deserving of a retort.


I'd like to know how you could have a full female perspective without being female. Let me know when that's possible! I'd love to be able to have a full male perspective about things!


"OK, kids, time to stop squabbling in the sandbox and go home."

I could say the same for our judicial system up until now. Slam them all day if you'd like (referring to the judge), but all the patent troll rulings up to this point has precipitated this state of affairs.


I'm glad someone made the connection; if his landlord is going to Airbnb anyway, why not cut a deal?

If I was his landlord, I would have more than enough leverage with the breech of contract to get him to sign a new similar contract, this one charging maybe 2 times more rent. The landlord gets paid more, which in turn covers his slightly higher (or possible the same) landlords insurance and then some. The landlord lets his tenant do what he's good at (maintain a sterling Airbnb profile and choose good renters) and the landlord takes a larger cut. Worst case scenario, his tenant doesn't take the deal and the landlord proceeds to kick the tenant out for breech of contract (could possibly lead to a court battle, but breech of contract is a pretty cut and dry phenomenon and the contract most likely has breech of contract clauses built into it) and do was he was going to do anyway (rent it out through Airbnb or otherwise).

As it stands the landlord will be throwing money at lawyers (possibly covered by landlords insurance, but could effect the premiums later), which may not turn out favorably for the landlord in court, to ultimately do something that is outside his area of expertise (act as an Airbnb hotel himself).

That's what I think at least.


From a wired article: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/al...

"Before yottabytes of data from the deep web and elsewhere can begin piling up inside the servers of the NSA’s new center, they must be collected. To better accomplish that, the agency has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed—how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email. In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program."

Its a recent article outlining what's ahead (and presently implemented) for the NSA. Given what is already known, the U.S. Govt already has access to your e-mail, and they have the capabilities to decrypt it should your e-mail become high priority.

I'm sorry, but the sky is falling.


NSA ability to sniff traffic at major telecom exchanges is real. NSA ability to break $cipher or $hash based on the hearsay journalism involving an interview of (ex-)NSA employees (who would certainly be barred from talking about any real non-public attacks) is not real [1]. It's possible the NSA is setting up real systems that will brute force or factor or find collisions for known borderline algorithms/keysizes. Maybe they have a collection of old DES-encrypted traffic and they are building enough computing resources to do large-scale cracking of DES keys.

The idea that they can create collisions for hashes or crack ciphers believed to be relatively secure in the near to mid future is paranoid speculation.

However, if you're going to be paranoid, direct your attention to RSA and DH (plain, not ECDH). In Suite B, which the NSA recommends for use by government, RSA and DH are absent. If the NSA knows of a weakness in anything currently believed to be secure (I think that's unlikely), I would bet that it's RSA and DH, because the NSA no longer recommends them. I think RSA and DH are superseded by ECDSA/ECDH simply because of speed at comparable key strengths, not because the NSA knows something the public doesn't. As an aside, it indicates that the NSA has a fair amount of confidence in ECDSA/ECDH.

I do not think the NSA is stupid enough to play chicken with the public crypto community by recommending encrypting classified information with ciphers NSA knows to be weak. The public could discover those weaknesses tomorrow. The most sensitive information inside the U.S. government and military is presumably protected by the NSA's Suite A algorithms, but other important information is not, notably military communications between U.S. allies, for which Suite B is recommended.

[1] https://www.schneier.com/blog/archives/2012/03/can_the_nsa_b...


I heard a story somewhere that public key cryptography was known to the NSA long before the 70s. Maybe they are 30 years ahead in cryptographic number theory? Maybe prime factorization isn't actually hard? Maybe...


What was essentially RSA was known to Britain's GCHQ (Government Communications Headquarters) in 1973. Is this what you were thinking of? Rivest, Shamir and Adleman rediscovered it in 1977.


Well, if Wired says so, I guess I'll stop encrypting my email.


Nor will I.

But it's worth acknowledging such programs exist and don't appear to be going away.

Beyond the AT&T incident (and following legal ruling dismissing, retroactively, carriers from wrongdoing in wiretapping).... there's also the 'TrailBlazer Project'[1] with public accounts from William Binney (NSA , 'Director of World Geopolitical and Military Analysis Reporting Group')and Thomas Drake [2] (NSA) regarding the overreach of such projects....that it's kinda hard to exclude data and so forth.

Jacob Applebaum (Tor, etc) recently dragged William Binney around NYC to gather publicity [3] - but few outlets paid much attention.

[1] - http://en.wikipedia.org/wiki/Trailblazer_Project

[2] - http://en.wikipedia.org/wiki/Thomas_Andrews_Drake

[3] - http://www.youtube.com/watch?v=zq3fgwV7doY


Try reading critically. To process 1 yottabyte of data assuming you have 128 bit registers you would need 100,000,000 petaflops.(See http://www.wolframalpha.com/input/?i=%2810%5E24+bytes+%2F+12...) Therefore, there must be a great deal of preprocessing using classifiers to basically eliminate a great deal of useless information. Just because you store it doesn't mean you will listen to it.


The purpose of the NSA strategy is not to decrypt all collected data. Its to store all data collected and decrypt priority data.


I would amend this statement (from the article):

"The simple answer is: Those who want a job, don’t have the tech skills that companies want. It’s simple supply & demand. Their skills are generic business & have no coding / technical background. "

to read:

"The simple answer is: Those who want a job, don’t have the tech degrees and years of tech experience that companies want. It’s simple supply & demand."

Anyone can learn how to code.  Anyone can learn how to code well.  The problem is learning technically skills would help you do a new job, but they wouldn't help you get one.  Minimum requirements include tech degrees and years of technical experience in the field.  Having project work helps, but if you can't meet the minimum requirements on experience and degrees, then it doesn't matter what your technical skills actually are.  There are a small handful of companies that make an exception to this tradition, but as it turns out I would say they make up less than .01% of employers (of course this is a ballpark estimate, based on my personal experience, but I would invite anyone to pick out major employer that fits this category and is actively hiring).  

I also agree with michaelochurch regarding technical silos and just bad employer expectations in general.


>After a small number of failed logins, your IP is temporarily banned. That means that bruteforcing is nearly impossible.

If someone in genuinely trying to crack passwords, I'm going to go out on a limb here and say that they know what proxy servers are and how to use them.


After a certain number of attempts even the account is locked out of being logged into for a period.

Also after being logged into from multiple IP's in a short period it will be locked.

You guys seriously act like Blizzard just fell off the turnip truck here.


Unless the list of accounts you want to crack is tiny, a brute force attack easily gets around per-account rate limiting by simply switching to a different account before tripping it and coming back to the account later.


There's only say 12-15 million active accounts. Even if you had all of them you're going to run out of attempts before you reliably brute force anything. Far more likely is Blizzard looks out for large scale distributed brute force attacks and locks users to their last handful of confirmed IPs.

That's in the realm of speculation admittedly. Look I'm largely defending Blizzard here but they aren't paragons of security. For one thing they could stop a lot of actual real world keyloggers by putting in a randomized screen pin entry. They never did that but they have been pretty aggressive on many other fronts. The fact that their passwords are case insensitive is something that might surprise many people, (and I was mildly shocked when it was pointed out to me years back because I had been dutifully capitalizing 2 characters in my p/w....) but it ends up not being of much consequence imho. Almost all hacks have been keylogger or social. There's one rumored (confirmed?) MITM attack against the authenticator. There's probably some people that used 123456 etc. but the option for a more secure password probably wasn't going to help those people, ymmv.


Once you limit it to accounts actually worth hacking which don't have an authenticator you're probably looking at more like a million accounts.


Are you saying they have a number of proxy servers comparable to the keyspace? Because I'm pretty sure there aren't that many IPs.

EDIT: I just did a few calculations, there are 40 times as many elements in a 8-character password with only lowercase letters than there are IPv4 addresses.


This is the strategy of weak people. If it is actually used, in the way prescribed, by an average middle class American it will inevitably lead to financial ruin.

The only people who can realistically live off of this strategy are investors who know what their doing and can easily make orders of magnitude more than this using their own methods.

Though if you think this is the strategy for you, then more power to you. Can I just get you to sign a waiver that bars you from whining to the government or big business when it doesn't work out for you?


> This is the strategy of weak people. If it is actually used, in the way prescribed, by an average middle class American it will inevitably lead to financial ruin.

It's worth pointing out you've been conditioned to think this is the strategy of weak people. Who are you to call someone else "weak" for choosing to spend less time at a job? This person is not going to have a big screen TV like you, not going to drive a fancy car like you and has a few thousand square feet less than you to live in. These are all choices we are free to make, and calling someone "weak" for that is unproductive and pointless.

You've been manipulated into thinking you must work full-time until a few years before your life expectancy is up, and anything else is "weak". This is a lie.

It's also interesting you think it will lead to financial ruin. If everyone did this, it would undoubtedly lead to lower growth than we have now, and, as sad as it sounds, many corporations would not be making billion dollar profits year over year. Of course, millions and millions of people would have more time to enjoy with their families and to pursue their dreams.


I'm not sure what point you're trying to make. The core idea is that you can live a decent life in America for much less than most people do. By doing so you free up enough money that even simple, fairly conservative investments can generate enough passive income to cover your reduced living expenses in short order. After that you can do whatever you want: sit on a beach, learn metalworking, pile up a huge mountain of redundant cash, anything. That's all he's really saying, and he's got numbers to back it up.


Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: