It isn't great, and they did have a leak, but it is the best option if you're working across platforms (including your phone). And peering options are at least there. I've considered switching out, but have been relatively happy.
If you have hundreds of tabs open, unused tabs etc, I would suspect that you'd have more to gain by fixing whatever is wrong with your work methodology than by downloading extensions. Food for thought.
That's funny. Most people who are working in a place where they would be pressured to continue doing work after hours are not paid hourly.
And then there is those long term contractors that are hourly but basically on a fixed number of hours per week who still are 'encouraged' to do what little extra is needed to get this project done so their contract can be renewed for the next one once they've shown they can be counted on.
> That's funny. Most people who are working in a place where they would be pressured to continue doing work after hours are not paid hourly
Whether or not they are paid hourly, as long as they are not classified as exempt, they are entitled to overtime pay. (Tech workers are classified as exempt in California, which is indeed a problem and IMHO a mistake, but that's a much smaller issue)
> And then there is those long term contractors that are hourly but basically on a fixed number of hours per week...
Well, that's a bad way to write a contract, but even so, that's a totally different situation because they're not even an employee. And the French law referenced in the original article wouldn't apply in that situation either.
Yeah, I've had the latter. I refused. Had I had something to actually do in those hours it might have been different.
You really need to make it clear to the people you work with that this is an issue of integrity. You want to work with people who have and understand integrity.
Read the original CloudStrike report. Not the government report but the private security firm report. The government report is really just a restatement of that report. You don't track hackers for a decade to suddenly be wrong because of a governments political stance.
The CrowdStrike report, and subsequent interview in Christian Science Monitor of CrowdStrike CTO Dmitri Alperovitch [1], stated in June 2016 that they had low to medium confidence that the Russian government was involved with either Russian group detected.
The groups haven't changed; why are we so certain in December of Russian involvement that we're willing to sanction, if we knew everything we needed to know in June? The only evidence that they are associated with the government is a claim by FireEye that they "work during normal Russian business hours" of 8am-8pm, and that their targets (known targets I should say) would be of strategic importance to the Russian government - I bet if you asked any hacker in any country whether they'd like to hack the US government, they would tell you hell yes.
There are two possibilities here: 1, the US government is drawing this conclusion and imposing sanctions based on weak circumstantial evidence or 2, they have actual evidence but won't even hint at what it is. Even during the Iraq WMD debacle (which this ordeal is drawing heavy comparison with) they said they had satellite photos.
> All I said was no evidence has been made public by the government
Except that's _explicitly_ not what you said. You said:
>still no public evidence that Russia leaked the DNC and Podesta's e-mails?
Your original claim was that there was _no public evidence_. When that claim was challenged, you pretended your claim was about what evidence was provided by the government.
Sorry, my intention wasn't to move the goalposts, I actually misspoke the second time. Obviously I don't care where the evidence comes from. I did mean "no public evidence" and then the parent made it political, somehow.
I did read the RPT-APT28 report by FireEye on APT28 (all fifty-something pages, surprise!). It did convince me that APT28 has political motivations. What's the connection between that and DNC/Podesta? I don't know, because there's no public evidence on that (that I know of).
Because good configs are personal, not global. An email workflow for an accountant would be very different than an email workflow for an HR manager and a CEO.
Because it depends on how you want to use email. eg I have emails which are sent to my address+subs@gmail.com being put to a label "subscriptions", but obviously not everyone wants to use it like this, in which case why make it default?
Not that risky though - it looks more like an SQL injection than it actually is. I actually didn't think it would get this much attention - I went to bed!
I probably don't know enough to be talking about these things, but it seems to me that the Qubes OS approach is more complex and less battle tested. User permissions in Linux have been around forever.
Unix permissons by themselves are notoriously not capable of containing and restricting something malicious. The kernel exposes a huge attack surface. That is why it is beter to use VMs, which expose the much smaller hypervisor and provide only simple interface protocols.
Unfortunately not true. By default programs will also have permission to do things like mmap, open network sockets, use IPC, learn about other processes and the kernel via proc (helping to defeat randomised protection against stack overflow) and many other areas. Google for kernel hardening and PaX.
