As such, they're not in clear text and whilst I appreciate that will mean some use cases aren't feasible, protecting the individuals still using these passwords is the first priority.

Q. I would like a copy of my data from a breach, can you please send it to me? A. No, I cannot Q. I have a breach I would like to give you in exchange for “your” breach, can you please send it to me? A. No, I cannot Q. I’m a security researcher who wants to do some analysis on the breach, can you please send it to me? A. No, I cannot Q. I’m making a searchable database of breaches; can you please send it to me? A. No, I cannot Q. I have another reason for wanting the data not already covered above, can you please send it to me? A. No, I cannot

The aim of this list is to document all Markdown syntax variations (rather than implementations).

The tyranny of the majority (or tyranny of the masses) is an inherent weakness to majority rule in which the majority of an electorate pursues exclusively its own interests at the expense of those in the minority. This results in oppression of minority groups comparable to that of a tyrant or despot

Direct democracy was not what the framers of the United States Constitution envisioned for the nation. They saw a danger in tyranny of the majority. As a result, they advocated a representative democracy in the form of a constitutional republic over a direct democracy. For example, James Madison, in Federalist No. 10, advocates a constitutional republic over direct democracy precisely to protect the individual from the will of the majority

Those who hold and those who are without property have ever formed distinct interests in society. Those who are creditors, and those who are debtors, fall under a like discrimination. A landed interest, a manufacturing interest, a mercantile interest, a moneyed interest, with many lesser interests, grow up of necessity in civilized nations, and divide them into different classes, actuated by different sentiments and views. The regulation of these various and interfering interests forms the principal task of modern legislation, and involves the spirit of party and faction in the necessary and ordinary operations of the government.

The gem provides a command line utility for checking passwords.

But recent events have made me question the prudence of releasing this information, even for research purposes. The arrest and aggressive prosecution of Barrett Brown had a marked chilling effect on both journalists and security researchers.

At Brown’s sentencing, Judge Lindsay was quoted as saying “What took place is not going to chill any 1st Amendment expression by Journalists.” But he was so wrong. Brown’s arrest and prosecution had a substantial chilling effect on journalism. Some journalists have simply stopped reporting on hacks from fear of retribution and others who still do are forced to employ extraordinary measures to protect themselves from prosecution.

Having said all that, I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment. I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me.

I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us.

As serious leaks become more common, surely we can expect tougher laws. But these laws are also making it difficult for those of us who wish to improve security by studying actual data. For years we have fought increasingly restrictive laws but the government’s argument has always been that it would only affect criminals.

This principle equally applies to the laws of our country; we should never violate basic rights even if the consequences aren’t immediately evident.

Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password.

If you force people to frequently change their passwords, they will use bad passwords.

Stop forcing users to change their passwords every 30, 60, or 90 days, and stop forcing users to include a mixture of uppercase, lowercase, and special charactersForcing users to change their passwords should only happen if there is reason to believe an organization has been breached, or if a new third-party data breach affects employees or users.

The terms open and standard have a wide range of meanings associated with their usage.

And most important: No proprietary encryption software can be fully trusted

If you are concerned about privacy and looking for a bullet-proof solution then the only way to go is open-source software. For example, there was another incident with a proprietary file "encrypter" for Android/iOS which used the simplest possible "encryption" on earth: XORing of data that is as easy to crack a monkey could do that. Would not happen to an open-source software. If you're worried about the mobile app not being as reliable (backdoors etc.) as the desktop app: compile it yourself from sources. https/github.com/MiniKeePass/MiniKeePass You can also compile the desktop version yourself. Honestly, I doubt most people, including you and me, will bother.

Open Source prevents backdoors. You can have a look at its source code and compile it yourself.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.

Anything Pwned Passwords related is free because I want maximum adoption and the cost is borne by @cloudflare. Anything related to querying email addresses requires a key to be purchased because I want to limit abuse and it costs me directly to run.

Devise-Two-Factor only worries about the backend, leaving the details of the integration up to you. This means that you're responsible for building the UI that drives the gem. While there is an example Rails application included in the gem, it is important to remember that this gem is intentionally very open-ended, and you should build a user experience which fits your individual application.

In mainstream press, the word "hacker" is often used to refer to a malicious security cracker. There is a classic definition of the term "hacker", arising from its first documented uses related to information technologies at MIT, that is at odds with the way the term is usually used by journalists. The inheritors of the technical tradition of the word "hacker" as it was used at MIT sometimes take offense at the sloppy use of the term by journalists and others who are influenced by journalistic inaccuracy.

there's no reasonable way to communicate effectively with the less technically minded without acquiescing to the nontechnical misuse of the term "hacker"

terms like "malicious security cracker" are sufficiently evocative and clear that their use actually helps make communication more effective than the common journalistic misuse of "hacker".

Now, if we think of the tasks that we perform throughout the day as consuming separate "bands" of time, then the term makes perfect sense. Being "out of bandwidth" would indicate that you do not have enough unallocated "bands of time" in your day to complete the task. Using the term bandwidth to describe time maps more closely (in my opinion) to the original definition, than the current definition describing data capacity does.

I may be living in a bubble, but my impression is that don't understand that figurative use of bandwidth are way out of the loop.

Another approach I toyed with (very transiently) was blocking entire countries from accessing the API. I was always really hesitant to do this, but when 90% of the API traffic was suddenly coming from a country in West Africa, for example, that was a pretty quick win.

Well, as a home user, I also belong to an investment club with 10 members. I also have a medium size family who I like to send photo's to, and my son is on a soccer team. all those have greater than 5 people on the list. sooooooooo..... once again, the people with valid use of the internet have to 'deal' with those that abuse it.

I had never considered it that in nearly a decade of using GNU find! Thank you for that! It will definitely change the way I think about -prune from now on.

I think this structure is much easier and correlates to the right approach

that “it is quite clear thatNietzsche wrote [this work] not as a dialectician.”3

The point is that users should be in control of their data, which means they need an easy way of accessing it. Providing an API or the ability to download 5,000 photos one at a time doesn't exactly make it easy for your average user to move data in or out of a product.

It's typically a lot easier for software engineers to pull data out of a service that they use than it is for regular users. If APIs are available, we engineers can cobble together a program to pull our data out. Without APIs, we can even whip up a screen scraper to get a copy of the data. Unfortunately, for most users this is not an option, and they're often left wondering if they can get their data out at all.

1Password wasn’t built in a vacuum. It was developed on top of open standards that anyone with the right skills can investigate, implement, and improve. Open tools are trusted, proven, and constantly getting better. Here’s how 1Password respects the principles behind the open tools on which it relies:

Steroids used after the first 3 to 4 days after injury do not affect wound healing as severely as when they are used in the immediate postoperative period.

The major effect of steroids is to inhibit the inflammatory phase of wound healing (angiogenesis, neutrophil and macrophage migration, and fibroblast proliferation) and the release of lysosomal enzymes

Large doses or chronic usage of glucocorticoids reduce collagen synthesis and wound strength

HBOT was found to improve graft survival, complete healing of grafts, and lessen infection in patients with a graft

Chronic wounds have a decreased oxygen supply, and for a long time lack of oxygen was recognized as a potential cause of delayed healing.

Oxygen is required for almost all steps of wound healing and is also an important factor in the body’s defense against bacterial infection

In addition to its role in healing, oxygen plays an essential role in the production of reactive oxygen species such as superoxide that are angiogenesis stimulators and are bacteriostatic

At present, only platelet-derived growth factor BB (PDGF-BB) is currently approved by the FDA for treatment of diabetic foot ulcers. Application of recombinant human PDGF-BB in a gel suspension to these wounds increases the incidence of total healing and decreases healing time.

Bioengineered skin substitutes have evolved from keratinocyte monolayers to dermal equivalents to split-thickness products with a pseudo-epidermis, and most recently, to products containing both epidermal and dermal components that resemble the three-dimensional structure and function of normal skin (see Table 9-11). Indicated for use with standard compression therapy in the treatment of venous insufficiency ulcers and for the treatment of neuropathic diabetic foot ulcers, these bilayered skin equivalents also are being used in a variety of wound care settings.

except the one wigged gentleman who looked at the ceiling

Now that he had no work to hold, he laid the knuckles of the right hand in the hollow of the left, and then the knuckles of the left hand in the hollow of the right, and then passed a hand across his bearded chin, and so on in regular changes, without a moment's intermission. The task of recalling him from the vagrancy into which he always sank when he had spoken, was like recalling some very weak person from a swoon, or endeavouring, in the hope of some disclosure, to stay the spirit of a fast-dying man. “Did you ask me for my name?” “Assuredly I did.” “One Hundred and Five, North Tower.” “Is that all?” “One Hundred and Five, North Tower.”

he women who had left on a door-step the little pot of hot ashes

rags

Chart of accounts numbering involves setting up the structure of the accounts to be used, as well as assigning specific codes to the different general ledger accounts. The numbering system used is critical to the ways in which financial information is stored and manipulated. The first type of numbering to determine for a chart of accounts involves their structure. This is the layout of an account number, and involves the following components:Division code - This is typically a two-digit code that identifies a specific company division within a multi-division company. It is not used by a single-entity company. The code can be expanded to three digits if there are more than 99 subsidiaries.Department code - This is usually a two-digit code that identifies a specific department within a company, such as the accounting, engineering, or production departments.Account code - This is usually a three digit code that describes the account itself, such as fixed assets, revenue, or supplies expense.For example, a multi-division company with several departments in each company would probably use chart of accounts numbering in this manner: xx-xx-xxxAs another example, a single-division company with multiple departments could dispense with the first two digits, and instead uses the following numbering scheme: xx-xxxAs a final example, a smaller business with no departments at all could just use the three digit code assigned to its accounts, which is: xxxOnce the coding structure is set, the numbering of accounts can take place. This is the three-digit coding referred to previously. A company can use any numbering system that it wants; there is no mandated approach. However, a common coding scheme is as follows:Assets - Account codes 100-199Liabilities - 200-299Equity accounts - 300-399Revenues - 400-499Expenses - 500-599 As a complete example of the preceding outline of numbering, a parent company assigns the "03" designator to one of its subsidiaries, the "07" designator to the engineering department, and "550" to the travel and entertainment expense. This results in the following chart of accounts number:03-07-550

This is a great time to individualize instruction and have students work at different paces. You don’t want 100-120 papers coming at you all at one time. Spread it out, and it will keep you from getting short-tempered with your students.

For my more advanced students, they need to learn research skills: how to locate, evaluate, and use information. Online learning offers great opportunities for that, including with what’s going on in the news right now.

Then there is the option of getting students to talk to each other online on discussion boards and videoconferences. Some students adapt to it quickly and like it. Some don’t, because it feels impersonal. You have to be patient with that and give them some time and space to adjust.

Rizga: How have you been translating this online?Moore: It depends on the student. Some students work very well asynchronously. They are very comfortable working alone on a draft; I make color-coded comments in a word document or their PDF, and then I send it back. Some students need me to explain things to them in person before I send them the comments; we’ll do a video or audio chat. Others need even more interaction: I’ll hook them up to a videoconference, and we’ll go through all the comments together. Some students I need to refer to a grammar-brushup program or a YouTube video on how to do some of the mechanical stuff like uploading papers online.

The other big issue is that many of the teachers don’t have the skills to teach online.

We are in the midst of the most sweeping education experiment in history. The coronavirus pandemic has forced the majority of the U.S.’s 3.6 million educators to find ways to teach without what most of them consider the core part of their craft—the daily face-to-face interactions that help them elicit a child’s burning desire to investigate something; detect confusion or a lack of engagement; and find the right approach, based on a student’s body language and participation in the classroom, to help students work through their challenges.

Then, you have to think about accessibility issues. How will my vision-impaired and deaf students access it? Have I put everything in print? Do I have to put in some audio? There are whole series of checks you have to do for different access issues.

There are a couple of similar packages for anyone who does not want to completely accept standard:

The result, all too often, is that we decide (often unconsciously) that the sweeping change just isn't worth it, and leave the undesirable pattern untouched for future versions of ourselves and others to grumble about, while the pattern grows more and more endemic to the code base.

Patients at risk for an esophageal injury should undergo bedside esophagoscopy or soluble contrast esophagography followed by barium examination to look for extravasation of contrast

Widening of the mediastinum on initial anteroposterior chest radiograph, caused by a hematoma around an injured vessel that is contained by the mediastinal pleura, suggests an injury of the great vessels.

Because complete typing and cross-matching takes up to 45 minutes, patients requiring emergent transfusions are given type O-negative RBCs.

In either scenario, a massive hemothorax is an indication for operative intervention, but tube thoracostomy is critical to facilitate lung reexpansion, which may improve oxygenation and cardiac performance as well as tamponade venous bleeding.

Although it may be estimated on chest radiograph, tube thoracostomy is the only reliable means to quantify the amount of hemothorax.

Tangential wounds of the internal jugular vein should be repaired by lateral venorrhaphy, but extensive wounds are efficiently addressed by ligation. However, it is not advisable to ligate both jugular veins due to potential intracranial hypertension.

The typical clinical course of an epidural hematoma is an initial loss of consciousness, a lucid interval, and recurrent loss of consciousness with an ipsilateral fixed and dilated pupil. While decompression of subdural hematomas may be delayed, epidural hematomas require evacuation within 70 minutes.

The partial pressure of carbon dioxide (PCO2) should be maintained in a normal range (35–40 mmHg), but for temporary management of acute intracranial hypertension, inducing cerebral vasoconstriction by hyperventilation to a PCO2 of <30 mmHg is occasionally warranted.

The final stages of this sequence are caused by blood accumulation that forces the temporal lobe medially, with resultant compression of the third cranial nerve and eventually the brain stem.

The goal of resuscitation and management in patients with head injuries is to avoid hypotension (SBP of <100 mmHg) and hypoxia (partial pressure of arterial oxygen of <60 or arterial oxygen saturation of <90%).

Indications for operative treatment of thoracic injuries Initial tube thoracostomy drainage of >1000 mL (penetrating injury) or >1500 mL (blunt injury) Ongoing tube thoracostomy drainage of >200 mL/h for 3 consecutive hours in noncoagulopathic patients Caked hemothorax despite placement of two chest tubes Great vessel injury (endovascular techniques may be used in selected patients) Pericardial tamponade Cardiac herniation Massive air leak from the chest tube with inadequate ventilation Tracheal or main stem bronchial injury diagnosed by endoscopy or imaging Open pneumothorax Esophageal perforation Air embolism

Isthere any way of using these annotations (cryptic jottings,emphasis symbols, underlining and highlighting) in theDocuverse?

Google's move to release location data highlights concerns around privacy. According to Mark Skilton, director of the Artificial Intelligence Innovation Network at Warwick Business School in the UK, Google's decision to use public data "raises a key conflict between the need for mass surveillance to effectively combat the spread of coronavirus and the issues of confidentiality, privacy, and consent concerning any data obtained."

For instance, if an IP address is sent with an ad request (which will be the case with almost any ad request as a consequence of internet protocols), that transmission will not breach any prohibition on sending PII to Google.

Google interprets PII to exclude, for example: pseudonymous cookie IDs pseudonymous advertising IDs IP addresses

data excluded from Google's interpretation of PII may still be considered personal data under the GDPR

No more struggling to stay on top of every little thing your team is saying, for fear of missing out.

See a full history of user consents and data requests. Use the records to prove your compliance in case of an audit by data protection authorities.

Some error occured while registering your request.

legitimate interest triggers when “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject

of the six lawful, GDPR-compliant ways companies can get the green light to process individual personal data, consent is the “least preferable.” According to guidelines in Article 29 Working Party from the European Commission, "a controller must always take time to consider whether consent is the appropriate lawful ground for the envisaged processing or whether another ground should be chosen instead." 

“It is unfortunate that a lot of companies are blindly asking for consent when they don’t need it because they have either historically obtained the consent to contact a user,” said digital policy consultant Kristina Podnar. “Or better yet, the company has a lawful basis for contact. Lawful basis is always preferable to consent, so I am uncertain why companies are blindly dismissing that path in favor of consent.”

That outcome, in fact, is why the General Data Protection Regulation has been introduced. GDPR is being billed by the EU as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards in the wake of the recent Facebook data harvesting scandal.

A Portuguese hospital was fined because of inadequate account management practices, such as having five times the number of active accounts than required and giving doctors blanket access to all patient files, irrespective of the doctor's specialty.

These records should include a userid, timestamp, consent proof, record of the consenting action, and the legal documents available to the user at the time of consent, among other things.

when you choose Matomo Cloud, we acknowledge in our Terms that you own all rights, titles, and interest to your users’ data. We obtain no rights from you to your users data. This means we can’t on-sell it to third parties, we can’t claim ownership of it, you can export your data anytime

the privacy of your users is respected

The relationship is between the website owner (you) and the visitor, with no external sources looking in

With Matomo, the philosophy around data ownership is simple, you own your data, no one else.

To become compliant, organisations will need to either stop collecting the offending cookies or find a lawful ground to collect and process that data

This difference is due to the fact that the Cookie Solution automatically excludes from the counting, the pageviews generated by bots.

Legitimate interest. When there is a genuine reason for processing personal data without consent. Interpretations of this legal ground may vary, but a good example would be risk assessment or checking children’s age, such as in an online liquor store.

I discuss the flaws of this in regards to spreadsheets in Spreadsheets Are Sabotaging Your Business. In brief, when people inevitably started using the more complex formulas available, they unknowingly broke the fundamental design concept of paper spreadsheets: that humans can understand what’s happening between the cells.

Don't be discouraged when you get feedback about a method that isn't all sunshine and roses. Facets has been around long enough now that it needs to maintain a certain degree of quality control, and that means serious discernment about what goes into the library. That includes having in depth discussions the merits of methods, even about the best name for a method --even if the functionality has been accepted the name may not.

Second, you cannot simply add the cookie language to your existing Terms and Conditions because you need to gain consent specifically for the use of cookies. This means, if you already have users who have agreed to your T&Cs, after adding the cookie language you will need to prompt them to review and agree to the new T&Cs.

If your agreement with Google incorporates this policy, or you otherwise use a Google product that incorporates this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area along with the UK. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement.

You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data.

Emerging Theories of Learning and the Role of Technology

Theories and Frameworks for Online Education: Seeking an Integrated Model

Research in Educational Technology

Is there a reason not to do caused-by stack trace printing? Or has it just not been implemented by anyone yet?

Q. Why does Rubinius not support frozen and tainted? A. Rubinius has better features; frozen and tainted are considered harmful. To elaborate... Both frozen and tainted depend on strewing checks throughout the source code. As a classic weak-link system, only one of those checks needs to be misplaced for the guarantees offered by either to fail. Since the number of checks is high, and as new code is written new checks need to be considered, the features inherently constitute unbounded complexity and unbounded risk.

some examples of legitimate interest (although their main aim is to emphasize what rights, freedoms and so on override legitimate interest)

An example of reliance on legitimate interests includes a computer store, using only the contact information provided by a customer in the context of a sale, serving that customer with direct regular mail marketing of similar product offerings — accompanied by an easy-to-select choice of online opt-out.

This is no different where legitimate interests applies – see the examples below from the DPN. It should also be made clear that individuals have the right to object to processing of personal data on these grounds.

Individuals can object to data processing for legitimate interests (Article 21 of the GDPR) with the controller getting the opportunity to defend themselves, whereas where the controller uses consent, individuals have the right to withdraw that consent and the ‘right to erasure’. The DPN observes that this may be a factor in whether companies rely on legitimate interests.

prove that your interpretation of EU laws (“My Privacy Policy covers everything, explicit consent isn’t required, I don’t have to give my visitors any kind of control because they can block cookies before visiting my site,” etc) is right

Dictators and tyrants routinely begin their reigns and sustain their power with the deliberate and calculated destruction of art

Many people see tracking cookies as an invasion of privacy since they allow a site to build up profiles on users without their consent.

Advertisements are often injected with malware.

You can also turn off personalization for your browser by installing the Interest-Based Ads Opt Out extension.

Google is one of many ad networks that personalizes ads based on your activity online. Go to AdChoices to control ads from other ad networks.

Uncheck the box next to "Also use your activity & information from Google services to personalize ads on websites and apps that partner with Google to show ads."

How do you leverage browser cache when Google’s very own Analytics.js has it’s expiry time set to 2 hours? How do you minimize DNS requests when Google advices you to copy their tracking code, linking to an externally hosted Javascript file?If that isn’t bad enough already, Google’s advice is to avoid hosting the JavaScript file locally. And why? To ensure you get access to new features and product updates.

Why should I host analytics.js locally?The Complete Analytics Optimization Suite for WordPress gives you the best of both worlds. After activation it automagically downloads the latest version of analytics.js from Google’s servers, places the necessary tracking code in your WordPress theme’s header and keeps the local Javascript file up-to-date using an adjusted version of Matthew Horne’s update analytics script and wp_cron(). This way you can minimize DNS requests, leverage browser cache, track your visitors and still follow Google’s recommendation to use the latest features and product updates.

Over 100,000 organizations rely on monday.com

The Power of Spheres

a complete snapshot of the user's browser window at that moment in time will be captured, pixel by pixel.

However, we recognise there are some differing opinions as well as practical considerations around the use of partial cookie walls and we will be seeking further submissions and opinions on this point from interested parties.

While we recognise that analytics can provide you with useful information, they are not part of the functionality that the user requests when they use your online service – for example, if you didn’t have analytics running, the user could still be able to access your service. This is why analytics cookies aren’t strictly necessary and so require consent.

On visiting a site with a “cookie consent” notice, I don’t feel empowered just irritated.

it really doesn’t take much clicking around the regional Internet to find a gaslighting cookie notice that pops up with a mocking message saying by using this website you’re consenting to your data being processed how the site sees fit — with just a single ‘Ok’ button to affirm your lack of say in the matter.

Out of 508 manually analysed websites that provide a way to opt out, we detected 39 websites where the banner stores a positive consent, even if the user explicitly refuses consent via the cookie banner.