Readit NewsAsimov has some good stories where people no longer know how to read and write and multiply because everything is done on computers and all interactions with computers and are done by voice.
That practice is _definitely_ a violation of the Computer Fraud and Abuse Act. No employer's IT is going to have it not be a violation for a user to share their password with someone else, which even in the weakest boilerplate immediately revokes their rights to the account. At that point _any_ use of those credentials is very much a violation of the CFAA.
Conflating a software vulnerability with a criticism of the overall concept is a good way to become non-credible and get both ignored
The article repeatedly claims the entire concept is mere "activism theater" yet with zero evidence or even discussion to back up the claims. In fact, this sort of app may be very effective in both helping people evade authoritarian raids and helping generate flash-mob-type protests that impede the authoritarians. Every bit of friction added to authoritarian rule improves the likelihood of successfully defeating it.
And, buried in the vague overall accusations of not liking the app, the author is stating he's using the wrong version of Apache. I missed anything about the actual good version if it was in there. And, he openly admits he has no idea if the server in question even houses any significant data.
The whole article comes off as the author being an asshat, and even more sore that he's being ignored. TBF, I'd probably ignore him too.
But yeah, it probably is a good idea to run the update sooner rather than later.
Things which take minimal effort but produce a massive response are what Trump's fire hose of duplicitous social media posts are all about. It's perfectly fine work to leverage that same asymmetry in response.
The point is the developer didn’t block “the author after seeing them link a blog post.” They received the disclosure and then blocked the author (on that account).
The only serious vulnerability that might have applied would have required the man to be using Apache as a reverse proxy to another server, which is just _extremely unlikely_ considering where it was hosted and what it was being used to do.
Critically, it's not even clear that this is a vulnerability report. Yes the version is out dated, and yes there are known CVEs, but is the server actually vulnerable?
The CVE referenced has the key phrase: "... whose response headers are malicious or exploitable". This does not appear to be a CVE that would impact every installation. You need to find a way to control the response headers, meaning you need to chain another vulnerability.
Without verifying that the server is vulnerable this isn't a vulnerability report. It's a suggestion to install updates. Paired with the poor delivery, it seems reasonable for the author to get blocked and ignored.
Considering how lacking in detail the reports were, I'd probably have just dismissed this man's claims as "AI slop". That he was relying on nmap to tell him the version of something that is easily discovered using openssl s_client (because those HTTP response headers are perfectly human-readable) is kind of telling in and of itself.
Data Centers do not work like this. They don't generate any new sales taxes, they don't really generate much in the way of new jobs, and they often don't even pay property taxes at all (our biggest data center here, for example, got a sweetheart deal on a massive property tax exemption -- they literally don't have to pay any property tax at all)
Data Centers also don't pay standard price for their power -- they get 'industrial' power rates (locally here, our industrial power rate is much lower than what a home would pay for equivalent kwh usage, even after factoring in transmission differences).
If you just charged equivalent access (if industrial users had to pay to-the-penny exactly the same prices as a residential user, identical transmission fees, identical per-kwh prices, identical time-of-day usage surcharges, etc), it would go a long way to making the data center setup more fair for everyone.
I accept that data centers generate more load for a system. Which will make the overall system need more maintenance, which is something that others paying into the system will also have to support. But, I'm not clear on why this is a hidden cost.
Consider, if people get the new housing developments that they want, that would also add load to the system. This larger energy system will be more expensive to run, which will lead to higher costs. Adding houses would probably be even more expensive in the transmission maintenance costs associated.
Any model you do that tries to prevent this is essentially rent stabilization for early members. And that has a pretty good track record of not being a good idea.
Tennessee (for example) has fairly cheap electricity because the TVA uses a lot of hydroelectric, and since we have a ridiculous amount of rain and violent thunderstorms each year, every decade or two they build another hydroelectric dam and create a new lake, which generates more hydroelectric power (and a moderate increase in tourism/recreation). We don't have buried power lines (excepting in a very few places) but we've got a ton of redundant power substations and multiple transmission paths (because storms). The TVA and Corps of Engineers are kinda hardcore here otherwise the valley would flood about a quarter of the year and be sitting around in the dark for another quarter of the year.
Maintenance of the power transmission lines is paid for by the electrical customer as a part of paying for the electricity itself. This actually scales just fine. If your local electrical utility is not doing it this way, someone needs to explain to them how proper accounting works.
Calling a "hidden cost" is just a convenient way to say "We're making this up because we feel like it's right and we don't intend to show any proof."
The baseline expectation of anyone operating heavy machinery in public should be that it is tracked for safety and accountability. This is a good thing. We've been installing tracking numbers on them for decades, what did you think they were for?
I understand for many people, their movements and their vehicle's movements are 1:1, so it can feel like tracking their vehicle is tracking them. If you care about privacy, travel without the heavy machinery. Walk, bike, transit. If your region does not allow you to do this, direct your privacy-related energy towards making that possible, rather than reducing accountability for drivers.
Edit: I wonder how the commenters below feel about tracking jets, probably similar to how I feel about tracking their cars.
Until there's a substantial number of driverless cars on the roads, LPR systems will always equate to tracking people. You might as well argue that exposing geospatial data about cell phone movements is fine because cell phones aren't people.
These systems, when abused, amount to warrantless monitoring of civilians over long periods of time. A judge can not and will not order someone's movements to be tracked over the last six months. They can facilitate someone's movements going forward to be monitored for a specific period of time.
...and these systems are always abused. To the degree that if you've put an RFP out there for a LPR system that disposes of the scan data after 30 days, suddenly no one wants to submit a proposal.
Abuse is pretty much the default state unless there are hard guardrails against it. That knucklehead in Millersville was pretty obviously using FINCEN data to go looking up the life details of people his political party didn't like, probably because the only safeguard was that someone had to enter a relevant case number to show that the search was legal. Lo and behold a regular audit being performed by the TBI resulted in a near immediate lockout of Millersville from their system and a warranted search of said knucklehead's residence because of "irregularities". It's not hard to figure out what was going on there.
It took months to get the LPR system in Mt. Juliet, TN to actually start disposing of the scanned data, and we've already seen reports of LPR systems being abused by ICE/CBP to search for people all over the nation. What's currently holding up Nashville getting such a system? I'm pretty sure it's the data destruction policy, because the state-level government is being run by people who think such Orwellian surveillance is just dandy.
They never notified archive.today of the illegal material, instead they chose to demand blocking actions of archive.today from a DNS provider. I would be interested to know whether any other DNS service providers have received similar such demands.
I would assume (like any normal individual), that you would notify the service first (archive.today) and if they've proven to be a non-responder to CSAM material then escalate to legal action.
If archive.today is honest about never receiving a prior notification, then the way in which they've decided to go about removing the illegal material is very suspicious.