API keys are most successful when they're issued for server-side use; when used client-side the usual pattern that I see is for individual clients to request their own API key?
In this case, it would need to be distributed to myriad users who legitimately need to ask for the lists and then could be scraped by the "attacker", but at least then they'd have to be knowingly malicious vs. accidentally malicious.
You generally add a small "cost" to request an API key. For example submit your email to this form and wait a day.
Then browser makes like this will not reasonable be able to request a new key automatically for every install. So they will just request one and ship it.
Then when you get abuse like this you can disable it.
In the case of interstate commerce (and catalog ordering, crossing the border to buy if you live nearby, etc) they have the concept of "use tax" where you must pay the equivalent of sales tax on goods you bought to use in your home state without paying state income tax. You are expected to pay use tax on goods you purchase on the internet tax-free at income tax filing time, and (a vanishingly small number of, I'm sure) honest people have been reporting their purchases and paying tax on goods purchased on the internet. Retroactively taking sales tax from those retailers would double-dip.
Glancing at the supreme court case, I'm not sure that observations that police officers can do from a public place have a good application to this area.
I think the public expectation part was specifically whether thermal imaging was too invasive and not an observation that the general public would make from the street.
I think light switches are an absolutely fantastic UI. You can look at them to determine state, you an interact with them without unlocking a device and when they're placed well you can just "wave your hand" and lights come on.
However, when the light switches aren't well placed it is nice to add a layer of software abstraction between the switch and the light to be able to rearrange existing switches in your home without having to pull new wiring. So you can essentially just keep what you are already doing but make the existing, mature UI even more suited to your needs even if you're skeptical of all of the rest of it.
Referred from your reply to my comment[0]; Algorithms can be backdoored due to having a novel technique to defeat them that you have not disclosed and has not otherwise been discovered yet. We are constantly adopting and discarding encryption algorithms that have not withstood the test of time.
If someone has gotten a jump on research and found a novel attack against their math, but the math looks good enough to convince others to use, that is an enormous advantage.
And my rebuttal to that notion is that if the NSA has secret math that breaks a simplified, stripped down standard ARX/Feistel design, we probably have bigger problems than the NSA's preferred lightweight cipher. I'm not fond of citing Schneier, but he's an authority to a lot of people here, and look what he has to say about Speck: that it's basically an improved version of Threefish.
The "unknowable secret math" argument works both ways. As I said upthread: if you believe this, how do you rule out the possibility that ARX designs are the ones NSA can't break, that they have secret math that only works against iterated ciphers built solely on bitwise primitives, and that they published this particular cipher --- something they rarely do! --- precisely to create the kind of suspicion we're seeing on the thread?
If you want to play Kremlinology instead of talking about engineering, arguments like that are fair game too. I'd rather rule both of them out.
Of course, this could be NSA's test of community trust and an attempt to gain some goodwill. Surely they know they are not the most popular kid on the block... :)
Running an algorithm chosen by an attacker with extensive resources is foolhardy, because you can never be certain that your resources are sufficient to detect a trap carefully hidden by their resources. We have a history of the NSA performing attacks and standards subversion. Why accept their potential trojan horse when you can have algorithms designed by those without that checkered past, keep up the same amount of scrutiny for potential trojan horses, and have decreased odds of a backdoor being present if the provider is more trustworthy?
It seems that taking motivations into account could lead you into a false sense of security, but that if you keep up the same amount of security and distrust known bad actors that you increase it.
HP's consumer line isn't/wasn't great (I've had scant experience with it over the years), but their business products are generally great to take apart and repair. The EliteBook series in particular, e.g. the 8460s are built like tanks and are great to pick up off-lease.
I have a hunch that can be said for most laptop vendors. There is reason "business notebooks" cost so much more. I'm not saying it's a good reason, but it's there.
Their consumer hardware is insane to repair, on some models its over 20 screws and a full disassembly to change the hard drive. If you send it to HP for repair, expect half your screw mounts to be sheared off by HP's repair team!
Dell is the same, consumer level stuff is difficult or impossible to repair, but the business laptops are well thought out and designed to be repaired.
My new Dell XPS 15 is easy to service. 12 screws on the bottom gives easy access to the ram, battery, drive slots, and wifi. The heat sinks and pipes for the CPU and GPU has what, 8 screws? The screws don't need to be removed to clean out the fans with compressed air.
I replaced the SSD, wifi card, and repasted the CPU/GPU cooler. The operation took me 30 minutes.
+1 to OneNote. The Notebook/Section/Page paradigm is super intuitive and convenient. You can create/copy hyperlinks to different notebooks/sections/pages/paragraphs, so it's easy to make a master notebook with shortcuts for navigation.
(un)fortunately I'm standardized on OneNote 2007, vs. the later versions, but keyboard shortcuts for it in 2007 on Win7 are fantastic. Win+Shift+N to bring up OneNote with the last page open, Win+N for a new unfiled note, and various "tags" and searches. Many Win key shortcuts have changed in Win 10 and later versions of OneNote.
I use checkbox tags for Ctrl-1 (you can assign Ctrl-# to particular tags), so you can easily make a checklist by just typing an item and then hitting Ctrl-1 to make a "todo". You can mark it as done by hitting Ctrl-1 again on the same line. You can also insert timestamps with Alt-Shift-F so you can note when you completed something or similar. Win+S brings up a screen snipping tool for quick documentation on a topic as you go.
