I can't find a style guide for the Irish Times, but the Independent's style guide seems to agree with you: capitalize when used as part of the name of a bill or act, and use lowercase thereafter [0]. Perhaps because they are using Bill in the headline as a shorthand for the full-name of the bill (probably for space reasons), they saw fit to capitalize it? Regardless, this is one of those cases where it's not really a grammatical choice but one of style/convention.
> People always get confused when they ask me for help on their machines and I reach to the screen
Nooooo, please don't touch my screen! I can't stand fingerprints on my laptop display! Pretty much every gesture you mentioned has a touch pad equivalent that works just as well or better for a desktop OS.
Of course they didn't. While I can't imagine Russia is exactly happy that it lost an ally in the Western Hemisphere, this kind of action is very much aligned with Putin's multi-polar worldview where the great powers leave each other to play empire in their respective spheres of influence. It helps justify things like invading Ukraine. I can imagine some in the Chinese military are over the moon right now, taking notes on how to force regime change in Taiwan.
Double-replying to apologize for my previous comment! I saw what I felt was a leading question and answered it with a leading question in kind, but I got turned around reading the thread and realized much later that I actually agree with you and my answer would to your question would probably be more similar to yours than to the person you were replying to.
> How many countries are led by the far right? What about the far left?
Since you asked the question, I assume you have an answer, and I'm curious to hear it. I imagine it will reveal more about your personal politics than any observable political reality.
As another commenter said, it's a criminal conspiracy or something to that effect. If terrorism is supposed to be the use of violence against non-combatants to attain a political or ideological goal... then would de-Flock be anti-terrorism? Removing Flock cameras makes me feel less terrorized.
AD is perfectly fine. It's actually really good at what it is: a highly-available Kerberos implementation with an integrated directory server. It's not as dominant as it used to be because there are better ways to handle identity for web applications and zero-trust environments, but I don't think that diminishes what AD was good at.
> AD has built-in mecanisms where a random person can execute code on the AD themselves
Could you provide an example? I'm sure I know what you're talking about, but the way you put it I'm having a hard time figuring out what you mean.
> Most people are not perfect; Hence, most people have security issue with AD (see the never ending tail of cryptolocked companies)
Yeah, but, how many of those ransomware attacks exploit misconfigured AD environments rather than something more banal like harvesting credentials accidentally checked into Git, or spear phishing for a target? Identity, in general, is hard.
AD allows connections between two computers that are registered against the active directory, including a random laptop and the AD themselves
This is a fundamental difference versus something like oauth: in the former, everything is done to allow RCE on the AD: the code exist; in the later, everything is done to prevent RCE on the issuer;
Identity is hard ? Identity is a lot simpler once you assume that:
- people make mistakes
- code is buggy
- infrastructure has issue
This is why using things like oauth instead of AD's authentication mecanism is good: because it is secured by default and you must try really hard to allow a wide range of attack
In the windows world, you connect to a server using RDP. I thought this would be implied. RDP is a mean to connect to a remote host and, from there, execute code. Hence, code execution.
What on earth are you talking about? RDP and AD are pretty much orthogonal to each other. You can use an AD account to connect to a domain-joined remote server over RDP, but at that point you're just... logging into a machine, same as any other remote protocol. You prevent bad actors from doing this by not giving them permissions to log in to that server. To call this "code execution" is really odd. Remote code execution as a vulnerability almost always refers to an unintentional behavior in software that allows an attacker to execute arbitrary code as part of that process. Referring to a user logging into a machine with the appropriate permissions and running software as "code execution" is not typical, and is not a vulnerability in any normal sense of the term.
Because logging to a remote server is not "executing code in that remote server" .. ?
Same as any other remote protocol ? Yes. But we are not talking about that, we are talking about active directory, whose main purpose is to authenticate and authorize stuff. Yes, you can configure everything. But just like a wall is better than a door with a lock .. see what I'm saying ? In the AD world, allowing remote code execution is not a bug, it's a feature. Call it a vulnerability if you want;
A direct competitor of AD is oauth, which does not allow people to execute code on the issuer
Number of cryptolock due to oauth: none (that I know of); As if theory and practice sometimes meet ..
I understand that you like AD, and that's fine. The original post was about security and I stand by my point: thinking that we are perfect, that others are doing mistakes but "not us" is not good for security. Neither is playing with fire, as per the vast quantity of burnt people
> In the AD world, allowing remote code execution is not a bug, it's a feature.
This is the assertion that I think you have failed to prove. RDP and WinRM are just remote access protocols, like SSH or what have you. AD doesn't have to be involved in their use, so I'm not sure how "RDP allows you to log into a server remotely" is AD's problem. Or even a problem at all, since that's what its meant to do.
> A direct competitor of AD is oauth,
It really isn't. OAuth is for authorizing third parties access to client resources, not for authentication. By the time you're getting access tokens with OAuth, you've already authenticated with your identity provider. Perhaps you're referring to OpenID Connect, which is built on OAuth 2.0? In any case, AD and OAuth/OIDC don't really compete with each other. AD is intended to be used on internal enterprise networks to simplify authentication and authorization across a fleet of machines, and OAuth/OIDC have a much more pronounced focus on web.
> which does not allow people to execute code on the issuer
I'm not sure what this means. When you say issuer, are you referring to the auth server that issues ID tokens? What if I'm hosting my IDP in AWS and use an OIDC integration to access my AWS admin console and remotely log-in to my IDP server? Am I not then using it to execute code on my auth server?
"This is the assertion that I think .." - you are showing bad faith;
"OAuth is for authorizing third parties access to client resources, not for authentication" - just like AD, oauth is used for authentication and authorization; See the fields sub, scope, audience etc;
"OAuth/OIDC have a much more pronounced focus on web" - of course, we do not use "web" inside internal enterprise networks;
"When you say issuer" - issuer is a keyword, not a random word; But again: you know it;
"Am I not then using it to execute code on my auth server" : can you execute any kind of code on AWS' IAM servers (any server will do) ? Please share some details;
> just like AD, oauth is used for authentication and authorization
In a sort of roundabout way, but in those cases what the relying party is accessing are the user's identifying details.
> of course, we do not use "web" inside internal enterprise networks
That's not really what I mean. I would never expose an AD domain to the internet, that's not what it's for.
> can you execute any kind of code on AWS' IAM servers
That's not what I was saying, I was saying it in the context of a self-hosted identity provider. If all you've meant by this entire exchange is that OAuth means you don't have to worry about security because you've outsourced it to someone else, then I've really wasted my time.
However, according to Apple's docs, they only allow alternative app stores in the EU and Japan, so you have to be using an iOS account with the region set to one of those two places and be physically located there in order to install the app store. Not something that's easy to experiment with for people in the USA to see how the other half lives.
> Or is EU just trying to milk rich USA tech giants (I think I know the answer).
I don't really see an angle for the EU to do much milking here. Actually I think the AltStore founders are Americans? So they seem to be reaping the benefits of EU and Japanese legislation, remotely.
They were uploading these for free. The end result of the videos being taken down is that they are now even more inaccessible to that 4% than they were before.
Making things more accessible is a worthy goal, but the world is imperfect and making things better requires resources.
[0] https://www.independent.ie/editorial/pdfs/stylebook23.pdf
reply