>Michael Jackson did this with concert tickets, sort of. You had to pay hundreds of dollars for the chance to buy a ticket to his mega tour, to be refunded if you didn't manage to get one. People send their money in and have to wait like three months to find out if they managed to get one. Meanwhile, he's making money by the dump truck on the interest from all this.
This doesn't pass the sniff test. If we assume that "hundreds of dollars" is $500, and the risk free rate is 5%, and they hold it for 3 months, then you get $6.25 per victim. Hardly a huge sum. If you factor in credit card processing fees, they might even be losing money on it.
Tour attendance: 2.5 million
Only 1 in 10 purchases were honored, so purchase for 25 million tickets were attempted.
$750 million in Money market at 7% for 6 to 8 weeks.
So, 6 to 8 million in interest depending on the weeks (6 to 8) in money market.
I had some of the details wrong btw, you had to mail in $120 for the chance at 4 tickets, and he only held it for 6-8 weeks. Part of what was so shitty though was that very many of his fans couldn't really afford what was about a months rent but scrapped it together anyways. Maybe it was a poor financial decision on their part, but he took advantage of those people for his own profit, when he didn't even really need the money.
>Maybe it was a poor financial decision on their part, but he took advantage of those people for his own profit, when he didn't even really need the money.
Your own article contradicts your narrative that Jackson was somehow doing it for evil/greed reasons:
1. The scheme seems to have been cooked up by the promoters, with Jackson himself being against it
2. The "he filtered by zip code" allegation was entirely unsubstantiated, and seemed to be a side effect of making the tickets expensive.
3. Jackson donated his earnings to charity, so the "... for his own profit" claim was also questionable.
> it's always been black-letter law that if I misappropriate $1,000 from you, put it on red 27, and turn it into $36,000, I owe you all $36,000.
Only if you "stole", and only if you get caught. If you asked $1,000 for an "investment" with the intention of putting it on red 27, then win, you can repay your investors and they'd be none the wiser.
Are you sure? I'd have guessed that the debt is created when they generate the $36 000. Getting caught would just make it easier for the victim to collect.
So if your kid downloaded a shady app, and it turned out that app had some residential VPN SDK, are you on the hook too? Does it stop at DDoS attacks? If it turned out they were scraping linkedin, can they sue you for a thousands of dollars of "harm" that you enabled?
Seems petty clear the intent of the post you are replying to isn't to hold random parents accountable for thousands and instead to hold app developers (add maybe too open app marketplaces) accountable for malicious app behavior
I've never tried a subpoena. I've tried reporting them to ICANN for whois abuse contact violations and never received a response (after I recieved a response from cloudflare saying, "Go away, we don't care, sign up for our services and pay us to care."). Perhaps I should set up a gofundme or something for the thousands of dollars needed to get justice via subpoena.
If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.
> If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.
If you refused to tell some random person who asked? No, you wouldn’t. If you refused to respond to a legal authority—a court-issued subpoena, for example—then there would be consequences.
As far as cloudflare is concerned you’re just a random person asking. They have no legal obligation to provide you with information.
>I've tried reporting them to ICANN and never received a response.
So ICANN is complicit too? After all, if we adopt your interpretation, in some way ICANN is also turning an blind eye, both to what cloudflare is supposedly doing and also to what the domain registrars are doing.
In a way, yes, that makes it more okay. You can't have a conflict of interest if you have no interest. Cloudflare has clear interest in hosting the malicious actors and it's in clear conflict with providing services to their other users.
No you wouldn't. Unless you failed to comply with subpoenas/warrants/etc for it.
That assumes of course that like Cloudflare you were hosting a web page and not the actual illegal activity, and were following the laws around hosting things.
Sure, that makes the case for reform stronger for police unions, but why should bad union behavior (ie. protecting criminal or incompetent members) be tolerated at all?
>Curtailing that freedom should be a measure of last resort.
This just feels like it turns into a cudgel against whatever groups you hate. Bad police unions? Boo! Let's ban them! Bad teacher unions? Free association is protected by the constitution so they get a pass. Catholic priests? On one hand they're consistently hated on by progressives, but on the other hand much of the arguments that can be used to defend them can be applied to teachers.
That's seemingly contradicted, or at least cast in doubt by your own article:
>The Buffalo police union, the Buffalo Police Benevolent Association, was angered by the suspensions of the two officers, and it retaliated on June 5 by withdrawing its legal fees support for any other Buffalo officers for incidents related to the protests. [...] All 57 police officers from the Buffalo Police Department emergency response team resigned from the team, although they did not resign from the department.[45] According to the police union's president, the mass resignations were a show of solidarity with the two suspended officers.[46] However, his account has been contradicted by two of the resigned officers, who stated they resigned because of a lack of legal coverage. One of these officers said "many" of the 57 resigned officers did not resign to support the two suspended officers.[47]
Either the officers resigned in protest, or the union withdrew legal support in protest and the officers resigned as a result of that. Either way, the resignations were a result of union support for the criminals in their ranks.
>The Buffalo police union, the Buffalo Police Benevolent Association, was angered by the suspensions of the two officers, and it retaliated on June 5 by withdrawing its legal fees support for any other Buffalo officers for incidents related to the protests.
Why do you think the union withdrew legal support here, given that the union supported the officers?
>Recently a Massachusetts trooper who engaged in railroading a fabricated suspect was exposed for sending extreme racist, sexist, antisemitic texts to fellow troopers. But the names of those troopers and their own behavior remains opaque to the public. That's crazy! Nobody should put up with that.
What does sending "sending extreme racist, sexist, antisemitic texts to fellow troopers" have to do with cover-ups? Anyways my guess is that it's general policy for police/courts to not release evidence unless it's part of a trial, similar to how the Epstein files weren't released across 3 administrations and took an act of congress to get released.
I was about to downvote this for being obviously false, but after some research this does appear to be true, because ssh uses some channel binding mechanism to prevent your public key authentication from being replayed/reused by the "man" in the middle.
This is one of those situations where it's necessary to be very precise about the security properties.
Specifically, if you bind authentication to the connection, then an attacker who impersonates the server (in this case because it's the first connection, but in other settings because they have a fake certificate), then client authentication is not portable to another connection, so the attacker can't mount a classic MITM attack. However -- and this is a big however -- that doesn't mean that there aren't serious security problems. For example:
* If you use SSH to copy a secret such as an API key to the server, then the attacker still knows the API key.
* If you download some file (e.g., a script) from the server and then trust it, the attacker can use that to provide a malicious script.
>* If you use SSH to copy a secret such as an API key to the server, then the attacker still knows the API key.
That's much harder to pull off though, because you need to replicate the environment close enough so that the victim doesn't suspect anything. Do they put their config files in /var/lib or random docker volumes? Do they use docker compose or docker-compose, etc.
If you know its their first connection to a fresh VPS and assume they haven't used a web-based display to set up anything yet, you just need to guess their install image, which is probably off-the-shelf.
Basically, the client signs the shared key obtained through Diffie-Hellman key exchange, which then gets verified by the server. This ensures that the client and the server have the same shared key, hence no man-in-the-middle.
This doesn't pass the sniff test. If we assume that "hundreds of dollars" is $500, and the risk free rate is 5%, and they hold it for 3 months, then you get $6.25 per victim. Hardly a huge sum. If you factor in credit card processing fees, they might even be losing money on it.
reply