That practice is _definitely_ a violation of the Computer Fraud and Abuse Act. No employer's IT is going to have it not be a violation for a user to share their password with someone else, which even in the weakest boilerplate immediately revokes their rights to the account. At that point _any_ use of those credentials is very much a violation of the CFAA.

Things which take minimal effort but produce a massive response are what Trump's fire hose of duplicitous social media posts are all about. It's perfectly fine work to leverage that same asymmetry in response.

The only serious vulnerability that might have applied would have required the man to be using Apache as a reverse proxy to another server, which is just _extremely unlikely_ considering where it was hosted and what it was being used to do.

Considering how lacking in detail the reports were, I'd probably have just dismissed this man's claims as "AI slop". That he was relying on nmap to tell him the version of something that is easily discovered using openssl s_client (because those HTTP response headers are perfectly human-readable) is kind of telling in and of itself.

Tennessee (for example) has fairly cheap electricity because the TVA uses a lot of hydroelectric, and since we have a ridiculous amount of rain and violent thunderstorms each year, every decade or two they build another hydroelectric dam and create a new lake, which generates more hydroelectric power (and a moderate increase in tourism/recreation). We don't have buried power lines (excepting in a very few places) but we've got a ton of redundant power substations and multiple transmission paths (because storms). The TVA and Corps of Engineers are kinda hardcore here otherwise the valley would flood about a quarter of the year and be sitting around in the dark for another quarter of the year.

Maintenance of the power transmission lines is paid for by the electrical customer as a part of paying for the electricity itself. This actually scales just fine. If your local electrical utility is not doing it this way, someone needs to explain to them how proper accounting works.

Calling a "hidden cost" is just a convenient way to say "We're making this up because we feel like it's right and we don't intend to show any proof."

Until there's a substantial number of driverless cars on the roads, LPR systems will always equate to tracking people. You might as well argue that exposing geospatial data about cell phone movements is fine because cell phones aren't people.

These systems, when abused, amount to warrantless monitoring of civilians over long periods of time. A judge can not and will not order someone's movements to be tracked over the last six months. They can facilitate someone's movements going forward to be monitored for a specific period of time.

...and these systems are always abused. To the degree that if you've put an RFP out there for a LPR system that disposes of the scan data after 30 days, suddenly no one wants to submit a proposal.

Abuse is pretty much the default state unless there are hard guardrails against it. That knucklehead in Millersville was pretty obviously using FINCEN data to go looking up the life details of people his political party didn't like, probably because the only safeguard was that someone had to enter a relevant case number to show that the search was legal. Lo and behold a regular audit being performed by the TBI resulted in a near immediate lockout of Millersville from their system and a warranted search of said knucklehead's residence because of "irregularities". It's not hard to figure out what was going on there.

It took months to get the LPR system in Mt. Juliet, TN to actually start disposing of the scanned data, and we've already seen reports of LPR systems being abused by ICE/CBP to search for people all over the nation. What's currently holding up Nashville getting such a system? I'm pretty sure it's the data destruction policy, because the state-level government is being run by people who think such Orwellian surveillance is just dandy.

Facilitating investment in long-term things that benefit the country or humanity as a whole is literally one of the reasons we have governments. Putting men on the moon didn't make any profit, but a whole slew of discoveries and inventions that happened before that could happen definitely made improvements to everyone's lot.

If one can treat the symptoms just as easily as the cause and pseudoephedrine doesn't make them feel like a drugged-out zombie, just guess which drug people are going to take...

...and yes, doctors actually will write prescriptions for pseudoephidrine because they're generally pretty sure their patients aren't using it to make meth. I know three people who've gotten such prescriptions, and I've been tempted to do the same thing myself.

That phenylephrine (which everyone with sinuses knows doesn't do a damn thing) was perpetually being touted as a substitute was just adding insult to injury.

With a quick keypair generation one can quickly deploy read-only (and probably write-only although I've never tried that) access to select parts of a filesystem and do selective near-line backups of important files into a "history" host of sorts, and even leverage rsync's ability to use hardlinks in place of files that have not changed since the last run so no space is needlessly wasted backing up 400 copies of the same thing.

It was wonderful that I didn't have to write such a wrapper myself.