There's a third choice: display a warning the first time, then permanently accept that cert for that site like ssh does. Then, allow one cert to sign its successor for a couple of years after the cert's expiration (or drop expiration dates entirely, as they don't seem to do much good other than making CAs more profitable) and make the new cert inherit the "always trust for this site" policy from its predecessor.
With that one change, a self-signed cert would provide nearly the same benefit as a real cert, minus the initial trust on first connection. And even that trust is minimal, given that taking over a domain's admin email accounts (even temporarily) or compromising a CA is enough to get certs. And even in the best case, you're basically going on word-of-mouth trust as to whether you trust the actual owners of the site to be a legitimate business.
In some ways, the ssh style actually provides more security than the current trust model because an attacker can't get a new key from an arbitrary (compromised or crooked) CA.
Safari already provides some of this if you know to check the checkbox ("always trust this cert for this site", emphasis mine). Other browsers may do this as well; I haven't tried it. However, to my knowledge, nobody provides trust chaining with expired self-signed certs, nor automatic inheritance of the "always trust for this site" policy, which turns out to be a critical part of the story after the first cert expires.
I think the original figure must have been missing a zero. 25 GB per season is less than 480i DVD bitrate (that's only about three dual-layer DVDs, whereas an hour-long TV series has about five or six dual-layer discs per season.
I only have one TV show on Blu-Ray, so I don't have a lot of data to go on, but... Serenity ran for only 14 episodes (basically a half season) and is spread across three dual-layer Blu-Ray discs, for a total of 150 GB. A full season of an hour-long TV show should be on the order of 250-300 GB unless you are recompressing it at a much lower quality setting.
By that same standard, doubling the cost of gasoline in the U.S. overnight can't possibly cause our economy to collapse because Europe has had such high gas prices all along.
Also, European companies don't seem to have nearly the inclination to screw each other that U.S. companies are so well known for. Most European countries (with the exception of Germany) file half as many patents per capita or less when compared with the U.S. We're patent-crazy on this side of the pond.
If an inventor were to abandon a project I would expect them to do so before they got something working, not afterwards.
You're making the same two mistakes that lots of people make when talking about inventions in a patent context.
First, an inventor is rarely working as an individual. Most inventors these days are working for a company. That company is building a product. The company as a collective comes up with a hundred cool inventions that will make their product better.
Second, an invention is not a complete product. Each invention can be something as small as a better hinge design.
In first-to-invent: The vast majority of those are not worth patenting because they aren't sufficient to stop your competitors from competing with you. Thus, the company files patents only on the five or six that they think would give the greatest strategic advantage by actively preventing their competitors from competing with their product in the future.
In first-to-file: The vast majority of those inventions are worth patenting (or at least filing). In the absence of a patent, their competitors could patent any one of those hundred inventions and force a redesign of a product that's already in the pipeline, with a scheduled delivery date.
Thus, with first-to-file, the companies are likely to file protective patents on all 100 patents so that their competitors, if they happen to come up with the same idea, cannot kill some feature of their product before they are able to ship it. A few hundred dollars is nothing when compared with the need to avoid a delay that could cost millions of dollars in production delays.
Now, sure, a lot of those extra patent filings will be provisional filings, but only for inventions that the company expects to ship within a year. Most profitable companies have timelines that extend a lot farther out than that, however, so a sizable percentage of those will end up being full blown patent applications.
Why didn't any of the swarm of doctors notice? Who knows.
Because pharmaceutical companies don't give the doctors kickbacks for prescribing more over-the-counter vitamins, and hospitals don't make more profit by running fewer, cheaper tests.
Medical care in the U.S. became purely driven by profit motives a long time ago, which is why the U.S. has one of the worst health care systems of almost any industrialized nation (according to several key indicators), and yet has a higher overall cost of service than almost any industrialized nation. Remove the profit motive, and you'll bring things back to being about the patient instead of about the service. It's really the only way.
Write your congresspeople and tell them to fund the formation of a national network of independently operated, 501(c)(3)/501(e) non-profit hospitals and clinics.
Under a first to file system someone who invents something and postpones filing until they are closer to having a marketable product is gambling that another inventor will not appear. If some other inventor appears the gamble is lost.
The problem is that this solves one problem, but creates two bigger ones. So now, you've effectively shortened the duration of patents negligibly by pushing inventors to file them earlier. However:
Now, those inventors must file that patent because they can no longer count on showing documentation to prove that they invented it first. Therefore, if they invented it, they have to file a patent to avoid getting screwed, where otherwise, they might well have decided that it wasn't worth patenting. The result is that the number of patent filings will almost inevitably explode. You think the patent office is overloaded now, wait 'til you see it after first-to-file goes into effect.
It is no longer possible to create any sort of awe for consumers because the patents they are forced to file end up disclosing what's coming years in advance.
And in spite of all of that, the resulting patents will still last four or five times as long as they should in a fast-moving field like computer software.
In short, these reforms are a freaking train wreck that just shifts the problem around a little without addressing any of the real problems, such as patent duration, insufficient technical skill of the examiners (and thus, inability to evaluate what is obvious to an average practitioner), insufficiently narrow restrictions on obviousness, the outrageously high patent application rate, the low average patent quality (leading to the need to review a patent many, many times), the grossly underfunded nature of the patent office itself, and the fact that software is not really invention, but rather art, and is already protected adequately by copyright without the need for patents in the first place.
Agreed. I would also note that this sort of methodology is probably most useful for lower-level math. I get the impression that most folks who have trouble in the higher levels actually had problems at the lower levels, but managed to skate by without correcting those problems.
By the time you get to higher levels of math, you're largely past the busywork stage anyway. There's nothing quite so mind-numbing as spending an entire year on multiplication or an entire year on fractions. By contrast, the homework we had in higher level math was smaller in quantity, and generally more useful. It wasn't just solving the exact same kind of problem a million times with different numbers; it built upon previous skills in a rapidly escalating fashion.
Thus, at least in my mind, it's those first few years that need the most improvement anyway. And maybe in the time the students don't spend doing unnecessarily inefficient drill and practice, they might actually get to do something more interesting.
Requiring you to show your work for a carefully chosen sampling of problems results in the same benefit as requiring it for every problem, but only the latter results in a repetitive strain injury. Just saying.:-)
Why would Disney.xxx be against the law? No child is accidentally going to go to Disney.xxx when they think they're going to Disney.com. They're going to have a little link on their bookmark bar to Disney.com. They would have to actually try if they wanted to get to Disney.xxx. And further, there's no possibility that a porn site would ever get confused with Disney, the children's programming company. No confusion, no trademark infringement. About the only thing that might make it dubious is the "famous brand" bit in U.S. trademark law. However, even then, it could easily be a descriptive use of the mark (e.g. NudeDisneyStarlets.xxx), which is pretty close to airtight.
Besides, I think having a Disney.xxx would arguably be a good thing. Then there would be a single company that they could sue every time some Disney starlet goes bad and makes a sex tape, sends nude pictures of herself to her now-ex boyfriend, or flashes a tour bus while coked up and drunk instead of having that content spread across dozens of individual pornography sites....
Or not. Either way, I question that trademarks are as strong as you think they are.
There's also the cost of the laptops, if you pay for laptops for an entire class you're looking at a minimum of probably $10k before the cost of support. That's per classroom assuming 30 students per classroom. With that sort of money you could hire a full time tutor for every three classes.
Computers don't get replaced every year, but tutors do have to be paid again every year. Assuming a 30:1 student to teacher ratio (which is horrible, but pretty common), and assuming a $300 netbook, and assuming an average replacement interval of 4 years, buying laptops for the entire class costs about $2,250 per year. You're saying that you can hire a full-time tutor for 7 grand?
I'm deliberately ignoring the people who are poor simply because they are lazy and want to freeload off of others (those being the poor people of whom you speak). They aren't the cause of the poverty problem. In the absence of welfare programs, those folks will find some other way to hustle people out of their money without doing work. Thus, they'll never really be "poor" in any useful sense of the word, and it's not really fair to lump them in with people who are legitimately poor through no fault of their own.
By contrast, the vast majority of poor people are poor for one of two reasons: lack of money management skills (credit card overspending being the most common example of this), or loss of a job (and often, both).
Money management skills can be learned, but ultimately, unless they are very young, they still will need a chunk of change to get them back on their feet after learning it, which means that for them, throwing money at the problem is a requirement.
Jobs can only be created by introducing money into the economy. Thus, for those folks, throwing money at the problem is also a requirement.
So as I said, poverty can basically be solved only by throwing money at the problem. It must be thrown carefully, sensibly, and with appropriate strings attached, but it must be thrown or else no progress can possibly be made.
Because they're expensive and divert money that could be spent on things that we know increase test scores.
It's that sort of thinking that got us where we are today. Education isn't about test scores. Test scores are a means of evaluating progress, but if your only goal in education is to improve test scores, you could just give the students the answer key. You haven't taught them anything, but they scored better on the test.
Things like tutoring at risk students and evaluating curriculum to find materials that best assist the students in learning.
Tutoring is expensive, and identifying at-risk students is hard. Is the student's low test scores because he or she doesn't get it, or because he or she is bored out of his or her mind, having learned this stuff three years ago?
This is one area in which a well-designed computer-based practice system could be very beneficial, as it could provide the sort of statistical insight into a child's performance that could help distinguish between those two cases. Further, it could provide harder problems for the bored students so that they won't be so bored, and could provide access to other sources of information (encyclopedias, books, the Internet) for students to use after they complete their practice (whose duration could depend on how much work they actually need), thus providing more opportunities for learning instead of leaving the student sitting there daydreaming for the rest of the hour.
Speaking of which, the best way to tutor those at-risk students might just be a laptop. When a student starts having trouble, you could have a pool of teachers, TAs, whatever, on call to help students when they are struggling with certain problems. This could even provide a means of helping them get past a block while doing homework outside of school, assuming the student's computer tells the teacher that the student needs to actually continue practicing outside of school.
U.S. public education is in a state where a mid-19th century children's book is now considered 9-12th grade reading material.
I think that's being a little disingenuous. Alice in Wonderland is, indeed, something of a children's book, but it uses punctuation and grammatical structures in a way that can be confusing to modern readers.
More than that, however, it is a metaphorically complex series of stories with much deeper secondary meaning than the surface meaning would suggest. In short, it is intended both as a children's book and as a book for adults to enjoy at a deeper level when reading it to their children. It is this aspect of the story that a high school English class would focus on.
And there are puns that depend on knowledge of languages (French, Latin) that most schoolchildren do not know today, in large part due to the diminishing of ecclesiastical Latin and the transition from French to English as the predominant language for international communication. This is not a dumbing down of the school system, but rather the result of a cultural shift in language usage.
... but the busywork that schools require in order to receive top marks is astounding. That busywork, typically, is to force people to learn what they don't want to learn.
The bigger problem is that the busywork doesn't stop once you have learned it. I got good grades through school, but only because my parents made me actually do the work. I don't think I got much at all out of most of the homework I did during K-12, with the exception of higher-level math in 8th-12th, French class, high school English (writing), and some of the high school science classes.
It was pure tedium. Half the time, I'd make simple math mistakes (get all the multiplication right, and screw up the simple addition at the end, or misread a minus as a plus or vice versa) because I was so bored out of my mind that I was concentrating on anything and everything but what I was doing. Increasing the amount of practice just made me more bored and more likely to make sloppy, basic mistakes. And there is absolutely no pedagogical technique more annoying then forcing students to "show their work" when they otherwise could have done the entire problem in their heads. Grr. I got more answers wrong over the years because of the long-form pedantry than I can count.
Busywork, by definition, is not useful. If it really is busywork, its purpose is to keep people busy. The worst part of it was the resentment it caused. The people who didn't care about grades were out playing and having fun while we were stuck inside because they gave us more homework than the other classes. The folks who didn't need the homework got more, while the people who needed the practice got less because it was assumed that they wouldn't bother to do it anyway. And this is why I've said for at least a decade that homework is completely and utterly useless in its current form, and should be abolished.
I failed AP history in high school, because I didn't want to sit there memorizing paragraphs of useless information.
Agreed. And this is what happens when you have AP classes whose primary goal is to teach to a test. Instead of making history come alive, it becomes rote memorization of specific details that you'll need to be able to regurgitate when it comes test time.
It isn't important to know history; it is important to understand history—to know the lessons that it teaches us so that we don't make the same mistakes twice. Does anybody need to know the exact date when the Civil War ended? No. Heck, unless you're tying it to the social issues of the time period, it's not even that important to know what century it occurred in. It suffices to know that it was some time between the American Revolution and the first World War. What is important is how it changed our country, what the issues were, what people at the time claimed the issues were, and so on. If all you know are names and dates, then you've completely missed the boat.
Depends on how they are used. IMHO, in any subject, if computers in the classroom aren't increasing grades, then the software they are using does not actually teach the skills that the students are supposed to be learning. That's not the fault of the computers. It's the fault of the people who programmed them and/or chose the software.
Consider math education for a moment. Historically, you wrote an answer down on a piece of paper. The next day, you turned in this homework, and the teacher marked several of them wrong. Then, the teacher either explained the problems or had the students explain them on the board. The problem with this scheme is that it provides a delayed response and it doesn't provide individual attention. And if the student still doesn't understand after hearing the explanation, then it is awkward for the student to ask for more help.
By contrast, a well-written computer program that quizzes you on math problems and immediately helps you figure out what you did wrong should result in a noticeable increase in math performance because the students are not reinforcing mistakes. Also, because it is anonymous, students can make mistakes without fear of being criticized by their peers, which makes them more likely to ask for more help when they don't understand something.
Further, if designed correctly, software should be able to give the teacher valuable information not just about who is having trouble, but also about who knows the material already and shouldn't be subjected to the mindless practice any further. This is often hard to do with tests because kids assume A. that they should be able to answer every question on the test, and B. that their grade depends on doing so. With a computer practice program, you can present it as a challenge problem initially, and if the kid gets it right, it can skip a lot of the intermediate practice and jump directly to harder problems. Similarly, if the kid gets lots of problems wrong, it can back off a bit and give some simpler problems to reinforce the concepts and to reduce the trauma caused by getting every problem wrong.
If your education software is not doing these things, maybe it's time to hire programmers who actually understand education.
Correct. Some problems can be solved by throwing money at them.
Care to name one?
I'll go one step further. Some problems can be solved only by throwing money at them. Poverty, for example. There is provably no other way to solve poverty. Indeed, it is tautologically so....
Only before they all have boyfriends. Two or three weeks into the school year, it's game over. The problem with that is that the natural time when most guys start seriously looking for girls is in the spring.
Yeah, but remember that even five or ten percent female enrollment still means there's an order of magnitude more guys looking for girls than there are girls to satisfy the demand. Wake me up when the numbers are 50% or higher. Until then, I'm in complete agreement with the GP's advice.
Other good second majors are music, art, dance, drama, theater, communications, English, and sociology (particularly if they have a women's studies or social services major).
Out of those, the ones that will help you most in terms of being able to get a job are probably communications and English because you'll now be qualified for any number of writing positions on the fringes. Folks hiring engineering technical writers (as opposed to end user documentation writers) are always struggling to find good candidates who are willing to take the jobs, so it's an easy way into a company that you want to work for. It's always easier to change to an engineering job later than it is to get a job from the outside.
That said, there are mechanical engineering jobs in those other areas. Somebody has to design new theatrical lighting, oversee the construction of riggings, mathematically model musical instruments to find ways to improve intonation, etc. The variety is somewhat more limited, however.
We do however know of several ICANN registrars that are run by criminal gangs.
Ultimately, it doesn't matter. Bugs notwithstanding, DNSSEC is still provably no less secure than CA-based certs because if you can compromise DNSSEC, you can also change the contact info on a domain and get any CA to give you a cert for the domain. Therefore, even if every CA were above board, you still cannot trust the CAs (even the best CAs) to protect you from someone compromising the domain itself.
Therefore, your domain, by definition, cannot be more secure than your domain name registrar, no matter what the CAs do. No amount of special extended validation certs or any such silliness will help that because the user statistically won't notice when the cert stops being an EV cert (and half the users won't notice even if the cert becomes self-signed...). So either you trust that your registrar won't let go of your domain to some shady registrar or you don't, and if you don't, then it's game over, CA or not. Therefore, they provide no additional security; they're like an appendix or some other vestigial organ in that (almost by definition) they can only make security worse, not better.
"If you think it's nice that you can remove the DigiNotar CA, imagine a world where you couldn't, and they knew you couldn't. That's DNSSEC." -- Moxie Marlinspike
That's a fundamental mischaracterization of DNSSEC. You can't realistically remove individual DNS registrars now, but they all feed into registries, and you generally either trust those registries or you don't. If you don't, then you don't go to those TLDs. More to the point, this argument incorrectly tries to model the security of all websites at the same time, whereas the user only cares about the security of a single website—the one he or she is trying to access.
With DNSSEC, you as the domain owner are in control. No one can take control over your domain in one place without fully taking control over your domain worldwide. You therefore choose your registrar based on having good security. As long as the registrars do not screw up and accidentally turn over control of a domain to someone else, you are safe. However, you are provably no less safe than you are now even if they do screw up in that way; most domain certificate issuance is now validated based solely on whether you have control over the domain name. Thus, if you take over the account for the domain name, you can get a cert from any major CA. Therefore, this attack vector is unaffected by DNSSEC.
What DNSSEC provides is a reduction in the attack surface. With DNSSEC, the trust that people place in a domain is solely trust in the owner of that domain and in the services (registrars) that the owner of that domain trusts. By contrast, with the current system, anyone can hijack a domain on a local network by forging DNS replies. If they can trick any registrar into issuing a certificate, they can then masquerade as that domain. Thus, because the certificates are not tied to the domain name system, by trusting a domain under the current system, you are trusting not only the domain owner and the providers that the domain owner trusts, but every other CA out there. So instead of someone having to trick a single registrar to compromise a domain, they could trick any of dozens of CAs. It only takes one.
Worse, with many (possibly all) browsers, the trust model is completely broken. If you trust a certificate, you trust a certificate. If that certificate has signing authority, you now trust every certificate that it signs. This means that all a website needs to do is trick you into accepting a self-signed certificate for some innocuous site, and from that point on, it can use that cert to sign forged certs for any other site. So in order to trust any single website, you not only have to trust every CA that your browser supports, but also every self-signed cert that you have ever accepted.
With DNSSEC, you need only trust the server, its registrar, and the relevant root registries. And even in the worst case, if a registrar started signing fake DNS entries, you are still better off than before because DNS signatures are only valid for a few minutes instead of a few years like SSL certs, and odds are such a problem would eventually be noticed, the registrar would fix the security hole that allowed this, and a few minutes later, any bogus records would cease to validate.
Thus, moving to DNSSEC dramatically narrows the amount of trust you are giving out when you access a domain name. This is inarguably a good thing according to any reasonable security analysis.
(Besides a few hardcore geeks, (people (hate (shit that (looks) like ((this))))))
I'm reminded of an old joke. In the former Soviet Union, an operative was talking to his boss. The boss asked the operative if they were able to learn anything from the intercepted transmission of U.S. missile control software. The operative informed him that they had only managed to capture the last two pages, and although they didn't know anything about the code, they knew what language it was written in. The boss asked him how he knew what language it was written in, whereupon the operative told him it was written in either LISP or Scheme, and then showed him the paper, which contained an entire page of:
I'm trying to think of a single instance in the history of computing where quality and popularity have been correlated.
On the contrary, it is almost invariably correlated, but only as a threshold value. Below a certain quality level, nothing will be popular. Above that quality level, things have varying degrees of popularity depending primarily on other factors.
Thus, it is not true that the lack of popularity implies lack of quality, but the converse is true.
I'm less free because I'm unable to become a slave?
False dichotomy.
Only if it doesn't provide any way for a user to sign code, or provide some other method to run unsigned code like an unsigned-only sandbox (and then only GPL v3, but anyway).
Both of those are a pretty bad idea. As soon as you allow your average user to run unsigned or self-signed code, you've created a giant social engineering hole, and worse, one that can probably be exploited programmatically with relative ease. (Here, run this program on your Windows box. Congrats. Not only is your WIndows box 0wn3d, but so is your cell phone. All your calls are belong to l33t haxxors.)
Frankly, I think the balance that iOS strikes is a rather good one. In order to develop code, you have to register with the manufacturer. Granted, I'd love to see that be gratis, but I'd still gladly choose that over an unsecured platform.
Their only option for doing so is to get rid of the hardware. Which is also their option for gaining back the "freedom" to run GPL software on their device.
For now, the users have that choice going in. It's not a secret. The bigger problem with refusing to let your software run on such restricted platforms is this: because free software won't ever be made available on these devices, in another generation, the users won't even know what they are missing. They won't ever encounter a piece of software that they could potentially fix, and thus they won't realize that they are choosing security over the freedom to code.
And *that* is how the Free Software movement ultimately will lose everything they stand for by so doggedly defending their users' rights in what amount to relatively minor edge cases.
False. The GPLv3 requires that if a platform enforces mandatory code signing, the user must be given a (the?) key used for signing such that they can rebuild, sign, and install altered versions of the libraries in question.
I'm not talking about software bundled on the system. I'm talking about third-party developers writing apps for the system.
Then provide the end-user with a means of signing the code so that they can replace the GPL'd application, and there shouldn't be an issue.
You're obviously fundamentally misunderstanding what I'm talking about here. In most cases, the end user can obtain a signing identity. These usually cost money because it is a nonzero effort to maintain the infrastructure. They also usually involve at least some cursory check to verify the person's identity. Therefore, it is dubious whether it meet the "no additional restrictions" criteria for GPLv2 compatibility, much less v3.
This is very much as designed, as the alternative would significantly decrease security. If any arbitrary random person could say "Hey, I own the device with serial number [blah] (somebody else's serial number). Give me the key," then anybody could write and sign arbitrary attack code for any other person's device just by getting a single piece of information that could potentially be obtained or computed in any number of ways, all without any real way of tracing it back to the attacker.
You as a developer of a GPLed app cannot "provide the end user with a means of signing the code" because A. you are not the manufacturer of the device, and therefore cannot sign a certificate for that user, and B. you cannot safely give your own signing certificate to arbitrary people, and C. even if you could, for obvious security reasons, those signing certificates are limited to a small number of devices to minimize the damage if a developer goes rogue or if a developer's key is compromised.
There's a third choice: display a warning the first time, then permanently accept that cert for that site like ssh does. Then, allow one cert to sign its successor for a couple of years after the cert's expiration (or drop expiration dates entirely, as they don't seem to do much good other than making CAs more profitable) and make the new cert inherit the "always trust for this site" policy from its predecessor.
With that one change, a self-signed cert would provide nearly the same benefit as a real cert, minus the initial trust on first connection. And even that trust is minimal, given that taking over a domain's admin email accounts (even temporarily) or compromising a CA is enough to get certs. And even in the best case, you're basically going on word-of-mouth trust as to whether you trust the actual owners of the site to be a legitimate business.
In some ways, the ssh style actually provides more security than the current trust model because an attacker can't get a new key from an arbitrary (compromised or crooked) CA.
Safari already provides some of this if you know to check the checkbox ("always trust this cert for this site", emphasis mine). Other browsers may do this as well; I haven't tried it. However, to my knowledge, nobody provides trust chaining with expired self-signed certs, nor automatic inheritance of the "always trust for this site" policy, which turns out to be a critical part of the story after the first cert expires.
I think the original figure must have been missing a zero. 25 GB per season is less than 480i DVD bitrate (that's only about three dual-layer DVDs, whereas an hour-long TV series has about five or six dual-layer discs per season.
I only have one TV show on Blu-Ray, so I don't have a lot of data to go on, but... Serenity ran for only 14 episodes (basically a half season) and is spread across three dual-layer Blu-Ray discs, for a total of 150 GB. A full season of an hour-long TV show should be on the order of 250-300 GB unless you are recompressing it at a much lower quality setting.
By that same standard, doubling the cost of gasoline in the U.S. overnight can't possibly cause our economy to collapse because Europe has had such high gas prices all along.
Also, European companies don't seem to have nearly the inclination to screw each other that U.S. companies are so well known for. Most European countries (with the exception of Germany) file half as many patents per capita or less when compared with the U.S. We're patent-crazy on this side of the pond.
You're making the same two mistakes that lots of people make when talking about inventions in a patent context.
First, an inventor is rarely working as an individual. Most inventors these days are working for a company. That company is building a product. The company as a collective comes up with a hundred cool inventions that will make their product better.
Second, an invention is not a complete product. Each invention can be something as small as a better hinge design.
In first-to-invent: The vast majority of those are not worth patenting because they aren't sufficient to stop your competitors from competing with you. Thus, the company files patents only on the five or six that they think would give the greatest strategic advantage by actively preventing their competitors from competing with their product in the future.
In first-to-file: The vast majority of those inventions are worth patenting (or at least filing). In the absence of a patent, their competitors could patent any one of those hundred inventions and force a redesign of a product that's already in the pipeline, with a scheduled delivery date.
Thus, with first-to-file, the companies are likely to file protective patents on all 100 patents so that their competitors, if they happen to come up with the same idea, cannot kill some feature of their product before they are able to ship it. A few hundred dollars is nothing when compared with the need to avoid a delay that could cost millions of dollars in production delays.
Now, sure, a lot of those extra patent filings will be provisional filings, but only for inventions that the company expects to ship within a year. Most profitable companies have timelines that extend a lot farther out than that, however, so a sizable percentage of those will end up being full blown patent applications.
Because pharmaceutical companies don't give the doctors kickbacks for prescribing more over-the-counter vitamins, and hospitals don't make more profit by running fewer, cheaper tests.
Medical care in the U.S. became purely driven by profit motives a long time ago, which is why the U.S. has one of the worst health care systems of almost any industrialized nation (according to several key indicators), and yet has a higher overall cost of service than almost any industrialized nation. Remove the profit motive, and you'll bring things back to being about the patient instead of about the service. It's really the only way.
Write your congresspeople and tell them to fund the formation of a national network of independently operated, 501(c)(3)/501(e) non-profit hospitals and clinics.
The problem is that this solves one problem, but creates two bigger ones. So now, you've effectively shortened the duration of patents negligibly by pushing inventors to file them earlier. However:
And in spite of all of that, the resulting patents will still last four or five times as long as they should in a fast-moving field like computer software.
In short, these reforms are a freaking train wreck that just shifts the problem around a little without addressing any of the real problems, such as patent duration, insufficient technical skill of the examiners (and thus, inability to evaluate what is obvious to an average practitioner), insufficiently narrow restrictions on obviousness, the outrageously high patent application rate, the low average patent quality (leading to the need to review a patent many, many times), the grossly underfunded nature of the patent office itself, and the fact that software is not really invention, but rather art, and is already protected adequately by copyright without the need for patents in the first place.
Agreed. I would also note that this sort of methodology is probably most useful for lower-level math. I get the impression that most folks who have trouble in the higher levels actually had problems at the lower levels, but managed to skate by without correcting those problems.
By the time you get to higher levels of math, you're largely past the busywork stage anyway. There's nothing quite so mind-numbing as spending an entire year on multiplication or an entire year on fractions. By contrast, the homework we had in higher level math was smaller in quantity, and generally more useful. It wasn't just solving the exact same kind of problem a million times with different numbers; it built upon previous skills in a rapidly escalating fashion.
Thus, at least in my mind, it's those first few years that need the most improvement anyway. And maybe in the time the students don't spend doing unnecessarily inefficient drill and practice, they might actually get to do something more interesting.
Requiring you to show your work for a carefully chosen sampling of problems results in the same benefit as requiring it for every problem, but only the latter results in a repetitive strain injury. Just saying. :-)
Why would Disney.xxx be against the law? No child is accidentally going to go to Disney.xxx when they think they're going to Disney.com. They're going to have a little link on their bookmark bar to Disney.com. They would have to actually try if they wanted to get to Disney.xxx. And further, there's no possibility that a porn site would ever get confused with Disney, the children's programming company. No confusion, no trademark infringement. About the only thing that might make it dubious is the "famous brand" bit in U.S. trademark law. However, even then, it could easily be a descriptive use of the mark (e.g. NudeDisneyStarlets.xxx), which is pretty close to airtight.
Besides, I think having a Disney.xxx would arguably be a good thing. Then there would be a single company that they could sue every time some Disney starlet goes bad and makes a sex tape, sends nude pictures of herself to her now-ex boyfriend, or flashes a tour bus while coked up and drunk instead of having that content spread across dozens of individual pornography sites....
Or not. Either way, I question that trademarks are as strong as you think they are.
Computers don't get replaced every year, but tutors do have to be paid again every year. Assuming a 30:1 student to teacher ratio (which is horrible, but pretty common), and assuming a $300 netbook, and assuming an average replacement interval of 4 years, buying laptops for the entire class costs about $2,250 per year. You're saying that you can hire a full-time tutor for 7 grand?
I'm deliberately ignoring the people who are poor simply because they are lazy and want to freeload off of others (those being the poor people of whom you speak). They aren't the cause of the poverty problem. In the absence of welfare programs, those folks will find some other way to hustle people out of their money without doing work. Thus, they'll never really be "poor" in any useful sense of the word, and it's not really fair to lump them in with people who are legitimately poor through no fault of their own.
By contrast, the vast majority of poor people are poor for one of two reasons: lack of money management skills (credit card overspending being the most common example of this), or loss of a job (and often, both).
Money management skills can be learned, but ultimately, unless they are very young, they still will need a chunk of change to get them back on their feet after learning it, which means that for them, throwing money at the problem is a requirement.
Jobs can only be created by introducing money into the economy. Thus, for those folks, throwing money at the problem is also a requirement.
So as I said, poverty can basically be solved only by throwing money at the problem. It must be thrown carefully, sensibly, and with appropriate strings attached, but it must be thrown or else no progress can possibly be made.
It's that sort of thinking that got us where we are today. Education isn't about test scores. Test scores are a means of evaluating progress, but if your only goal in education is to improve test scores, you could just give the students the answer key. You haven't taught them anything, but they scored better on the test.
Tutoring is expensive, and identifying at-risk students is hard. Is the student's low test scores because he or she doesn't get it, or because he or she is bored out of his or her mind, having learned this stuff three years ago?
This is one area in which a well-designed computer-based practice system could be very beneficial, as it could provide the sort of statistical insight into a child's performance that could help distinguish between those two cases. Further, it could provide harder problems for the bored students so that they won't be so bored, and could provide access to other sources of information (encyclopedias, books, the Internet) for students to use after they complete their practice (whose duration could depend on how much work they actually need), thus providing more opportunities for learning instead of leaving the student sitting there daydreaming for the rest of the hour.
Speaking of which, the best way to tutor those at-risk students might just be a laptop. When a student starts having trouble, you could have a pool of teachers, TAs, whatever, on call to help students when they are struggling with certain problems. This could even provide a means of helping them get past a block while doing homework outside of school, assuming the student's computer tells the teacher that the student needs to actually continue practicing outside of school.
I think that's being a little disingenuous. Alice in Wonderland is, indeed, something of a children's book, but it uses punctuation and grammatical structures in a way that can be confusing to modern readers.
More than that, however, it is a metaphorically complex series of stories with much deeper secondary meaning than the surface meaning would suggest. In short, it is intended both as a children's book and as a book for adults to enjoy at a deeper level when reading it to their children. It is this aspect of the story that a high school English class would focus on.
And there are puns that depend on knowledge of languages (French, Latin) that most schoolchildren do not know today, in large part due to the diminishing of ecclesiastical Latin and the transition from French to English as the predominant language for international communication. This is not a dumbing down of the school system, but rather the result of a cultural shift in language usage.
And so on.
The bigger problem is that the busywork doesn't stop once you have learned it. I got good grades through school, but only because my parents made me actually do the work. I don't think I got much at all out of most of the homework I did during K-12, with the exception of higher-level math in 8th-12th, French class, high school English (writing), and some of the high school science classes.
It was pure tedium. Half the time, I'd make simple math mistakes (get all the multiplication right, and screw up the simple addition at the end, or misread a minus as a plus or vice versa) because I was so bored out of my mind that I was concentrating on anything and everything but what I was doing. Increasing the amount of practice just made me more bored and more likely to make sloppy, basic mistakes. And there is absolutely no pedagogical technique more annoying then forcing students to "show their work" when they otherwise could have done the entire problem in their heads. Grr. I got more answers wrong over the years because of the long-form pedantry than I can count.
Busywork, by definition, is not useful. If it really is busywork, its purpose is to keep people busy. The worst part of it was the resentment it caused. The people who didn't care about grades were out playing and having fun while we were stuck inside because they gave us more homework than the other classes. The folks who didn't need the homework got more, while the people who needed the practice got less because it was assumed that they wouldn't bother to do it anyway. And this is why I've said for at least a decade that homework is completely and utterly useless in its current form, and should be abolished.
Agreed. And this is what happens when you have AP classes whose primary goal is to teach to a test. Instead of making history come alive, it becomes rote memorization of specific details that you'll need to be able to regurgitate when it comes test time.
It isn't important to know history; it is important to understand history—to know the lessons that it teaches us so that we don't make the same mistakes twice. Does anybody need to know the exact date when the Civil War ended? No. Heck, unless you're tying it to the social issues of the time period, it's not even that important to know what century it occurred in. It suffices to know that it was some time between the American Revolution and the first World War. What is important is how it changed our country, what the issues were, what people at the time claimed the issues were, and so on. If all you know are names and dates, then you've completely missed the boat.
Depends on how they are used. IMHO, in any subject, if computers in the classroom aren't increasing grades, then the software they are using does not actually teach the skills that the students are supposed to be learning. That's not the fault of the computers. It's the fault of the people who programmed them and/or chose the software.
Consider math education for a moment. Historically, you wrote an answer down on a piece of paper. The next day, you turned in this homework, and the teacher marked several of them wrong. Then, the teacher either explained the problems or had the students explain them on the board. The problem with this scheme is that it provides a delayed response and it doesn't provide individual attention. And if the student still doesn't understand after hearing the explanation, then it is awkward for the student to ask for more help.
By contrast, a well-written computer program that quizzes you on math problems and immediately helps you figure out what you did wrong should result in a noticeable increase in math performance because the students are not reinforcing mistakes. Also, because it is anonymous, students can make mistakes without fear of being criticized by their peers, which makes them more likely to ask for more help when they don't understand something.
Further, if designed correctly, software should be able to give the teacher valuable information not just about who is having trouble, but also about who knows the material already and shouldn't be subjected to the mindless practice any further. This is often hard to do with tests because kids assume A. that they should be able to answer every question on the test, and B. that their grade depends on doing so. With a computer practice program, you can present it as a challenge problem initially, and if the kid gets it right, it can skip a lot of the intermediate practice and jump directly to harder problems. Similarly, if the kid gets lots of problems wrong, it can back off a bit and give some simpler problems to reinforce the concepts and to reduce the trauma caused by getting every problem wrong.
If your education software is not doing these things, maybe it's time to hire programmers who actually understand education.
I'll go one step further. Some problems can be solved only by throwing money at them. Poverty, for example. There is provably no other way to solve poverty. Indeed, it is tautologically so....
Only before they all have boyfriends. Two or three weeks into the school year, it's game over. The problem with that is that the natural time when most guys start seriously looking for girls is in the spring.
Yeah, but remember that even five or ten percent female enrollment still means there's an order of magnitude more guys looking for girls than there are girls to satisfy the demand. Wake me up when the numbers are 50% or higher. Until then, I'm in complete agreement with the GP's advice.
Other good second majors are music, art, dance, drama, theater, communications, English, and sociology (particularly if they have a women's studies or social services major).
Out of those, the ones that will help you most in terms of being able to get a job are probably communications and English because you'll now be qualified for any number of writing positions on the fringes. Folks hiring engineering technical writers (as opposed to end user documentation writers) are always struggling to find good candidates who are willing to take the jobs, so it's an easy way into a company that you want to work for. It's always easier to change to an engineering job later than it is to get a job from the outside.
That said, there are mechanical engineering jobs in those other areas. Somebody has to design new theatrical lighting, oversee the construction of riggings, mathematically model musical instruments to find ways to improve intonation, etc. The variety is somewhat more limited, however.
Or, more likely, will have a cushy job as a lobbyist for the company in question.
Ultimately, it doesn't matter. Bugs notwithstanding, DNSSEC is still provably no less secure than CA-based certs because if you can compromise DNSSEC, you can also change the contact info on a domain and get any CA to give you a cert for the domain. Therefore, even if every CA were above board, you still cannot trust the CAs (even the best CAs) to protect you from someone compromising the domain itself.
Therefore, your domain, by definition, cannot be more secure than your domain name registrar, no matter what the CAs do. No amount of special extended validation certs or any such silliness will help that because the user statistically won't notice when the cert stops being an EV cert (and half the users won't notice even if the cert becomes self-signed...). So either you trust that your registrar won't let go of your domain to some shady registrar or you don't, and if you don't, then it's game over, CA or not. Therefore, they provide no additional security; they're like an appendix or some other vestigial organ in that (almost by definition) they can only make security worse, not better.
That's a fundamental mischaracterization of DNSSEC. You can't realistically remove individual DNS registrars now, but they all feed into registries, and you generally either trust those registries or you don't. If you don't, then you don't go to those TLDs. More to the point, this argument incorrectly tries to model the security of all websites at the same time, whereas the user only cares about the security of a single website—the one he or she is trying to access.
With DNSSEC, you as the domain owner are in control. No one can take control over your domain in one place without fully taking control over your domain worldwide. You therefore choose your registrar based on having good security. As long as the registrars do not screw up and accidentally turn over control of a domain to someone else, you are safe. However, you are provably no less safe than you are now even if they do screw up in that way; most domain certificate issuance is now validated based solely on whether you have control over the domain name. Thus, if you take over the account for the domain name, you can get a cert from any major CA. Therefore, this attack vector is unaffected by DNSSEC.
What DNSSEC provides is a reduction in the attack surface. With DNSSEC, the trust that people place in a domain is solely trust in the owner of that domain and in the services (registrars) that the owner of that domain trusts. By contrast, with the current system, anyone can hijack a domain on a local network by forging DNS replies. If they can trick any registrar into issuing a certificate, they can then masquerade as that domain. Thus, because the certificates are not tied to the domain name system, by trusting a domain under the current system, you are trusting not only the domain owner and the providers that the domain owner trusts, but every other CA out there. So instead of someone having to trick a single registrar to compromise a domain, they could trick any of dozens of CAs. It only takes one.
Worse, with many (possibly all) browsers, the trust model is completely broken. If you trust a certificate, you trust a certificate. If that certificate has signing authority, you now trust every certificate that it signs. This means that all a website needs to do is trick you into accepting a self-signed certificate for some innocuous site, and from that point on, it can use that cert to sign forged certs for any other site. So in order to trust any single website, you not only have to trust every CA that your browser supports, but also every self-signed cert that you have ever accepted.
With DNSSEC, you need only trust the server, its registrar, and the relevant root registries. And even in the worst case, if a registrar started signing fake DNS entries, you are still better off than before because DNS signatures are only valid for a few minutes instead of a few years like SSL certs, and odds are such a problem would eventually be noticed, the registrar would fix the security hole that allowed this, and a few minutes later, any bogus records would cease to validate.
Thus, moving to DNSSEC dramatically narrows the amount of trust you are giving out when you access a domain name. This is inarguably a good thing according to any reasonable security analysis.
I'm reminded of an old joke. In the former Soviet Union, an operative was talking to his boss. The boss asked the operative if they were able to learn anything from the intercepted transmission of U.S. missile control software. The operative informed him that they had only managed to capture the last two pages, and although they didn't know anything about the code, they knew what language it was written in. The boss asked him how he knew what language it was written in, whereupon the operative told him it was written in either LISP or Scheme, and then showed him the paper, which contained an entire page of:
)))))))))))))))))
On the contrary, it is almost invariably correlated, but only as a threshold value. Below a certain quality level, nothing will be popular. Above that quality level, things have varying degrees of popularity depending primarily on other factors.
Thus, it is not true that the lack of popularity implies lack of quality, but the converse is true.
False dichotomy.
Both of those are a pretty bad idea. As soon as you allow your average user to run unsigned or self-signed code, you've created a giant social engineering hole, and worse, one that can probably be exploited programmatically with relative ease. (Here, run this program on your Windows box. Congrats. Not only is your WIndows box 0wn3d, but so is your cell phone. All your calls are belong to l33t haxxors.)
Frankly, I think the balance that iOS strikes is a rather good one. In order to develop code, you have to register with the manufacturer. Granted, I'd love to see that be gratis, but I'd still gladly choose that over an unsecured platform.
For now, the users have that choice going in. It's not a secret. The bigger problem with refusing to let your software run on such restricted platforms is this: because free software won't ever be made available on these devices, in another generation, the users won't even know what they are missing. They won't ever encounter a piece of software that they could potentially fix, and thus they won't realize that they are choosing security over the freedom to code.
And *that* is how the Free Software movement ultimately will lose everything they stand for by so doggedly defending their users' rights in what amount to relatively minor edge cases.
I'm not talking about software bundled on the system. I'm talking about third-party developers writing apps for the system.
You're obviously fundamentally misunderstanding what I'm talking about here. In most cases, the end user can obtain a signing identity. These usually cost money because it is a nonzero effort to maintain the infrastructure. They also usually involve at least some cursory check to verify the person's identity. Therefore, it is dubious whether it meet the "no additional restrictions" criteria for GPLv2 compatibility, much less v3.
This is very much as designed, as the alternative would significantly decrease security. If any arbitrary random person could say "Hey, I own the device with serial number [blah] (somebody else's serial number). Give me the key," then anybody could write and sign arbitrary attack code for any other person's device just by getting a single piece of information that could potentially be obtained or computed in any number of ways, all without any real way of tracing it back to the attacker.
You as a developer of a GPLed app cannot "provide the end user with a means of signing the code" because A. you are not the manufacturer of the device, and therefore cannot sign a certificate for that user, and B. you cannot safely give your own signing certificate to arbitrary people, and C. even if you could, for obvious security reasons, those signing certificates are limited to a small number of devices to minimize the damage if a developer goes rogue or if a developer's key is compromised.