Yeah, except for the part where nobody runs a mailserver off of their home internet connection
I do, on the months when Comcast doesn't arbitrarily block inbound SMTP. Then on the months they do, I have to change my MX and tunnel from another IP.
RepDB's usually are only used to block your outgoing mail (which is more client than server), and you can work things so that you send directly (with opportunistic encryption) to anyone not using those reputation feeds, and bounce through your ISP for the people who's servers turn you down.
That is, on the months when your ISP doesn't arbitrarily block outgoing SMTP.
It's really friggin annoying that ISPs use these shotgun measures and can't just aid honeypot/dynamic repdb projects with nice short TTLs so that only the actual spammers and owned systems have to jump through hoops.
It sounds like a self-preservation process that has to rely on whatever data is accumulated in its database.
...or evolution just found it more efficient to let them go haywire instead of investing in the genes to quiesce them. The hypothesis put forward in TFA that it is the brain frantically thrashing around trying to survive is pure conjecture.
On the other hand, despite our "perception" of reflexes, will, and impulse, we may not actually "experience" anything until minutes or hours after the brain has time to digest it. Just because you feel like you thought and participated interactively does not mean you actually did -- all our actions could be some analogue of autonomous.
To wit some people surviving accidental/terrifying falls from heights often have no memory of the actual fall. Whether they "experienced" the fall and then just refuse to remember it because it is too traumatic, or whether they never experience it unless they remember it, is an open question,
Just another thing to ponder after you get bored with the "entire universe in an atom on my thumb" thing.
The argument against the subjective experience is dubious, over-reaching, and usually just a product of dogmatism. The argument against anything that a person can reconstruct and recall after a near-death experience is more tenable. That is to say, we certainly cannot assume that everything subjectively experienced during a near-death experience will be remembered, and we only hear about the stuff that can be remembered. To suppose that some of that which is remembered does not involve neurons implies that there is a mechanism by which information is entering the brain, and the proper scientific objection to such reports is the lack of any evidence as to the existence of such a mechanism. The improper response we get so often instead is conflating that argument with statements about subjective experience, which we cannot say anything about and have no evidence, either, that they are in any way related to the portion which is remembered/recounted.
Actually there is something new: in addition to trolls, shills, and gadflies, some of the comments on the internet are placed there by people experimenting on internet comments.
the protection offered by encryption you know of (unless you have security clearances) provides about exactly the same protection as the paper envelope
This is pretty untrue. State agencies have no real control over the injection of cryptographical algorithms into the literature, or even if they do now, they have well missed the bus, since the technologies out there in the literature are very sufficient and these days there are so many copies of the literature floating around that it cannot be effectively censored or corrupted. Math is a lot like physics -- when you actually go back and look at when certain things were discovered, you are often astounded at how long ago that was.
What is true is that using cryptography correctly is hard. It takes a lot of knowlege of the technology to get it right. It's harder than most people have patience for and probably harder than a good chunk of people can even mentally handle. That leaves most consumer use of cryptography delegated to trust in software, protocols, and institutions just based on how trustworthy those agents "feel" to the user, divided by how desperately the user wants to get something done -- now.
Those agents are what state agencies can, and sometimes do, influence, and even in the absence of interference by the state, the intrinsic trustworthiness of those agents varies due to a wide variability in the effectiveness of their quality control. The latter is actually the more common problem. Why resort to interfering with the development of crypto software and applications thereof when much of it is developed incompetently in the first place? Just sit back and exploit the pre-existing holes.
It's actually rather rare, even these days, for a switched network to be properly configured to protect against MAC flooding attacks. Actually, it's probably more common in enterprise setups for the WiFi to be more secure than the wired, since WPA-Enterprise is getting pretty common.
Yep, whenever you change core IT people, you have them do a sloppy braindump if possible before they leave, and you clear the new guy from almost every task save updating the documentation and diagrams, with a few mundane tasks thrown in to get procedures down. This means you postpone your big projects if you have a staff change instead of expecting the new guy to shoulder that. Skillsets are not the same as in-situ knowlege.
This. At least give consistency some weight, even if you're going to override it. But then we live in a time when the entire user interface of your most mission critical app can change at whim via an unavoidable upgrade. So I'm not holding my breath.
I was expecting Impossible Girl to be some temporal projection of the deceased Dr Song/library-computer zeitgeist. Was almost convinced of that when ghost Dr. Song showed up. And then that crap. Very disappointing.
Yeah this is pretty much par for the course: BOINC runs on just about everything, but individual BOINC applications authors generally won't bother to implement any code for anything other than the top dominant mixes of arch/OS. So if you have yourself a nice giant cluster of old G4s running linux, good luck putting it to use for something other than a very obscure but easily-implemented mathematical constant hunt.
And companies would have to pay for their holdings, which would increase prices on their products. There's no solution to taxation that doesn't offer emple opportunities for the taxes to be trickled down to the poor, because rich people can afford lawyers and accountants. The point of shifting to a property tax is it that it is less onerous to the service economy, and likely to be less overall accounting overhead than tracking every single business transaction.
If we're going to change things that drastically, lets just tax property. The actual enumeration of a persons property could be privatized if it were done through a mandatory property insurance system, so we wouldn't have the government walking through our living room and counting sofas, and the taxpayer would get some benefit (insurance) out of the process.
Note that this effects a bunch of freelancers that are used to providing an untaxed service, and so have no idea how to go about collecting sales taxes and sending the proceeds to the government, since all they did was collect check, report it as SE income, and pay the social security tax on it on a personal income tax form.
They were doing this not for NSA reasons it's just what the tech industry does: find a protocol that is a bit inconvenient to set up, and instead of making it more convenient to set up, figure out an alternate scheme that's a little easier to set up, but for which they can charge a license fee for the feature, because it's new and shiny, and the sales force has been told to make sure all the PHBs know it is new and shiny.
Of course then the rimshot comes and they realize in their haste they've done something stupid, like subject multiple streams of lan-like traffic to the ravages of a single TCP flow control session during a period of time when the Internet is designed (badly) around per-connection fairness.
That would only be useful to forge certificates, and using such forged certificates would allow tracking of surveilance activities -- the provider would not see them in their own keyring so if they were seen in the wild and came to a privider's attention, their natural reaction would be to accuse the CA of having been compromised... because you have no way of knowing it's the NSA that's doing it.
Unless it totally sucks or is also hosting your SSL service, a CA neither needs nor asks for your private key, it just signs your public key.
I wonder what the NSA would do were they to make such a request and the company were to reply that the private key has been ensconsed in secure crypto hardware from which it cannot be downloaded and without which the web service would not function (or would have to change its keys.)
Other things to consider are whether, on rewriteable media, the media may contain shadows of deleted data that may be of historical interest, and even on write-once media, whether the software you are using to copy it is copying everything it can, if there might be, e.g. stenography in a redbook CD Q channel.
I expect such concerns would only be relevent to certain special cases.
A good portion of it was BS. What wasn't BS is that TFA, instead of citing comprehensive medical reviews, presents several individual resources which for all we know could have been horribly cherry-picked. This technique is often used to add credibility to unsupportable arguments. Books upon books have been written and widely sold that push premises that are either unverifiable or just plain wrong using this kind of "research." It's why, for example, Wikipedia discourages primary source references when a more critically minded secondary source is available. Fortunately nowadays people are starting to realize that if you google for "X causes cancer" there will be tons of results saying that it is so, and just because you could write a blog post summarizing what your single google search said, doesn't mean you should.
Also to GP is correct in calling out the tasteless, classless, and factually misleading way TFA, whatever its merits may be, tarnished itself at the end.
I'm all for increasing my regular intake of vitamin C, but I think I'll just go with orange juice.
...thereby also increasing your intake of dozens of other chemicals, some of which may also have deleterious effects if over-taken, and at lower levels than C.
AFAIK the only reason to back off your C dose is if you get a kidney stone, or if you don't have access to one of the more well tolerated formulations and as a result, get the runs or other gastro problems.
We won't make much progress on getting the dosages of vitamines right until there's an inexpensiveand practical way to run daily tests on ourselves, because what you eat during any given day usually varies so much that a constant dose every day is almost certainly wrong,
It takes less time to write an app that assumes it has a set of permissions, rather than an app that checks to see whether it has a certain set of permissions, and if not, does something sensible.
What really needs to happen is the App stores need to start allowing the customers to filter their searches on which permissions apps require.
So what, exactly, is so damn sensitive about a wifi password that this needs to be an option that Google should support? Are you that worried that Google will leach off of your bandwidth or something?
Single Sign On. It's what the PHBs and most of the users want, so it's what we give them. Your WiFi password is also your password for most other authenticated services.
This. The summary was sensationalized, probably to stoke just such a "discussion" as above. Which is too bad because the TFA provides plenty of fodder without embellisment.
While coping with stressful situations is a valuable skill to be teaching the workforce, I found it a bit ironic that one of the things the trainees were criticised for was not working to find the root causes of problems by cleaning up oil slicks instead of finding out how to prevent them, while apparently the management that sent these trainees into this program are content to teach their workers to deal with chaos instead of engineering it off the manufactoring floor.
Also as with any such program that may appeal with to the prejudices of management, this procedure should probably be evaluated against similar techniques in an objective and impartial fashion.
Slashdot Mirror
Yeah, except for the part where nobody runs a mailserver off of their home internet connection
I do, on the months when Comcast doesn't arbitrarily block inbound SMTP. Then on the months they do, I have to change my MX and tunnel from another IP.
RepDB's usually are only used to block your outgoing mail (which is more client than server), and you can work things so that you send directly (with opportunistic encryption) to anyone not using those reputation feeds, and bounce through your ISP for the people who's servers turn you down.
That is, on the months when your ISP doesn't arbitrarily block outgoing SMTP.
It's really friggin annoying that ISPs use these shotgun measures and can't just aid honeypot/dynamic repdb projects with nice short TTLs so that only the actual spammers and owned systems have to jump through hoops.
It sounds like a self-preservation process that has to rely on whatever data is accumulated in its database.
...or evolution just found it more efficient to let them go haywire instead of investing in the genes to quiesce them. The hypothesis put forward in TFA that it is the brain frantically thrashing around trying to survive is pure conjecture.
But I'm supposed to let some random person on the internet who comes up with a number between 1,000,000 and 10,000,000 per year influence me
Probably not. But that's beside the point, because OP never made such a claim. You've miscomprehended.
On the other hand, despite our "perception" of reflexes, will, and impulse, we may not actually "experience" anything until minutes or hours after the brain has time to digest it. Just because you feel like you thought and participated interactively does not mean you actually did -- all our actions could be some analogue of autonomous.
To wit some people surviving accidental/terrifying falls from heights often have no memory of the actual fall. Whether they "experienced" the fall and then just refuse to remember it because it is too traumatic, or whether they never experience it unless they remember it, is an open question,
Just another thing to ponder after you get bored with the "entire universe in an atom on my thumb" thing.
The argument against the subjective experience is dubious, over-reaching, and usually just a product of dogmatism. The argument against anything that a person can reconstruct and recall after a near-death experience is more tenable. That is to say, we certainly cannot assume that everything subjectively experienced during a near-death experience will be remembered, and we only hear about the stuff that can be remembered. To suppose that some of that which is remembered does not involve neurons implies that there is a mechanism by which information is entering the brain, and the proper scientific objection to such reports is the lack of any evidence as to the existence of such a mechanism. The improper response we get so often instead is conflating that argument with statements about subjective experience, which we cannot say anything about and have no evidence, either, that they are in any way related to the portion which is remembered/recounted.
You have to see the video to understand how putting your hands in cold water might be so much fun
Does it come with a catheter?
Actually there is something new: in addition to trolls, shills, and gadflies, some of the comments on the internet are placed there by people experimenting on internet comments.
the protection offered by encryption you know of (unless you have security clearances) provides about exactly the same protection as the paper envelope
This is pretty untrue. State agencies have no real control over the injection of cryptographical algorithms into the literature, or even if they do now, they have well missed the bus, since the technologies out there in the literature are very sufficient and these days there are so many copies of the literature floating around that it cannot be effectively censored or corrupted. Math is a lot like physics -- when you actually go back and look at when certain things were discovered, you are often astounded at how long ago that was.
What is true is that using cryptography correctly is hard. It takes a lot of knowlege of the technology to get it right. It's harder than most people have patience for and probably harder than a good chunk of people can even mentally handle. That leaves most consumer use of cryptography delegated to trust in software, protocols, and institutions just based on how trustworthy those agents "feel" to the user, divided by how desperately the user wants to get something done -- now.
Those agents are what state agencies can, and sometimes do, influence, and even in the absence of interference by the state, the intrinsic trustworthiness of those agents varies due to a wide variability in the effectiveness of their quality control. The latter is actually the more common problem. Why resort to interfering with the development of crypto software and applications thereof when much of it is developed incompetently in the first place? Just sit back and exploit the pre-existing holes.
It's actually rather rare, even these days, for a switched network to be properly configured to protect against MAC flooding attacks. Actually, it's probably more common in enterprise setups for the WiFi to be more secure than the wired, since WPA-Enterprise is getting pretty common.
Yep, whenever you change core IT people, you have them do a sloppy braindump if possible before they leave, and you clear the new guy from almost every task save updating the documentation and diagrams, with a few mundane tasks thrown in to get procedures down. This means you postpone your big projects if you have a staff change instead of expecting the new guy to shoulder that. Skillsets are not the same as in-situ knowlege.
This. At least give consistency some weight, even if you're going to override it. But then we live in a time when the entire user interface of your most mission critical app can change at whim via an unavoidable upgrade. So I'm not holding my breath.
I was expecting Impossible Girl to be some temporal projection of the deceased Dr Song/library-computer zeitgeist. Was almost convinced of that when ghost Dr. Song showed up. And then that crap. Very disappointing.
Yeah this is pretty much par for the course: BOINC runs on just about everything, but individual BOINC applications authors generally won't bother to implement any code for anything other than the top dominant mixes of arch/OS. So if you have yourself a nice giant cluster of old G4s running linux, good luck putting it to use for something other than a very obscure but easily-implemented mathematical constant hunt.
And companies would have to pay for their holdings, which would increase prices on their products. There's no solution to taxation that doesn't offer emple opportunities for the taxes to be trickled down to the poor, because rich people can afford lawyers and accountants. The point of shifting to a property tax is it that it is less onerous to the service economy, and likely to be less overall accounting overhead than tracking every single business transaction.
If we're going to change things that drastically, lets just tax property. The actual enumeration of a persons property could be privatized if it were done through a mandatory property insurance system, so we wouldn't have the government walking through our living room and counting sofas, and the taxpayer would get some benefit (insurance) out of the process.
Note that this effects a bunch of freelancers that are used to providing an untaxed service, and so have no idea how to go about collecting sales taxes and sending the proceeds to the government, since all they did was collect check, report it as SE income, and pay the social security tax on it on a personal income tax form.
They were doing this not for NSA reasons it's just what the tech industry does: find a protocol that is a bit inconvenient to set up, and instead of making it more convenient to set up, figure out an alternate scheme that's a little easier to set up, but for which they can charge a license fee for the feature, because it's new and shiny, and the sales force has been told to make sure all the PHBs know it is new and shiny.
Of course then the rimshot comes and they realize in their haste they've done something stupid, like subject multiple streams of lan-like traffic to the ravages of a single TCP flow control session during a period of time when the Internet is designed (badly) around per-connection fairness.
That would only be useful to forge certificates, and using such forged certificates would allow tracking of surveilance activities -- the provider would not see them in their own keyring so if they were seen in the wild and came to a privider's attention, their natural reaction would be to accuse the CA of having been compromised... because you have no way of knowing it's the NSA that's doing it.
Unless it totally sucks or is also hosting your SSL service, a CA neither needs nor asks for your private key, it just signs your public key.
I wonder what the NSA would do were they to make such a request and the company were to reply that the private key has been ensconsed in secure crypto hardware from which it cannot be downloaded and without which the web service would not function (or would have to change its keys.)
Other things to consider are whether, on rewriteable media, the media may contain shadows of deleted data that may be of historical interest, and even on write-once media, whether the software you are using to copy it is copying everything it can, if there might be, e.g. stenography in a redbook CD Q channel.
I expect such concerns would only be relevent to certain special cases.
Yeah, most of what you wrote is complete BS.
A good portion of it was BS. What wasn't BS is that TFA, instead of citing comprehensive medical reviews, presents several individual resources which for all we know could have been horribly cherry-picked. This technique is often used to add credibility to unsupportable arguments. Books upon books have been written and widely sold that push premises that are either unverifiable or just plain wrong using this kind of "research." It's why, for example, Wikipedia discourages primary source references when a more critically minded secondary source is available. Fortunately nowadays people are starting to realize that if you google for "X causes cancer" there will be tons of results saying that it is so, and just because you could write a blog post summarizing what your single google search said, doesn't mean you should.
Also to GP is correct in calling out the tasteless, classless, and factually misleading way TFA, whatever its merits may be, tarnished itself at the end.
I'm all for increasing my regular intake of vitamin C, but I think I'll just go with orange juice.
...thereby also increasing your intake of dozens of other chemicals, some of which may also have deleterious effects if over-taken, and at lower levels than C.
AFAIK the only reason to back off your C dose is if you get a kidney stone, or if you don't have access to one of the more well tolerated formulations and as a result, get the runs or other gastro problems.
We won't make much progress on getting the dosages of vitamines right until there's an inexpensiveand practical way to run daily tests on ourselves, because what you eat during any given day usually varies so much that a constant dose every day is almost certainly wrong,
If one pays attention to having a proper diet one can get all the vitamins needed naturally.
Many vitamin supplements are made from relatively "natural" ingredients, and there's nothing especially "natural" about much of a proper diet.
It takes less time to write an app that assumes it has a set of permissions, rather than an app that checks to see whether it has a certain set of permissions, and if not, does something sensible.
What really needs to happen is the App stores need to start allowing the customers to filter their searches on which permissions apps require.
So what, exactly, is so damn sensitive about a wifi password that this needs to be an option that Google should support? Are you that worried that Google will leach off of your bandwidth or something?
Single Sign On. It's what the PHBs and most of the users want, so it's what we give them. Your WiFi password is also your password for most other authenticated services.
This. The summary was sensationalized, probably to stoke just such a "discussion" as above. Which is too bad because the TFA provides plenty of fodder without embellisment.
While coping with stressful situations is a valuable skill to be teaching the workforce, I found it a bit ironic that one of the things the trainees were criticised for was not working to find the root causes of problems by cleaning up oil slicks instead of finding out how to prevent them, while apparently the management that sent these trainees into this program are content to teach their workers to deal with chaos instead of engineering it off the manufactoring floor.
Also as with any such program that may appeal with to the prejudices of management, this procedure should probably be evaluated against similar techniques in an objective and impartial fashion.