Well, I have to admit, the unanimous polling is probably overkill for web surfing, and overkill usually opens more holes. And it is all too easy to try to fix the social engineering vulnerabilities.
You know the websites you visit regularly by pattern recognition, and "trust systems" have to be able somehow to take advantage of what the user knows. Maybe it would be better to provide an alternate opinion function. Press a button and your surfing browser asks two other DNS servers, preferably separately managed, for a lookup of the name, and compares the IPs. Perhaps it also checks who owns the IPs, so that big sites can still load balance without using exotic tricks. (And that leaves us with Akamai as a potential trouble spot, but I would assume that Akamai and Apple (for instance) should be able to arrange so that only IPs owned by Apple respond to requests for Apple's servers.
Still only advisory, but meaningful to humans. I guess, if we're going that far, it would be reasonable to also query a public cert for the domain name at the same time. But our current certificate infrastructure is sorely lacking, both in administration and in fundamental structure.
We don't want to go to Verisign when checking a domain name certificate, we want to go to the domain registrar. (Note that I say "domain name certificate". That's not a certificate to shop by.)
Under normal operation, the current clot of certs in the browser tells you only that the cert you're looking at is trusted by someone in the clot. That's upside down. Checks done in the background put the user to sleep. You shouldn't care until you care, and when you care, that's when the check should be done, and that's when the entire trust chain should be presented, along with the dns and IP chain.
Where did this idea that the general purpose browser should be used for secure transactions come from? Hmm? (Okay, I'm poisoning the well here, but there is some bad sales engineering going on here.)
You don't send the bus driver to the bank for you.
With todays personal computer systems, it would be better to have the financial transactions done on completely separate hardware, really. I'm thinking of an electronic wallet, so to speak, that you plug into your ethernet hub. You set the sale up on your surfing browser, the shop gives you a ticket number and a url to log into with your electronic wallet, you plug the electronic wallet in, type in the url and the sales number, and the wallet does the certificate exchanges, etc. And queries you one last time to okay the transaction by hand, just so you can think again before you commit the money.
But I don't like the idea. Too hard to keep people from trying to combine that with the cell phone. (Already something like that in use here in Japan, vulnerable like a dog to fleas.) Also too easy for governments to try to pull it into the tax system.
Dedicated browser -- Sure, they use standard parts. They have a master at your office, and when you go in to set up your account, both you and the bank officer digitally sign a pair of certificates. Probably mix a scan of the physical signatures on the paperwork into one part of the digital signatures. The bank's hardware generates the keys (Just like it owns the credit card it gives you, it owns the key it gives you.) It installs those certificates and your key, encrypted, into the dedicated browser with the initial list of IP addresses for the servers. Then it burns the dedicated browser (probably a java app) into a CD.
You take the CD home after hearing a short lecture about it not being safe to use the browser on any machine you don't know is clean. That lecture is given at the same time as the short lecture about not letting others use your credit cards or your checks.
(That last step is where it all falls apart. I know. Well, that, and, as you say, the temptation that all financial institutions' market departments will have to add bells and whistles.)
Why should banks go through this kind of thing? Well, the proce
Check our own ISPs name servers, openDNS's name servers, and we need a third independent name server pool.
Check all three before moving accepting the IP, and if there is any disagreement, just don't go. Also, send an automated warning to all three DNS pools to re-seed their random number generators and clear the contested IP from their cache.
Of course, I'm talking about DNS pools as if they already exist. But they should.
Interactions that need to be secured should also use independent multiple polling before exchanging tokens. Financial institutions, for instance, should keep their own private supernetwork, such that the customer queries their local branch to start login, then queries two other bank-owned check servers, to make sure the branch IP is what the bank says it should be. This would require dedicated browsers, but that's really a given. It's time to quit giving popular browser M, I, or E our credit card numbers to play with. The convenience is not worth it.
There were a few who prepared, and many of those told the rest what they were doing, so, by 1998, most businesses had some place to go for answers.
I think that's the real reason y2k was relatively tame.
That's what's happening here. Most companies don't know where to start. The question is how many people are doing the pioneering, and how long after the squeeze hits (hits the small countries first, probably) will individuals have to put up with "carrier grade NAT" or whatever.
But the real question is whether IPV6 is really scaleable. Without switchers to test it, we don't know.
Personally, I don't much care for IPV6. I'd prefer a scheme where you have something like a high-bit extension rule that would allow anyone with a valid IP address and a working router to just add an octet for his sub-net of (about) 120 hosts and keep going. I'm pretty sure the idea was considered and there was a valid reason (not the obviously invalid reasons about trouble holding the market captive) for not considering it, but it sure seems to me like (it could have been) a great solution.
I'm still not sure how to handle portable devices, since it would seem that the prefix pretty much limits where a device could be found, and therefore where it could connect.
Another possibility would be only 64 address at a level, with the top two bits encoding some sort of function, like addresses relative to the local network and special function addresses. Maybe you could even make mobile devices accessible that way.
Yeah, I know. These kinds of ideas were used in some of the network protocols that TCP-IP beat out. So there must have been good reasons.
Anyway, would it be possible to concatenate 4-octet addresses. So my global IP address would consist of A.B.C.D:192.168.7.201 if my address on the local network is 192.168.7.201 and my router's address is A.B.C.D?
Yeah, that could go really bad if implemented wrong.
This is not about one time passwords, it's about misusing them.
And, while it is about poor practices issuing certs, it is more about the inherent weakness of trying to do it all with a single browser. And about the inherent weakness in using certificates issued by the public CAs.
With the current tools, requiring the client to have a cert, too, mitigates things a bit, but the client should never have been allowed to connect without a cert anyway, and neither the client nor the server should be using certificates issued by the public CAs for their VPN anyway. If you need security, you have to be willing to issue your own certs for day-to-day operations.
Secure connections need a dedicated browser that only connects to known IPs. And if the connection really needs to be secure, the client needs to be able to check the IP she is connecting to against two other servers' opinions of what the IP is.
Too much half-baked security stuff, people who seem to think that if half the security is good enough for them, all they have to do is implement half the spec.
My wife has an NTT Docomo because her little brother has one and we can therefore all talk together free on the family plan. Except that her phone is too old, so, while I can call her free, and her little brother, with his new phone can call her free, she only gets a 30% discount calling us now. (She has MOVA and we have FOMA.)
And I had to get a phone, any phone, for work. I probably should have got a pre-paid. But, in Japan, I really didn't/don't yet have any decent options besides the pre-paid. Well, the iPhone in Japan was about three months away at the time. And look how that turns out: Not really open. Really expensive, although, for double what I'm paying, if it were really open, I might have been willing to move to it when NTT picks it up "real soon now".
Japan has adopted opensource only for the freeride.
Which is better when you don't have time to lobby and wait? Chained-down opensource or MSwhatever smartphones? There are Symbian smartphones, I think, but not with Docomo.
Supposedly, my phone is LiMo. But I have yet to find out how to confirm it.
Supposedly, some people can develop new apps for it. (Like a decent calculator or stopwatch?) But I haven't even been able to find a place to download apps someone else built. And if I could, would I trust the apps, when I can't compile the code?
I can't even use the stupid phone as a modem. It can be plugged into a MSWindows PC through USB, but the USB doesn't, from what all the sales crew tell me, even pass the expansion flash card across to be mounted on a Linux or Mac PC. (Best bet is to pull the card and use a flash card reader, the salesman said.)
Okay, you'll also need a USB phone modem, and that may be hard to find drivers for. Or maybe you can be satisfied with finding WIFI hotspots to call from.
Protectionism closes off the economy. Enforces the Malthusian principle.
Drop the walls and the air can circulate again. It really is that simple, although the first few years are a little bad because the closed borders on our part has been encouraging the economic equivalent of air pollution on the part of our neighbors.
The solution, however, is to go much farther. Take the jobs to them, not to make a profit, but to stimulate their economies, their industries, and their technologies. If we want a level playing field, we have the means to level the field.
Maybe we have to do without the SUVs, but SUVs were a bad idea anyway.
Actually, I often use passages of scriptures as seed material when generating keys. With a little solipsism, of course.
But if I copy and paste, that passage is now in the paste buffer in RAM, and maybe even swapped or cached to disk. So I need other sources, as well.
I have thought about massaging it with with a little program that randomly flips bits, as well, but you might need to be careful with the bit flipping. If the attacker knows the bit flipper you used, it might actually reduce the effective entropy. And then there's that business about getting the product into the key generator, again.
Now, using an MP3 or.jpg or.mov as one of several sources of entropy might be a good idea, too.
Just not as the only source, and definitely not as the key itself.
I'm not sure if these count, but Mac OS X has php bundled with it.
So, I'm wondering if there will be an update soon that will remove php4, install php5, and find all the configuration files in/etc, at least, and search them for the right place to put in the line that tells them to keep running php4 compatible.
The TI calculators look like some of them could run a decent *nix-ish system, if the there's a 68K (probably Cold Fire?) in it and 100K or so of RAM and a Meg or so of Flash not in use by the calculator software, there was a version of OS-9/68k that might have run on it, a long time ago.
DSL? Puppy? NetBSD? I have vague memories of reading somewhere about somebody installing one of the modern *nixes on a TI.
6809 would give it enough horsepower to actually run an early version of unix, but then you couldn't get the low-low power out of programmable logic that you can out of hard-wired 6502 cores. And you'd still have that problem of virtual addressing facing any kid with enough ambition to try to (re)program it.
Freescales m-core might be interesting as a CPU, but then they would potentially collide with the goals of OLPC.
I'm rambling, but this touches a kind of long-term fantasy of mine -- basically, put the equivalent of a Radio Shack Color Computer (but with something better than MSBASIC) in every kid's pocket.
If you're more worried about how you get moderated and what the results are than about saying what you really think, you're worried about the wrong thing.
Moderation is a gimmick to get people to come talk here. I sometimes succumb to the temptation to check how I've been moderated, too. But the only way I (think I) am letting moderation affect my posts is to motivate me to write clear, succinct, logical posts. And you can see that I don't let moderation motivate me very much.:|-
Admittedly, it looks off-topic under this article, but think about it:
Prime example, Microsoft -- made a lot of money with an inferior product because (this important, guys:) it needed lots of other people to fix its problems, and that gave lots of people a temporary chance to make a lot of money.
(I know, there are a lot of pre-conditions there, but part of the reason for the popularity of Microsoft software was the prevalence of issues and the apparent ease with semi-skilled tech types could apparently solve them. Illusion of education. No, this is not an anti-Microsoft rant, guys. Look closer.)
Okay, do you think the reason for the lack of motivation to "fix" problems is clear now?
Riddle: What is education?
Answer: The process of solving problems.
Is it society's responsibility to solve all the problems? If so, where do the chances for real education go?
There are some ways in which society can help. One important way for society to help is to get out of the way at appropriate times so that the learner can get his hands on and into the subject for real. But it is much easier to propose easy "solutions".
Besides, the hard (==real) solutions never look "cool".
Rote is one of the easy solutions. Rote is like exercise for the mind. Exercise is good. We need a little regular exercise every day. But if you waste the whole day exercising, you don't have any time left for solving problems. If you're always focusing on the execution, on technique, on appearance, solving the problems that you have already solved many times over, you are not solving the problems that are needing solutions.
But it looks cool to watch kids produce a batch of 10 of 10s in some quiz, or to hear them work over the pronunciation and intonation of "Nice to meet you," in perfect chorus.
Lecture also looks cool. Lecturers get to sound important and funders get to hear and see the product. And watching 400 students take notes at once is just impressive somehow.
This Wieman guy seems to have some good ideas, and he seems to be a lot more clever than I about how he's packaging them. I'd be busy trying to hit people over the head with the fact that it makes no sense to arbitrarily separate the school from the real world. That, and encouraging people to take things into their own hands. He's engaging the people who think they are in control with rhetoric that they think they can argue with.
Yeah, I'll agree. The KJT wording is a bit better at showing the deeper meaning than the simple prohibition against lying, especially in early 20th century English.
But if the boss is fishing for a compliment, "Yeah, they do." could be equivalent to saying, "I don't care how you feel about life today, honey." where a "The slacks nice and you do to." might be a way to avoid passing judgment on the size of the posterior. I'm not going to advise playing verbal chess, but it can sometimes be good to consider what the other person is going to hear.
And then there will be times when a "Yes they do. Take them back and tell your sister I don't like her taste in clothes." is appropriate.
If you are looking for truth from the scriptures, ask God. (James 1: 5, among other places.)
When your neighbors come around to talk, well, talking can be an interesting pastime. (Ya think?) And sometimes it can help open the mind a bit. (Although it can also do the opposite when we are not careful. I'm rambling.)
Oh, but the answer I would suggest for the other question, probably all 9000 have some degree of real understanding. (In addition to some degree of fooling themselves.) As I understand things, God teaches people what He thinks they need to know, not what I, you, or somebody else thinks I need to know.
Slashdot Mirror
Well, I have to admit, the unanimous polling is probably overkill for web surfing, and overkill usually opens more holes. And it is all too easy to try to fix the social engineering vulnerabilities.
You know the websites you visit regularly by pattern recognition, and "trust systems" have to be able somehow to take advantage of what the user knows. Maybe it would be better to provide an alternate opinion function. Press a button and your surfing browser asks two other DNS servers, preferably separately managed, for a lookup of the name, and compares the IPs. Perhaps it also checks who owns the IPs, so that big sites can still load balance without using exotic tricks. (And that leaves us with Akamai as a potential trouble spot, but I would assume that Akamai and Apple (for instance) should be able to arrange so that only IPs owned by Apple respond to requests for Apple's servers.
Still only advisory, but meaningful to humans. I guess, if we're going that far, it would be reasonable to also query a public cert for the domain name at the same time. But our current certificate infrastructure is sorely lacking, both in administration and in fundamental structure.
We don't want to go to Verisign when checking a domain name certificate, we want to go to the domain registrar. (Note that I say "domain name certificate". That's not a certificate to shop by.)
Under normal operation, the current clot of certs in the browser tells you only that the cert you're looking at is trusted by someone in the clot. That's upside down. Checks done in the background put the user to sleep. You shouldn't care until you care, and when you care, that's when the check should be done, and that's when the entire trust chain should be presented, along with the dns and IP chain.
Where did this idea that the general purpose browser should be used for secure transactions come from? Hmm? (Okay, I'm poisoning the well here, but there is some bad sales engineering going on here.)
You don't send the bus driver to the bank for you.
With todays personal computer systems, it would be better to have the financial transactions done on completely separate hardware, really. I'm thinking of an electronic wallet, so to speak, that you plug into your ethernet hub. You set the sale up on your surfing browser, the shop gives you a ticket number and a url to log into with your electronic wallet, you plug the electronic wallet in, type in the url and the sales number, and the wallet does the certificate exchanges, etc. And queries you one last time to okay the transaction by hand, just so you can think again before you commit the money.
But I don't like the idea. Too hard to keep people from trying to combine that with the cell phone. (Already something like that in use here in Japan, vulnerable like a dog to fleas.) Also too easy for governments to try to pull it into the tax system.
Dedicated browser -- Sure, they use standard parts. They have a master at your office, and when you go in to set up your account, both you and the bank officer digitally sign a pair of certificates. Probably mix a scan of the physical signatures on the paperwork into one part of the digital signatures. The bank's hardware generates the keys (Just like it owns the credit card it gives you, it owns the key it gives you.) It installs those certificates and your key, encrypted, into the dedicated browser with the initial list of IP addresses for the servers. Then it burns the dedicated browser (probably a java app) into a CD.
You take the CD home after hearing a short lecture about it not being safe to use the browser on any machine you don't know is clean. That lecture is given at the same time as the short lecture about not letting others use your credit cards or your checks.
(That last step is where it all falls apart. I know. Well, that, and, as you say, the temptation that all financial institutions' market departments will have to add bells and whistles.)
Why should banks go through this kind of thing? Well, the proce
If she's just being metaphorical, she's talking about major reductions in the complexity and energy costs.
If she's speaking literally, she's talking about major reductions in facilities costs, as well. (What clean room?)
Also, she seems to be inferring significant materials cost reductions.
The problem is when we allow charismatic leader A, B, or C to start telling us what we can or can't do.
Self control is generally good, but can get out of hand sometimes, but I don't think that's what the guy you're answering is talking about.
Check our own ISPs name servers, openDNS's name servers, and we need a third independent name server pool.
Check all three before moving accepting the IP, and if there is any disagreement, just don't go. Also, send an automated warning to all three DNS pools to re-seed their random number generators and clear the contested IP from their cache.
Of course, I'm talking about DNS pools as if they already exist. But they should.
Interactions that need to be secured should also use independent multiple polling before exchanging tokens. Financial institutions, for instance, should keep their own private supernetwork, such that the customer queries their local branch to start login, then queries two other bank-owned check servers, to make sure the branch IP is what the bank says it should be. This would require dedicated browsers, but that's really a given. It's time to quit giving popular browser M, I, or E our credit card numbers to play with. The convenience is not worth it.
With dedicated browsers, we don't even need the root to be issued by a public CA.
There were a few who prepared, and many of those told the rest what they were doing, so, by 1998, most businesses had some place to go for answers.
I think that's the real reason y2k was relatively tame.
That's what's happening here. Most companies don't know where to start. The question is how many people are doing the pioneering, and how long after the squeeze hits (hits the small countries first, probably) will individuals have to put up with "carrier grade NAT" or whatever.
But the real question is whether IPV6 is really scaleable. Without switchers to test it, we don't know.
Personally, I don't much care for IPV6. I'd prefer a scheme where you have something like a high-bit extension rule that would allow anyone with a valid IP address and a working router to just add an octet for his sub-net of (about) 120 hosts and keep going. I'm pretty sure the idea was considered and there was a valid reason (not the obviously invalid reasons about trouble holding the market captive) for not considering it, but it sure seems to me like (it could have been) a great solution.
I'm still not sure how to handle portable devices, since it would seem that the prefix pretty much limits where a device could be found, and therefore where it could connect.
Another possibility would be only 64 address at a level, with the top two bits encoding some sort of function, like addresses relative to the local network and special function addresses. Maybe you could even make mobile devices accessible that way.
Yeah, I know. These kinds of ideas were used in some of the network protocols that TCP-IP beat out. So there must have been good reasons.
Anyway, would it be possible to concatenate 4-octet addresses. So my global IP address would consist of A.B.C.D:192.168.7.201 if my address on the local network is 192.168.7.201 and my router's address is A.B.C.D?
Yeah, that could go really bad if implemented wrong.
This is not about one time passwords, it's about misusing them.
And, while it is about poor practices issuing certs, it is more about the inherent weakness of trying to do it all with a single browser. And about the inherent weakness in using certificates issued by the public CAs.
With the current tools, requiring the client to have a cert, too, mitigates things a bit, but the client should never have been allowed to connect without a cert anyway, and neither the client nor the server should be using certificates issued by the public CAs for their VPN anyway. If you need security, you have to be willing to issue your own certs for day-to-day operations.
Secure connections need a dedicated browser that only connects to known IPs. And if the connection really needs to be secure, the client needs to be able to check the IP she is connecting to against two other servers' opinions of what the IP is.
Too much half-baked security stuff, people who seem to think that if half the security is good enough for them, all they have to do is implement half the spec.
Yeah, sort of.
My wife has an NTT Docomo because her little brother has one and we can therefore all talk together free on the family plan. Except that her phone is too old, so, while I can call her free, and her little brother, with his new phone can call her free, she only gets a 30% discount calling us now. (She has MOVA and we have FOMA.)
And I had to get a phone, any phone, for work. I probably should have got a pre-paid. But, in Japan, I really didn't/don't yet have any decent options besides the pre-paid. Well, the iPhone in Japan was about three months away at the time. And look how that turns out: Not really open. Really expensive, although, for double what I'm paying, if it were really open, I might have been willing to move to it when NTT picks it up "real soon now".
Japan has adopted opensource only for the freeride.
Which is better when you don't have time to lobby and wait? Chained-down opensource or MSwhatever smartphones? There are Symbian smartphones, I think, but not with Docomo.
Supposedly, my phone is LiMo. But I have yet to find out how to confirm it.
Supposedly, some people can develop new apps for it. (Like a decent calculator or stopwatch?) But I haven't even been able to find a place to download apps someone else built. And if I could, would I trust the apps, when I can't compile the code?
I can't even use the stupid phone as a modem. It can be plugged into a MSWindows PC through USB, but the USB doesn't, from what all the sales crew tell me, even pass the expansion flash card across to be mounted on a Linux or Mac PC. (Best bet is to pull the card and use a flash card reader, the salesman said.)
LiMo is open?
That's not what _I_ thought he meant by plugging in a 3G modem, etc.
Simple, huh?
Okay, you'll also need a USB phone modem, and that may be hard to find drivers for. Or maybe you can be satisfied with finding WIFI hotspots to call from.
For the trouble, I'm willing to hand dial to get debian in my pocket.
Besides, the phone functions will come, even if you insist on being a drag.
Protectionism closes off the economy. Enforces the Malthusian principle.
Drop the walls and the air can circulate again. It really is that simple, although the first few years are a little bad because the closed borders on our part has been encouraging the economic equivalent of air pollution on the part of our neighbors.
The solution, however, is to go much farther. Take the jobs to them, not to make a profit, but to stimulate their economies, their industries, and their technologies. If we want a level playing field, we have the means to level the field.
Maybe we have to do without the SUVs, but SUVs were a bad idea anyway.
You guys are missing the boat.
Who cares about choosing who gets to be the next big thing? -- although it's an interesting diversion.
This is about "correcting" the public opinion through controlled "art".
The King James version?
Actually, I often use passages of scriptures as seed material when generating keys. With a little solipsism, of course.
But if I copy and paste, that passage is now in the paste buffer in RAM, and maybe even swapped or cached to disk. So I need other sources, as well.
I have thought about massaging it with with a little program that randomly flips bits, as well, but you might need to be careful with the bit flipping. If the attacker knows the bit flipper you used, it might actually reduce the effective entropy. And then there's that business about getting the product into the key generator, again.
Now, using an MP3 or .jpg or .mov as one of several sources of entropy might be a good idea, too.
Just not as the only source, and definitely not as the key itself.
Interesting idea, just not well thought out.
I'm not sure if these count, but Mac OS X has php bundled with it.
So, I'm wondering if there will be an update soon that will remove php4, install php5, and find all the configuration files in /etc, at least, and search them for the right place to put in the line that tells them to keep running php4 compatible.
No, no, not Mac OS 9, the real OS-9.
I jest. Sort of.
That is, the old Color Computer did run OS-9.
The TI calculators look like some of them could run a decent *nix-ish system, if the there's a 68K (probably Cold Fire?) in it and 100K or so of RAM and a Meg or so of Flash not in use by the calculator software, there was a version of OS-9/68k that might have run on it, a long time ago.
DSL? Puppy? NetBSD? I have vague memories of reading somewhere about somebody installing one of the modern *nixes on a TI.
Not many details.
6502? Hang a keyboard on a gameboy?
Flash instead of cassette tape, to be sure.
Sixteen bit addresses?
6809 would give it enough horsepower to actually run an early version of unix, but then you couldn't get the low-low power out of programmable logic that you can out of hard-wired 6502 cores. And you'd still have that problem of virtual addressing facing any kid with enough ambition to try to (re)program it.
Freescales m-core might be interesting as a CPU, but then they would potentially collide with the goals of OLPC.
I'm rambling, but this touches a kind of long-term fantasy of mine -- basically, put the equivalent of a Radio Shack Color Computer (but with something better than MSBASIC) in every kid's pocket.
If you're more worried about how you get moderated and what the results are than about saying what you really think, you're worried about the wrong thing.
Moderation is a gimmick to get people to come talk here. I sometimes succumb to the temptation to check how I've been moderated, too. But the only way I (think I) am letting moderation affect my posts is to motivate me to write clear, succinct, logical posts. And you can see that I don't let moderation motivate me very much. :|-
Is the keyboard and mouse preferences panel in the system preferences not enough?
It tends to pool around the wounds in society.
Admittedly, it looks off-topic under this article, but think about it:
Prime example, Microsoft -- made a lot of money with an inferior product because
(this important, guys:)
it needed lots of other people to fix its problems,
and that gave lots of people a temporary chance to make a lot of money.
(I know, there are a lot of pre-conditions there, but part of the reason for the popularity of Microsoft software was the prevalence of issues and the apparent ease with semi-skilled tech types could apparently solve them. Illusion of education. No, this is not an anti-Microsoft rant, guys. Look closer.)
Okay, do you think the reason for the lack of motivation to "fix" problems is clear now?
Riddle:
What is education?
Answer:
The process of solving problems.
Is it society's responsibility to solve all the problems? If so, where do the chances for real education go?
There are some ways in which society can help. One important way for society to help is to get out of the way at appropriate times so that the learner can get his hands on and into the subject for real. But it is much easier to propose easy "solutions".
Besides, the hard (==real) solutions never look "cool".
Rote is one of the easy solutions. Rote is like exercise for the mind. Exercise is good. We need a little regular exercise every day. But if you waste the whole day exercising, you don't have any time left for solving problems. If you're always focusing on the execution, on technique, on appearance, solving the problems that you have already solved many times over, you are not solving the problems that are needing solutions.
But it looks cool to watch kids produce a batch of 10 of 10s in some quiz, or to hear them work over the pronunciation and intonation of "Nice to meet you," in perfect chorus.
Lecture also looks cool. Lecturers get to sound important and funders get to hear and see the product. And watching 400 students take notes at once is just impressive somehow.
This Wieman guy seems to have some good ideas, and he seems to be a lot more clever than I about how he's packaging them. I'd be busy trying to hit people over the head with the fact that it makes no sense to arbitrarily separate the school from the real world. That, and encouraging people to take things into their own hands. He's engaging the people who think they are in control with rhetoric that they think they can argue with.
nt;
Yeah, I'll agree. The KJT wording is a bit better at showing the deeper meaning than the simple prohibition against lying, especially in early 20th century English.
But if the boss is fishing for a compliment, "Yeah, they do." could be equivalent to saying, "I don't care how you feel about life today, honey." where a "The slacks nice and you do to." might be a way to avoid passing judgment on the size of the posterior. I'm not going to advise playing verbal chess, but it can sometimes be good to consider what the other person is going to hear.
And then there will be times when a "Yes they do. Take them back and tell your sister I don't like her taste in clothes." is appropriate.
Ah, so god believes in misleading the masses, providing easily misinterpreted information which can and has led societies to ruinous consequences.
Are we sure it's "god" who inspired the bible? or is it some other being known to lie with the aim of causing ruin to humanity?
Or, perhaps, there is a devil trying to make people believe that God is doing that.
You don't really need to.
If you are looking for truth from the scriptures, ask God. (James 1: 5, among other places.)
When your neighbors come around to talk, well, talking can be an interesting pastime. (Ya think?) And sometimes it can help open the mind a bit. (Although it can also do the opposite when we are not careful. I'm rambling.)
Oh, but the answer I would suggest for the other question, probably all 9000 have some degree of real understanding. (In addition to some degree of fooling themselves.) As I understand things, God teaches people what He thinks they need to know, not what I, you, or somebody else thinks I need to know.