"Global Warming" has already been renamed "Climate Change". It initially looked like a warming trend, but the more we study the more we come to the conclusion that everything is relative. The only thing we know for sure is the climate is changing.
Please don't inure people to the idea of "security theater". It really is a great description for a lot of what is being done publicly to pretend to do something, often at great expense, and frequently to the financial benefit of well connected people.
She swore by affidavit not to cook, but returned to cooking. Under a different name. Her release as a carrier depended on her not cooking, which she didn't follow.
She was the first carrier identified (at least in New York), and the policies evolved as more information came along. The effective solution to the bigger problem was to restrict carriers' activities, and Mary was used as the example of what would happen if you didn't comply. The rest were considered not justified for quarantine, again as more information was discovered.
Making up policies as you go along, and having to fight an obstinate woman who refused to acknowledge her danger to others, is not even close to security theater. You may be able to call it "meting punishment based on public perception" since she became relatively famous, which is not a whole lot better.
Read "lawfully required" as "forced by shareholders and external parties through lawful (legal) means".
Maybe there is no statute that says they are required to turn a profit, but there are piles of statutes, case law, regulations, SEC requirements, and "guidelines" which can be used as the basis for a lawsuit and other punishment.
If you sell public stock, you have to try to be successful or you may suffer all kinds of wrath. Shareholder lawsuits against the board of directors are probably the most common, and they can force a decision on the board, and therefore the company.
Departing CEO severance package too big? Sue the board for over-spending. Takeover opportunity missed? Sue the board for malfeasance.
I don't get the outrage here. The article might just as well have positioned this as moving the education to the new Polytechnic. But that's not good for page views. So we get this opinion piece instead.
Based on tuition and costs, there could be anywhere between 85-200 students covered by this department to get the $1.7M savings. And there is a Polytechnic being created in Tampa specifically for this kind of thing. Why invest in something that is going to be poached by your new University anyway?
Meanwhile, just two days ago, Florida governor Rick Scott approved the creation of a brand-new public university, Florida Polytechnic University, to be located near the city of Tampa. In an unintentionally ironic statement, Gov. Scott said
âoeAt a time when the number of graduates of Floridaâ(TM)s universities in the STEM [science, technology, engineering, and mathematics] fields is not projected to meet workforce needs, the establishment of Florida Polytechnic University will help us move the needle in the right direction.â
I would have disagreed with you. But I just bought the 4 expansion packs for Fallout 3, despite having spent nearly 3 months wandering the wastes in the original game. I swore to everyone not to buy any new Fallout related things for me.
I could have gotten the $20 GOTY edition, but it was sold out. Did not exist on the shelf, just sold. So I got two expansion packs for $16, both re-owned, when I could have bought GOTY for $20, and gotten Mothership Alpha (which I really did want), new, and the publisher would have gotten the percentage.
It was not available, so I bought used. I buy old but new when I can, right around $20. Many $20 PS2 new titles that I still am playing through, and I get the $20 XBOX game when I can.
I totally have an incentive to keep Fallout 3, and I will one day have the GOTY edition, used or not. Preferably new. I have an incentive, and I admit I am addicted. I can't wait for dedicated time next week to start broken steel, you won't even read posts from me most likely unless I get frustrated.
Point is, this game is going nowhere. BioShock 1/2, Bionic Commando, ME2, Fallout 3, Orange Box, Portal 2. These games will never be sold. GTA IV maybe. Fear, Prey, a few others, yeah they are on the slab. Good games, I'll keep *even if they have no more content*. Average games with extensions, I'll keep.
Bad games, or average games with nowhere else to go, screw it, it's getting redboxed and if I bought it I'm going to be pissed at myself and it's going back to GameStop.
I've been scanning the comments trying to figure this out. It seems this would come under more of a "system and method" type thing, a patent. But is a magic trick patentable? If it involved a machine or setup of some novel sort, probably.
If I perform CATS without permission, that's a reproduction of a performance, and copyright violation (public performance of a copyrighted work). If Teller's trick is copyrghted, and someone does a public performance, that sounds valid on the surface.
If it is a verbatim reproduction, obviously it was a copy of the performance. But to do the trick, with everything else being different... I'm still not convinced. I feel this should have been patented.
A 15 year old most likely is not mature enough to have that level of understanding.
Disregarding his age, anyone would fall into the same trap. Dip your feet in the water, and don't get caught. Go a little further, and still remain undetected. Maybe you get detected next time, but they can't find you. All from the psychologically safe bedroom/basement instead of getting in your car (which a 15 year old in Austria may not be allowed to do).
Once you truly understand how the network works, and you're writing your own tools, you understand that the safest place you can be is in public, away from anything personal including hotel reservations. But that also has to include CCTV or other surveillance. Until then, the comfort zone of "home" makes you feel you can not get caught. The illusion of safety when you are at your most vulnerable. Especially when repeated attacks come from the same place.
Disclaimer: I'm not a white hat, nor a black hat, nor an any hat. But I have read a lot about people and what makes them do stupid things.
I am on the do not call list, even though I'm also a cell phone. Guess what? Some people don't care.
They use spoofed caller ID to tell me I can get a lower rate on a credit card. When I call back, I get either a voice mail box that is full, or the number is out of service. There is no way I've found to track these people down. The law is useless here.
This kind of telemarketing *is* illegal, and I spend as much time taking their time as I can. No apologies from me. In fact, they use a pre-screener to answer the phone. If I sound interested, I get transferred to someone who handles the call. If I sound interested, but say anything other than a simple "yes", they hang up so I can't waste their time.
They have figured out that people waste their time, and have a way to work around it. But they keep calling me - I don't get it. So far my record is 15 minutes of waffling.
And therefore most likely an anti-Philips submission, intended to shame them into dropping the price. The actual article says Philips is already doing this.
Netherlands-based Philips, is discounting it right away to $50 for consumers, and working on deals with electric utilities to discount it even further, by as much as $20 to $30.
This means the bulb will cost anywhere from $20 to $60, depending on where it's found.
And of course more clarification
Congress launched the L Prize contest in 2007, with the goal of creating a bulb to replace the standard, energy-wasting "incandescent" 60-watt bulb. The requirements were rigorous, and Philips was the only entrant. Its bulb was declared the winner last year, after a year and a half of testing. The contest stipulated that the winning bulb be sold for $22 in its first year on the market... In that context, the $60 price tag has raised some eyebrows.
The title of the PhysOrg article? "Rebates to cut price of $60 LED bulb". That's a positive, and theodp should be ashamed for trolling.
Sarcasm detected. Yes, Republicans are a cultural movement, not religious. They cater to both moral and fiscal conservatives despite obvious inconsistencies, such as Jesus helping the poor and budget cutting anything that helps poor people.
They use religion to back up their opinions where it is supported, and any other useful tidbit when it doesn't. Do you think Jesus would have supported the NRA? Cutting school budgets to get the latest F-35 bombers that the military doesn't even want?
Yes, it is cultural, yes religion is used as an excuse. Same as Taliban extremists - they have their views, including outlawing education for women for a few years, and they use religion to back it up.
Many Christian groups treat women as second class citizens because they are to remain silent in church, and obey their husbands. Most Christians understand that contextually, but a few take it literally and frequently out of context. Every culture, every religion has people who do this, and it is not tied to the religion. It is an interpretation used as a convenient excuse to impose what some people believe on others.
People who allow scripts so the page will run/load, might not want flash running automatically. For example the entire Gawker family, including iO9 which occasionally posts interesting things. I might whitelist it to read the content, but I don't want flash loading automatically.
So you get the combination. By default, Java, Flash Silverlight, and 'other plugins' are disabled bu default.
Moderation comes and goes. Right now, I shift-click the comment number and get the comment by itself in a new window. Select the moderation, and the 'moderate' button is at the bottom.
Even if it has child replies, as long as they remain 'normal', you only moderate the single comment.
It also helps refresh to see if someone else has changed the moderation, or made a reply that I should consider in my moderation. Unless there are 5 child replies and the page gets large, overall I think this way is the best way.
And, it was the subject of an EOLAS lawsuit against Microsoft, who IIRC had to disable automatically running things in IE for a while (maybe they got that overturned before actually having to implement it).
EOLAS invents something, patent-trolls, gets $30million (down from the 500+ originally awarded) and 10 years later everyone starts to realize it's a bad idea!
Most computers that run XP will be able to run 7/8 with no problems. You didn't mention compatibility, so I'll ignore that in the form of drivers, which may not be available for 7, and applications which use poor security or assumptions rather than asking the OS for its properties. Linux apps and drivers know what to expect because of frequent changes (binary compatibility is not guaranteed). Windows changes are so infrequent that developers have been able to largely ignore them.
95 ran slower because it was 32 bit thunked to 16 bit under the hood. 98 ran slower because IE was integrated, so the entire shell went through the browser. ME ran slower because it is a well-known bastardization of DOS and Windows, and requires no further explanation.
XP was the big change, 6 years later. It ran slower because it was based on the NT kernel (and was actually a real operating system instead of a GUI tacked on to DOS). Vista was the next big change, another 6 years later. It ran slower because they moved graphics processing out of the kernel, and it is well known as a turd.
7 ran faster because they put graphics back into the kernel, and made a lot of genuine improvements, and 8 should be plenty zippy regardless of whether you use Metro or not, or both. And I'm predicting that if there is a Windows 9, it is unlikely to backslide into crap territory.
In other words, your assumption was valid for a specific timeframe but no longer holds.
Oblivious indeed. All input gets sanitized, even if it's a simple sanity check, for example percentages should be between 1 and 100 (if >100 doesn't make sense). Numeric data should be checked to be sure it's numeric. Null integers and strings should be converted to a NULL database value, instead of an implicit ToString() conversion giving an empty string, depending on the language. Using a pass-through library to connect to the database, allowing nothing to escape unchecked, is what smart programmers do. Some sort of data access layer.
Bobby Tables illustrated one of the most common attack vectors. Not using bound parameters is very common so much so that I have yet to see an introductory text on ASP or ASP.NET that explicitly and routinely uses bound parameters. Most issue a disclaimer that error checking has been omitted for clarity. So you have people who should know better, but don't. Instead, you use a data access layer, that always binds parameters.
Kinda like I said above. Only you claim that you will miss sanitizing something. So what if you forget to use bound parameters? Oh that's right, things work perfectly in your view of the world but everyone else is wrong. Use a data access layer, access everything the same way. And while you're at it, you might as well sanitize the data as well, right? After all, if it looks like an injection attempt, shouldn't you at least log an IP, or user ID, or something? A responsible dev would.
In-band signaling... I'll leave that for others if they want to rip it apart. I assume you mean escape sequences, replacing control characters with escapes specifically. There are common ways of replacing, and common ways to defeat common ways of replacing. It has nothing to do with in or out of band signaling.
If you are talking about creating a protocol, such as TDS or SMB, or TCP, or anything else, it's very easy to add error-checking to ensure OOB data is treated as expected, and in-band signaling is considered an error condition. If you are talking about checking for escape sequences in a protocol and passing that directly, unchecked, you're talking about little Bobby Tables.
"In-band signaling" is, in the case of SQL, a SQL injection attack waiting to happen, and exactly the condition XKCD was describing. Using bound parameters relies on the underlying library to generate the correct OOB escape signals to describe the packet and detect anomalies. IF you have a bug in the binding, such as the case here, it doesn't matter if it's in or out of band. There is a bug, and it will likely be discovered sooner or later.
So I assume you are also saying: Always assume that the lower layer library has a bug, and sanitize your inputs just in case, so your application is not hacked by an underlying bug. That is what you are saying, right?
Yes, because those visa seekers are willing to to the work for the wage offered. Same line as "If you think yu need more money, there are hundreds of people I could replace you with." Just drawing on a population outside of the country.
At this point, you have to argue about protectionism and what's fair to the person or country, not fair business. I don't think it's right, but it is fair business practice. As everyone has noted, business is not nice to people, especially if they agree to the terms.
How is that ironic? Big hotels in the city pay outrageous prices for land, and operating costs are much higher. Everything costs more in a big city because everything costs more. And people will pay because they are used to paying for little things like that.
This is how big cities work. Let me guess, you were expecting prices to be based on cost? Oh, well that's not how the world works.
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest Twitter addresses ( ) Mailing lists and other legitimate Twitter uses would be affected (X) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks (X) It will stop spam for two weeks and then we'll be stuck with it (X) Users of Twitter will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once (X) Many Twitter users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for Twitter ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all Twitter addresses (X) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in Twitter ( ) Susceptibility of protocols other than Twitter to attack ( ) Willingness of users to install OS patches received by Twitter ( ) Armies of worm riddled broadband-connected Windows boxes (X) Eternal arms race involved in all filtering approaches (X) Extreme profitability of spam (X) Joe jobs and/or identity theft ( ) Technically illiterate politicians (X) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves (X) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) Twitter headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks (X) Countermeasures must work if phased in gradually ( ) Sending Twitter should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time Twitter addresses are cumbersome ( ) I don't want the government reading my Twitter (X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
A Library of Congress is a unit of measure, and each LOC is an exact copy of the previous one.
A Slashdot poster, on the other hand, is actually an individual. Kinda like the individual items that the LOC contains. Each one has different opinions, and each discussion is a result of self-selected individuals who feel strongly enough about a discussion to make some sort of contribution. So Slashdot is essentially a Library of Congress for the purposes of this explanation, the collection of individuals.
Just as not every book in the LOC comes to the same conclusion, not every Slashdot poster has the same opinion. It is entirely possible that the same people who share the former opinion do not care to post on the latter discussion. IF you do find a specific individual, maybe you can ask that person to explain their view.
Also, if you read the comments, a lot are arguably neutral, commenting on similarities to other companies like the post to which you replied. Or discussing how UK and EU laws and enforcement overlap, or fail to.
And of course you can bring up the red herring of all Slashdot posters expecting evil finance and oil companies to pay their taxes but giving Amazon a break because we happen to enjoy paying money to Amazon. Feel free to use that equally flawed observation for your next troll. Personally, I like giving Amazon tax breaks because it allows me to pay less for direct delivery. Oil companies can suck a kite because only a small portion of what I pay at the pump comes from their tax bills. Oil speculators seem to be the biggest cost, and they seem to be in the area of capital gains, not sales taxes. So yes, double standards can have rational explanations.
This will be interesting in the same way that Microsoft supporting Apple was interesting. Microsoft reportedly wanted to appear to have competition, so it supported a flailing Apple. Microsoft was being scrutinized from about 1990, and the formal case was 1998, so $150 Million in support plus development on the platform certainly could have been solely to keep the anti-trust investigators happy.
Attacking YouTube as a haven for piracy, and then shutting down a viable self-publishing model would certainly be anti-competitive. And since these are not individual companies, but instead collectives, this might form the basis of a good RICO style collusion investigation. At some point, the reach of their campaign contributions has to stop as they run afoul of unelected officials.
I think it has more to do with elections. No one wants to persecute the entire Church and be labeled anti-Christian. Many states have gone after specific high-ranking individuals who have been directly accused.
When you get to international concerns it's even harder to fight. The Vatican is essentially its own country, so you can't just issue a summons to appear to the Pope or anyone else who lives/works there. And you'd piss off a huge number of Catholics around the world if you tried some other method of justice.
The best you could get is a conspiracy among a few scapegoats to brush it under the rug - going for the whole organization would result in failure.
These two are entirely different. I fully agree that the amount of money the MAFIAA have spent getting their choice candidates elected has tainted things, but your choice to bring the Catholic Church into the argument was really a terribly misguided idea.
Slashdot Mirror
You got your Twitter in my Slashdot!
No, you got your Slashdot in my Twitter!
"Global Warming" has already been renamed "Climate Change". It initially looked like a warming trend, but the more we study the more we come to the conclusion that everything is relative. The only thing we know for sure is the climate is changing.
Please don't inure people to the idea of "security theater". It really is a great description for a lot of what is being done publicly to pretend to do something, often at great expense, and frequently to the financial benefit of well connected people.
She swore by affidavit not to cook, but returned to cooking. Under a different name. Her release as a carrier depended on her not cooking, which she didn't follow.
She was the first carrier identified (at least in New York), and the policies evolved as more information came along. The effective solution to the bigger problem was to restrict carriers' activities, and Mary was used as the example of what would happen if you didn't comply. The rest were considered not justified for quarantine, again as more information was discovered.
Making up policies as you go along, and having to fight an obstinate woman who refused to acknowledge her danger to others, is not even close to security theater. You may be able to call it "meting punishment based on public perception" since she became relatively famous, which is not a whole lot better.
http://cythereabast.wordpress.com/2007/02/20/the-board-of-healths-exile-of-mary-mallon-was-it-justifiable/
Read "lawfully required" as "forced by shareholders and external parties through lawful (legal) means".
Maybe there is no statute that says they are required to turn a profit, but there are piles of statutes, case law, regulations, SEC requirements, and "guidelines" which can be used as the basis for a lawsuit and other punishment.
If you sell public stock, you have to try to be successful or you may suffer all kinds of wrath. Shareholder lawsuits against the board of directors are probably the most common, and they can force a decision on the board, and therefore the company.
Departing CEO severance package too big? Sue the board for over-spending. Takeover opportunity missed? Sue the board for malfeasance.
Read a bit at lexis-nexis, and read a bit more if you really want to know what you're talking about
That's why they are opening Florida Polytechnic University, to meet the demand. Right there at the bottom of the article that you didn't read.
Most likely, FPU can accommodate any student that leaves U of F.
It's pretty much the opposite of a sad indictment, and demand is being met.
I don't get the outrage here. The article might just as well have positioned this as moving the education to the new Polytechnic. But that's not good for page views. So we get this opinion piece instead.
Based on tuition and costs, there could be anywhere between 85-200 students covered by this department to get the $1.7M savings. And there is a Polytechnic being created in Tampa specifically for this kind of thing. Why invest in something that is going to be poached by your new University anyway?
I would have disagreed with you. But I just bought the 4 expansion packs for Fallout 3, despite having spent nearly 3 months wandering the wastes in the original game. I swore to everyone not to buy any new Fallout related things for me.
I could have gotten the $20 GOTY edition, but it was sold out. Did not exist on the shelf, just sold. So I got two expansion packs for $16, both re-owned, when I could have bought GOTY for $20, and gotten Mothership Alpha (which I really did want), new, and the publisher would have gotten the percentage.
It was not available, so I bought used. I buy old but new when I can, right around $20. Many $20 PS2 new titles that I still am playing through, and I get the $20 XBOX game when I can.
I totally have an incentive to keep Fallout 3, and I will one day have the GOTY edition, used or not. Preferably new. I have an incentive, and I admit I am addicted. I can't wait for dedicated time next week to start broken steel, you won't even read posts from me most likely unless I get frustrated.
Point is, this game is going nowhere. BioShock 1/2, Bionic Commando, ME2, Fallout 3, Orange Box, Portal 2. These games will never be sold. GTA IV maybe. Fear, Prey, a few others, yeah they are on the slab. Good games, I'll keep *even if they have no more content*. Average games with extensions, I'll keep.
Bad games, or average games with nowhere else to go, screw it, it's getting redboxed and if I bought it I'm going to be pissed at myself and it's going back to GameStop.
I've been scanning the comments trying to figure this out. It seems this would come under more of a "system and method" type thing, a patent. But is a magic trick patentable? If it involved a machine or setup of some novel sort, probably.
If I perform CATS without permission, that's a reproduction of a performance, and copyright violation (public performance of a copyrighted work). If Teller's trick is copyrghted, and someone does a public performance, that sounds valid on the surface.
If it is a verbatim reproduction, obviously it was a copy of the performance. But to do the trick, with everything else being different... I'm still not convinced. I feel this should have been patented.
A 15 year old most likely is not mature enough to have that level of understanding.
Disregarding his age, anyone would fall into the same trap. Dip your feet in the water, and don't get caught. Go a little further, and still remain undetected. Maybe you get detected next time, but they can't find you. All from the psychologically safe bedroom/basement instead of getting in your car (which a 15 year old in Austria may not be allowed to do).
Once you truly understand how the network works, and you're writing your own tools, you understand that the safest place you can be is in public, away from anything personal including hotel reservations. But that also has to include CCTV or other surveillance. Until then, the comfort zone of "home" makes you feel you can not get caught. The illusion of safety when you are at your most vulnerable. Especially when repeated attacks come from the same place.
Disclaimer: I'm not a white hat, nor a black hat, nor an any hat. But I have read a lot about people and what makes them do stupid things.
I am on the do not call list, even though I'm also a cell phone. Guess what? Some people don't care.
They use spoofed caller ID to tell me I can get a lower rate on a credit card. When I call back, I get either a voice mail box that is full, or the number is out of service. There is no way I've found to track these people down. The law is useless here.
This kind of telemarketing *is* illegal, and I spend as much time taking their time as I can. No apologies from me. In fact, they use a pre-screener to answer the phone. If I sound interested, I get transferred to someone who handles the call. If I sound interested, but say anything other than a simple "yes", they hang up so I can't waste their time.
They have figured out that people waste their time, and have a way to work around it. But they keep calling me - I don't get it. So far my record is 15 minutes of waffling.
And therefore most likely an anti-Philips submission, intended to shame them into dropping the price. The actual article says Philips is already doing this.
Netherlands-based Philips, is discounting it right away to $50 for consumers, and working on deals with electric utilities to discount it even further, by as much as $20 to $30.
This means the bulb will cost anywhere from $20 to $60, depending on where it's found.
And of course more clarification
Congress launched the L Prize contest in 2007, with the goal of creating a bulb to replace the standard, energy-wasting "incandescent" 60-watt bulb. The requirements were rigorous, and Philips was the only entrant. Its bulb was declared the winner last year, after a year and a half of testing. The contest stipulated that the winning bulb be sold for $22 in its first year on the market... In that context, the $60 price tag has raised some eyebrows.
The title of the PhysOrg article? "Rebates to cut price of $60 LED bulb". That's a positive, and theodp should be ashamed for trolling.
Sarcasm detected. Yes, Republicans are a cultural movement, not religious. They cater to both moral and fiscal conservatives despite obvious inconsistencies, such as Jesus helping the poor and budget cutting anything that helps poor people.
They use religion to back up their opinions where it is supported, and any other useful tidbit when it doesn't. Do you think Jesus would have supported the NRA? Cutting school budgets to get the latest F-35 bombers that the military doesn't even want?
Yes, it is cultural, yes religion is used as an excuse. Same as Taliban extremists - they have their views, including outlawing education for women for a few years, and they use religion to back it up.
Many Christian groups treat women as second class citizens because they are to remain silent in church, and obey their husbands. Most Christians understand that contextually, but a few take it literally and frequently out of context. Every culture, every religion has people who do this, and it is not tied to the religion. It is an interpretation used as a convenient excuse to impose what some people believe on others.
The article ends with: "The results closely matched the simulation, suggesting that crab-powered computers could indeed be possible."
I translated that to: "We have seen enough hentai to know where this is going."
Also known as, "The summary doesn't match the article" because they only predicted the possibility, they didn't actually create a crab based computer.
People who allow scripts so the page will run/load, might not want flash running automatically. For example the entire Gawker family, including iO9 which occasionally posts interesting things. I might whitelist it to read the content, but I don't want flash loading automatically.
So you get the combination. By default, Java, Flash Silverlight, and 'other plugins' are disabled bu default.
Moderation comes and goes. Right now, I shift-click the comment number and get the comment by itself in a new window. Select the moderation, and the 'moderate' button is at the bottom.
Even if it has child replies, as long as they remain 'normal', you only moderate the single comment.
It also helps refresh to see if someone else has changed the moderation, or made a reply that I should consider in my moderation. Unless there are 5 child replies and the page gets large, overall I think this way is the best way.
And, it was the subject of an EOLAS lawsuit against Microsoft, who IIRC had to disable automatically running things in IE for a while (maybe they got that overturned before actually having to implement it).
EOLAS invents something, patent-trolls, gets $30million (down from the 500+ originally awarded) and 10 years later everyone starts to realize it's a bad idea!
Most computers that run XP will be able to run 7/8 with no problems. You didn't mention compatibility, so I'll ignore that in the form of drivers, which may not be available for 7, and applications which use poor security or assumptions rather than asking the OS for its properties. Linux apps and drivers know what to expect because of frequent changes (binary compatibility is not guaranteed). Windows changes are so infrequent that developers have been able to largely ignore them.
95 ran slower because it was 32 bit thunked to 16 bit under the hood. 98 ran slower because IE was integrated, so the entire shell went through the browser. ME ran slower because it is a well-known bastardization of DOS and Windows, and requires no further explanation.
XP was the big change, 6 years later. It ran slower because it was based on the NT kernel (and was actually a real operating system instead of a GUI tacked on to DOS). Vista was the next big change, another 6 years later. It ran slower because they moved graphics processing out of the kernel, and it is well known as a turd.
7 ran faster because they put graphics back into the kernel, and made a lot of genuine improvements, and 8 should be plenty zippy regardless of whether you use Metro or not, or both. And I'm predicting that if there is a Windows 9, it is unlikely to backslide into crap territory.
In other words, your assumption was valid for a specific timeframe but no longer holds.
Oblivious indeed. All input gets sanitized, even if it's a simple sanity check, for example percentages should be between 1 and 100 (if >100 doesn't make sense). Numeric data should be checked to be sure it's numeric. Null integers and strings should be converted to a NULL database value, instead of an implicit ToString() conversion giving an empty string, depending on the language. Using a pass-through library to connect to the database, allowing nothing to escape unchecked, is what smart programmers do. Some sort of data access layer.
Bobby Tables illustrated one of the most common attack vectors. Not using bound parameters is very common so much so that I have yet to see an introductory text on ASP or ASP.NET that explicitly and routinely uses bound parameters. Most issue a disclaimer that error checking has been omitted for clarity. So you have people who should know better, but don't. Instead, you use a data access layer, that always binds parameters.
Kinda like I said above. Only you claim that you will miss sanitizing something. So what if you forget to use bound parameters? Oh that's right, things work perfectly in your view of the world but everyone else is wrong. Use a data access layer, access everything the same way. And while you're at it, you might as well sanitize the data as well, right? After all, if it looks like an injection attempt, shouldn't you at least log an IP, or user ID, or something? A responsible dev would.
In-band signaling... I'll leave that for others if they want to rip it apart. I assume you mean escape sequences, replacing control characters with escapes specifically. There are common ways of replacing, and common ways to defeat common ways of replacing. It has nothing to do with in or out of band signaling.
If you are talking about creating a protocol, such as TDS or SMB, or TCP, or anything else, it's very easy to add error-checking to ensure OOB data is treated as expected, and in-band signaling is considered an error condition. If you are talking about checking for escape sequences in a protocol and passing that directly, unchecked, you're talking about little Bobby Tables.
"In-band signaling" is, in the case of SQL, a SQL injection attack waiting to happen, and exactly the condition XKCD was describing. Using bound parameters relies on the underlying library to generate the correct OOB escape signals to describe the packet and detect anomalies. IF you have a bug in the binding, such as the case here, it doesn't matter if it's in or out of band. There is a bug, and it will likely be discovered sooner or later.
So I assume you are also saying: Always assume that the lower layer library has a bug, and sanitize your inputs just in case, so your application is not hacked by an underlying bug. That is what you are saying, right?
Yes, because those visa seekers are willing to to the work for the wage offered. Same line as "If you think yu need more money, there are hundreds of people I could replace you with." Just drawing on a population outside of the country.
At this point, you have to argue about protectionism and what's fair to the person or country, not fair business. I don't think it's right, but it is fair business practice. As everyone has noted, business is not nice to people, especially if they agree to the terms.
How is that ironic? Big hotels in the city pay outrageous prices for land, and operating costs are much higher. Everything costs more in a big city because everything costs more. And people will pay because they are used to paying for little things like that.
This is how big cities work. Let me guess, you were expecting prices to be based on cost? Oh, well that's not how the world works.
You can't pick and choose - if you want this freedom, you have to accept the restrictions that go along with it.
Hope that helps relieve some of your envy. I think this does not make up for the numerous other disadvantages.
Your post advocates a
( ) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest Twitter addresses
( ) Mailing lists and other legitimate Twitter uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of Twitter will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many Twitter users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for Twitter
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all Twitter addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in Twitter
( ) Susceptibility of protocols other than Twitter to attack
( ) Willingness of users to install OS patches received by Twitter
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) Twitter headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending Twitter should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time Twitter addresses are cumbersome
( ) I don't want the government reading my Twitter
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
A Library of Congress is a unit of measure, and each LOC is an exact copy of the previous one.
A Slashdot poster, on the other hand, is actually an individual. Kinda like the individual items that the LOC contains. Each one has different opinions, and each discussion is a result of self-selected individuals who feel strongly enough about a discussion to make some sort of contribution. So Slashdot is essentially a Library of Congress for the purposes of this explanation, the collection of individuals.
Just as not every book in the LOC comes to the same conclusion, not every Slashdot poster has the same opinion. It is entirely possible that the same people who share the former opinion do not care to post on the latter discussion. IF you do find a specific individual, maybe you can ask that person to explain their view.
Also, if you read the comments, a lot are arguably neutral, commenting on similarities to other companies like the post to which you replied. Or discussing how UK and EU laws and enforcement overlap, or fail to.
And of course you can bring up the red herring of all Slashdot posters expecting evil finance and oil companies to pay their taxes but giving Amazon a break because we happen to enjoy paying money to Amazon. Feel free to use that equally flawed observation for your next troll. Personally, I like giving Amazon tax breaks because it allows me to pay less for direct delivery. Oil companies can suck a kite because only a small portion of what I pay at the pump comes from their tax bills. Oil speculators seem to be the biggest cost, and they seem to be in the area of capital gains, not sales taxes. So yes, double standards can have rational explanations.
This will be interesting in the same way that Microsoft supporting Apple was interesting. Microsoft reportedly wanted to appear to have competition, so it supported a flailing Apple. Microsoft was being scrutinized from about 1990, and the formal case was 1998, so $150 Million in support plus development on the platform certainly could have been solely to keep the anti-trust investigators happy.
Attacking YouTube as a haven for piracy, and then shutting down a viable self-publishing model would certainly be anti-competitive. And since these are not individual companies, but instead collectives, this might form the basis of a good RICO style collusion investigation. At some point, the reach of their campaign contributions has to stop as they run afoul of unelected officials.
I think it has more to do with elections. No one wants to persecute the entire Church and be labeled anti-Christian. Many states have gone after specific high-ranking individuals who have been directly accused.
When you get to international concerns it's even harder to fight. The Vatican is essentially its own country, so you can't just issue a summons to appear to the Pope or anyone else who lives/works there. And you'd piss off a huge number of Catholics around the world if you tried some other method of justice.
The best you could get is a conspiracy among a few scapegoats to brush it under the rug - going for the whole organization would result in failure.
These two are entirely different. I fully agree that the amount of money the MAFIAA have spent getting their choice candidates elected has tainted things, but your choice to bring the Catholic Church into the argument was really a terribly misguided idea.