Many things are, strictly speaking, cancerous, but so unlikely to actually cause cancer that they can be considered safe. You draw a line (presumably) based on the risk. Companies put up these signs not because they believe the risk is worthy of warning, but because if they don't, and someone is able to measure anything on The List, at any concentration, they can sue. The cost of defending a lawsuit (even if you're likely to win) far exceeds the cost of a sign. None of this involves the government, except that the government created the playing field.
they should be handled better by the people who make them
Oh? You have evidence that these "cancer-causing" agents weren't being handled with the care they deserved? Sure, there will always be exceptions, but to claim that everyone should do "better" at mitigating risk suggests that mitigation should occur at all costs, which is, of course, completely impractical. Again, you have to draw a line somewhere, and I'd really prefer that line not be drawn by government bureaucrats, or lawyers looking to score on a prop 65 lawsuit, but by science. More is not necessarily safer, and safer is not necessarily better.
That's per capita. Looking at the state as a whole, the ranking changes a bit. But it seems that the per-capita ranking is probably more useful as a measure of the government's ability to maintain a healthy economy.
You see, self-signed certificates are only wide open to MITM attacks if the person monitoring you was replacing all certificates pro-actively before you even visited the website once.
Some web sites run on server farms that have one certificate per machine. In addition, some sites may replace their certificates because they don't know how to migrate their certificate from one web server platform to another, because they're moving to some new software, or any number of reasons. How does a reasonably tech-savvy person validate the new certificate? How do you expect a novice to?
The "problem" here is that people care less about security, and care more about their browser preventing them from doing the thing they want to do. "I just want to place an order! I don't care if it might be risky!" The dialogs and warnings are just annoying things getting in the way of them completing their task, and they just want to be able to click it away. This class of individual isn't going to care or do due diligence when a self-signed certificate changes. There's a reason certificate errors should be fatal.
If you want to be able to use TLS without a root CA, petition your browser and web server vendors to implement OpenPGP-over-TLS, and good luck getting users to understand and establish a meaningful web of trust.
That way, I can poke around the website, make sure I seem to be where I expect, and then hit trust.
How are you establishing trust by poking around the site? It doesn't take a genius to make their fake web site look like the real thing. They could even proxy requests they don't want to intercept if they want to look genuine. The behavior that you're advocating is the worst possible behavior for users, and we should absolutely not encourage that. If a web site purports to be SSL/TLS-protected, but the certificate is bad, the request should NOT be made until the user takes positive steps to work around it, and it should not be easy, or else users are going to get numb to it, and think of this situation as "normal", and we're right back where we started, with SSL/TLS not actually improving security except for a minority of users that take it seriously.
If you want to enable sites to protect themselves without needing to involve a root CA, start pushing for browsers and web servers to implement OpenPGP-over-TLS, and get users to start establishing a web of trust.
Those with the votes voted to give the franchise to women and blacks - two groups that were under represented in government. So apparently those with the votes can, and at least occasionally do, address the needs of those that can't vote.
One of the many reasons this passed was because it was clear that the majority could not be relied upon to keep the minorities' interests in mind. This makes this situation somewhat of a special case.
But even assuming I agreed that this was a legitimate counter-example, it just means that sometimes, the majority does the right thing. It does not mean an elite group of super-voters can be relied upon to do that. If that were the case, you could simplify this scenario to one of a single dictator. How often do you see a benevolent dictatorship?
I do agree that a situation like this (even taken to the degree of a dictatorship) has the potential to be better. I think it obvious that an educated person is going to do a better job of effecting public policy than an uneducated person, but you're never going to eliminate politics, and once you get enough people upset that they don't feel they're being listened to or that their requests are being ignored, you're going to end up with a revolt of some kind. So you have to do one of:
Deceive them, by reducing government transparency;
Suppress them, by becoming more of an authoritarian state;
Convince them that you know best, and they should be comfortable not having a voice, which would involve a major cultural change in the US; or
Appease them, even if it means making an irrational policy decision (which means taking us back to where we are today)
I'd say women and blacks getting the vote are pretty good counter-examples to your claim.
How is that a counter-example? Women and blacks were underrepresented in government (voting). They pushed for equality and increasing democratization, and achieved that. What you're advocating is an anti-democratization push, where votes from the educated are given more weight than the uneducated. This depresses the "value" of the uneducated's votes and puts exactly back where we started: with certain minority groups significantly underrepresented in government because they happen to be, on average, less educated.
I do agree that there are other approaches one could take, but I don't agree that this one in particular will work.
If only it were that simple. Giving the educated more votes means the undereducated (which could, depending on where you live, correlate strongly with race or income) aren't represented adequately in government. You have to trust that those with the votes will take the time to ensure the needs of those that don't (can't) vote are met. Historically, this doesn't happen.
Tis goes to show you economics is all about politics,
As much as I hate things I normally classify as "politics", politics as a whole is absolutely vital to a society. With your system, we would not have video games, movies, TV shows or anything, really, that can be easily duplicated. The only people producing content would be the artists (working for the love of the craft, not to support themselves), and they would never have the funding to produce anything as interesting as what we have on the market today. Whether or not you personally think these products are worth purchasing is irrelevant. Many do, and if we have to make some trade-offs (such as those behind copyright law) in order to allow such a market to exist, that's an acceptable cost. How do we decide how to approach those trade-offs? Politics.
(Though don't get me wrong, I also believe we've gone too far with copyright law, but that's somewhat orthogonal to this discussion.)
Except that many people isn't paying for them, they play it without paying.
Nevertheless, some people do pay. A market does exist for these games, at the prices they are at. This was intended as an argument against the original poster saying the games were "so poor" that they are not worth what they are priced. Clearly this is not the case if sales are made. They may not be worth it to him, but certainly they are worth it to enough people that it's profitable.
instead they try to remove piracy, hoping that will increase their income.
So long as some people will legitimately buy it if it became impossible to pirate, this strategy is perfectly valid and can be successful.
a. Don't create games for teenagers,
You are aware that teenagers make up a fairly impressive portion of the (legitimate) market for video games, right?
b. Create smaller games for teenagers, I mean, not all teenagers are the same.
So you believe a market exists for smaller games that game manufacturers aren't exploiting? You should start a video game business and exploit this before they figure it out!
c. Forget about megacraptastic games, there is no audience big enough to pay for that without artificial restrictions.
You mean "megacraptastic", like World of Warcraft? One of the most popular and profitable games in history?
If you believe these games will be impossible to sell without regulating the market to keep prices down, isn't that a problem the sellers of the game need to worry about? If they've spent $100 million on a game, shouldn't it be their problem to figure out how to recover those costs? Are you really that concerned about the financial security of video game companies?
You're missing the point of course, the manufacturing cost is distributed. Game developers are not the only ones that have the means of production. Once a game is made I can copy-manufacture a copy of it.
But how would the game developers be compensated? If everyone could reproduce the work and distribute it, the only businesses that would make money are the duplication companies that can obtain an original and sell it at slightly better than their costs of duplication. At best, the developers would only receive compensation for the very first copy they sold. How do you expect a game to be developed when they're only likely to sell a single copy?
So because you disagree with the (irrational) reasons that people buy a certain kind of product, you believe we should regulate the market to "protect" people from their obviously irrational buying habits? Any other industries/markets you want to control in the same manner? Because I'm sure there are people making irrational buying decisions all over the place.
so what in actuality an old game rehashed, to someone who's very new to the world, it's brand new
So? You'd prefer to deny everyone the opportunity to play a sequel to an old game? Let's prohibit Wii Tennis from being sold in the US, because kids need to learn to appreciate Pong. And get off my lawn!
I'm also getting a mixed message here. Your initial argument seemed to favor less copyright protection, but here, you seem to be advocating more restrictions on works that are based loosely on old works. You want all of the negatives of copyright and none of the positives?
It sounds like your argument has turned away from anything IP-related and is focused now on increased restrictions/regulations of the market economy. Clearly you don't think people are smart/rational enough to make educated buying decisions, so obviously we need to make those decisions for them? Let's just move to a planned economy and take all of the stress out of our lives! I can't believe no one's ever thought of that before.
I think the argument should be viewed in the reverse, considering non-scarcity of said product once it is produced, why haven't prices of games come down? Many hit selling games keep their priceses maximized to extract the maximum amount of profit because they can and becaue most games are so poor to begin with.
If the games are "so poor", why are people paying for them? This isn't like water, rice, or electricity. You aren't going to die if you don't have the latest XYZ game. It's pure entertainment. The price should be what people are willing to pay.
Are you saying that since costs of reproduction are so low, the price should be lower? Entertainment and manufacturing are completely separate things. Just because the costs to reproduce the item are low doesn't mean the costs to produce the "master" were low. By artificially lowering the price of things like computer games, you limit the amount of money the producers can make, which means they have to lower the budget in order to maintain a healthy profit margin, which means the quality of the games you play must go down.
Or are you saying that since the costs of reproduction are effectively zero, the price should be zero? Legalize piracy? Of course, with the producers now making (effectively) zero, it would no longer make sense for them to produce in the first place. You'd stamp out the entire industry, save for a few true "artists" that do it for the love.
How about this: Everyone that thinks computer games cost too much should boycott computer games! Vote with your wallet! Refuse to buy! That'll show 'em!
The whole reason that he's being sued for 'copyright violation' is that there is no real crime here.
Exactly. It's not illegal to be an asshole, so people have to resort to all kinds of creative responses to punish others that they perceive as being assholes.
He pretended to be something he wasn't to elicit a response.
Translation: He lied and deceived these people into providing him with embarrassing materials. That makes him an asshole and he deserves everything he has coming to him.
If somebody exposes themselves to complete stranger it's their liability.
I agree. I have little sympathy for them as well. But they are victims, just as surely as victims of any social engineering attack would be ("Hi, I'm from Bank of America, I just need to verify some of your information..."). In both cases, it was stupid to offer up something embarrassing/personal to a stranger, but in both cases, the stranger deceived them and lied to get that information.
I have no sympathy that a bunch of irresponsible pervs got baited into a trap because of their gullibility,
Do you have no sympathy because they're "irresponsible pervs" or because they "got baited into a trap"? I have to assume that you agree that there is a class of individuals that are indeed victims when they are "baited into a trap". If that trap involves them giving up financial details, a very real crime has occurred here. And while it might be appropriate to label everyone that falls into any type of social engineering trap "gullible", it is not hard to imagine a trap that would catch most everyone using a reasonable amount of care. We can't have cryptographically strong authentication in all aspects of our daily lives.
If, instead, you have no sympathy simply because the victims are "pervs", WTF? Most people grow out of the "point fingers and make fun of" phase by high school. This guy is a textbook sociopath and needs help. Please don't use him as a role model.
In this case, it could still be the right approach. You need to estimate the costs of doing nothing (software free-for-all), and doing everything (total lock-down). Those costs should include the risks of evil/buggy software and practices, and the costs to productivity and employee morale. If your business is a minimum-wage bureaucracy (e.g. a call center), it makes sense to lean to the left and stamp out standardized systems with heavily-tested software. If your business is a high-paid software engineering shop, it makes sense to lean to the right and let individuals use their own judgment. Yes it's riskier, but the alternative would impact the ability of the business to get their work done far more than the costs of the risks they'd assume. The line separating a "default allow" vs. "default deny" risk management policy should be about the middle ground.
I need a solid and effective routine that will tone all my muscle groups efficiently.
vs.
Do any Slashdotters have a regular workout routine... to stave off those pounds?
Do you want to burn calories ("stave off those pounds"), build/tone muscle, or both?
Any cardio program (elliptical machine, bicycle) will help burn calories (and of course, eating fewer calories will do just as well). You can get decent machines for this for a few hundred dollars, and your bicycle makes an effective solo-friendly device for going around your neighborhood.
I recently discovered indoor rock climbing. It's geek-friendly in the sense that you don't need to be an all-star athlete, just a good problem solver. Most indoor climbing gyms have climbs suitable for all levels of skill. I've found this to be a great work-out, and it's not boring, since there's a strong mental component to a climb. As a bonus, you improve balance and flexibility in addition to strength. I consider this to be a "gateway workout"; once you've established your physical limits, it's possible you'll want to start working out properly to get the strength or stamina needed to finish that one really hard climbing route, and if your climbing gym is fully-featured, you'll have access to everything you need to do that. Lastly, climbing requires a partner, so you're sort of forced into a buddy system. Find someone and give it a try. Any climbing gym should be welcoming to newbies, and there's virtually no barrier to entry.
So the problem with accessing the data members directly is that the author has forever limited his implementation to a hash reference. If he decides in later versions that it would be more efficient if it were implemented some other way, he can't do that, because his API assumes it's a hash reference.
The second approach is preferred for that reason, and a (better?) Perl implementation could actually optimize it away to behave exactly like the first case, at least in theory.
All languages have this issue. Many can expose their data members publicly, but there's always the chance that some setter/getter is going to be desirable in the future because you might want to do some filtering or transformation. And then you're stuck being unable to do that without totally rewriting the API and breaking everything.
But you will never, in this situation, know if that (same) entity has ever been the entity that you originally thought it was. You could develop a long, secure and private relationship with a man-in-the-middle pretending to be a web site, sure, but that's not what you want. And if the man-in-the-middle later decides to stop, and suddenly the certificate changes, how does that help you, aside from making you aware that you were tricked? (I'd go out on a limb here and say that this will happen often enough anyway that people will grow numb and ignore it.)
The only way around this is through some sort of authentication. Note that this doesn't have to be strong SSL certificates. You could just post the (pseudo-anonymous) SSL certificate's fingerprint at some other trusted location (say, a business card handed out at a store front). But you've gone way beyond what the typical user is interested in doing at that point.
The only way to get what you're asking for is to get a secondary protocol, somewhere between HTTP and HTTPS, that would provide privacy for the communication link but wouldn't promote the notion that the end domain is what it says it is. Whether such a thing is a good idea is open to question, even if it is desirable.
If you have no guarantees about the identity of the person on the other end, how do you know that your session is really private, when it could be someone sitting in the middle, pretending to be the web site to you, and pretending to be you to the web site? It could be more private to someone casually eavesdropping, but if you're worried about privacy, you should be more worried about the person that has the resources to be that man-in-the-middle. You can't really have a private data exchange with someone who is essentially anonymous.
There's really two different types of certificates here:
You need one that verifies your real-world identity. You have to have some degree of technical knowledge to understand that the name in the Internet domain is absolutely worthless to establish trust. When I visit my bank's web site, regardless of their URL, they should be able to present some kind of certificate that clearly establishes that web site to be my bank's. It should be labeled and effectively impossible to spoof.
You need one that strongly connects the DNS hierarchy. We already have a single, trusted root in the DNS world. Why don't we layer automatically-generated certificates on top of that? The root signs TLD certs. The TLDs sign second-level domain certs. The second-level domain owners can sign certs for whatever they want beneath that. This requires very little extra work, especially compared to getting an SSL cert from a CA today. This can be completely automated, since you don't have to do any real authentication beyond what you've already done by giving out the domain assignment. This cert shouldn't have any information in it except for the domain name.
The latter class of certificate could even be trivially extended to include things like e-mail certificates (validating only the e-mail address, not the identity of the person owning it), or anything else that's based on a DNS name. All for far cheaper than what we have to pay today.
Perhaps, but a number of people, including a lot of religious people, have repeatedly explained why we don't want religious classes in our public schools.
A "world religions" or "comparative religion" class should still be constitutional, and would allow the teacher to dive into some of these things, so long as it was an objective look at the world's religions and not preachy or teaching that any of it is true.
"E. coli" is just a name. The definition of species is very arbitrary from a genetic standpoint, especially with asexual organisms. There is no clap of thunder and a booming voice from Above that announces when a new species emerges. You just have a biologist doing some hand-waving, and drawing a line in a pin-the-tail-on-the-donkey manner. You're waiting for the wrong thing to happen.
Let states pass legislation like this, on the grounds that they rename their science curriculum and classes to reflect what they're teaching: pseudo-science. That way, it's clear to everyone (especially universities) which students (potential employees) have had a proper science curriculum, and which have taken pseudo-science classes that teach them that non-scientific concepts need to be considered as legitimate alternatives to scientific ones. I could care less if a state wants to fuck up all of its children, and raise a generation that can't properly apply the scientific method, just as I could care less that there are millions of parents that do exactly the same thing to their kids with or without good schools today. But at least make it clear to everyone else what's going on and call it what it is.
Why are you repeatedly ignoring the part about having the evidence and law on your side? If the evidence and law are on your side, the only reason you should lose is if your attorney seriously fucks up.
Slashdot Mirror
Many things are, strictly speaking, cancerous, but so unlikely to actually cause cancer that they can be considered safe. You draw a line (presumably) based on the risk. Companies put up these signs not because they believe the risk is worthy of warning, but because if they don't, and someone is able to measure anything on The List, at any concentration, they can sue. The cost of defending a lawsuit (even if you're likely to win) far exceeds the cost of a sign. None of this involves the government, except that the government created the playing field.
Oh? You have evidence that these "cancer-causing" agents weren't being handled with the care they deserved? Sure, there will always be exceptions, but to claim that everyone should do "better" at mitigating risk suggests that mitigation should occur at all costs, which is, of course, completely impractical. Again, you have to draw a line somewhere, and I'd really prefer that line not be drawn by government bureaucrats, or lawyers looking to score on a prop 65 lawsuit, but by science. More is not necessarily safer, and safer is not necessarily better.
That's per capita. Looking at the state as a whole, the ranking changes a bit. But it seems that the per-capita ranking is probably more useful as a measure of the government's ability to maintain a healthy economy.
Wasn't this news a couple of years ago?
http://yro.slashdot.org/article.pl?sid=06/12/18/214215 (http://arstechnica.com/articles/culture/u-verse.ars/2)
http://hardware.slashdot.org/article.pl?sid=07/08/11/1436206
http://tech.slashdot.org/article.pl?sid=07/08/25/1145216
Some web sites run on server farms that have one certificate per machine. In addition, some sites may replace their certificates because they don't know how to migrate their certificate from one web server platform to another, because they're moving to some new software, or any number of reasons. How does a reasonably tech-savvy person validate the new certificate? How do you expect a novice to?
The "problem" here is that people care less about security, and care more about their browser preventing them from doing the thing they want to do. "I just want to place an order! I don't care if it might be risky!" The dialogs and warnings are just annoying things getting in the way of them completing their task, and they just want to be able to click it away. This class of individual isn't going to care or do due diligence when a self-signed certificate changes. There's a reason certificate errors should be fatal.
If you want to be able to use TLS without a root CA, petition your browser and web server vendors to implement OpenPGP-over-TLS, and good luck getting users to understand and establish a meaningful web of trust.
How are you establishing trust by poking around the site? It doesn't take a genius to make their fake web site look like the real thing. They could even proxy requests they don't want to intercept if they want to look genuine. The behavior that you're advocating is the worst possible behavior for users, and we should absolutely not encourage that. If a web site purports to be SSL/TLS-protected, but the certificate is bad, the request should NOT be made until the user takes positive steps to work around it, and it should not be easy, or else users are going to get numb to it, and think of this situation as "normal", and we're right back where we started, with SSL/TLS not actually improving security except for a minority of users that take it seriously.
If you want to enable sites to protect themselves without needing to involve a root CA, start pushing for browsers and web servers to implement OpenPGP-over-TLS, and get users to start establishing a web of trust.
One of the many reasons this passed was because it was clear that the majority could not be relied upon to keep the minorities' interests in mind. This makes this situation somewhat of a special case.
But even assuming I agreed that this was a legitimate counter-example, it just means that sometimes, the majority does the right thing. It does not mean an elite group of super-voters can be relied upon to do that. If that were the case, you could simplify this scenario to one of a single dictator. How often do you see a benevolent dictatorship?
I do agree that a situation like this (even taken to the degree of a dictatorship) has the potential to be better. I think it obvious that an educated person is going to do a better job of effecting public policy than an uneducated person, but you're never going to eliminate politics, and once you get enough people upset that they don't feel they're being listened to or that their requests are being ignored, you're going to end up with a revolt of some kind. So you have to do one of:
How is that a counter-example? Women and blacks were underrepresented in government (voting). They pushed for equality and increasing democratization, and achieved that. What you're advocating is an anti-democratization push, where votes from the educated are given more weight than the uneducated. This depresses the "value" of the uneducated's votes and puts exactly back where we started: with certain minority groups significantly underrepresented in government because they happen to be, on average, less educated.
I do agree that there are other approaches one could take, but I don't agree that this one in particular will work.
If only it were that simple. Giving the educated more votes means the undereducated (which could, depending on where you live, correlate strongly with race or income) aren't represented adequately in government. You have to trust that those with the votes will take the time to ensure the needs of those that don't (can't) vote are met. Historically, this doesn't happen.
As much as I hate things I normally classify as "politics", politics as a whole is absolutely vital to a society. With your system, we would not have video games, movies, TV shows or anything, really, that can be easily duplicated. The only people producing content would be the artists (working for the love of the craft, not to support themselves), and they would never have the funding to produce anything as interesting as what we have on the market today. Whether or not you personally think these products are worth purchasing is irrelevant. Many do, and if we have to make some trade-offs (such as those behind copyright law) in order to allow such a market to exist, that's an acceptable cost. How do we decide how to approach those trade-offs? Politics.
(Though don't get me wrong, I also believe we've gone too far with copyright law, but that's somewhat orthogonal to this discussion.)
Nevertheless, some people do pay. A market does exist for these games, at the prices they are at. This was intended as an argument against the original poster saying the games were "so poor" that they are not worth what they are priced. Clearly this is not the case if sales are made. They may not be worth it to him, but certainly they are worth it to enough people that it's profitable.
So long as some people will legitimately buy it if it became impossible to pirate, this strategy is perfectly valid and can be successful.
You are aware that teenagers make up a fairly impressive portion of the (legitimate) market for video games, right?
So you believe a market exists for smaller games that game manufacturers aren't exploiting? You should start a video game business and exploit this before they figure it out!
You mean "megacraptastic", like World of Warcraft? One of the most popular and profitable games in history?
If you believe these games will be impossible to sell without regulating the market to keep prices down, isn't that a problem the sellers of the game need to worry about? If they've spent $100 million on a game, shouldn't it be their problem to figure out how to recover those costs? Are you really that concerned about the financial security of video game companies?
But how would the game developers be compensated? If everyone could reproduce the work and distribute it, the only businesses that would make money are the duplication companies that can obtain an original and sell it at slightly better than their costs of duplication. At best, the developers would only receive compensation for the very first copy they sold. How do you expect a game to be developed when they're only likely to sell a single copy?
So because you disagree with the (irrational) reasons that people buy a certain kind of product, you believe we should regulate the market to "protect" people from their obviously irrational buying habits? Any other industries/markets you want to control in the same manner? Because I'm sure there are people making irrational buying decisions all over the place.
So? You'd prefer to deny everyone the opportunity to play a sequel to an old game? Let's prohibit Wii Tennis from being sold in the US, because kids need to learn to appreciate Pong. And get off my lawn!
I'm also getting a mixed message here. Your initial argument seemed to favor less copyright protection, but here, you seem to be advocating more restrictions on works that are based loosely on old works. You want all of the negatives of copyright and none of the positives?
It sounds like your argument has turned away from anything IP-related and is focused now on increased restrictions/regulations of the market economy. Clearly you don't think people are smart/rational enough to make educated buying decisions, so obviously we need to make those decisions for them? Let's just move to a planned economy and take all of the stress out of our lives! I can't believe no one's ever thought of that before.
If the games are "so poor", why are people paying for them? This isn't like water, rice, or electricity. You aren't going to die if you don't have the latest XYZ game. It's pure entertainment. The price should be what people are willing to pay.
Are you saying that since costs of reproduction are so low, the price should be lower? Entertainment and manufacturing are completely separate things. Just because the costs to reproduce the item are low doesn't mean the costs to produce the "master" were low. By artificially lowering the price of things like computer games, you limit the amount of money the producers can make, which means they have to lower the budget in order to maintain a healthy profit margin, which means the quality of the games you play must go down.
Or are you saying that since the costs of reproduction are effectively zero, the price should be zero? Legalize piracy? Of course, with the producers now making (effectively) zero, it would no longer make sense for them to produce in the first place. You'd stamp out the entire industry, save for a few true "artists" that do it for the love.
How about this: Everyone that thinks computer games cost too much should boycott computer games! Vote with your wallet! Refuse to buy! That'll show 'em!
Exactly. It's not illegal to be an asshole, so people have to resort to all kinds of creative responses to punish others that they perceive as being assholes.
Translation: He lied and deceived these people into providing him with embarrassing materials. That makes him an asshole and he deserves everything he has coming to him.
I agree. I have little sympathy for them as well. But they are victims, just as surely as victims of any social engineering attack would be ("Hi, I'm from Bank of America, I just need to verify some of your information ..."). In both cases, it was stupid to offer up something embarrassing/personal to a stranger, but in both cases, the stranger deceived them and lied to get that information.
Do you have no sympathy because they're "irresponsible pervs" or because they "got baited into a trap"? I have to assume that you agree that there is a class of individuals that are indeed victims when they are "baited into a trap". If that trap involves them giving up financial details, a very real crime has occurred here. And while it might be appropriate to label everyone that falls into any type of social engineering trap "gullible", it is not hard to imagine a trap that would catch most everyone using a reasonable amount of care. We can't have cryptographically strong authentication in all aspects of our daily lives.
If, instead, you have no sympathy simply because the victims are "pervs", WTF? Most people grow out of the "point fingers and make fun of" phase by high school. This guy is a textbook sociopath and needs help. Please don't use him as a role model.
In this case, it could still be the right approach. You need to estimate the costs of doing nothing (software free-for-all), and doing everything (total lock-down). Those costs should include the risks of evil/buggy software and practices, and the costs to productivity and employee morale. If your business is a minimum-wage bureaucracy (e.g. a call center), it makes sense to lean to the left and stamp out standardized systems with heavily-tested software. If your business is a high-paid software engineering shop, it makes sense to lean to the right and let individuals use their own judgment. Yes it's riskier, but the alternative would impact the ability of the business to get their work done far more than the costs of the risks they'd assume. The line separating a "default allow" vs. "default deny" risk management policy should be about the middle ground.
Your requirements aren't well-defined:
vs.
Do you want to burn calories ("stave off those pounds"), build/tone muscle, or both?
Any cardio program (elliptical machine, bicycle) will help burn calories (and of course, eating fewer calories will do just as well). You can get decent machines for this for a few hundred dollars, and your bicycle makes an effective solo-friendly device for going around your neighborhood.
I recently discovered indoor rock climbing. It's geek-friendly in the sense that you don't need to be an all-star athlete, just a good problem solver. Most indoor climbing gyms have climbs suitable for all levels of skill. I've found this to be a great work-out, and it's not boring, since there's a strong mental component to a climb. As a bonus, you improve balance and flexibility in addition to strength. I consider this to be a "gateway workout"; once you've established your physical limits, it's possible you'll want to start working out properly to get the strength or stamina needed to finish that one really hard climbing route, and if your climbing gym is fully-featured, you'll have access to everything you need to do that. Lastly, climbing requires a partner, so you're sort of forced into a buddy system. Find someone and give it a try. Any climbing gym should be welcoming to newbies, and there's virtually no barrier to entry.
So the problem with accessing the data members directly is that the author has forever limited his implementation to a hash reference. If he decides in later versions that it would be more efficient if it were implemented some other way, he can't do that, because his API assumes it's a hash reference.
The second approach is preferred for that reason, and a (better?) Perl implementation could actually optimize it away to behave exactly like the first case, at least in theory.
All languages have this issue. Many can expose their data members publicly, but there's always the chance that some setter/getter is going to be desirable in the future because you might want to do some filtering or transformation. And then you're stuck being unable to do that without totally rewriting the API and breaking everything.
But you will never, in this situation, know if that (same) entity has ever been the entity that you originally thought it was. You could develop a long, secure and private relationship with a man-in-the-middle pretending to be a web site, sure, but that's not what you want. And if the man-in-the-middle later decides to stop, and suddenly the certificate changes, how does that help you, aside from making you aware that you were tricked? (I'd go out on a limb here and say that this will happen often enough anyway that people will grow numb and ignore it.)
The only way around this is through some sort of authentication. Note that this doesn't have to be strong SSL certificates. You could just post the (pseudo-anonymous) SSL certificate's fingerprint at some other trusted location (say, a business card handed out at a store front). But you've gone way beyond what the typical user is interested in doing at that point.
If you have no guarantees about the identity of the person on the other end, how do you know that your session is really private, when it could be someone sitting in the middle, pretending to be the web site to you, and pretending to be you to the web site? It could be more private to someone casually eavesdropping, but if you're worried about privacy, you should be more worried about the person that has the resources to be that man-in-the-middle. You can't really have a private data exchange with someone who is essentially anonymous.
There's really two different types of certificates here:
You need one that verifies your real-world identity. You have to have some degree of technical knowledge to understand that the name in the Internet domain is absolutely worthless to establish trust. When I visit my bank's web site, regardless of their URL, they should be able to present some kind of certificate that clearly establishes that web site to be my bank's. It should be labeled and effectively impossible to spoof.
You need one that strongly connects the DNS hierarchy. We already have a single, trusted root in the DNS world. Why don't we layer automatically-generated certificates on top of that? The root signs TLD certs. The TLDs sign second-level domain certs. The second-level domain owners can sign certs for whatever they want beneath that. This requires very little extra work, especially compared to getting an SSL cert from a CA today. This can be completely automated, since you don't have to do any real authentication beyond what you've already done by giving out the domain assignment. This cert shouldn't have any information in it except for the domain name.
The latter class of certificate could even be trivially extended to include things like e-mail certificates (validating only the e-mail address, not the identity of the person owning it), or anything else that's based on a DNS name. All for far cheaper than what we have to pay today.
A "world religions" or "comparative religion" class should still be constitutional, and would allow the teacher to dive into some of these things, so long as it was an objective look at the world's religions and not preachy or teaching that any of it is true.
"E. coli" is just a name. The definition of species is very arbitrary from a genetic standpoint, especially with asexual organisms. There is no clap of thunder and a booming voice from Above that announces when a new species emerges. You just have a biologist doing some hand-waving, and drawing a line in a pin-the-tail-on-the-donkey manner. You're waiting for the wrong thing to happen.
Let states pass legislation like this, on the grounds that they rename their science curriculum and classes to reflect what they're teaching: pseudo-science. That way, it's clear to everyone (especially universities) which students (potential employees) have had a proper science curriculum, and which have taken pseudo-science classes that teach them that non-scientific concepts need to be considered as legitimate alternatives to scientific ones. I could care less if a state wants to fuck up all of its children, and raise a generation that can't properly apply the scientific method, just as I could care less that there are millions of parents that do exactly the same thing to their kids with or without good schools today. But at least make it clear to everyone else what's going on and call it what it is.
Hi, take a look at http://code.google.com/p/protobuf/ and http://code.google.com/apis/protocolbuffers/docs/reference/overview.html for details about what it is that's being offered. It's not the format per se that's being released, it's the software that allows you to use it in your own applications.
Why are you repeatedly ignoring the part about having the evidence and law on your side? If the evidence and law are on your side, the only reason you should lose is if your attorney seriously fucks up.