It takes space to draw geometry on paper. Your "encompassing shape" has to be drawn somehow. You have to use up some of your dots doing that.
If this encoding scheme were indeed as simple as this, it could be implemented on top of bitmapped/raster data structure (graphic) instead of paper with theoretically the same storage capacity. A 1200dpi printer printing 7.5"x10" of paper at 24-bit color would give you the equivalent of 309MB of raw, uncompressed storage space. This is the *maximum* amount of space needed to completely reconstruct all of the data present on any sheet of paper produced by any 24-bit 1200dpi printer (assuming it were possible to do that reliably). If this encoding scheme amounts to nothing more than clever use of this space, so as to put 256GB onto something that can be represented in 309MB, that's extraordinary (and as they say, demanding of extraordinary proof).
Three possibilities: this is a scam, something got lost in translation, or there is far more to the story than this.
While I agree that encrypted file systems and strong authentication should be used when data is taken offsite, it's important to remmeber that the data probably wasn't supposed to be offsite in the first place.
I agree. Where I work, we actually take things further. Any customer information like this, even if it's stored on internal systems, must still be stored encrypted. It is also unlikely our developers would have ever needed live production customer data to test with, so it would be odd (suspicious) that this information would ever be needed on any non-production system, much less an individual's laptop.
Unfortunately, once you let one person into your systems that doesn't understand the need for security, it doesn't matter how many layers your security policy has. If it doesn't occur to them that ignoring one layer is bad, they're going to ignore all of them. So it doesn't surprise me that someone willing to copy live production customer data to their laptop to play around with would take that same laptop home, and would then fail to protect it.
While I'm usually the first to suggest incompetence over maliciousness, I really have to wonder what percentage of these "thefts" are really employees selling customer data, under the guise of an "innocent" security lapse.
This is absolutely insane. You do not need a full account database in order to do a project. A project like this should have a test database that contains bogus customer information for testing purposes. I work for a major telecommunications company on our billing-related application team, and I have never seen or heard of our developers doing things like this.
I can understand, though, how some smaller companies may not have the resources to do things like this properly, but for the benefit of other readers, not everyone handles customer data the way you/your client did here.
I had a friend of mine in college get pulled over for something benign, but they suspected something more was going on, so they asked to search his car. He stood up to them and said no. 3 hours later, surrounded by 3 other police cars and after some drug-sniffing dogs had gone over the outside of their car, they were allowed to leave with tickets for 2 or 3 minor offenses (basically everything the police could find to charge them with).
But you're right: they never searched his car. I understand it was quite an experience, though.
Which would only make sense, in the end. By getting funding from others, they call the shots. On my first trip back, I'd arrange it so that my funding ultimately came from somewhere else.
At the risk of perpetuating more "childishness", your hostility suggests you're misunderstanding something. If you pay some vendor for support, you're, of course, at their whim as far as what is or is not supported. But you're always free to move to another vendor that is continuing to provide support when your original vendor stops.
But you're right: at some point, people are going to say it isn't worth it to continue supporting. At that point, you need to take a look at what you have, what it would cost to upgrade, and what would be involved in self-supporting. If you have developers that are tying into open source libraries to do some work, presumably they have a certain minimum level of competency and could do at least a marginal amount of self-support with little extra expense (aside from their time). If you need more than that, you need to budget for it. Bear in mind that your incremental support costs may go up, but if you've gone this long without needing bug fixes or the like with this open source library, you might find that you don't actually need to support it very much, so the number of incidents should go down.
Like it or not, you're going to pay to support something. If the vendors have chosen not to, then you need to bring it in house. I don't understand what's so childish about that. It's simple business/economics. Weigh that against backwards compatible upgrades where support is "automatic"--if you pay for the upgrade. There's no such thing as a free lunch.
So don't upgrade major versions. Something breaking between 2.0.23 and 2.0.28 is a bug, and should be filed and treated as a bug (unless it was your error). Have you done that? Important applications should undergo testing when new releases of libraries come out, specifically to catch issues like this. The fact that your testing picks up problems doesn't mean there's a flaw in the process. This demonstrates that the process is working. If you had simply upgraded all of your clients with the assumption that things would work, that would indicate a flaw in the process.
Something breaking between 1.x and 2.x is expected. A lack of compatibility is expressed right there in the version number. Major projects will keep each major version going independently for some time. You should continue to see bug fixes in the 1.x line even though 2.x is out, provide demand and interest is there.
It's also open-source, so you're free to keep your own development and bug fixes going if you can fund it yourself.
then all Derivative Works based on that Work are also in the Public Domain, and therefore uncopyrightable.
This sort of defeats the purpose of copyright, doesn't it? The idea is to allow content producers to have exclusive rights, thus allowing artists to safely exercise their creativity and produce new things. If you prevent them from being able to have these protections for things they've produced that happen to include things that are in the public domain, they simply won't do it, and we lose out on those types of works. What is the point of putting something into the public domain if people have a disincentive to use it?
The key concept is consideration and that's covered by the rights granted under the licence.
Consideration must go both ways. Both sides must "get" something out of the agreement and/or be required to "do" something as part of the agreement for it to be a contract.
If your house has the front door standing open and your name is on the mail box, is it okay for me to cruise by, see it, come on in...
If my house had a "Fastolfe's Widgets and More!" sign above it, and a reasonable person would think my home looks like a business. Bear in mind that in many older cities, buildings have been converted from homes and apartments into shops and businesses with little change in the appearance of the building. In these areas, it's the signs that make it clear.
... and take something you own?
That's just stealing, and you'd get in trouble for it even if my home were a legitimate business. When it's snowing outside and you walk into a store, you're "taking" their heat and shelter. They have to pay money to keep you warm and dry. Are you leeching off someone else's dollar? Let's assume you entered the store specifically for that reason, and you have no intention of shopping there. Even that isn't illegal, or even legally actionable by itself. They're free to ask you to leave, however, if/when they discover that you aren't a real customer.
The difference between someone leeching and someone making legitimate use of something legitimately shared rests entirely with the intent of the owner of the access point. Unfortunately, 802.11 does not distinguish between someone legitimately attempting to share their access point with little or no compensation, and an idiot plugging in an access point and bulldozing their way through every question/setting that prevents their wireless laptop from working, without reading the instructions or understanding the ramifications of their choices.
Think of a row house where someone puts a fake business sign on their door, and some fake "We accept Visa/MasterCard" stickers on the window, because they think it'd be funny. Do they have a right to call the cops on every person that walks through their front door thinking it's a business? A proper solution is to put up a sign that says "Not open to the public" or take down the signs that make it look like it is. In 802.11 terms, this means securing the access point.
In many jurisdictions, there is a "reasonable person" test that would probably apply here. Businesses don't have locked doors, and it's not trespassing for you to enter them without explicit permission. But the fact that there's a business name above the front door, and their front door is unlocked, is usually enough for one to assume that permission is implied.
A wireless access point that is *announcing* itself as being open could be considered implied permission to use it. Note that the access point doesn't just have a sign on it that says "open". It is actively beaconing its "openness" to solicit users. This is all defined as part of the 802.11 "contract" between computer systems, and just because some owners don't understand what they're doing when they set up an 802.11 access point doesn't mean it's unreasonable for others to assume they do.
Of course, when the owner of the access point tells someone to stop using it, that implied permission no longer exists, just like a business owner can tell someone to leave their store. You've been asked not to use it, so any continued use is legally actionable (though it still may not be illegal, depending on the laws in your area).
We are often quite ill-informed with respect to business.
At times that is correct. But it is the exception, not the rule.
While PHB decisions absolutely do exist, we engineers falsely label some rational decisions as PHB due to our ignorance of issues outside of engineering.
Again, at times that is correct. But it is the exception, not the rule.
In my experience, this is the norm, not the exception, at least for large-scale work. I work at a major telecommunications company and am smack in the center of our software development process. Large companies are notorious for being run like a military: the grunts know very little about overall strategy, and are only told what they need to do to do their jobs effectively. Sometimes this means we need to see the company's goals and strategies, but sometimes those goals and strategies are things the company wants to keep out of sight, because they know it's going to be unpopular. We routinely see decisions made by management that appear to be sheer idiocy, clearly run counter to technical recommendations, with no apparent plausible benefit to the business.
In reality, many of these decisions actually are made with business interests in mind. The technical side of the house just isn't aware of it. All they see is a bad decision that nobody wants to explain. This is still a problem, but it's one of communication and trust, not necessarily competency.
Of course, just because I'm considering this to be the "norm" doesn't mean exceptions aren't insignificant or uncommon. In my experience, these issues are less common in smaller businesses as well.
With no active research, what you "know" will be whatever people have forced on you. This means your view of the candidates and the issues will be based on TV spots, signs, telephone calls, mail, and the visitors that knock on your door. Every one of these sources is going to be heavily biased, will work to mislead you, and appeal to your emotions. Not one of them will give you any rational basis for a vote.
Votes based on this information won't be random, because the information available to you isn't going to be random. One side is going to have a more emotional ad, or a more memorable sign. Your vote isn't going to be random, and it isn't going to be helpful. Your vote is going to be for whichever side happens to be the loudest, or the most successful in their media campaign. Neither of these things has anything to do with the merits of the issues or the qualifications of the candidates. This is not how we need our elections to be decided.
People don't normally walk in and attempt to vote in a statistically random manner. They're going to look at two names and think, "Which one should I vote for?" With no research, it's their subconscious that ends up voting. What does the subconscious rely on? Clever, well-timed, or memorable TV spots, signs, telephone calls, whatever. The voter might only really hear one issue about the candidate, and that alone determines who he will vote for. This isn't a random vote, it's a vote for the loudest candidate.
I completely agree. This is an appropriate time to get extremely formal. Document these things in writing, on paper, and explain these things in strong words, and follow up with a reaffirmation of your NDA. Maybe even make it clear that you're doing this as a CYA measure.
One possible "benefit" to this approach is that your sudden attention to formality here in documenting this should scare the executives into thinking about this a little harder. "If he feels it necessary to collect some CYA documentation, maybe his concerns warrant some attention after all."
Fast forward a some millennia, and you'll see scientists scrambling to fight global cooling:
"Now that we're on the down slope of the natural ebb of the planet's temperatures, we have a more serious problem, because of all of those naive attempts to subvert global warming. Since they succeeded in preventing the earth from getting up to its normal non-ice-age temperatures, our next ice age will be unrecoverable!"
This probably wouldn't work as well as you would like.
For starters, if the infringing activity is a crime in your country, it's your country's law enforcement that prosecutes you. All it would take is someone pointing out what you're doing.
But ignoring that, many of the major sue-happy copyright holders have versions of themselves in lots of countries, so you might deter them a little bit (or maybe a lot), but not entirely. This approach would, however, deter most or all of the suits from smaller copyright holders, like individual artists and local labels. This probably isn't the best way to win the war.:/
In the US, copyright infringement is entirely a civil tort. Meaning it's not "illegal" (it breaks no laws), but it does infringe on someone's rights, so you can be tried in the civil court system and be required to pay damages.
There are some laws on the books, however, for certain extreme cases of copyright infringement, where you're doing some wholesale reselling of copyrighted works and the like, and you can be fined/imprisoned for that. The DMCA also makes certain infringement-related activities like circumvention of security a crime.
But this is just the US, of course. Other countries may treat simple copying as a crime and put you in prison for it. You can't be imprisoned for civil torts in the US.
Everyone also needs to keep in mind that in most countries where these things are issues, the offenses related to downloading things versus sharing them are completely different. I don't believe anybody even in the US has been taken to court merely for downloading. It's always about sharing (redistribution). It's frustrating when the media tends to use the two things interchangeably.
I second this. My web site isn't really for visitors, it's for me. Every few years I completely rebuild it using whatever technology happens to have my interest at the time. Since my goal isn't to create a new web site, I have no pressure to rush through things to reach the goal, which means I can take it slow and figure out how to do things the *right* way. This way I'm not learning fast-and-dirty programming skills (the path to products of inferior quality), I'm learning best practices, and the art behind the programming.
It seems like someone does a study that supports conclusion A, and then everyone says, "But we really need more studies to be sure." So then more studies come out, and now one supports B, but everyone follows it up with, "But we really need more studies to be sure."
Contrary to what people seem to think, we actually have an excellent understanding of electromagnetic radiation and its effects on biological tissue. This knowledge is the foundation of things such as the microwave oven and X-ray and MRI imaging. Now, I'm all for questioning what we think we know, in the name of science, but at some point you have to wonder if all of these studies are fueled by ignorant fear and not out of a desire for good science.
I think the parent poster is trying to say that both SSL and VPN connections could traverse HTTP(S) proxies by claiming to need a connection established to a remote site on port 443. Since SSL/TLS traffic cannot be intercepted, it's not possible to proxy it at the application layer, and a transport-layer tunnel is used instead. The problem is, since the proxy treats this as an opaque transport-layer tunnel, it doesn't know what application-layer protocol is actually being used. It's usually SSL or TLS (and proxies can restrict the remote port to 443 to help with that assumption), but it could be VPN or even TELNET for all it knows.
I'm a little confused. You make a statement saying marijuana is physiologically addictive, but then back it up with discussion of alcohol? We've established that alcohol is physiologically addictive, but alcohol has nothing to do with marijuana. What component of marijuana establishes a physiological, chemical dependency in the human body? Don't confuse withdrawal with "man, I really want to experience that again".
Where I work, "incidental" personal use is tolerated. All requested URLs are logged. Our asset protection group looks at this information and pulls out those suspected of spending too much time online. They would then investigate and if it looked like the person was spending most of their day browsing non-business sites, they'd bring that information to the attention of their supervisor. We also utilize blocking software, and if employees tend to hit too many of these blocks, it's my understanding that that also triggers an informal investigation. Our blocking rules are obtained from a 3rd-party, though, and are pretty useless, so I don't know how much this is looked at anymore.
Lower-level or mid-level managers can't just request usage logs. Because we do permit incidental personal use, there are privacy implications and for that reason, only our asset protection group conducts the investigations. (I suppose it might be possible for a supervisor to request an investigation, but I've never heard of anyone doing that.)
Independently of that, though, our PC support is centralized, and if you need some work done on your PC, and they stumble across questionable content in your web cache (or anywhere else), you can bet that you'll be hearing about it. (But again, you'll either hear it from them, as a courtesy warning, or they'll take it to the asset protection group for a proper investigation, not your supervisor.)
Slashdot Mirror
It takes space to draw geometry on paper. Your "encompassing shape" has to be drawn somehow. You have to use up some of your dots doing that.
If this encoding scheme were indeed as simple as this, it could be implemented on top of bitmapped/raster data structure (graphic) instead of paper with theoretically the same storage capacity. A 1200dpi printer printing 7.5"x10" of paper at 24-bit color would give you the equivalent of 309MB of raw, uncompressed storage space. This is the *maximum* amount of space needed to completely reconstruct all of the data present on any sheet of paper produced by any 24-bit 1200dpi printer (assuming it were possible to do that reliably). If this encoding scheme amounts to nothing more than clever use of this space, so as to put 256GB onto something that can be represented in 309MB, that's extraordinary (and as they say, demanding of extraordinary proof).
Three possibilities: this is a scam, something got lost in translation, or there is far more to the story than this.
I agree. Where I work, we actually take things further. Any customer information like this, even if it's stored on internal systems, must still be stored encrypted. It is also unlikely our developers would have ever needed live production customer data to test with, so it would be odd (suspicious) that this information would ever be needed on any non-production system, much less an individual's laptop.
Unfortunately, once you let one person into your systems that doesn't understand the need for security, it doesn't matter how many layers your security policy has. If it doesn't occur to them that ignoring one layer is bad, they're going to ignore all of them. So it doesn't surprise me that someone willing to copy live production customer data to their laptop to play around with would take that same laptop home, and would then fail to protect it.
While I'm usually the first to suggest incompetence over maliciousness, I really have to wonder what percentage of these "thefts" are really employees selling customer data, under the guise of an "innocent" security lapse.
This is absolutely insane. You do not need a full account database in order to do a project. A project like this should have a test database that contains bogus customer information for testing purposes. I work for a major telecommunications company on our billing-related application team, and I have never seen or heard of our developers doing things like this.
I can understand, though, how some smaller companies may not have the resources to do things like this properly, but for the benefit of other readers, not everyone handles customer data the way you/your client did here.
I had a friend of mine in college get pulled over for something benign, but they suspected something more was going on, so they asked to search his car. He stood up to them and said no. 3 hours later, surrounded by 3 other police cars and after some drug-sniffing dogs had gone over the outside of their car, they were allowed to leave with tickets for 2 or 3 minor offenses (basically everything the police could find to charge them with).
But you're right: they never searched his car. I understand it was quite an experience, though.
Which would only make sense, in the end. By getting funding from others, they call the shots. On my first trip back, I'd arrange it so that my funding ultimately came from somewhere else.
At the risk of perpetuating more "childishness", your hostility suggests you're misunderstanding something. If you pay some vendor for support, you're, of course, at their whim as far as what is or is not supported. But you're always free to move to another vendor that is continuing to provide support when your original vendor stops.
But you're right: at some point, people are going to say it isn't worth it to continue supporting. At that point, you need to take a look at what you have, what it would cost to upgrade, and what would be involved in self-supporting. If you have developers that are tying into open source libraries to do some work, presumably they have a certain minimum level of competency and could do at least a marginal amount of self-support with little extra expense (aside from their time). If you need more than that, you need to budget for it. Bear in mind that your incremental support costs may go up, but if you've gone this long without needing bug fixes or the like with this open source library, you might find that you don't actually need to support it very much, so the number of incidents should go down.
Like it or not, you're going to pay to support something. If the vendors have chosen not to, then you need to bring it in house. I don't understand what's so childish about that. It's simple business/economics. Weigh that against backwards compatible upgrades where support is "automatic"--if you pay for the upgrade. There's no such thing as a free lunch.
So don't upgrade major versions. Something breaking between 2.0.23 and 2.0.28 is a bug, and should be filed and treated as a bug (unless it was your error). Have you done that? Important applications should undergo testing when new releases of libraries come out, specifically to catch issues like this. The fact that your testing picks up problems doesn't mean there's a flaw in the process. This demonstrates that the process is working. If you had simply upgraded all of your clients with the assumption that things would work, that would indicate a flaw in the process.
Something breaking between 1.x and 2.x is expected. A lack of compatibility is expressed right there in the version number. Major projects will keep each major version going independently for some time. You should continue to see bug fixes in the 1.x line even though 2.x is out, provide demand and interest is there.
It's also open-source, so you're free to keep your own development and bug fixes going if you can fund it yourself.
This sort of defeats the purpose of copyright, doesn't it? The idea is to allow content producers to have exclusive rights, thus allowing artists to safely exercise their creativity and produce new things. If you prevent them from being able to have these protections for things they've produced that happen to include things that are in the public domain, they simply won't do it, and we lose out on those types of works. What is the point of putting something into the public domain if people have a disincentive to use it?
Consideration must go both ways. Both sides must "get" something out of the agreement and/or be required to "do" something as part of the agreement for it to be a contract.
If my house had a "Fastolfe's Widgets and More!" sign above it, and a reasonable person would think my home looks like a business. Bear in mind that in many older cities, buildings have been converted from homes and apartments into shops and businesses with little change in the appearance of the building. In these areas, it's the signs that make it clear.
That's just stealing, and you'd get in trouble for it even if my home were a legitimate business. When it's snowing outside and you walk into a store, you're "taking" their heat and shelter. They have to pay money to keep you warm and dry. Are you leeching off someone else's dollar? Let's assume you entered the store specifically for that reason, and you have no intention of shopping there. Even that isn't illegal, or even legally actionable by itself. They're free to ask you to leave, however, if/when they discover that you aren't a real customer.
The difference between someone leeching and someone making legitimate use of something legitimately shared rests entirely with the intent of the owner of the access point. Unfortunately, 802.11 does not distinguish between someone legitimately attempting to share their access point with little or no compensation, and an idiot plugging in an access point and bulldozing their way through every question/setting that prevents their wireless laptop from working, without reading the instructions or understanding the ramifications of their choices.
Think of a row house where someone puts a fake business sign on their door, and some fake "We accept Visa/MasterCard" stickers on the window, because they think it'd be funny. Do they have a right to call the cops on every person that walks through their front door thinking it's a business? A proper solution is to put up a sign that says "Not open to the public" or take down the signs that make it look like it is. In 802.11 terms, this means securing the access point.
In many jurisdictions, there is a "reasonable person" test that would probably apply here. Businesses don't have locked doors, and it's not trespassing for you to enter them without explicit permission. But the fact that there's a business name above the front door, and their front door is unlocked, is usually enough for one to assume that permission is implied.
A wireless access point that is *announcing* itself as being open could be considered implied permission to use it. Note that the access point doesn't just have a sign on it that says "open". It is actively beaconing its "openness" to solicit users. This is all defined as part of the 802.11 "contract" between computer systems, and just because some owners don't understand what they're doing when they set up an 802.11 access point doesn't mean it's unreasonable for others to assume they do.
Of course, when the owner of the access point tells someone to stop using it, that implied permission no longer exists, just like a business owner can tell someone to leave their store. You've been asked not to use it, so any continued use is legally actionable (though it still may not be illegal, depending on the laws in your area).
In my experience, this is the norm, not the exception, at least for large-scale work. I work at a major telecommunications company and am smack in the center of our software development process. Large companies are notorious for being run like a military: the grunts know very little about overall strategy, and are only told what they need to do to do their jobs effectively. Sometimes this means we need to see the company's goals and strategies, but sometimes those goals and strategies are things the company wants to keep out of sight, because they know it's going to be unpopular. We routinely see decisions made by management that appear to be sheer idiocy, clearly run counter to technical recommendations, with no apparent plausible benefit to the business.
In reality, many of these decisions actually are made with business interests in mind. The technical side of the house just isn't aware of it. All they see is a bad decision that nobody wants to explain. This is still a problem, but it's one of communication and trust, not necessarily competency.
Of course, just because I'm considering this to be the "norm" doesn't mean exceptions aren't insignificant or uncommon. In my experience, these issues are less common in smaller businesses as well.
You will know something.
With no active research, what you "know" will be whatever people have forced on you. This means your view of the candidates and the issues will be based on TV spots, signs, telephone calls, mail, and the visitors that knock on your door. Every one of these sources is going to be heavily biased, will work to mislead you, and appeal to your emotions. Not one of them will give you any rational basis for a vote.
Votes based on this information won't be random, because the information available to you isn't going to be random. One side is going to have a more emotional ad, or a more memorable sign. Your vote isn't going to be random, and it isn't going to be helpful. Your vote is going to be for whichever side happens to be the loudest, or the most successful in their media campaign. Neither of these things has anything to do with the merits of the issues or the qualifications of the candidates. This is not how we need our elections to be decided.
People don't normally walk in and attempt to vote in a statistically random manner. They're going to look at two names and think, "Which one should I vote for?" With no research, it's their subconscious that ends up voting. What does the subconscious rely on? Clever, well-timed, or memorable TV spots, signs, telephone calls, whatever. The voter might only really hear one issue about the candidate, and that alone determines who he will vote for. This isn't a random vote, it's a vote for the loudest candidate.
I completely agree. This is an appropriate time to get extremely formal. Document these things in writing, on paper, and explain these things in strong words, and follow up with a reaffirmation of your NDA. Maybe even make it clear that you're doing this as a CYA measure.
One possible "benefit" to this approach is that your sudden attention to formality here in documenting this should scare the executives into thinking about this a little harder. "If he feels it necessary to collect some CYA documentation, maybe his concerns warrant some attention after all."
Fast forward a some millennia, and you'll see scientists scrambling to fight global cooling:
"Now that we're on the down slope of the natural ebb of the planet's temperatures, we have a more serious problem, because of all of those naive attempts to subvert global warming. Since they succeeded in preventing the earth from getting up to its normal non-ice-age temperatures, our next ice age will be unrecoverable!"
This probably wouldn't work as well as you would like.
:/
For starters, if the infringing activity is a crime in your country, it's your country's law enforcement that prosecutes you. All it would take is someone pointing out what you're doing.
But ignoring that, many of the major sue-happy copyright holders have versions of themselves in lots of countries, so you might deter them a little bit (or maybe a lot), but not entirely. This approach would, however, deter most or all of the suits from smaller copyright holders, like individual artists and local labels. This probably isn't the best way to win the war.
In the US, copyright infringement is entirely a civil tort. Meaning it's not "illegal" (it breaks no laws), but it does infringe on someone's rights, so you can be tried in the civil court system and be required to pay damages.
There are some laws on the books, however, for certain extreme cases of copyright infringement, where you're doing some wholesale reselling of copyrighted works and the like, and you can be fined/imprisoned for that. The DMCA also makes certain infringement-related activities like circumvention of security a crime.
But this is just the US, of course. Other countries may treat simple copying as a crime and put you in prison for it. You can't be imprisoned for civil torts in the US.
So when are we going to see our elected representatives put up blogs and discussion forums for their constituencies?
Everyone also needs to keep in mind that in most countries where these things are issues, the offenses related to downloading things versus sharing them are completely different. I don't believe anybody even in the US has been taken to court merely for downloading. It's always about sharing (redistribution). It's frustrating when the media tends to use the two things interchangeably.
I second this. My web site isn't really for visitors, it's for me. Every few years I completely rebuild it using whatever technology happens to have my interest at the time. Since my goal isn't to create a new web site, I have no pressure to rush through things to reach the goal, which means I can take it slow and figure out how to do things the *right* way. This way I'm not learning fast-and-dirty programming skills (the path to products of inferior quality), I'm learning best practices, and the art behind the programming.
(IMO.)
It seems like someone does a study that supports conclusion A, and then everyone says, "But we really need more studies to be sure." So then more studies come out, and now one supports B, but everyone follows it up with, "But we really need more studies to be sure."
Contrary to what people seem to think, we actually have an excellent understanding of electromagnetic radiation and its effects on biological tissue. This knowledge is the foundation of things such as the microwave oven and X-ray and MRI imaging. Now, I'm all for questioning what we think we know, in the name of science, but at some point you have to wonder if all of these studies are fueled by ignorant fear and not out of a desire for good science.
I think the parent poster is trying to say that both SSL and VPN connections could traverse HTTP(S) proxies by claiming to need a connection established to a remote site on port 443. Since SSL/TLS traffic cannot be intercepted, it's not possible to proxy it at the application layer, and a transport-layer tunnel is used instead. The problem is, since the proxy treats this as an opaque transport-layer tunnel, it doesn't know what application-layer protocol is actually being used. It's usually SSL or TLS (and proxies can restrict the remote port to 443 to help with that assumption), but it could be VPN or even TELNET for all it knows.
I'm a little confused. You make a statement saying marijuana is physiologically addictive, but then back it up with discussion of alcohol? We've established that alcohol is physiologically addictive, but alcohol has nothing to do with marijuana. What component of marijuana establishes a physiological, chemical dependency in the human body? Don't confuse withdrawal with "man, I really want to experience that again".
Where I work, "incidental" personal use is tolerated. All requested URLs are logged. Our asset protection group looks at this information and pulls out those suspected of spending too much time online. They would then investigate and if it looked like the person was spending most of their day browsing non-business sites, they'd bring that information to the attention of their supervisor. We also utilize blocking software, and if employees tend to hit too many of these blocks, it's my understanding that that also triggers an informal investigation. Our blocking rules are obtained from a 3rd-party, though, and are pretty useless, so I don't know how much this is looked at anymore.
Lower-level or mid-level managers can't just request usage logs. Because we do permit incidental personal use, there are privacy implications and for that reason, only our asset protection group conducts the investigations. (I suppose it might be possible for a supervisor to request an investigation, but I've never heard of anyone doing that.)
Independently of that, though, our PC support is centralized, and if you need some work done on your PC, and they stumble across questionable content in your web cache (or anywhere else), you can bet that you'll be hearing about it. (But again, you'll either hear it from them, as a courtesy warning, or they'll take it to the asset protection group for a proper investigation, not your supervisor.)