I correct the McDonalds case more often than I should have to. One of the things that I try to do is add context to discussions. Most recently, this has centered on attacks on Obama and Democrats in general, but I did the same thing when Bush was in office. I especially focus on Supreme Court decisions (and sometimes just oral arguments, which seem to be the recent topic with the same-sex marriage arguments just the other day) which sometimes seem to fly in the face of common sense but which, when read, show that they generally have come to a thoughtful decision, even if I disagree with it. (One exception is the eminent domain case from a few years back--that was just badly flawed from start to finish, as even most seasoned observers noted. If anything gets a constitutional amendment next, I expect it will be that one after a few particularly egregious examples. But I digress.)
Going somewhat non-partisan, those who attack a president for "taking a vacation" really don't understand what it means to be president. That's four years per term of never once having a day off. They have daily briefings, conduct necessary phone calls, make decisions small and large, and most of the other things they do on a daily basis from the White House. The only difference is that they're in an area that's largely off-limits to the press, and they get a few hours to do what they want to do at a leisurely pace, whether it's Obama golfing or Bush ranching or whatever.
It generally costs more over time, but that's not the same as being less affordable. Affordable is when something can fit into a budget, and leasing provides that option. You compare it to renting, but that only undermines your argument. Most people can afford to rent a home; fewer can afford to buy a home, and far fewer still can afford to do so in cash.
Especially if Tesla wants to make this a game-changer the world over, it will be necessary to have that as an option. A ten-year warranty (with optional ten-year extension) means whatever replacements will be necessary are already being factored into the cost.
They have a different product for utilities that will have longer service life and be available in much larger blocks of 100kWh that can be tied together. They wouldn't be used to replace pumped-storage or the like, but to help smooth out power. One of the constant complaints of those against wind and solar (which can include the power companies themselves) is that the varying input from short-term fluctuations is too hard to handle. With banks of batteries like this, it alleviates much of that problem.
I despise people of any political persuasion making fun of any other side. I have Republican friends who have quoted the same line, and I call them on it whenever they do. I also have Democratic friends who refer to the other side by various names such as "Republitards" and I call them on it as well.
We cannot have any kind of discussion as long as we're hurling insults at each other. We can disagree--even vehemently--but the moment we start telling the other side that they suck is the point where we start closing off discussion based on basic human emotional response.
The draw of trailer homes is that they're cheap. You can get a fairly nice one for a few tens of thousands. The downside, of course, is that they're not built to be permanent: any significant storm can do enough damage to make them unlivable. When homes are 3D-printed, that will change as the homes become stable locations that can handle decades of weather, likely with fewer construction defects.
We've had those kinds of areas before when the tract homes went up after WW2. I grew up in an area where about 90% of the homes had exactly the same layout, albeit mirrored from one house to the next to give a semblance of appearance of individuality. The remaining ones differed in being corner homes or a rare two-story house, and I think the extra stories were added later. This would be no different, except that they can probably be built more cheaply, bringing down the cost of home ownership (or maybe just raising the profits of homebuilders).
The combination of shrinking workforce and extreme automation is going to be a hard one to get past. I suspect that economics are going to have to be completely rethought. Right off the top, simple questions arise, like how does one continue to grow a business when the potential marketplace is stagnant or even shrinking? When there's relatively solid population growth, there exist opportunities for businesses to grow without taking too much business away from other companies. But when your potential market is shrinking at half a percent per year, the nature of competition changes. Businesses are likely to shut down or go bankrupt more quickly, which reduces the employment level.
I imagine that interim measures like mandatory, strictly-enforced hours caps will happen to try to prop up the job market, since one person doing 60 hours of work in a week can be roughly done by two people at 30 hours each, but those measures will only work for so long. I don't know if we're headed for a dystopia with even greater gaps between the haves and have-nots, or if our future is a more leisurely one where we're able to engage in lifestyles rarely considered by people since the dawn of civilization. I'd like to think that technology will advance to the point that we'll be able to experience the sensations associated with being rich more easily and maybe the draw to collect money to spend on things will fade.
More likely is that it will be something that I cannot currently conceive. But since my life expectancy takes me out to somewhere around 2060, I expect I'll have a chance to see where things will go.
WordPress is trivially easy to use. That's it's draw. Just figuring how to edit a menu in Joomla took significant effort, and I still have to refer back to my notes to figure out how to do it if it's been a few weeks and I need to create something from scratch. It's significant overkill for someone who just wants to set something up to get their words out to the world.
There are other issues that can be a headache as well. A lot of people rely on auto-installers to get things in place, but Joomla's web install functionality has been disabled since the upgrade to 3.4 (or at least it still was the last time I tried to use it a couple of weeks ago). It's trivial for me to get around that, though I admit that I would be happier just clicking the install button instead of going through the extra steps, some of which aren't options for people on servers with small max upload sizes.
Maybe these wouldn't be issues with Drupal, but at this point, I'd rather not go through the potential headache of finding out when the site is working fine under Joomla. But on the main point, people will go with ease over security almost every time, and that means WordPress wins.
This is all true, but people are more likely to go with what's available (generally meaning pre-made themes) or what developers work on most often (meaning the major platforms). Finding hosting that offers alternatives to PHP may also not be the easiest thing, especially if you don't know about PHP's history.
None of this is insurmountable with knowledge and/or research, but it's a larger hill than that of PHP, so the tendency will be for people to go the easier route.
I tinkered with Drupal, but the philosophy behind Joomla to abstract as much of the code as possible was appealing, and this was right after the SQL injection vulnerability discovered in October, so my trust of their code was lacking. Maybe Drupal would be better than Joomla on a daily basis, but at the time, it just had too much going against it.
People go to the shiny sites. If they see older-looking sites, they're less likely to stick around, particularly if it doesn't have the nice features that the newer sites have.
For all the problems that PHP has, I don't see many nearly as many sites going up built on other platforms, in large part because they're playing catch-up and are still largely years behind..NET is probably the closest, but when you look at the number of free or even inexpensive sites running Windows, it pales in comparison to the PHP-based sites.
Add to this that WordPress is by far the easiest of the major CMS platforms to manage, and it gets even worse. I manage a couple of WordPress sites and a Joomla site. WordPress largely Just Works(TM). Joomla works for basics, but every time I want to get beyond adding a menu item, it becomes a whole new learning process.
GM has managed to garner additional positive attention by going back and fixing so many things, as well as by admitting that they should have found (or in some cases did find) the problem and identified a solution. It may have led some other car companies to do something similar, as even without GM, recalls are at record or near-record levels for several companies. Suddenly, recalls seem like the responsible thing to do and appear to help the brand image.
Articles from last year suggest that the Facebook posting was exactly what led to it. After the defense attorney saw the post by the judge, he motioned for recusal and mistrial. Slaughter was removed from the case, and soon after, the new judge declared a mistrial.
The accused was found not guilty, and looking at the details of the case, it's not hard to see why. The child was (and probably still is) severely disturbed, allegedly killing small animals, making threats against his parents, and hiding knives.
The state wasn't going to offer a plea deal because the only thing that could have been changed was the sentence from death to life in prison without parole. I believe the prosecutors said as much. They were going for the death penalty, no exceptions.
Worked for me for the most part in Switzerland and Italy.
The only odd exception was a tech store clerk in Zurich who didn't speak English. I speak a smattering of Spanish and my wife conversational French, but he only knew German, Dutch, Italian, and Portuguese. Between seven languages, we couldn't find a common one (and for those that were similar to Spanish, I don't know enough Spanish for the overlap to be meaningful). Eventually, our Swiss friend found us and was able to help us find what we needed.
YouTube hasn't been tied to flash for a couple of months, with HTML5 the default video play mechanism since late January. Not all browsers will pick that up, apparently, since I've recently had Flash crash in Firefox during a YouTube playback.
There are plenty of sites still tied to Flash, and that includes internal corporate sites. Those will be even harder to dig out, and Chrome is about the only means of Linux users to access Flash these days (at least in a vaguely secure fashion, since Flash for Linux hasn't been supported by Adobe in some time).
The Chrome dev team has been trying to eliminate cruft from the code base for a while now, as is visible if you spend some time in the bug tracker. This may be a case where they got overzealous in trying to not have legacy code remain when they implemented a new feature. But given the number of distros running 3.17 or later, it should have been obvious that backports would be required for many (most?) distros, and that backporting is often seen as more work that distro devs would rather avoid so they can concentrate on standard code-bases.
I see both sides of this: Google wants the most secure environment possible, and Debian has a development freeze for good reason. It's easy to overlook a flag like TSYNC if it's not being mandated by something major when the review is done, which may be the case here. But Debian may have to fold on this because they're not a big enough slice of the user pie to force Google to back down.
Presumably, you're running RHEL/CentOS 6. If so, that's cool if it works for you--the stability is probably greater than just about any other major distro--but I think the expectation is that most who run Linux for their notebooks/workstations will run something newer and more flexible, and run something like that in a VM. But there's always the reality that RHEL/CentOS 6 isn't going to run the latest software in many cases (unless you go with non-standard repos), and here's a case where a browser has become one of those cases.
It's probably also surprising that you run a six-year-old notebook in a corporate environment. Even the fiscally conservative companies tend to upgrade notebooks at least every four years, even if they are Fortune-100 companies.
No, those who want perfect solutions want the impossible. I want a framework that can be improved over time.
What's the goal? With maybe a handful of exceptions, everyone does something that can compromise their security. HTTPS relies on a trust architecture that we're being reminded recently (Superfish, PrivDog) is actually extremely fragile. And yet it's being encouraged to make the job of the average surveillance tool more difficult. It's very much letting The Other Guy(TM) (remember, three caps minimum on the TM'ed stuff) handle security. It has flaws, but it raises the bar.
That's what we need for end-to-end crypto. It can have flaws, but it needs to raise the bar, and be able to keep raising the bar.
As for understanding how it happens, how many people can describe how an RSA key is generated, much less how a proper PRNG produces a suitably random number and then how AES/Blowfish/whatever encrypts the data? Does the average person need to know that? Not really. And even if they did, they don't care, which is why they don't use it now.
Right now, we have options where you can let a CA provide you your TLS certificate (usually 2048-bit and SHA1). If you know what you're doing, you can roll your own with better security. We need something with that flexibility (though I recognize the flaws of that exact model) for end-to-end crypto, too. We need clients that auto-update, that add or deprecate algorithms as they arrive or are broken without the user having to worry about it, and that can provide safe (and revocable) storage for the keys so they survive a catastrophic loss or be deleted with near-absolute certainty if the user wishes. We need common libraries or protocols that can allow new or existing clients to safely implement connections to these services without having to build them from scratch, thereby preserving and encouraging competition.
These don't lead to a perfect system. They lead to a good enough system with room to grow and improve. But I would argue (as I think Moxie does) that what we have now is far from a perfect system because it's too difficult to use.
Not remotely. He's encouraging good encryption, but calling for some updates (it hasn't significantly changed since the mid-'90s) and a better wrapper. GPG is still largely by geeks, for geeks. I couldn't get my parents to use GPG because they'd dismiss it as too hard, even if one of them is happy to stick it to the man. The suggested minimum settings vary based on where you look and when they were posted.
Example: An RSA key size of 2048 bits is largely considered secure, but NIST recommends 3072 bits for anything that one would want to keep secure into the 2030s. People still often see their e-mail as their private papers and may be concerned over who can read them well past the 2030s. But does that mean they use 3072, or go with the random crypto weblog guy who says to always go with 4096? And why can't I create 8192- or 16384-bit keys like that software claims to over there?
And what to hash to use? Plenty of sites still say MD5, but they were written years ago. Some have updated to SHA1, but others point out weaknesses there. OK, SHA2, then. But then there's SHA256, which must be better, right? (I know SHA256 is a subset of the SHA2 family, but those unfamiliar with crypto will not.)
Until GPG-style crypto becomes relatively automated, it won't be embraced by more than a handful of people. HTTPS is widely used because people don't have to think much about it. This has some downsides for poorly-configured servers and Superfish/Comodo-style backdoors, but browsers and other software help take up the slack by rejecting poor configurations. PGP/GPG were designed to reach near-perfect levels of encryption, but that bar is clearly too high for significant uptake. We should instead be looking for something that encourages end-to-end encryption that is good enough. We can build on if the underlying structure is properly designed, and as people get more accustomed to crypto in their lives, they'll be able to adjust to improvements.
When the majority of communications are relatively well-secured, it makes it far more difficult for a surveillance state to conduct its operations. Perfect security can still be a long-term goal, but we need more realistic goals to encourage uptake in the meantime.
The law is generally stated that for two vehicles traveling in the same lane with no immediate changes before a collision, the trailing driver is at fault in case of a collision. However, it's a valid defense if the leading driver performed an unsafe maneuver prior to the collision, such as changing lanes with insufficient spacing.
RMS hasn't been an active developer in years by his own admission. His role is largely advocacy and philosophy, and that appears to be the sole issue here. However, he doesn't seem, based on a reading of the thread, to have any formal ability to block the patch.
You're not factoring in the number of workers who would not have gone in anyway, the lost productivity from being late due to weather for at least some of those who did go in, potential losses to businesses that didn't shut down completely for paying employees to show up but who had little to no business that day, and the costs associated with personal and property damage due to accidents. It gets complex quickly.
Without government intervention, a lot of people would have simply gone in to work because they were afraid that if they didn't show up, they could be in trouble with their employers. When the city makes the call, it's easier to point to that as a justification, and it's more likely to be accepted by the employer.
Based on mentions that they will tow it into place, that's a billion dollars for something that would be used for a few weeks and then left to sit for the next 25 years. Better to spend a few million dollars towing it into place. Less cost, and less machinery to go wrong over time.
Slashdot Mirror
I correct the McDonalds case more often than I should have to. One of the things that I try to do is add context to discussions. Most recently, this has centered on attacks on Obama and Democrats in general, but I did the same thing when Bush was in office. I especially focus on Supreme Court decisions (and sometimes just oral arguments, which seem to be the recent topic with the same-sex marriage arguments just the other day) which sometimes seem to fly in the face of common sense but which, when read, show that they generally have come to a thoughtful decision, even if I disagree with it. (One exception is the eminent domain case from a few years back--that was just badly flawed from start to finish, as even most seasoned observers noted. If anything gets a constitutional amendment next, I expect it will be that one after a few particularly egregious examples. But I digress.)
Going somewhat non-partisan, those who attack a president for "taking a vacation" really don't understand what it means to be president. That's four years per term of never once having a day off. They have daily briefings, conduct necessary phone calls, make decisions small and large, and most of the other things they do on a daily basis from the White House. The only difference is that they're in an area that's largely off-limits to the press, and they get a few hours to do what they want to do at a leisurely pace, whether it's Obama golfing or Bush ranching or whatever.
It generally costs more over time, but that's not the same as being less affordable. Affordable is when something can fit into a budget, and leasing provides that option. You compare it to renting, but that only undermines your argument. Most people can afford to rent a home; fewer can afford to buy a home, and far fewer still can afford to do so in cash.
Especially if Tesla wants to make this a game-changer the world over, it will be necessary to have that as an option. A ten-year warranty (with optional ten-year extension) means whatever replacements will be necessary are already being factored into the cost.
They will also offer an additional 10-year warranty that can be purchased at the end of the original for a comfortable 20-year warranty total.
They have a different product for utilities that will have longer service life and be available in much larger blocks of 100kWh that can be tied together. They wouldn't be used to replace pumped-storage or the like, but to help smooth out power. One of the constant complaints of those against wind and solar (which can include the power companies themselves) is that the varying input from short-term fluctuations is too hard to handle. With banks of batteries like this, it alleviates much of that problem.
They'll also be leasing the batteries. Should make it a lot more affordable.
I despise people of any political persuasion making fun of any other side. I have Republican friends who have quoted the same line, and I call them on it whenever they do. I also have Democratic friends who refer to the other side by various names such as "Republitards" and I call them on it as well.
We cannot have any kind of discussion as long as we're hurling insults at each other. We can disagree--even vehemently--but the moment we start telling the other side that they suck is the point where we start closing off discussion based on basic human emotional response.
The draw of trailer homes is that they're cheap. You can get a fairly nice one for a few tens of thousands. The downside, of course, is that they're not built to be permanent: any significant storm can do enough damage to make them unlivable. When homes are 3D-printed, that will change as the homes become stable locations that can handle decades of weather, likely with fewer construction defects.
We've had those kinds of areas before when the tract homes went up after WW2. I grew up in an area where about 90% of the homes had exactly the same layout, albeit mirrored from one house to the next to give a semblance of appearance of individuality. The remaining ones differed in being corner homes or a rare two-story house, and I think the extra stories were added later. This would be no different, except that they can probably be built more cheaply, bringing down the cost of home ownership (or maybe just raising the profits of homebuilders).
The combination of shrinking workforce and extreme automation is going to be a hard one to get past. I suspect that economics are going to have to be completely rethought. Right off the top, simple questions arise, like how does one continue to grow a business when the potential marketplace is stagnant or even shrinking? When there's relatively solid population growth, there exist opportunities for businesses to grow without taking too much business away from other companies. But when your potential market is shrinking at half a percent per year, the nature of competition changes. Businesses are likely to shut down or go bankrupt more quickly, which reduces the employment level.
I imagine that interim measures like mandatory, strictly-enforced hours caps will happen to try to prop up the job market, since one person doing 60 hours of work in a week can be roughly done by two people at 30 hours each, but those measures will only work for so long. I don't know if we're headed for a dystopia with even greater gaps between the haves and have-nots, or if our future is a more leisurely one where we're able to engage in lifestyles rarely considered by people since the dawn of civilization. I'd like to think that technology will advance to the point that we'll be able to experience the sensations associated with being rich more easily and maybe the draw to collect money to spend on things will fade.
More likely is that it will be something that I cannot currently conceive. But since my life expectancy takes me out to somewhere around 2060, I expect I'll have a chance to see where things will go.
WordPress is trivially easy to use. That's it's draw. Just figuring how to edit a menu in Joomla took significant effort, and I still have to refer back to my notes to figure out how to do it if it's been a few weeks and I need to create something from scratch. It's significant overkill for someone who just wants to set something up to get their words out to the world.
There are other issues that can be a headache as well. A lot of people rely on auto-installers to get things in place, but Joomla's web install functionality has been disabled since the upgrade to 3.4 (or at least it still was the last time I tried to use it a couple of weeks ago). It's trivial for me to get around that, though I admit that I would be happier just clicking the install button instead of going through the extra steps, some of which aren't options for people on servers with small max upload sizes.
Maybe these wouldn't be issues with Drupal, but at this point, I'd rather not go through the potential headache of finding out when the site is working fine under Joomla. But on the main point, people will go with ease over security almost every time, and that means WordPress wins.
This is all true, but people are more likely to go with what's available (generally meaning pre-made themes) or what developers work on most often (meaning the major platforms). Finding hosting that offers alternatives to PHP may also not be the easiest thing, especially if you don't know about PHP's history.
None of this is insurmountable with knowledge and/or research, but it's a larger hill than that of PHP, so the tendency will be for people to go the easier route.
I tinkered with Drupal, but the philosophy behind Joomla to abstract as much of the code as possible was appealing, and this was right after the SQL injection vulnerability discovered in October, so my trust of their code was lacking. Maybe Drupal would be better than Joomla on a daily basis, but at the time, it just had too much going against it.
People go to the shiny sites. If they see older-looking sites, they're less likely to stick around, particularly if it doesn't have the nice features that the newer sites have.
For all the problems that PHP has, I don't see many nearly as many sites going up built on other platforms, in large part because they're playing catch-up and are still largely years behind. .NET is probably the closest, but when you look at the number of free or even inexpensive sites running Windows, it pales in comparison to the PHP-based sites.
Add to this that WordPress is by far the easiest of the major CMS platforms to manage, and it gets even worse. I manage a couple of WordPress sites and a Joomla site. WordPress largely Just Works(TM). Joomla works for basics, but every time I want to get beyond adding a menu item, it becomes a whole new learning process.
GM has managed to garner additional positive attention by going back and fixing so many things, as well as by admitting that they should have found (or in some cases did find) the problem and identified a solution. It may have led some other car companies to do something similar, as even without GM, recalls are at record or near-record levels for several companies. Suddenly, recalls seem like the responsible thing to do and appear to help the brand image.
Articles from last year suggest that the Facebook posting was exactly what led to it. After the defense attorney saw the post by the judge, he motioned for recusal and mistrial. Slaughter was removed from the case, and soon after, the new judge declared a mistrial.
http://www.houstonchronicle.co...
The accused was found not guilty, and looking at the details of the case, it's not hard to see why. The child was (and probably still is) severely disturbed, allegedly killing small animals, making threats against his parents, and hiding knives.
http://www.khou.com/story/news...
The state wasn't going to offer a plea deal because the only thing that could have been changed was the sentence from death to life in prison without parole. I believe the prosecutors said as much. They were going for the death penalty, no exceptions.
Worked for me for the most part in Switzerland and Italy.
The only odd exception was a tech store clerk in Zurich who didn't speak English. I speak a smattering of Spanish and my wife conversational French, but he only knew German, Dutch, Italian, and Portuguese. Between seven languages, we couldn't find a common one (and for those that were similar to Spanish, I don't know enough Spanish for the overlap to be meaningful). Eventually, our Swiss friend found us and was able to help us find what we needed.
YouTube hasn't been tied to flash for a couple of months, with HTML5 the default video play mechanism since late January. Not all browsers will pick that up, apparently, since I've recently had Flash crash in Firefox during a YouTube playback.
There are plenty of sites still tied to Flash, and that includes internal corporate sites. Those will be even harder to dig out, and Chrome is about the only means of Linux users to access Flash these days (at least in a vaguely secure fashion, since Flash for Linux hasn't been supported by Adobe in some time).
The Chrome dev team has been trying to eliminate cruft from the code base for a while now, as is visible if you spend some time in the bug tracker. This may be a case where they got overzealous in trying to not have legacy code remain when they implemented a new feature. But given the number of distros running 3.17 or later, it should have been obvious that backports would be required for many (most?) distros, and that backporting is often seen as more work that distro devs would rather avoid so they can concentrate on standard code-bases.
I see both sides of this: Google wants the most secure environment possible, and Debian has a development freeze for good reason. It's easy to overlook a flag like TSYNC if it's not being mandated by something major when the review is done, which may be the case here. But Debian may have to fold on this because they're not a big enough slice of the user pie to force Google to back down.
Presumably, you're running RHEL/CentOS 6. If so, that's cool if it works for you--the stability is probably greater than just about any other major distro--but I think the expectation is that most who run Linux for their notebooks/workstations will run something newer and more flexible, and run something like that in a VM. But there's always the reality that RHEL/CentOS 6 isn't going to run the latest software in many cases (unless you go with non-standard repos), and here's a case where a browser has become one of those cases.
It's probably also surprising that you run a six-year-old notebook in a corporate environment. Even the fiscally conservative companies tend to upgrade notebooks at least every four years, even if they are Fortune-100 companies.
No, those who want perfect solutions want the impossible. I want a framework that can be improved over time.
What's the goal? With maybe a handful of exceptions, everyone does something that can compromise their security. HTTPS relies on a trust architecture that we're being reminded recently (Superfish, PrivDog) is actually extremely fragile. And yet it's being encouraged to make the job of the average surveillance tool more difficult. It's very much letting The Other Guy(TM) (remember, three caps minimum on the TM'ed stuff) handle security. It has flaws, but it raises the bar.
That's what we need for end-to-end crypto. It can have flaws, but it needs to raise the bar, and be able to keep raising the bar.
As for understanding how it happens, how many people can describe how an RSA key is generated, much less how a proper PRNG produces a suitably random number and then how AES/Blowfish/whatever encrypts the data? Does the average person need to know that? Not really. And even if they did, they don't care, which is why they don't use it now.
Right now, we have options where you can let a CA provide you your TLS certificate (usually 2048-bit and SHA1). If you know what you're doing, you can roll your own with better security. We need something with that flexibility (though I recognize the flaws of that exact model) for end-to-end crypto, too. We need clients that auto-update, that add or deprecate algorithms as they arrive or are broken without the user having to worry about it, and that can provide safe (and revocable) storage for the keys so they survive a catastrophic loss or be deleted with near-absolute certainty if the user wishes. We need common libraries or protocols that can allow new or existing clients to safely implement connections to these services without having to build them from scratch, thereby preserving and encouraging competition.
These don't lead to a perfect system. They lead to a good enough system with room to grow and improve. But I would argue (as I think Moxie does) that what we have now is far from a perfect system because it's too difficult to use.
Not remotely. He's encouraging good encryption, but calling for some updates (it hasn't significantly changed since the mid-'90s) and a better wrapper. GPG is still largely by geeks, for geeks. I couldn't get my parents to use GPG because they'd dismiss it as too hard, even if one of them is happy to stick it to the man. The suggested minimum settings vary based on where you look and when they were posted.
Example: An RSA key size of 2048 bits is largely considered secure, but NIST recommends 3072 bits for anything that one would want to keep secure into the 2030s. People still often see their e-mail as their private papers and may be concerned over who can read them well past the 2030s. But does that mean they use 3072, or go with the random crypto weblog guy who says to always go with 4096? And why can't I create 8192- or 16384-bit keys like that software claims to over there?
And what to hash to use? Plenty of sites still say MD5, but they were written years ago. Some have updated to SHA1, but others point out weaknesses there. OK, SHA2, then. But then there's SHA256, which must be better, right? (I know SHA256 is a subset of the SHA2 family, but those unfamiliar with crypto will not.)
Until GPG-style crypto becomes relatively automated, it won't be embraced by more than a handful of people. HTTPS is widely used because people don't have to think much about it. This has some downsides for poorly-configured servers and Superfish/Comodo-style backdoors, but browsers and other software help take up the slack by rejecting poor configurations. PGP/GPG were designed to reach near-perfect levels of encryption, but that bar is clearly too high for significant uptake. We should instead be looking for something that encourages end-to-end encryption that is good enough. We can build on if the underlying structure is properly designed, and as people get more accustomed to crypto in their lives, they'll be able to adjust to improvements.
When the majority of communications are relatively well-secured, it makes it far more difficult for a surveillance state to conduct its operations. Perfect security can still be a long-term goal, but we need more realistic goals to encourage uptake in the meantime.
The law is generally stated that for two vehicles traveling in the same lane with no immediate changes before a collision, the trailing driver is at fault in case of a collision. However, it's a valid defense if the leading driver performed an unsafe maneuver prior to the collision, such as changing lanes with insufficient spacing.
RMS hasn't been an active developer in years by his own admission. His role is largely advocacy and philosophy, and that appears to be the sole issue here. However, he doesn't seem, based on a reading of the thread, to have any formal ability to block the patch.
You're not factoring in the number of workers who would not have gone in anyway, the lost productivity from being late due to weather for at least some of those who did go in, potential losses to businesses that didn't shut down completely for paying employees to show up but who had little to no business that day, and the costs associated with personal and property damage due to accidents. It gets complex quickly.
Without government intervention, a lot of people would have simply gone in to work because they were afraid that if they didn't show up, they could be in trouble with their employers. When the city makes the call, it's easier to point to that as a justification, and it's more likely to be accepted by the employer.
Based on mentions that they will tow it into place, that's a billion dollars for something that would be used for a few weeks and then left to sit for the next 25 years. Better to spend a few million dollars towing it into place. Less cost, and less machinery to go wrong over time.