That is not true anymore. I say "anymore" because it was true decades ago. But computer science has matured, and good engineering techniques are available.
It is true to say that software as generally practiced in the consumer market is not engineering. But the reason for this is economic and psychological, not technical.
"I think you underestimate the kind of work that goes on at Microsoft. Do you really think that the people who work there are stupid enough to ignore compiler warnings? That they don't use prototypes? That misuse of printf is a major problem in their graphical applications? Or that they make sophomoric mistakes like using bubble sort?"
Yes, absolutely. Comparing to another large company, I worked in several operating systems groups at Digital Equipment Corporation for many years, and I saw all of those things and more. Furthermore, I know Microsoft is not using data typing correctly because their Windows software interface requires not using typing in places. E.g., many arguments to Windows routines must be cast to integers even though they are pointers and vice-versa. And as I use their code, I often run across behaviors that strongly suggest to me how the engineering was done (and why it is wrong), and often it is a simple mistake.
Many engineers are incompetent. You would think an engineer writing device drivers in an important operating system for a large company would know what they are doing. But I've seen code that initiated a DMA and then sat in an interrupt-priority loop (blocking all other system activity) polling for DMA completion for over three seconds! The whole point of Direct Memory Access is for the device to access the memory directly, bypassing the processor so it is free to do other work. The proper way is to set up data needed to handle DMA completion, initiate the DMA, and then leave interrupt mode and return to other work until the completion signal arrives. Stopping all work in a real-time operating system for three seconds is malpractice.
Aside from incompetence, many engineers don't care. When you are driven by learning or pleasure or a project you are interested in, you write good code. You think about it and take pride in it. When you are writing code you don't like year after year for money, it becomes mindless. You don't have the energy to review compiler warnings. Your boss wants the program done so it can shop and doesn't give you time to review compiler warnings. Your boss gets reviewed based on how late the product shipped, not how few compiler warnings there are, so that's what gets attention.
ZeoSync is not claiming to reduce random data 100-to-1. They are claiming to reduce "practically random" data 100-to-1, and Reuters appears to have misreported it. What "practically random" data should mean is data randomly selected from that used in practice. What ZeoSync may mean by "practically random" is data randomly selected from that used in their intended applications. So their press release is not mathematically impossible; it just means they've found a good way to remove more information redundancy in some data.
The proof that 100-to-1 compression of random data is impossible is so simple as to be trivial: There are 2^N files of length N bits. There are 2^(N/100) files of length N/100 bits. Clearly not all 2^N files can be compressed to length N/100.
"-For the months before the OS ships every line of code that is modified is examined on several levels; every bug that is found could potentially be investigated by any of dozens of people in any part of the organization..."
That is the only one of your statements that could be likely to actually result in catching an intentional security hole, and I won't believe it at face value without supporting evidence, such as a description of the actual code review procedures. The typical code review in the industry (and I've seen other major operating system code and supposedly secure procedures in accordance with DoD standards) may be to check that the code being modified is in the area it purports to fix a bug or whatever and is by an engineer who knows that area. On occasion, a reviewing engineer may check the code to see that it changes the behavior in the way it is supposed to. Rarely would an engineer scrutinize the code to see if it subversively changed the code in a way it wasn't supposed to.
"-There's nearly a 1/1 ratio of Test/Dev in the critical parts of the system; to do this you would have to get the developer(s) and the tester(s) responsible for that chunk of code/functionality."
The conclusion of that statement does not follow from the first part. Only the developer needs to be an adversarial agent, because a tester is not necessarily going to catch an intentional security hole. I think it is not even likely, because a designed hole isn't going to show a lot of evidence. E.g., a buffer overrun error is an error whenever the buffer is overrun, whether by 1 byte or 1 million. A designed hole may show up only when certain data is presented, and testing would never catch such a hole. This is why I only believe your code-review claim would catch a hole, if there were a real, meaningful code review.
"-Automated tools run by seperate groups review changes and record owners; try to sabotage something once & you won't get a second chance."
All this means is that changes can only be made by persons assigned to work on that particular code and must be associated with a recorded bug fix or design specification. That is little impediment to adding a security hole; it just means the code implementing the hole has to be submitted to the source along with a recorded bug fix or design specification in the same area.
"-Automated tools run by testers review code that's not exercised by test-passes, reporting on changes so that the hole can be filled."
As above, testing will not catch a design hole.
This doesn't mean I believe there is a terrorist-planted hole in Windows, just that I don't believe Microsoft's procedures would be likely to catch one.
If source code is expressive communication and object code is not, I wonder what the implications for copyright of executables are? If executables are not expressions of their authors, they shouldn't be considered creative works entitled to copyright protection like novels or art. They would be mere machines. As such, patents could protect parts of them, but only the novel inventions, a more limited protection than copyright.
A number of the responses speak to whether the inability to type is a disability with regard to the job. Of course it is, but that isn't the issue. In fact, a law that required employers to let people who cannot do the job do the job would be stupid, even in this age of stupid laws.
A purpose of the Americans with Disabilities Act (which I do not necessarily agree with) is to let people who are disabled in life be employed. The idea is that a blind person ought to be able to find some employment that they can do and not have an employer turn them away because they are blind and a nuisance. The idea is not (I hope) to prohibit employers from turning a person away because they cannot do the job.
So, if a person cannot type, they should not be entitled to a job that requires typing. (Of course, if an employer caused the disability, perhaps they should be liable for that.) And since typing does not prevent most of life's activities and not any critical activities and, in all likelihood, does not prevent a person from finding some other job, this disability does not qualify for protection by law from discrimination.
Again, the ADA is intended to protect people who would be discriminated against on grounds unrelated to their ultimate ability (that is, with remediation) to do the job, not to protect people who would be discriminated against on grounds related to their ability. (I think the ADA goes too far, protecting people who will have much less net productivity than more qualified workers, but this is unrelated to whether it does apply in this case.)
A self-install guide was my first thought too, but with an important addition. Most installation instructions I see, even most instructions of any sort, show all signs of being written by somebody who knows the procedure and writes it down. This usually yields a set of instructions that does not work, because the person who writes down the procedure knows what the instructions mean and also believes some steps are obvious and not worth mentioning. They might not even be conscious of them. E.g., "Set XYZ to ABC mode," rather than "In the XYZ section, click the radio button next to ABC mode and then click Okay."
A better procedure is to write instructions, give them to a complete novice, sit them in front of a computer, then shut up and watch. Write down every confusion they have, then rewrite the instructions, and repeat until you have instructions that you know work for a novice.
"First, on most such publicized images, people react with (depending on the scope) a couple to thousands of identifications."
Yes, but no one person is the focus of these identifications except for the suspect. When police publish a photograph of a suspect, they know they are going to get N different reports and hence each person has a less than 1/N chance of being the suspect. They may even eliminate many of those before any investigation of them at all simply because there are duplicate reports about one person, and that is probably the suspect, so it is who they investigate first.
On the other hand, when you publish a photograph of an innocent person in a way like this one and they get N reports, they are N reports about the same person. When you publish a suspect's photograph, the false positives are distributed randomly across the population, and the police know to take them with a grain of salt. When you publish an innocent person's photograph and collect reports of crimes, you have concentrated all the risk on a single innocent person. That is not fair.
"Second, the photo wasn't published as the photo of a criminal."
This is not relevant because no claim was made that it was or that that has anything to do with the matter. The fact is the photograph was published and therefore exposed an innocent person to a much larger chance of a false identification than normal.
"The fact that the woman falsely identified him as her ex has nothing to do with
the FRS."
Actually, it parallels the FRS. Most photographs taken by the FRS won't be published -- but they will be compared to other photographs within the system. Each comparison is an increased chance of a false positive.
"So you ar against publishing photos of wanted criminals and sketches of suspects, because others are likely to be falsely
identified as them?"
First, it is not true that others are likely to be falsely identified. The chance of a false positive is small. The issue is how much larger should we allow it to be.
Second, photographs of criminals are published knowing they are criminals -- they are fair game for publicity. Publishing photographs of innocent people is different.
Third, photographs of criminals are not published in isolation. They are published with other qualifying information, such as name or aliases, known locations, possible occupations, identifying marks, et cetera. These things are published because photographs or, worse, sketches are known to be poor identifiers and require confirmation. When police receive a report that somebody has seen a person who looks like a photograph or sketch, they are likely to go in to investigate whether the reported person is the sought person. By contrast, in this case, the police went in knowing the reported person was the sought person, because they had the identity of the photograph subject. It wasn't the report of who the person in the photograph was that was wrong, it was the report that the person was a criminal that was wrong. This isn't the typical way of identifying criminals we have had in the past, and it shouldn't be adopted without safeguards.
The innocent victim in this case was humiliated in front of his colleagues, friends, and employer. Those people are certainly less likely to use or recommend him for future work.
"By your logic, someone with poorer-than-average eyesight should not be allowed to identify a criminal, just because the chances
of misidentification are a little higher than if the eyewitness was Superman."
No, that is not my logic; you have misrepresented my statements. I clearly stated there was a great difference in probability, not a little difference.
"[Would] you care at all if some other schmuck in Florida was walking down the street, somebody thought that he
was their long-lost ex-husband who had been negelcting the children, and reported them to the police, only to find out it was
mistaken identity?"
No, because a mistaken identity on the street is based on much better information (because real life is very much higher resolution than a photograph) and hence has a very low error rate. In contrast, a poor quality photograph distributed nationally has a higher error rate. It is unfair to magnify an innocent person's chance of being misidentified and subjected to humiliation in front of their colleagues and friends.
"Keep things in perspective here, ok?"
Yes, let's keep it in perspective. The chance of being misidentified on the street is extremely low and is quite acceptable. But when you take a photograph and distribute it across the nation, or enter it into a database and compare it to many others, the chance of a false positive increases tremendously. So, in perspective, the problem isn't that something new (misidentification) can happen but that the probability of it is greatly increased, to the detriment of innocent victims and society generally.
"If you care more about your privacy, then your path is fairly clear - don't apply for one of these cards!"
This is not at all clear. The article said one casino had information on a lot of people -- and it said only a fraction of them carried those customer cards. Therefore the casino collects information in other ways. So it is not clear how to protect your privacy.
"Why shouldn't they track that information? You chose to go and do the things you did on their property."
It is a common fallacy that because a company may do something, there should be no objection to it. From a legal or ethical perspective, the company is within its rights to collect information. But that does not mean it is beneficial. It does not we cannot dislike it, that we cannot take action of our own to oppose it.
By the same reasoning you give, that it is their casinos and their restaurants and their rooms, so also it is my money and my information and my communications with friends and other consumers. They can do what they want with their stuff, and I can respond by doing what I want with my stuff. I can withhold my money, I can ask my friends to complain, I can support organizations that promote things good for me, we can negotiate with companies for better policies, et cetera.
Now, why should we oppose this collection of information? Lots of reasons. Personally, I am fed up with being treated as a potential sucker all the time. It has gotten worse, and it is getting hard for me to avoid sales pitches even in my own home. Companies are finding more and more ways to invade my peace and quiet, my sanctuary. I throw away junk mail, but companies I once thought I had a satisfactory business relationship with now send ads in bills. Software I used to like has been hijacked to display ads. An ad here or there is not much harm, but, when it is continual, it is just too much.
Also, this information isn't always secured properly or used ethically. It gets out and is used for fraud or, occasionally, malice. If a company exposes me to damage like that, it isn't just their information anymore; it is mine, and I have a valid interest in seeing that it is controlled properly.
Another concern is that companies are becoming shrewder at manipulating people. Increasing data and increasing computer power are helping them. I am a very rational person, but I am not a perfect thinking machine. Every human being can be manipulated psychologically. At some point, the use of marketing techniques will become (or has become) unfair, because it subverts the reasoning process. A fair transaction is one involving consenting, informed adults -- people who have had an opportunity (although many may not use it) to think things through. If a company blasts away at thinking, the transaction is no longer fair. Continual repetitious ads, ingeniously engineered phrasing that leads a person to incorrect beliefs without actually being false phrasing, sales pitches calculated to go to a particular person's weakest point, and other such things create unfair circumstances.
I hope I can correct and enhance some of the comments here about card counting. First, under most current Blackjack rules, the casino has a slight advantage over a player who plays optimally but knows nothing of what is left in the deck, aside from the distribution of cards in a full deck. "Optimal play" is play that makes all the choices (hit, stand, split, et cetera) that maximize the player's expected return. There are a few casinos with rules that provide a slight advantage to the player. However, it is difficult to make money this way, as the advantage is small and making an occasional mistake is enough to wipe out the advantage.
"Counting cards" refers to just about any kind of count. It does not have to be a count of each rank of card played. One common system is to count how many high and how many low cards have been played, and to count or estimate how many cards remain in the shoe. Thus, the player only needs to remember one number and estimate the remaining cards. You would think that is not so difficult, but it does take some skill to do it. The casino is noisy and filled with distractions. You have to watch all the cards on the table carefully, while the dealer is trying to go as fast as possible to make as much money for the casino as possible. Other players aren't going to wait for you; their busted hands may be surrendered and discarded before you have much chance to see them. Your neighboring players may try to talk to you while you are trying to concentrate. And, while maintaining the count, you still have to make decisions about play.
Knowing the count does two things for you. First, because you now have some indication of what is left in the deck, your optimal strategy may change. Whereas you used to stand on a 13 in a certain situation, you might now hit, because your chance of busting is lower. (Naturally, you don't calculate this chance as you go; this is all approximated in tables that you memorize.)
Second, knowing the count changes the value of the game -- it might make your average return greater or smaller (including negative). In response, you change your betting. When the average return is relatively high, you bet higher before each hand. When the return is negative, you bet lower, so you are just marking time until the situation changes.
As you can imagine with all this, the casinos can often spot card counters. They are winning (or, if not, the casino doesn't care), they are concentrating, and they may be slow to indicate their choices. It is hard to get good at counting.
I have heard that in some jurisdictions, like Atlantic City, the casinos are not allowed by law to prohibit a person from using skill in a game. Thus, they cannot ban a person from play because the person is card counting.
"There are many rights which cannot be waived in a contract."
Having to pay a fee is not one of them.
"If the State of Connecticut has a law that prevents a company from imposing penalties without proving damage..."
It apparently does not, as the government's complaint was merely about sufficient notice, not about the fee itself.
"'service rendered, payment due'"
Yes, and that principle applies here. The car company offered a service and set its fees -- one fee for driving under the speed limit and one fee for driving over the speed limit. Service was rendered, and payment was due.
Also, as I wrote, what the law says is not the entire issue. Also at dispute is what the law should say. The law is not an immutable thing that we are stuck with and must merely discuss what the situation is under law. By prohibiting too much (such as entirely voluntary and not unreasonable terms about a fee for endangering a company's valuable property), the law harms us by preventing us from entering into contracts that could be mutually beneficial.
For example, by imposing a fee for speeding, fewer of Acme's car renters will speed. That might mean more renters go to other companies. But renters who do not speed anyway might not care. Then, since Acme's cars are not being used to speed, they might receive less damage. Then Acme's rates do not have to be as high as other companies. Thus, renters who do not speed would benefit.
Now, you may or may not agree that these particular economic benefits will occur in this case, but it is clear that this sort of thing is a possibility, and, therefore, if the law prohibits or does not support this sort of contract, citizens could be losing good opportunities. The United States is supposed to be a free country; these choices should not be taken away from us.
"If they don't incur a loss, they don't have grounds to claim a customer owes them money."
The grounds for the claim is called a contract. That is when two parties agree to do certain things for each other. In this case, the customer saw the agreement and chose to ignore what they were told and to sign the contract anyway. They should be bound by it. If our laws say otherwise, then the laws are bad, because by "protecting" consumers from "unfair" contracts, they are taking away the power of consenting adults to form their own agreements.
"... no due process. [no] drivers' recourse in civil court..."
By this reasoning, no company would be allowed to charge anybody anything. My phone company doesn't provide me due process when they prepare my bill. I mean, they just billed me without letting me call witnesses or anything. In fact, there is due process, and there is recourse. If the parties disagree, they can take the matter to court, just like any other dispute.
"But if everybody else is doing 85 in a 65 mph zone, you had better speed up to at least 72 or so. The
difference in speed between vehicles actually adds significantly to the danger."
Scientific studies show the probability of being in an accident increases linearly up to about the speed of traffic and then increases exponentially after that. Note that the probability increases up to the speed of traffic, which means going slower than traffic decreases the probability of being involved in a collision. I believe I saw this information in New Scientist within the past year or so. There may be some change at extraordinarily low speeds when a vehicle truly becomes an obstacle, but, at general traffic speeds, going slower than traffic does not increase your probability of being in a collision.
The magnitude of the exponential increase is striking. I believe an Australian study on a road with a limit around 30 m.p.h. found the probability doubled for each 3 m.p.h. increase.
Licenses are fun. Around 1995, I filled in the warranty cards from several products and sent them to the respective publishers with a license offer. The license offered my consideration of products or services they wished to advertise to me in exchange for their agreement not to send me junk mail more than once a year. The company was to indicate its agreement to the license by using the two-letter code on the warranty card in the address of mail sent to me.
The warranty card was clearly marked in red that use of the two-letter code indicated agreement to the license. The license contained some additional terms. Some of them specified payments for exceeding the junk mail threshold or sharing my personal information. One of the terms was that any future software of the publisher I acquired was transferred to me subject only to copyright law and not any license.
Among other publishers, I sent one of these offers to Microsoft. They used the two-letter code to send me mail.
"The problem: what if the cell site is on the dark side of the room? The cell site will tell the phone to increase its output power...
That is not a bad point, but it is not a complete analysis. Essentially, you have correctly pointed out that the cell phone and cell tower form a negative-feedback system, and a negative-feedback system will tend to adjust to the same actual level getting through regardless of whether it is shielded or not. So either the same amount of radiation gets to your brain (if the transmitter can transmit that much with the shield in place) or reception gets poorer (if the transmitter can't).
But there are two other factors involved. First, the cell tower is not always on the shielded side. When it is not, the transmitter power will not be increased, and the shield will reduce radiation entering the brain. Thus, the net result over a variety of situations is that brain exposure to radiation is reduced.
Second, poorer reception would be a cue for the user to turn around. This would move the cell tower from the shielded side to the unshielded site, gaining both favorable reception and reduced brain exposure.
I figure the danger from radiation is minimal, low enough that it is worthwhile to use a mobile phone occasionally. But we do not know for sure that there is no risk, so it is worth a small cost to reduce the risk. The cost of a shield is minimal, so there is more reason to use one than not to.
There must be something you are not telling us. The administration is not likely to just "threaten you" as you report without some basis. What is it they say you did that gives them grounds for banning, suspending, and expelling you? Do they say you violated school rules? Which rules? Do they say you violated an agreement? What agreement?
"... like counting cards at a poker game in Vegas, this IS illegal..."
Counting cards is not illegal. Interfering with the game would be, but using skill is not. This is typically misunderstood because people confuse the (non) illegality of counting with the legality of the casino refusing to let you play if you count. That is, the casino is within their rights not to play blackjack with you if they think you are counting, or if they don't like the fact that you are winning, or if they just don't like you -- but that's simply because it is their freedom to choose whom to do business with, not because you do anything illegal by counting.
I have heard this is different in Atlantic City, that skillfull play (like counting cards) is protected by law, so casinos cannot stop you if that is all you are doing to win, but I haven't seen any authority on that.
It pivots slightly so that when the hand rests on it in a typing position, a high-friction rubber foot holds it in place. When the hand moves to the mouse position, it moves on low-friction Teflon sliders.
"So in what way is Google Groups more "commercial" than the newsserver an ISP provides as a service for its customers (for
which they pay as part of their ISPs fees)?
When a cab driver charges money to transport me to the library, where I make a copy for myself, that's fine. When an ISP charges money to provide me access to Usenet, that's fine. When somebody goes to the library, copies everything they can find in it, and sells the copies, that's illegal. When somebody goes to Usenet, copies everything they can find in it, and sells the copies, that's illegal. (For these purposes, "distributing copies to make money through advertising" equals "selling".)
Another difference is that simple ISP access does not archive Usenet. The implicit permission an author grants in posting an article is permission to distribute in Usenet, which is designed to expire articles. Along with this permission may go permission for individuals to make their own copies permanently for personal use, since this is fair use. But it does not include the right to make copies for non-personal use.
"By posting on usenet you do implicitly agree that your post will be copied to
many servers and stored for some time,... Googles archive (like Deja's before) is essentially just a newsserver..."
Yes, you agree your post will be copied and stored. And if I publish a book and sell copies and even mail many copies to public, non-profit libraries, I expect and agree my book will be stored and made available to the public for a long time and even copied to the extent permitted by fair use. But if a for-profit corporation started making copies and and profiting from them, either by selling copies or by generating advertising revenue from their distribution, they would be violating copyright law.
I and many other people expected that our Usenet articles would be shared and distributed in Usenet as a reciprocal peer-to-peer cooperative effort. We did not expect or agree that our writings would be used commercially.
Slashdot Mirror
"Software is not a real engineering discipline."
That is not true anymore. I say "anymore" because it was true decades ago. But computer science has matured, and good engineering techniques are available.
It is true to say that software as generally practiced in the consumer market is not engineering. But the reason for this is economic and psychological, not technical.
"I think you underestimate the kind of work that goes on at Microsoft. Do you really think that the people who work there are stupid enough to ignore compiler warnings? That they don't use prototypes? That misuse of printf is a major problem in their graphical applications? Or that they make sophomoric mistakes like using bubble sort?"
Yes, absolutely. Comparing to another large company, I worked in several operating systems groups at Digital Equipment Corporation for many years, and I saw all of those things and more. Furthermore, I know Microsoft is not using data typing correctly because their Windows software interface requires not using typing in places. E.g., many arguments to Windows routines must be cast to integers even though they are pointers and vice-versa. And as I use their code, I often run across behaviors that strongly suggest to me how the engineering was done (and why it is wrong), and often it is a simple mistake.
Many engineers are incompetent. You would think an engineer writing device drivers in an important operating system for a large company would know what they are doing. But I've seen code that initiated a DMA and then sat in an interrupt-priority loop (blocking all other system activity) polling for DMA completion for over three seconds! The whole point of Direct Memory Access is for the device to access the memory directly, bypassing the processor so it is free to do other work. The proper way is to set up data needed to handle DMA completion, initiate the DMA, and then leave interrupt mode and return to other work until the completion signal arrives. Stopping all work in a real-time operating system for three seconds is malpractice.
Aside from incompetence, many engineers don't care. When you are driven by learning or pleasure or a project you are interested in, you write good code. You think about it and take pride in it. When you are writing code you don't like year after year for money, it becomes mindless. You don't have the energy to review compiler warnings. Your boss wants the program done so it can shop and doesn't give you time to review compiler warnings. Your boss gets reviewed based on how late the product shipped, not how few compiler warnings there are, so that's what gets attention.
ZeoSync is not claiming to reduce random data 100-to-1. They are claiming to reduce "practically random" data 100-to-1, and Reuters appears to have misreported it. What "practically random" data should mean is data randomly selected from that used in practice. What ZeoSync may mean by "practically random" is data randomly selected from that used in their intended applications. So their press release is not mathematically impossible; it just means they've found a good way to remove more information redundancy in some data.
The proof that 100-to-1 compression of random data is impossible is so simple as to be trivial: There are 2^N files of length N bits. There are 2^(N/100) files of length N/100 bits. Clearly not all 2^N files can be compressed to length N/100.
"-For the months before the OS ships every line of code that is modified is examined on several levels; every bug that is found could potentially be investigated by any of dozens of people in any part of the organization..."
That is the only one of your statements that could be likely to actually result in catching an intentional security hole, and I won't believe it at face value without supporting evidence, such as a description of the actual code review procedures. The typical code review in the industry (and I've seen other major operating system code and supposedly secure procedures in accordance with DoD standards) may be to check that the code being modified is in the area it purports to fix a bug or whatever and is by an engineer who knows that area. On occasion, a reviewing engineer may check the code to see that it changes the behavior in the way it is supposed to. Rarely would an engineer scrutinize the code to see if it subversively changed the code in a way it wasn't supposed to.
"-There's nearly a 1/1 ratio of Test/Dev in the critical parts of the system; to do this you would have to get the developer(s) and the tester(s) responsible for that chunk of code/functionality."
The conclusion of that statement does not follow from the first part. Only the developer needs to be an adversarial agent, because a tester is not necessarily going to catch an intentional security hole. I think it is not even likely, because a designed hole isn't going to show a lot of evidence. E.g., a buffer overrun error is an error whenever the buffer is overrun, whether by 1 byte or 1 million. A designed hole may show up only when certain data is presented, and testing would never catch such a hole. This is why I only believe your code-review claim would catch a hole, if there were a real, meaningful code review.
"-Automated tools run by seperate groups review changes and record owners; try to sabotage something once & you won't get a second chance."
All this means is that changes can only be made by persons assigned to work on that particular code and must be associated with a recorded bug fix or design specification. That is little impediment to adding a security hole; it just means the code implementing the hole has to be submitted to the source along with a recorded bug fix or design specification in the same area.
"-Automated tools run by testers review code that's not exercised by test-passes, reporting on changes so that the hole can be filled."
As above, testing will not catch a design hole.
This doesn't mean I believe there is a terrorist-planted hole in Windows, just that I don't believe Microsoft's procedures would be likely to catch one.
If source code is expressive communication and object code is not, I wonder what the implications for copyright of executables are? If executables are not expressions of their authors, they shouldn't be considered creative works entitled to copyright protection like novels or art. They would be mere machines. As such, patents could protect parts of them, but only the novel inventions, a more limited protection than copyright.
A number of the responses speak to whether the inability to type is a disability with regard to the job. Of course it is, but that isn't the issue. In fact, a law that required employers to let people who cannot do the job do the job would be stupid, even in this age of stupid laws.
A purpose of the Americans with Disabilities Act (which I do not necessarily agree with) is to let people who are disabled in life be employed. The idea is that a blind person ought to be able to find some employment that they can do and not have an employer turn them away because they are blind and a nuisance. The idea is not (I hope) to prohibit employers from turning a person away because they cannot do the job.
So, if a person cannot type, they should not be entitled to a job that requires typing. (Of course, if an employer caused the disability, perhaps they should be liable for that.) And since typing does not prevent most of life's activities and not any critical activities and, in all likelihood, does not prevent a person from finding some other job, this disability does not qualify for protection by law from discrimination.
Again, the ADA is intended to protect people who would be discriminated against on grounds unrelated to their ultimate ability (that is, with remediation) to do the job, not to protect people who would be discriminated against on grounds related to their ability. (I think the ADA goes too far, protecting people who will have much less net productivity than more qualified workers, but this is unrelated to whether it does apply in this case.)
A self-install guide was my first thought too, but with an important addition. Most installation instructions I see, even most instructions of any sort, show all signs of being written by somebody who knows the procedure and writes it down. This usually yields a set of instructions that does not work, because the person who writes down the procedure knows what the instructions mean and also believes some steps are obvious and not worth mentioning. They might not even be conscious of them. E.g., "Set XYZ to ABC mode," rather than "In the XYZ section, click the radio button next to ABC mode and then click Okay."
A better procedure is to write instructions, give them to a complete novice, sit them in front of a computer, then shut up and watch. Write down every confusion they have, then rewrite the instructions, and repeat until you have instructions that you know work for a novice.
"First, on most such publicized images, people react with (depending on the scope) a couple to thousands of identifications."
Yes, but no one person is the focus of these identifications except for the suspect. When police publish a photograph of a suspect, they know they are going to get N different reports and hence each person has a less than 1/N chance of being the suspect. They may even eliminate many of those before any investigation of them at all simply because there are duplicate reports about one person, and that is probably the suspect, so it is who they investigate first.
On the other hand, when you publish a photograph of an innocent person in a way like this one and they get N reports, they are N reports about the same person. When you publish a suspect's photograph, the false positives are distributed randomly across the population, and the police know to take them with a grain of salt. When you publish an innocent person's photograph and collect reports of crimes, you have concentrated all the risk on a single innocent person. That is not fair.
"Second, the photo wasn't published as the photo of a criminal."
This is not relevant because no claim was made that it was or that that has anything to do with the matter. The fact is the photograph was published and therefore exposed an innocent person to a much larger chance of a false identification than normal.
"The fact that the woman falsely identified him as her ex has nothing to do with the FRS."
Actually, it parallels the FRS. Most photographs taken by the FRS won't be published -- but they will be compared to other photographs within the system. Each comparison is an increased chance of a false positive.
"So you ar against publishing photos of wanted criminals and sketches of suspects, because others are likely to be falsely identified as them?"
First, it is not true that others are likely to be falsely identified. The chance of a false positive is small. The issue is how much larger should we allow it to be.
Second, photographs of criminals are published knowing they are criminals -- they are fair game for publicity. Publishing photographs of innocent people is different.
Third, photographs of criminals are not published in isolation. They are published with other qualifying information, such as name or aliases, known locations, possible occupations, identifying marks, et cetera. These things are published because photographs or, worse, sketches are known to be poor identifiers and require confirmation. When police receive a report that somebody has seen a person who looks like a photograph or sketch, they are likely to go in to investigate whether the reported person is the sought person. By contrast, in this case, the police went in knowing the reported person was the sought person, because they had the identity of the photograph subject. It wasn't the report of who the person in the photograph was that was wrong, it was the report that the person was a criminal that was wrong. This isn't the typical way of identifying criminals we have had in the past, and it shouldn't be adopted without safeguards.
The innocent victim in this case was humiliated in front of his colleagues, friends, and employer. Those people are certainly less likely to use or recommend him for future work.
"By your logic, someone with poorer-than-average eyesight should not be allowed to identify a criminal, just because the chances of misidentification are a little higher than if the eyewitness was Superman."
No, that is not my logic; you have misrepresented my statements. I clearly stated there was a great difference in probability, not a little difference.
"[Would] you care at all if some other schmuck in Florida was walking down the street, somebody thought that he was their long-lost ex-husband who had been negelcting the children, and reported them to the police, only to find out it was mistaken identity?"
No, because a mistaken identity on the street is based on much better information (because real life is very much higher resolution than a photograph) and hence has a very low error rate. In contrast, a poor quality photograph distributed nationally has a higher error rate. It is unfair to magnify an innocent person's chance of being misidentified and subjected to humiliation in front of their colleagues and friends.
"Keep things in perspective here, ok?"
Yes, let's keep it in perspective. The chance of being misidentified on the street is extremely low and is quite acceptable. But when you take a photograph and distribute it across the nation, or enter it into a database and compare it to many others, the chance of a false positive increases tremendously. So, in perspective, the problem isn't that something new (misidentification) can happen but that the probability of it is greatly increased, to the detriment of innocent victims and society generally.
"If you care more about your privacy, then your path is fairly clear - don't apply for one of these cards!"
This is not at all clear. The article said one casino had information on a lot of people -- and it said only a fraction of them carried those customer cards. Therefore the casino collects information in other ways. So it is not clear how to protect your privacy.
"Why shouldn't they track that information? You chose to go and do the things you did on their property."
It is a common fallacy that because a company may do something, there should be no objection to it. From a legal or ethical perspective, the company is within its rights to collect information. But that does not mean it is beneficial. It does not we cannot dislike it, that we cannot take action of our own to oppose it.
By the same reasoning you give, that it is their casinos and their restaurants and their rooms, so also it is my money and my information and my communications with friends and other consumers. They can do what they want with their stuff, and I can respond by doing what I want with my stuff. I can withhold my money, I can ask my friends to complain, I can support organizations that promote things good for me, we can negotiate with companies for better policies, et cetera.
Now, why should we oppose this collection of information? Lots of reasons. Personally, I am fed up with being treated as a potential sucker all the time. It has gotten worse, and it is getting hard for me to avoid sales pitches even in my own home. Companies are finding more and more ways to invade my peace and quiet, my sanctuary. I throw away junk mail, but companies I once thought I had a satisfactory business relationship with now send ads in bills. Software I used to like has been hijacked to display ads. An ad here or there is not much harm, but, when it is continual, it is just too much.
Also, this information isn't always secured properly or used ethically. It gets out and is used for fraud or, occasionally, malice. If a company exposes me to damage like that, it isn't just their information anymore; it is mine, and I have a valid interest in seeing that it is controlled properly.
Another concern is that companies are becoming shrewder at manipulating people. Increasing data and increasing computer power are helping them. I am a very rational person, but I am not a perfect thinking machine. Every human being can be manipulated psychologically. At some point, the use of marketing techniques will become (or has become) unfair, because it subverts the reasoning process. A fair transaction is one involving consenting, informed adults -- people who have had an opportunity (although many may not use it) to think things through. If a company blasts away at thinking, the transaction is no longer fair. Continual repetitious ads, ingeniously engineered phrasing that leads a person to incorrect beliefs without actually being false phrasing, sales pitches calculated to go to a particular person's weakest point, and other such things create unfair circumstances.
I hope I can correct and enhance some of the comments here about card counting. First, under most current Blackjack rules, the casino has a slight advantage over a player who plays optimally but knows nothing of what is left in the deck, aside from the distribution of cards in a full deck. "Optimal play" is play that makes all the choices (hit, stand, split, et cetera) that maximize the player's expected return. There are a few casinos with rules that provide a slight advantage to the player. However, it is difficult to make money this way, as the advantage is small and making an occasional mistake is enough to wipe out the advantage.
"Counting cards" refers to just about any kind of count. It does not have to be a count of each rank of card played. One common system is to count how many high and how many low cards have been played, and to count or estimate how many cards remain in the shoe. Thus, the player only needs to remember one number and estimate the remaining cards. You would think that is not so difficult, but it does take some skill to do it. The casino is noisy and filled with distractions. You have to watch all the cards on the table carefully, while the dealer is trying to go as fast as possible to make as much money for the casino as possible. Other players aren't going to wait for you; their busted hands may be surrendered and discarded before you have much chance to see them. Your neighboring players may try to talk to you while you are trying to concentrate. And, while maintaining the count, you still have to make decisions about play.
Knowing the count does two things for you. First, because you now have some indication of what is left in the deck, your optimal strategy may change. Whereas you used to stand on a 13 in a certain situation, you might now hit, because your chance of busting is lower. (Naturally, you don't calculate this chance as you go; this is all approximated in tables that you memorize.)
Second, knowing the count changes the value of the game -- it might make your average return greater or smaller (including negative). In response, you change your betting. When the average return is relatively high, you bet higher before each hand. When the return is negative, you bet lower, so you are just marking time until the situation changes.
As you can imagine with all this, the casinos can often spot card counters. They are winning (or, if not, the casino doesn't care), they are concentrating, and they may be slow to indicate their choices. It is hard to get good at counting.
I have heard that in some jurisdictions, like Atlantic City, the casinos are not allowed by law to prohibit a person from using skill in a game. Thus, they cannot ban a person from play because the person is card counting.
"There are many rights which cannot be waived in a contract."
Having to pay a fee is not one of them.
"If the State of Connecticut has a law that prevents a company from imposing penalties without proving damage..."
It apparently does not, as the government's complaint was merely about sufficient notice, not about the fee itself.
"'service rendered, payment due'"
Yes, and that principle applies here. The car company offered a service and set its fees -- one fee for driving under the speed limit and one fee for driving over the speed limit. Service was rendered, and payment was due.
Also, as I wrote, what the law says is not the entire issue. Also at dispute is what the law should say. The law is not an immutable thing that we are stuck with and must merely discuss what the situation is under law. By prohibiting too much (such as entirely voluntary and not unreasonable terms about a fee for endangering a company's valuable property), the law harms us by preventing us from entering into contracts that could be mutually beneficial.
For example, by imposing a fee for speeding, fewer of Acme's car renters will speed. That might mean more renters go to other companies. But renters who do not speed anyway might not care. Then, since Acme's cars are not being used to speed, they might receive less damage. Then Acme's rates do not have to be as high as other companies. Thus, renters who do not speed would benefit.
Now, you may or may not agree that these particular economic benefits will occur in this case, but it is clear that this sort of thing is a possibility, and, therefore, if the law prohibits or does not support this sort of contract, citizens could be losing good opportunities. The United States is supposed to be a free country; these choices should not be taken away from us.
"If they don't incur a loss, they don't have grounds to claim a customer owes them money."
The grounds for the claim is called a contract. That is when two parties agree to do certain things for each other. In this case, the customer saw the agreement and chose to ignore what they were told and to sign the contract anyway. They should be bound by it. If our laws say otherwise, then the laws are bad, because by "protecting" consumers from "unfair" contracts, they are taking away the power of consenting adults to form their own agreements.
"... no due process. [no] drivers' recourse in civil court ..."
By this reasoning, no company would be allowed to charge anybody anything. My phone company doesn't provide me due process when they prepare my bill. I mean, they just billed me without letting me call witnesses or anything. In fact, there is due process, and there is recourse. If the parties disagree, they can take the matter to court, just like any other dispute.
"But if everybody else is doing 85 in a 65 mph zone, you had better speed up to at least 72 or so. The difference in speed between vehicles actually adds significantly to the danger."
Scientific studies show the probability of being in an accident increases linearly up to about the speed of traffic and then increases exponentially after that. Note that the probability increases up to the speed of traffic, which means going slower than traffic decreases the probability of being involved in a collision. I believe I saw this information in New Scientist within the past year or so. There may be some change at extraordinarily low speeds when a vehicle truly becomes an obstacle, but, at general traffic speeds, going slower than traffic does not increase your probability of being in a collision.
The magnitude of the exponential increase is striking. I believe an Australian study on a road with a limit around 30 m.p.h. found the probability doubled for each 3 m.p.h. increase.
Licenses are fun. Around 1995, I filled in the warranty cards from several products and sent them to the respective publishers with a license offer. The license offered my consideration of products or services they wished to advertise to me in exchange for their agreement not to send me junk mail more than once a year. The company was to indicate its agreement to the license by using the two-letter code on the warranty card in the address of mail sent to me.
The warranty card was clearly marked in red that use of the two-letter code indicated agreement to the license. The license contained some additional terms. Some of them specified payments for exceeding the junk mail threshold or sharing my personal information. One of the terms was that any future software of the publisher I acquired was transferred to me subject only to copyright law and not any license.
Among other publishers, I sent one of these offers to Microsoft. They used the two-letter code to send me mail.
Licenses are fun.
"The problem: what if the cell site is on the dark side of the room? The cell site will tell the phone to increase its output power ...
That is not a bad point, but it is not a complete analysis. Essentially, you have correctly pointed out that the cell phone and cell tower form a negative-feedback system, and a negative-feedback system will tend to adjust to the same actual level getting through regardless of whether it is shielded or not. So either the same amount of radiation gets to your brain (if the transmitter can transmit that much with the shield in place) or reception gets poorer (if the transmitter can't).
But there are two other factors involved. First, the cell tower is not always on the shielded side. When it is not, the transmitter power will not be increased, and the shield will reduce radiation entering the brain. Thus, the net result over a variety of situations is that brain exposure to radiation is reduced.
Second, poorer reception would be a cue for the user to turn around. This would move the cell tower from the shielded side to the unshielded site, gaining both favorable reception and reduced brain exposure.
I figure the danger from radiation is minimal, low enough that it is worthwhile to use a mobile phone occasionally. But we do not know for sure that there is no risk, so it is worth a small cost to reduce the risk. The cost of a shield is minimal, so there is more reason to use one than not to.
What is the metatag to disable Smart Tags?
There must be something you are not telling us. The administration is not likely to just "threaten you" as you report without some basis. What is it they say you did that gives them grounds for banning, suspending, and expelling you? Do they say you violated school rules? Which rules? Do they say you violated an agreement? What agreement?
"... like counting cards at a poker game in Vegas, this IS illegal..."
Counting cards is not illegal. Interfering with the game would be, but using skill is not. This is typically misunderstood because people confuse the (non) illegality of counting with the legality of the casino refusing to let you play if you count. That is, the casino is within their rights not to play blackjack with you if they think you are counting, or if they don't like the fact that you are winning, or if they just don't like you -- but that's simply because it is their freedom to choose whom to do business with, not because you do anything illegal by counting.
I have heard this is different in Atlantic City, that skillfull play (like counting cards) is protected by law, so casinos cannot stop you if that is all you are doing to win, but I haven't seen any authority on that.
"... keeping a light, mobile square stable ..."
It pivots slightly so that when the hand rests on it in a typing position, a high-friction rubber foot holds it in place. When the hand moves to the mouse position, it moves on low-friction Teflon sliders.
"So in what way is Google Groups more "commercial" than the newsserver an ISP provides as a service for its customers (for which they pay as part of their ISPs fees)?
When a cab driver charges money to transport me to the library, where I make a copy for myself, that's fine. When an ISP charges money to provide me access to Usenet, that's fine. When somebody goes to the library, copies everything they can find in it, and sells the copies, that's illegal. When somebody goes to Usenet, copies everything they can find in it, and sells the copies, that's illegal. (For these purposes, "distributing copies to make money through advertising" equals "selling".)
Another difference is that simple ISP access does not archive Usenet. The implicit permission an author grants in posting an article is permission to distribute in Usenet, which is designed to expire articles. Along with this permission may go permission for individuals to make their own copies permanently for personal use, since this is fair use. But it does not include the right to make copies for non-personal use.
"By posting on usenet you do implicitly agree that your post will be copied to many servers and stored for some time, ... Googles archive (like Deja's before) is essentially just a newsserver ..."
Yes, you agree your post will be copied and stored. And if I publish a book and sell copies and even mail many copies to public, non-profit libraries, I expect and agree my book will be stored and made available to the public for a long time and even copied to the extent permitted by fair use. But if a for-profit corporation started making copies and and profiting from them, either by selling copies or by generating advertising revenue from their distribution, they would be violating copyright law.
I and many other people expected that our Usenet articles would be shared and distributed in Usenet as a reciprocal peer-to-peer cooperative effort. We did not expect or agree that our writings would be used commercially.