Which yours obviously are not. In 2015 they were deciding on the future of Mayer, 3 years after being CEO. Yahoo's stock did not perform well and the financials were poor. The company was treading water. Basically people were waiting for a buyer.
That was my impression as well... until I looked at the numbers. The numbers don't lie, and the most important one is market capitalization, what the market thinks a company is actually worth, net of assets, liabilities and future prospects. Market cap is also good because it's unaffected by stock splits or even by divestments or acquisitions (except to the degree that those are good/bad moves which actually change the market's evaluation of the company's value).
When Mayer took over on July 17, 2012, Yahoo!'s market cap was $18.63B. Three years later it was $36.19B, a 94% increase. Today it's $44.54B, another 23% increase. YHOO's compound annual growth rate since Mayer has been the CEO is 20.58%. If she could manage my investment portfolio like she managed YHOO, I'd hire her in a heartbeat.
How does that compare in context, though? I calculated CAGR for a few companies that seemed relevant:
Mayer beat them all, soundly. You can try to argue that that's just because of decisions that were made prior to her tenure, but she chose to stay with those bets rather than doing something else. And you can argue that YHOO had the potential to do so much better... but then you have to explain why those companies that underperformed YHOO (on average, all of them) lacked YHOO's potential.
My perception of YHOO when Mayer took over was that it was a dying company, in search of a reason to exist, desperate to find a way to exploit its remaining loyal customers to achieve some sort of success. And it's pretty clear that it didn't manage to do that... but it most definitely did find a way to increase shareholder value.
Given the numbers, Mayer did a damned good job for her shareholders and board of directors, and deserves her pay.
(You can see all of the calculations for the above in this spreadsheet).
Unfounded assumption they are using rotary irrigation and sprinkler heads. Ditches and flood.
Basically nobody flood-irrigates from ditches. Certainly nobody who built their irrigation infrastructure in the last few decades. Many of those who built it 50-100 years ago have converted to pressurized systems because they're dramatically more efficient at delivering water where you need it, and not where you don't (evaporation and ground leakage often consume over half of the water put into a ditch network), and because they're actually cheaper to maintain.
That's exactly what co-op's are in most cases. There is no requirement for payment, and those that pay are very few and far between.
Depends on the field. In software engineering co-ops (often called internships; there's no clear distinction between co-op and intern positions) are generally paid, and often quite well-paid. To take a (possibly extreme) example, the several thousand SWE interns Google hires each summer are paid >$6K per month, usually in addition to a housing stipend and, of course, most meals being eaten free on campus.
The first guy in the story went for an engineering degree.
That doesn't really contradict ArmoredDragon's point. The guy in the story got a mechanical engineering degree, and there is much less demand for MEs than many other STEM fields. Not all STEM degrees are equal, and even in STEM you should take a look at the job prospects before investing a lot of time and money in a degree that may not serve you well.
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
One should also note that when DES was being rolled out the NSA had specifically requested some tweaks be made to the algorithm that people were very skeptical of. Everyone thought the NSA was trying to do something sneaky then, too. It turned out that a known attack vector was discovered in the early 1970s and was not known to the public until the early 1990s. Whether or not the NSA is helping or hurting is something for the history books. There is no way for us to know at this point in time.
The NSA changed the DES S boxes to make them resistant to differential cryptanalysis, but it also shortened the key length. Had DES been standardized with IBM's original 128-bit key length (but with fixed S boxes), it would still be quite secure. So the NSA's role in DES was a mixed bag. They fixed a non-obvious flaw while introducing an obvious weakness (short keys) that would enable practical attacks in the future. The short key weakness wasn't what anyone could call a "back door", though, since it was obvious to everyone.
The point is that the mega companies are WILLINGLY giving your data away to anyone that pays.
Cite?
We know that AT&T was providing lots of data for years. There's some evidence that Microsoft was a bit more cooperative than they needed to be, though they seem to have changed their approach in recent years. I've seen no evidence that Apple, Google, Amazon or any other major tech company provides any data at all to government agencies, except pursuant to a valid and properly-construed warrant or subpoena. And none that payment is either demanded or accepted in exchange for user data. AFAICT, the government doesn't even compensate companies for the time and effort they have to spend to comply with legal demands.
I know of some big non-tech companies that DO give data to anyone who pays: The banks that issue credit cards. At least some of them. Unfortunately, I can't point you to published documentation because I learned it from being present at negotiations where it was discussed. I should point out that this experience was prior to my employment at Google.
Do you have evidence of pay-for-data schemes by the big tech companies? If so, I'd very much like to see it.
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
Personally, I have no real concerns about the NIST curves. Mostly because I think that if they were weak, the academic community would have discovered it by now, but also because if the NSA can crack them it's a closely-held secret which is used very sparingly, and nothing I encrypt or sign is that important.
IMO, the biggest problem with ECC is the lack of standardization around how to use it to encrypt. ECDSA is very well-standardized, but ECIES has too many free parameters (choice of KDF being the biggest) which makes interoperability hard.
Honestly, if I put on my tinfoil hat I'm more worried about what the NSA knows about how to break RSA than ECC. Not because I think they can factor products of large primes, but because there are so many subtle ways to screw up RSA and make it exploitable, and because the NSA really seems to discourage use of ECC for encryption. Not only have they not set out clear standards for ECIES, an odd exception to the normal thoroughness of the NIST standards which hinders interoperability and discourages use, but last year they even told the world not to bother with ECC and to stick with RSA until practical post-quantum algorithms are available.
nobody has yet shown practical attacks against large enough primes used in PKE
RSA != PKE. And, actually, there are lots of practical attacks, if you consider the space of the ways people screw up RSA. In addition, RSA's expensive key generation function makes forward secrecy impractical in most cases, which makes logged traffic vulnerable to subpoena attacks. This is the primary reason why all TLS security evaluations issue bad grades for any web server configured to use RSA. DH or ECDH are much better.
Every cryptographer I know recommends against using RSA. For encryption, pick your ECIES parameters and use it, with an authenticated encryption mode, e.g. AES-GCM. For signatures, use ECDSA. In both cases, if you're worried about backdoored curves use Brainpool curves, or Edd25519.
Whenever I think people cannot get any dumber, something like this is in the news. Expecting a pathological liar to keep promises is hard to top, but I am sure the idiots will find a way to do even dumber things.
You don't get it.
Trump's supporters take his promises seriously not literally. His opponents err in taking him literally when they should be taking him seriously.
So... negative dividends automatically result in share sales to cover the loss, and positive dividends automatically result in share purchases. That would massively increase volatility. Each earnings report would trigger a mass sell or buy. That seems like a very bad idea, unless your holding in a particular equity consists of a number of shares plus a slush account... and that still wouldn't prevent instant mass automated selloffs if the negative earnings were bad enough or if a large number of investors had taken cash out of the slush account.
Capital gains taxes are not ideal because in a substantial way capital gains aren't actually income. You're not getting paid for something. Something you own is just worth more than it used to be.
That's not how capital gains taxes work. They're paid only on realized gains, which are absolutely income. When you sell an asset that has appreciated, or when you receive a payment from an asset you own -- when you realize dollar income from the asset -- you have a taxable capital gain (unless it falls into some tax-exempt category). If the gain is short-term (less than a year) it's taxed as ordinary income. If the gain is long-term (a year or more), then you pay the lower capital gains tax rate on it.
(In my ideal tax system, trades of goods and capital would not be taxed at all; if you exchange money for something with the same value as that money you haven't gained or lost any actual wealth. Income from anything besides the sale of goods and capital, minus expenses on anything besides the purchase of goods and capital, is the measure of your actual change in wealth, and that is the value that ought to be subject to tax.
That is how capital gains (or losses, which offset gains) of investments work. Your capital gain occurs only at the point the gain is realized, and the value of that gain is the income received minus purchase cost and any investment fees. Obviously there are other taxes, like sales taxes, that work differently.
100% of corporate profits should be paid as dividends
What about losses, are those assessed to the shareholders? If not, then your scheme means that corporations can't save/invest current profits to hedge against future losses, which isn't going to work out well. It's basically going to mean that corporations have to finance all losses with debt or equity sales, which is going to punish them when they're already struggling. It will make corporations leery of having any profits they can avoid, investing all excess revenues into whatever capital asset sink they can find, and make them terrified of ever recording a loss, no matter what they have to do to stay (barely) in the black.
Don't tax the corporation itself at all, because all of its profits are already being taxed at the shareholder level.
This I agree with. Corporate taxes are an illusion; taxes always land on people. If you want to tax capital, tax capital. I don't think your notion of forced 100% dividends is a good idea, but shareholders are who you should tax, via capital gains taxes. I see what you're trying to achieve with the forced dividend scheme but I don't think it's necessary; the current method of taxing gains works fine, it's just that the long term gains rate needs to be higher, as do the upper income tax brackets.
Requiring that a smaller percentage of net profits be disbursed as dividends might be useful, though. 50%, maybe? I see what you're trying to achieve with it.
We're not talking about average citizens. We hand these people a LOT of power.
Yes and no.
Police officers actually have remarkably little legal authority that citizens don't have. The details vary a little, but for example in my state, if you examine the statutes the only things they can do that you can't are (1) to use deadly force against a fleeing felony suspect, with reasonable belief that the force is necessary to prevent harm, (2) they don't need to get a concealed weapons permit to carry a concealed weapon, (3) they can ignore traffic laws when they use lights/siren, (4) they can dress like cops and call themselves cops and (5), they can issue citations.
Other than (1) above, they don't actually have any legal right to use force on people that you don't have, nor do they have greater arrest powers. On (1), you have to have a reasonable belief that not using deadly force will result in imminent and serious bodily injury or death (of someone; doesn't have to be you).
But there's the law, and then there's practice.
In practice, the system gives them the benefit of the doubt in virtually every way possible. For example, when they shoot someone in the line of duty, they're almost never prosecuted for murder, even if the shoot is determined to have been bad. It has to be a really egregiously bad action to get them any punishment stronger than an immediate retirement with full pension. They also have significant resources available to defend them if they are prosecuted, since their union dues generally cover legal defense for any situation arising on the job. And in court, their word is hardly ever questioned. I once tried to fight a speeding ticket which was completely bogus (I was *not* speeding, at all, and the officer who pulled me over had no proof that I was since he neither paced me nor radar'ed me) and when I told the judge my story the judge said "My officer wouldn't lie, so that means you're lying" and gave me the maximum fine allowed. I had a witness to back my story up, so it was two against one, but the cop's word won.
So, according to the law we don't give them a lot of power. In reality, we do.
It's pretty simple, but I sure didn't immediately think of the answer, and I'm in a low stress condition.
Really? This seems very obvious to me, if you just think about what "balanced" means when applied to a binary tree. I immediately thought of two solutions: the min/max depth comparison that I implemented, and another one that involves counting the nodes in the tree and finding the max depth. If ceil(log_2(count)) My real reason for using an abstract class would be something like "I'm stuck using a language that doesn't allow multiple inheritance and also doesn't have interfaces".
I think that would constitute a solid answer to the question.
FWIW, Google interviewers wouldn't (or at least shouldn't) ask "Write a function to determine if a binary tree is balanced" because it's too easy, and it's memorizable. Google interviewers ask questions which (ideally) you have never seen or thought about before and which require you to create a solution on the spot. The goal isn't to test your memory, it's to test your ability to think. Google questions also tend to be deliberately underspecified, to see how you go about gathering the necessary information, and to have various possible approaches, to give you a chance to discuss the tradeoffs involved.
However, the questions do tend to involve basic data structures and algorithms. Questions that involve traversing a binary tree wouldn't be unusual, though there'd need to be a lot more to it than just tracking depths.
They didn't ask him to write an entire balancing algorithm, they asked him for an algorithm to tell if the tree was balanced - a much simpler task, left as an exercise to the reader.
Pretty simple, actually. Here's my solution, coded about as fast as I could type it. Basic idea: walk the tree and find min and max depths. If they differ by more than 1, it's unbalanced.
Note that I have neither tested that code, nor proved it correct. It probably works, though, and I'm sure it would satisfy an immigration agent. I didn't just get off a long plane flight, but I have been working for 12 hours (trying to get stuff done to unblock some other people before I leave on vacation tomorrow).
Like it or not that's what a sane immigration policy looks like.
While I agree with that, this wasn't immigration, this was a short-term work visa. I guess it's the equivalent of the Canadian border guys saying "what exactly will you be doing and why can't a Canadian do that?", except we probably didn't apologize before and afterwards.
Dropping rocks from the Moon? "Dropping" them?
And who the fuck would waste so much money and energy trying to fling shit from the Moon when it's cheaper to use nukes from Earth itself and harder to intercept due to shorter distance?
So, Wu's argument is silly, but your rebuttal is equally silly.
Obviously you don't just "drop" a rock from the moon. You have to use a rocket or mass driver to get it out of the moon's gravity well, and you have to do it at the right time and angle to hit your target. I think that's implicit.
And obviously, using a nuclear-tipped ICBM is easier... but corporations don't have nuclear weapons, and given the regulations in most (all?) of the world would have a difficult time acquiring the materials needed to make them without being discovered. But some corporations probably will be able to get to the moon, and potentially build mass drivers on the moon.
I don't think this is anything we really need to worry about until/unless someone actually starts doing it. It'd be obvious, and shutting it down would be (relatively) easy... nukes could be used. But arguing that nukes are easier for corporations is ridiculous, because building a mass driver on the moon would be easier than acquiring nukes.
Can you really expect an 8 year old OS to support the latest USB chipset out of the box?
Seems reasonable to me. Perhaps not full support, but enough to talk to a mass storage device seems very reasonable. It's not like this is a rapidly-evolving space.
Does the manufacturer even supply Windows 7 drivers that you could burn to CD and install?
Yep, that's the problem, Windows 7 on a machine designed for Windows 10. Microsoft require basic stuff like USB to work for the computer to carry the "designed for Windows" sticker, but of course only the version that it ships with.
You say that as though it makes sense. I installed a several-year-old copy of Debian Linux on the same machine without trouble. The USB controller chipset is newer than that old kernel, for example, but the generic controller drivers in the kernel work fine.
I have no idea how a Windows guy would have solved that.
You can make a Windows live CD (called Windows PE). It's rarely necessary though.
It sounds like the version of Windows you were trying to install was not officially supported by your hardware.
I was installing a purchased copy of Win7 on a machine that came with Win10, because the tools I needed to use (for which I purchased the machine) only run on Win7. Of course, the vendor of said tools didn't bother to document that anywhere.
For your scenario. downloading the drivers onto a USB flash drive is usually the simplest option. In a pinch you can download on your phone and simply connect a USB cable to the computer, or the flash drive to the phone.
As I said in my post above, Windows didn't have drivers for the USB controller. USB was not available.
> If an attacker gets the hash, he can almost certainly recover the password.
How, other than brute force?
Why do you exclude brute force? Brute forcing typical user passwords given a cryptographic hash of them, even salted, and regardless of the hash function used, is very easy. Brute force is exactly the attack I was talking about.
It's best to assume that possession of a hash of a low-entropy secret is equivalent to possession of the low-entropy secret itself.
Slashdot Mirror
Which yours obviously are not. In 2015 they were deciding on the future of Mayer, 3 years after being CEO. Yahoo's stock did not perform well and the financials were poor. The company was treading water. Basically people were waiting for a buyer.
That was my impression as well... until I looked at the numbers. The numbers don't lie, and the most important one is market capitalization, what the market thinks a company is actually worth, net of assets, liabilities and future prospects. Market cap is also good because it's unaffected by stock splits or even by divestments or acquisitions (except to the degree that those are good/bad moves which actually change the market's evaluation of the company's value).
When Mayer took over on July 17, 2012, Yahoo!'s market cap was $18.63B. Three years later it was $36.19B, a 94% increase. Today it's $44.54B, another 23% increase. YHOO's compound annual growth rate since Mayer has been the CEO is 20.58%. If she could manage my investment portfolio like she managed YHOO, I'd hire her in a heartbeat.
How does that compare in context, though? I calculated CAGR for a few companies that seemed relevant:
GOOG: 28.08%
AAPL: 5.47%
MSFT: 16.19%
IBM: -4.86%
AMZN: 35.74%
ORCL: 3.91%
So, Mayer's YHOO was beaten by GOOG and AMZN, but beat AAPL, MSFT, IBM and ORCL. That's really not bad. At all.
How about against the market as a whole? I calculated CAGR for some important indices over the same time period.
NASDAQ composite: 16.30%
S&P 500: 12.76%
Dow Jones Industrial Average: 11.12%
Mayer beat them all, soundly. You can try to argue that that's just because of decisions that were made prior to her tenure, but she chose to stay with those bets rather than doing something else. And you can argue that YHOO had the potential to do so much better... but then you have to explain why those companies that underperformed YHOO (on average, all of them) lacked YHOO's potential.
My perception of YHOO when Mayer took over was that it was a dying company, in search of a reason to exist, desperate to find a way to exploit its remaining loyal customers to achieve some sort of success. And it's pretty clear that it didn't manage to do that... but it most definitely did find a way to increase shareholder value.
Given the numbers, Mayer did a damned good job for her shareholders and board of directors, and deserves her pay.
(You can see all of the calculations for the above in this spreadsheet).
Yahoo
https://duckduckgo.com/?q=yahoo+backdoor+email+nsa&t=hc&ia=web
Point. Though the OP said "mega companies", which IMO excludes Yahoo.
Unfounded assumption they are using rotary irrigation and sprinkler heads. Ditches and flood.
Basically nobody flood-irrigates from ditches. Certainly nobody who built their irrigation infrastructure in the last few decades. Many of those who built it 50-100 years ago have converted to pressurized systems because they're dramatically more efficient at delivering water where you need it, and not where you don't (evaporation and ground leakage often consume over half of the water put into a ditch network), and because they're actually cheaper to maintain.
That's exactly what co-op's are in most cases. There is no requirement for payment, and those that pay are very few and far between.
Depends on the field. In software engineering co-ops (often called internships; there's no clear distinction between co-op and intern positions) are generally paid, and often quite well-paid. To take a (possibly extreme) example, the several thousand SWE interns Google hires each summer are paid >$6K per month, usually in addition to a housing stipend and, of course, most meals being eaten free on campus.
The first guy in the story went for an engineering degree.
That doesn't really contradict ArmoredDragon's point. The guy in the story got a mechanical engineering degree, and there is much less demand for MEs than many other STEM fields. Not all STEM degrees are equal, and even in STEM you should take a look at the job prospects before investing a lot of time and money in a degree that may not serve you well.
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
One should also note that when DES was being rolled out the NSA had specifically requested some tweaks be made to the algorithm that people were very skeptical of. Everyone thought the NSA was trying to do something sneaky then, too. It turned out that a known attack vector was discovered in the early 1970s and was not known to the public until the early 1990s. Whether or not the NSA is helping or hurting is something for the history books. There is no way for us to know at this point in time.
The NSA changed the DES S boxes to make them resistant to differential cryptanalysis, but it also shortened the key length. Had DES been standardized with IBM's original 128-bit key length (but with fixed S boxes), it would still be quite secure. So the NSA's role in DES was a mixed bag. They fixed a non-obvious flaw while introducing an obvious weakness (short keys) that would enable practical attacks in the future. The short key weakness wasn't what anyone could call a "back door", though, since it was obvious to everyone.
The point is that the mega companies are WILLINGLY giving your data away to anyone that pays.
Cite?
We know that AT&T was providing lots of data for years. There's some evidence that Microsoft was a bit more cooperative than they needed to be, though they seem to have changed their approach in recent years. I've seen no evidence that Apple, Google, Amazon or any other major tech company provides any data at all to government agencies, except pursuant to a valid and properly-construed warrant or subpoena. And none that payment is either demanded or accepted in exchange for user data. AFAICT, the government doesn't even compensate companies for the time and effort they have to spend to comply with legal demands.
I know of some big non-tech companies that DO give data to anyone who pays: The banks that issue credit cards. At least some of them. Unfortunately, I can't point you to published documentation because I learned it from being present at negotiations where it was discussed. I should point out that this experience was prior to my employment at Google.
Do you have evidence of pay-for-data schemes by the big tech companies? If so, I'd very much like to see it.
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
Personally, I have no real concerns about the NIST curves. Mostly because I think that if they were weak, the academic community would have discovered it by now, but also because if the NSA can crack them it's a closely-held secret which is used very sparingly, and nothing I encrypt or sign is that important.
IMO, the biggest problem with ECC is the lack of standardization around how to use it to encrypt. ECDSA is very well-standardized, but ECIES has too many free parameters (choice of KDF being the biggest) which makes interoperability hard.
Honestly, if I put on my tinfoil hat I'm more worried about what the NSA knows about how to break RSA than ECC. Not because I think they can factor products of large primes, but because there are so many subtle ways to screw up RSA and make it exploitable, and because the NSA really seems to discourage use of ECC for encryption. Not only have they not set out clear standards for ECIES, an odd exception to the normal thoroughness of the NIST standards which hinders interoperability and discourages use, but last year they even told the world not to bother with ECC and to stick with RSA until practical post-quantum algorithms are available.
nobody has yet shown practical attacks against large enough primes used in PKE
RSA != PKE. And, actually, there are lots of practical attacks, if you consider the space of the ways people screw up RSA. In addition, RSA's expensive key generation function makes forward secrecy impractical in most cases, which makes logged traffic vulnerable to subpoena attacks. This is the primary reason why all TLS security evaluations issue bad grades for any web server configured to use RSA. DH or ECDH are much better.
Every cryptographer I know recommends against using RSA. For encryption, pick your ECIES parameters and use it, with an authenticated encryption mode, e.g. AES-GCM. For signatures, use ECDSA. In both cases, if you're worried about backdoored curves use Brainpool curves, or Edd25519.
Is that an alternate fact or fake news?
Yes. Or no. You'll have to wait for the tweet to know for sure. And then the non-clarification from Sean Spicer.
Whenever I think people cannot get any dumber, something like this is in the news. Expecting a pathological liar to keep promises is hard to top, but I am sure the idiots will find a way to do even dumber things.
You don't get it.
Trump's supporters take his promises seriously not literally. His opponents err in taking him literally when they should be taking him seriously.
No, I have no idea what that means either.
Which doesn't change the fact that it's easier for a commercial rocket company to build a mass driver on the moon than to obtain a nuke.
Not if the "commercial rocket company" is in Iran or North Korea.
That's clearly not who Wu is talking about. First, there aren't any such companies. Second, if there were Congress couldn't do anything about them.
So... negative dividends automatically result in share sales to cover the loss, and positive dividends automatically result in share purchases. That would massively increase volatility. Each earnings report would trigger a mass sell or buy. That seems like a very bad idea, unless your holding in a particular equity consists of a number of shares plus a slush account... and that still wouldn't prevent instant mass automated selloffs if the negative earnings were bad enough or if a large number of investors had taken cash out of the slush account.
Capital gains taxes are not ideal because in a substantial way capital gains aren't actually income. You're not getting paid for something. Something you own is just worth more than it used to be.
That's not how capital gains taxes work. They're paid only on realized gains, which are absolutely income. When you sell an asset that has appreciated, or when you receive a payment from an asset you own -- when you realize dollar income from the asset -- you have a taxable capital gain (unless it falls into some tax-exempt category). If the gain is short-term (less than a year) it's taxed as ordinary income. If the gain is long-term (a year or more), then you pay the lower capital gains tax rate on it.
(In my ideal tax system, trades of goods and capital would not be taxed at all; if you exchange money for something with the same value as that money you haven't gained or lost any actual wealth. Income from anything besides the sale of goods and capital, minus expenses on anything besides the purchase of goods and capital, is the measure of your actual change in wealth, and that is the value that ought to be subject to tax.
That is how capital gains (or losses, which offset gains) of investments work. Your capital gain occurs only at the point the gain is realized, and the value of that gain is the income received minus purchase cost and any investment fees. Obviously there are other taxes, like sales taxes, that work differently.
100% of corporate profits should be paid as dividends
What about losses, are those assessed to the shareholders? If not, then your scheme means that corporations can't save/invest current profits to hedge against future losses, which isn't going to work out well. It's basically going to mean that corporations have to finance all losses with debt or equity sales, which is going to punish them when they're already struggling. It will make corporations leery of having any profits they can avoid, investing all excess revenues into whatever capital asset sink they can find, and make them terrified of ever recording a loss, no matter what they have to do to stay (barely) in the black.
Don't tax the corporation itself at all, because all of its profits are already being taxed at the shareholder level.
This I agree with. Corporate taxes are an illusion; taxes always land on people. If you want to tax capital, tax capital. I don't think your notion of forced 100% dividends is a good idea, but shareholders are who you should tax, via capital gains taxes. I see what you're trying to achieve with the forced dividend scheme but I don't think it's necessary; the current method of taxing gains works fine, it's just that the long term gains rate needs to be higher, as do the upper income tax brackets.
Requiring that a smaller percentage of net profits be disbursed as dividends might be useful, though. 50%, maybe? I see what you're trying to achieve with it.
We're not talking about average citizens. We hand these people a LOT of power.
Yes and no.
Police officers actually have remarkably little legal authority that citizens don't have. The details vary a little, but for example in my state, if you examine the statutes the only things they can do that you can't are (1) to use deadly force against a fleeing felony suspect, with reasonable belief that the force is necessary to prevent harm, (2) they don't need to get a concealed weapons permit to carry a concealed weapon, (3) they can ignore traffic laws when they use lights/siren, (4) they can dress like cops and call themselves cops and (5), they can issue citations.
Other than (1) above, they don't actually have any legal right to use force on people that you don't have, nor do they have greater arrest powers. On (1), you have to have a reasonable belief that not using deadly force will result in imminent and serious bodily injury or death (of someone; doesn't have to be you).
But there's the law, and then there's practice.
In practice, the system gives them the benefit of the doubt in virtually every way possible. For example, when they shoot someone in the line of duty, they're almost never prosecuted for murder, even if the shoot is determined to have been bad. It has to be a really egregiously bad action to get them any punishment stronger than an immediate retirement with full pension. They also have significant resources available to defend them if they are prosecuted, since their union dues generally cover legal defense for any situation arising on the job. And in court, their word is hardly ever questioned. I once tried to fight a speeding ticket which was completely bogus (I was *not* speeding, at all, and the officer who pulled me over had no proof that I was since he neither paced me nor radar'ed me) and when I told the judge my story the judge said "My officer wouldn't lie, so that means you're lying" and gave me the maximum fine allowed. I had a witness to back my story up, so it was two against one, but the cop's word won.
So, according to the law we don't give them a lot of power. In reality, we do.
It's pretty simple, but I sure didn't immediately think of the answer, and I'm in a low stress condition.
Really? This seems very obvious to me, if you just think about what "balanced" means when applied to a binary tree. I immediately thought of two solutions: the min/max depth comparison that I implemented, and another one that involves counting the nodes in the tree and finding the max depth. If ceil(log_2(count)) My real reason for using an abstract class would be something like "I'm stuck using a language that doesn't allow multiple inheritance and also doesn't have interfaces".
I think that would constitute a solid answer to the question.
Google doesn't do any more, and for good reasons.
FWIW, Google interviewers wouldn't (or at least shouldn't) ask "Write a function to determine if a binary tree is balanced" because it's too easy, and it's memorizable. Google interviewers ask questions which (ideally) you have never seen or thought about before and which require you to create a solution on the spot. The goal isn't to test your memory, it's to test your ability to think. Google questions also tend to be deliberately underspecified, to see how you go about gathering the necessary information, and to have various possible approaches, to give you a chance to discuss the tradeoffs involved.
However, the questions do tend to involve basic data structures and algorithms. Questions that involve traversing a binary tree wouldn't be unusual, though there'd need to be a lot more to it than just tracking depths.
They didn't ask him to write an entire balancing algorithm, they asked him for an algorithm to tell if the tree was balanced - a much simpler task, left as an exercise to the reader.
Pretty simple, actually. Here's my solution, coded about as fast as I could type it. Basic idea: walk the tree and find min and max depths. If they differ by more than 1, it's unbalanced.
Note that I have neither tested that code, nor proved it correct. It probably works, though, and I'm sure it would satisfy an immigration agent. I didn't just get off a long plane flight, but I have been working for 12 hours (trying to get stuff done to unblock some other people before I leave on vacation tomorrow).
Like it or not that's what a sane immigration policy looks like.
While I agree with that, this wasn't immigration, this was a short-term work visa. I guess it's the equivalent of the Canadian border guys saying "what exactly will you be doing and why can't a Canadian do that?", except we probably didn't apologize before and afterwards.
FTFY. HTH. HAND.
because building a mass driver on the moon would be easier than acquiring nukes.
There are thousands of nukes on Earth, and not a single mass driver on the moon.
Which doesn't change the fact that it's easier for a commercial rocket company to build a mass driver on the moon than to obtain a nuke.
Plus there are many cheaper ways to create havoc that don't require a nuke.
Sure. Relevance?
Dropping rocks from the Moon? "Dropping" them? And who the fuck would waste so much money and energy trying to fling shit from the Moon when it's cheaper to use nukes from Earth itself and harder to intercept due to shorter distance?
So, Wu's argument is silly, but your rebuttal is equally silly.
Obviously you don't just "drop" a rock from the moon. You have to use a rocket or mass driver to get it out of the moon's gravity well, and you have to do it at the right time and angle to hit your target. I think that's implicit.
And obviously, using a nuclear-tipped ICBM is easier... but corporations don't have nuclear weapons, and given the regulations in most (all?) of the world would have a difficult time acquiring the materials needed to make them without being discovered. But some corporations probably will be able to get to the moon, and potentially build mass drivers on the moon.
I don't think this is anything we really need to worry about until/unless someone actually starts doing it. It'd be obvious, and shutting it down would be (relatively) easy... nukes could be used. But arguing that nukes are easier for corporations is ridiculous, because building a mass driver on the moon would be easier than acquiring nukes.
I am in, where do I buy my ticket then?
You have to set up the lottery. Or wait for someone else to set one up.
Can you really expect an 8 year old OS to support the latest USB chipset out of the box?
Seems reasonable to me. Perhaps not full support, but enough to talk to a mass storage device seems very reasonable. It's not like this is a rapidly-evolving space.
Does the manufacturer even supply Windows 7 drivers that you could burn to CD and install?
Yep.
Yep, that's the problem, Windows 7 on a machine designed for Windows 10. Microsoft require basic stuff like USB to work for the computer to carry the "designed for Windows" sticker, but of course only the version that it ships with.
You say that as though it makes sense. I installed a several-year-old copy of Debian Linux on the same machine without trouble. The USB controller chipset is newer than that old kernel, for example, but the generic controller drivers in the kernel work fine.
I have no idea how a Windows guy would have solved that.
You can make a Windows live CD (called Windows PE). It's rarely necessary though.
It sounds like the version of Windows you were trying to install was not officially supported by your hardware.
I was installing a purchased copy of Win7 on a machine that came with Win10, because the tools I needed to use (for which I purchased the machine) only run on Win7. Of course, the vendor of said tools didn't bother to document that anywhere.
For your scenario. downloading the drivers onto a USB flash drive is usually the simplest option. In a pinch you can download on your phone and simply connect a USB cable to the computer, or the flash drive to the phone.
As I said in my post above, Windows didn't have drivers for the USB controller. USB was not available.
> If an attacker gets the hash, he can almost certainly recover the password.
How, other than brute force?
Why do you exclude brute force? Brute forcing typical user passwords given a cryptographic hash of them, even salted, and regardless of the hash function used, is very easy. Brute force is exactly the attack I was talking about.
It's best to assume that possession of a hash of a low-entropy secret is equivalent to possession of the low-entropy secret itself.