If anyone on the Democrat side ever wants to bring these voters over, they'd try and do their best to understand that wanting to protect one's culture, even if you're white, doesn't amount to racism.
I'm not a Democrat by any means, but most of the time it really does, regardless of what color your skin is.
The biggest spy of them all is running the backend...
Even if we grant your premise about Google (which I don't, but am not interested in arguing it), that doesn't make it irrelevant, not at all. We generally think of encryption as a tool to ensure that no one can read data, but in this case it's more important that it prevents anyone from manipulating the data. Data sent to you unencrypted (and unauthenticated) can be modified by any party sitting between you and the server, which means that anyone sitting on that path can inject malware to exploit vulnerabilities in your local system.
TLS encrypts all of the streams, yes, but for most web traffic it's actually far more important that it MACs the streams. And of course that it authenticates the server before doing the key exchange which enables the MACing and verification.
sadly, this is true of "supporters" of anything/anyone: a large portion chose to ignore various valid reasons to set aside their support.
Not true. Oh, supporters of any candidate undoubtedly have to find reasons to accept some points of disagreement. The only way to have a candidate that completely agrees with you on everything is to run yourself. But there's a difference between accepting some differences and ignoring or excusing huge swaths of abhorrent statements.
At this point we're making dueling assertions, and neither of us has anything to back them up beyond anecdotal experience. In my case that experience is of talking to a few dozen Trump supporters, and reading the comments of many more. What's yours?
To be clear, if my previous post was not. I think that the financials you describe have a low chance of actually paying back ever, given the risk that the installer may go out of business before the 10 years are up.
The installer in question has already been in business for 20 years, and been doing solar installations for 10.
The idea that you can treat all instances of a bipolar patient as sufficiently similar that a clinical trial of a treatment will yield useful, meaningful and reliable information as to what will help an arbitrary new patient with the same diagnosis is something for which I have yet to come across empirical support for
I don't think anyone is making that claim. A trial can still show useful effects when only a portion of the patients see a benefit, and assuming it does show a sufficiently large benefit for a reasonable percentage, with something as low-cost and low-impact as wearing yellow glasses for a few days, there's almost no reason not to at least try it on an arbitrary new patient with the same diagnosis. If it works, awesome! If not, well, it didn't cost much or hurt anything.
I'm pretty sure he just lost the election right now...
I doubt it.
There's a large portion of his base that will think this is an awesome idea. The rest just won't believe it. Spend some time talking to Trump supporters and you'll quickly find that they're very adept at ignoring anything he says that they don't like, with a variety of excuses. I expect the "rationale" for ignoring this one will be that the president doesn't have the power to do that without the help of Congress and that Congress won't do it.
Of course, the same is true of many things his supporters *do* like, but they don't bother applying the same logic. It's really rather incredible. He says outrageous things that land all over the political landscape, and his supporters grab onto the pieces they like with both hands crowing that he's the only one who dares to say it like it is, and simultaneously discard the rest, either because he's just joking, or because he can't actually do it... or even because he has to say that to appease some other part of the base. The degree of doublethink implicit in that last excuse is mind-boggling, but there it is.
who could be elected president. His fan base are white racists - they have no other options.
It's clear there is a section of his support base for whom this is true, but if that were all he had, or even most of what he had, he'd have no chance. No, much more of his support comes from people who deeply oppose globalization and people who are just mad at the establishment and want anything else.
I have to admit that the clearly racist part of his base is, sadly, much larger than I thought it could be.
Most man-in-the-middle coming from corporate america is to see where you are going, not storing POST data.
MITM isn't necessary to see where you're going. SSL doesn't obscure the IP you're connecting to, nor the domain name your DNS client looked up to get that IP address.
what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever?
Address these issues with people, not with technology. Make sure everyone understands what the requirements are, and make sure everyone understands there's an open door for reporting issues that will have zero negative consequences for the reporter. And then institute a careful process for reviewing and investigating complaints... and hammer proven offenders.
Yeah, it's a lot harder and a lot more work than just monitoring network connections, but it also addresses a lot more issues. Frankly, you need good people management policies and processes in place whether you're monitoring network connections or not... and if you have them, you don't need to monitor network connections.
OTOH, I've been looking into purchasing a solar system for my house, and all three of the companies I've talked to are offering 25-year warranties, parts and labor. If it breaks, I call and they come fix it... *and* I own it. Power is cheaper in my area ($0.11 per kwh), so my cost situation is that it will increase my electricity costs by about 20% for 10 years, then it'll be paid off and I'll have "free" electricity for another 15, plus however long the system lasts after the warranty period ends. If I were to finance it differently I could see an immediate decrease in my monthly expenses, but the total ROI would be lower because my "free" period would be shorter.
Programming languages are all general-purpose in some important senses, since they're all Turing Complete, but in practice they tend to have rather well-defined contexts and purposes. In a lot of ways I think asking "Which is the most popular programming language?" is a lot like asking "Which is the most popular hand tool?". The question doesn't make a lot of sense without some context.
Yes, this is the case. I only use my credit card for exceptional purchases.
I use my credit card for absolutely everything possible, so I get the 1-3% (depending on location) cash back. Highly recommended, as long as you have the discipline to ensure you always pay the card off every month.
This isn't even the first word in farm automation.
It's the first word (or close to it) in small-scale home garden automation. Traditional farm automation is all about scale, enabling fewer people to farm larger areas effectively. This isn't that. This is about enabling lazy/busy people to grow a highly-effective garden in limited space and with limited attention -- and probably limited understanding of how to do it. You don't have to learn how to care for different types of food plants, you can instead rely on software configuration provided by others who do know, and you don't have to go out and work in the garden every day.
'take back the food' whatever that vapid statement means
Yeah, that part is pretty silly.
However, I like homegrown veggies but I'm too lazy to garden. I don't mind planting or harvesting, but the daily regimen of watering and weeding is too tedious for me -- but I do like automation, tinkering and I have disposable income. I could see myself buying one of these.
For something as important as voting, how about paper only?
We actually have solutions that are much better than that. This wasn't true a few years ago when the whole voting machine fiasco started, but that discussion provoked a fair amount of research into secure voting systems, and security and cryptography experts have proposed a number of systems that provide verifiable end-to-end integrity. Each voter can verify that his or her vote was actually included correctly in the final count -- but without being able to prove to anyone else how he or she voted (important to mitigate vote buying/coercion). Each candidate/party can fully audit the ballots before the vote and the count after the vote, and audit results are provably correct.
The most thoroughly developed system is Chaum and Rivest's (this is the Rivest who is the "R" in "RSA") "Scantegrity" system. It actually does use paper ballots, slightly modified traditional "Scantron" forms. Rather than just filling in the bubble with a #2 pencil (though you can do that, and that will work, and it will only sacrifice one form of verifiability), instead bubbles are filled with a special marker that reveals a code. That code can be recorded by the voter and used by the voter after the election to verify that the voter's vote was counted correctly. Ballots are counted by normal Scantron scanners, and can easily be verified by hand.
But, thanks to the additional auditing steps (which rely on serial numbers on ballots and some carefully-defined processes) it's not possible to inject additional ballots into the process (no ballot box stuffing), nor to "lose" ballots, without detection. The system does make allowances for absentee and mail-in ballots, and has been used in a real election to verify that it's fully practical.
This. I've been signing with just a horizontal line for years and never once has anyone (including my bank) noticed or cared. And, judging by other people I see signing things, I'm far from the only one.
A horizontal line is so insecure! I try to at least wiggle the stylus a little.
I've been meaning to reply for some time; feel free to e-mail me as I know this discussion will be archived soon.
You're right that Google has relatively little control over Samsung. What they do have is control over the Android trademark, etc., and if Google can require that the Play Store be within one swipe's distance of the home screen when shipped, Google can make other requirements that reflect dedication to ensuring that devices are able to be flashed with AOSP software.
Those requirements are subject to negotiation. Google has some power to push, not based on the Android trademark so much as on the permission to install the Google Apps -- and especially the Play store. The Play store is the big carrot/stick, actually, because an Android phone without the Play store is much, much less useful... at present. It wouldn't be that difficult for Samsung to set up their own app store, and app developers would absolutely upload their apps to it because Samsung is such a huge part of the Android ecosystem. If Samsung were to form an alliance with the top two or three other Android OEMs, their app store would very quickly replace Play as the dominant app store, particularly if they also set out to license all the videos and music they need to reach full parity with the content on Play. Or perhaps they'd take a shorter path: Team up with Amazon which has already done most of this work. If new Samsung, HTC, Motorola and LG phones all shipped with the Amazon store, Amazon would almost immediately match Play.
So Google has to walk a fine line. It has to keep all of the OEMs moving in the same direction, make sure that direction keeps the ecosystem competitive with Apple and Windows (not that Windows has much of the market at the moment) which means making sure the user experience is good and continues to improve, but it also has to allow OEMs enough freedom to innovate and manage their business models so they don't feel like being part of Google's ecosystem is more of a burden than a benefit.
I don't really understand why OEMs seem to feel so strongly that their devices should be locked down, but they do, and they're unwilling to negotiate on this point.
Unless I misunderstand how the Nexus system works, Google *does* have say over how those function, and those have a locked bootloader
So, I think your fundamental error here is that you're thinking locked bootloaders are a bad thing. They're not. They're a good thing.
Locked bootloaders (the way Nexus does them, at least) are there for user security. The purpose of the lock isn't to prevent users from flashing software that does what they want, it's to prevent attackers from flashing software that does what they want -- to give them access to data on the device, bypassing all of the protections built into the stock OS. So, the reason there is an "unlock" step is so that we have an opportunity to forcibly wipe all user data from the device. Someone who finds or steals your locked phone can unlock it (maybe; we made that a little harder in Lollipop), but the unlock process wipes all of your data.
This, BTW, is why I always tell modders that they should re-lock their bootloader after they flash their custom image. Not re-locking it allows anyone who gets hold of their device to flash a new system image that gives them full access to anything on the device (though we're tightening that down in Nougat as well).
That's the main purpose for a locked bootloader, but there are some other benefits as well. They protect devices against inadvertent as well as malicious modification, and they provide a good way to differentiate between a normal device that should implement the full boot chain of trust and those that are in a modifiable state. The vast majority of users never want or need to unlock, and we want to make things very secure for them. Developers (including Android engineers at Google!) and mo
I don't understand why people think AVRs need to be programmed in Arduino-C++ dumbed-down. avr-gcc (WinAVR on windows) is extremely nice to use and doesn't hold your hand. True C (or C++, if you like) programming.
I don't think anyone thinks they have to be programmed in Arduino C++, but the tools work well, so why look any further? What do you actually gain with avr-gcc?
If anyone on the Democrat side ever wants to bring these voters over, they'd try and do their best to understand that wanting to protect one's culture, even if you're white, doesn't amount to racism.
I'm not a Democrat by any means, but most of the time it really does, regardless of what color your skin is.
Panel degradation is covered by the warranty from the panel manufacturer, LG.
The biggest spy of them all is running the backend...
Even if we grant your premise about Google (which I don't, but am not interested in arguing it), that doesn't make it irrelevant, not at all. We generally think of encryption as a tool to ensure that no one can read data, but in this case it's more important that it prevents anyone from manipulating the data. Data sent to you unencrypted (and unauthenticated) can be modified by any party sitting between you and the server, which means that anyone sitting on that path can inject malware to exploit vulnerabilities in your local system.
TLS encrypts all of the streams, yes, but for most web traffic it's actually far more important that it MACs the streams. And of course that it authenticates the server before doing the key exchange which enables the MACing and verification.
I have to admit that the clearly racist part of his base is, sadly, much larger than I thought it could be.
Citation needed. Or did you just pull it out of your fucking ass like the rest of your post?
It's anecdotal, certainly. What have you got?
sadly, this is true of "supporters" of anything/anyone: a large portion chose to ignore various valid reasons to set aside their support.
Not true. Oh, supporters of any candidate undoubtedly have to find reasons to accept some points of disagreement. The only way to have a candidate that completely agrees with you on everything is to run yourself. But there's a difference between accepting some differences and ignoring or excusing huge swaths of abhorrent statements.
That's an inadequate explanation, especially for the evangelicals who have many reasons to despise Trump.
At this point we're making dueling assertions, and neither of us has anything to back them up beyond anecdotal experience. In my case that experience is of talking to a few dozen Trump supporters, and reading the comments of many more. What's yours?
To be clear, if my previous post was not. I think that the financials you describe have a low chance of actually paying back ever, given the risk that the installer may go out of business before the 10 years are up.
The installer in question has already been in business for 20 years, and been doing solar installations for 10.
The idea that you can treat all instances of a bipolar patient as sufficiently similar that a clinical trial of a treatment will yield useful, meaningful and reliable information as to what will help an arbitrary new patient with the same diagnosis is something for which I have yet to come across empirical support for
I don't think anyone is making that claim. A trial can still show useful effects when only a portion of the patients see a benefit, and assuming it does show a sufficiently large benefit for a reasonable percentage, with something as low-cost and low-impact as wearing yellow glasses for a few days, there's almost no reason not to at least try it on an arbitrary new patient with the same diagnosis. If it works, awesome! If not, well, it didn't cost much or hurt anything.
I'm pretty sure he just lost the election right now...
I doubt it.
There's a large portion of his base that will think this is an awesome idea. The rest just won't believe it. Spend some time talking to Trump supporters and you'll quickly find that they're very adept at ignoring anything he says that they don't like, with a variety of excuses. I expect the "rationale" for ignoring this one will be that the president doesn't have the power to do that without the help of Congress and that Congress won't do it.
Of course, the same is true of many things his supporters *do* like, but they don't bother applying the same logic. It's really rather incredible. He says outrageous things that land all over the political landscape, and his supporters grab onto the pieces they like with both hands crowing that he's the only one who dares to say it like it is, and simultaneously discard the rest, either because he's just joking, or because he can't actually do it... or even because he has to say that to appease some other part of the base. The degree of doublethink implicit in that last excuse is mind-boggling, but there it is.
who could be elected president. His fan base are white racists - they have no other options.
It's clear there is a section of his support base for whom this is true, but if that were all he had, or even most of what he had, he'd have no chance. No, much more of his support comes from people who deeply oppose globalization and people who are just mad at the establishment and want anything else.
I have to admit that the clearly racist part of his base is, sadly, much larger than I thought it could be.
Most man-in-the-middle coming from corporate america is to see where you are going, not storing POST data.
MITM isn't necessary to see where you're going. SSL doesn't obscure the IP you're connecting to, nor the domain name your DNS client looked up to get that IP address.
what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever?
Address these issues with people, not with technology. Make sure everyone understands what the requirements are, and make sure everyone understands there's an open door for reporting issues that will have zero negative consequences for the reporter. And then institute a careful process for reviewing and investigating complaints... and hammer proven offenders.
Yeah, it's a lot harder and a lot more work than just monitoring network connections, but it also addresses a lot more issues. Frankly, you need good people management policies and processes in place whether you're monitoring network connections or not... and if you have them, you don't need to monitor network connections.
OTOH, I've been looking into purchasing a solar system for my house, and all three of the companies I've talked to are offering 25-year warranties, parts and labor. If it breaks, I call and they come fix it... *and* I own it. Power is cheaper in my area ($0.11 per kwh), so my cost situation is that it will increase my electricity costs by about 20% for 10 years, then it'll be paid off and I'll have "free" electricity for another 15, plus however long the system lasts after the warranty period ends. If I were to finance it differently I could see an immediate decrease in my monthly expenses, but the total ROI would be lower because my "free" period would be shorter.
That's very kind of you. I'll take my kickback :P
Programming languages are all general-purpose in some important senses, since they're all Turing Complete, but in practice they tend to have rather well-defined contexts and purposes. In a lot of ways I think asking "Which is the most popular programming language?" is a lot like asking "Which is the most popular hand tool?". The question doesn't make a lot of sense without some context.
Yes, this is the case. I only use my credit card for exceptional purchases.
I use my credit card for absolutely everything possible, so I get the 1-3% (depending on location) cash back. Highly recommended, as long as you have the discipline to ensure you always pay the card off every month.
This isn't even the first word in farm automation.
It's the first word (or close to it) in small-scale home garden automation. Traditional farm automation is all about scale, enabling fewer people to farm larger areas effectively. This isn't that. This is about enabling lazy/busy people to grow a highly-effective garden in limited space and with limited attention -- and probably limited understanding of how to do it. You don't have to learn how to care for different types of food plants, you can instead rely on software configuration provided by others who do know, and you don't have to go out and work in the garden every day.
'take back the food' whatever that vapid statement means
Yeah, that part is pretty silly.
However, I like homegrown veggies but I'm too lazy to garden. I don't mind planting or harvesting, but the daily regimen of watering and weeding is too tedious for me -- but I do like automation, tinkering and I have disposable income. I could see myself buying one of these.
For something as important as voting, how about paper only?
We actually have solutions that are much better than that. This wasn't true a few years ago when the whole voting machine fiasco started, but that discussion provoked a fair amount of research into secure voting systems, and security and cryptography experts have proposed a number of systems that provide verifiable end-to-end integrity. Each voter can verify that his or her vote was actually included correctly in the final count -- but without being able to prove to anyone else how he or she voted (important to mitigate vote buying/coercion). Each candidate/party can fully audit the ballots before the vote and the count after the vote, and audit results are provably correct.
The most thoroughly developed system is Chaum and Rivest's (this is the Rivest who is the "R" in "RSA") "Scantegrity" system. It actually does use paper ballots, slightly modified traditional "Scantron" forms. Rather than just filling in the bubble with a #2 pencil (though you can do that, and that will work, and it will only sacrifice one form of verifiability), instead bubbles are filled with a special marker that reveals a code. That code can be recorded by the voter and used by the voter after the election to verify that the voter's vote was counted correctly. Ballots are counted by normal Scantron scanners, and can easily be verified by hand.
But, thanks to the additional auditing steps (which rely on serial numbers on ballots and some carefully-defined processes) it's not possible to inject additional ballots into the process (no ballot box stuffing), nor to "lose" ballots, without detection. The system does make allowances for absentee and mail-in ballots, and has been used in a real election to verify that it's fully practical.
For more details about Scantegrity, see http://scantegrity.org./
And another thing, we should really do vote-by-mail nationwide just like Washington state does it.
There are signficant risks in that. OTOH, it doesn't seem like Washington is actually seeing them. Still, I'd move very carefully on that one.
I live in the US, and It's chip & pin, not chip & signature, everywhere I go.
You must be using a debit card. Credit is chip & signature in the US.
This. I've been signing with just a horizontal line for years and never once has anyone (including my bank) noticed or cared. And, judging by other people I see signing things, I'm far from the only one.
A horizontal line is so insecure! I try to at least wiggle the stylus a little.
Yeah, it's a joke..
I've been meaning to reply for some time; feel free to e-mail me as I know this discussion will be archived soon.
You're right that Google has relatively little control over Samsung. What they do have is control over the Android trademark, etc., and if Google can require that the Play Store be within one swipe's distance of the home screen when shipped, Google can make other requirements that reflect dedication to ensuring that devices are able to be flashed with AOSP software.
Those requirements are subject to negotiation. Google has some power to push, not based on the Android trademark so much as on the permission to install the Google Apps -- and especially the Play store. The Play store is the big carrot/stick, actually, because an Android phone without the Play store is much, much less useful... at present. It wouldn't be that difficult for Samsung to set up their own app store, and app developers would absolutely upload their apps to it because Samsung is such a huge part of the Android ecosystem. If Samsung were to form an alliance with the top two or three other Android OEMs, their app store would very quickly replace Play as the dominant app store, particularly if they also set out to license all the videos and music they need to reach full parity with the content on Play. Or perhaps they'd take a shorter path: Team up with Amazon which has already done most of this work. If new Samsung, HTC, Motorola and LG phones all shipped with the Amazon store, Amazon would almost immediately match Play.
So Google has to walk a fine line. It has to keep all of the OEMs moving in the same direction, make sure that direction keeps the ecosystem competitive with Apple and Windows (not that Windows has much of the market at the moment) which means making sure the user experience is good and continues to improve, but it also has to allow OEMs enough freedom to innovate and manage their business models so they don't feel like being part of Google's ecosystem is more of a burden than a benefit.
I don't really understand why OEMs seem to feel so strongly that their devices should be locked down, but they do, and they're unwilling to negotiate on this point.
Unless I misunderstand how the Nexus system works, Google *does* have say over how those function, and those have a locked bootloader
So, I think your fundamental error here is that you're thinking locked bootloaders are a bad thing. They're not. They're a good thing.
Locked bootloaders (the way Nexus does them, at least) are there for user security. The purpose of the lock isn't to prevent users from flashing software that does what they want, it's to prevent attackers from flashing software that does what they want -- to give them access to data on the device, bypassing all of the protections built into the stock OS. So, the reason there is an "unlock" step is so that we have an opportunity to forcibly wipe all user data from the device. Someone who finds or steals your locked phone can unlock it (maybe; we made that a little harder in Lollipop), but the unlock process wipes all of your data.
This, BTW, is why I always tell modders that they should re-lock their bootloader after they flash their custom image. Not re-locking it allows anyone who gets hold of their device to flash a new system image that gives them full access to anything on the device (though we're tightening that down in Nougat as well).
That's the main purpose for a locked bootloader, but there are some other benefits as well. They protect devices against inadvertent as well as malicious modification, and they provide a good way to differentiate between a normal device that should implement the full boot chain of trust and those that are in a modifiable state. The vast majority of users never want or need to unlock, and we want to make things very secure for them. Developers (including Android engineers at Google!) and mo
which is why they used lower earth orbit astronauts as a control group. (I know, I cheated, I actually read the article).
That's a much less-feted control group, though.
I don't understand why people think AVRs need to be programmed in Arduino-C++ dumbed-down. avr-gcc (WinAVR on windows) is extremely nice to use and doesn't hold your hand. True C (or C++, if you like) programming.
I don't think anyone thinks they have to be programmed in Arduino C++, but the tools work well, so why look any further? What do you actually gain with avr-gcc?
And still no citation!