I don't think states have regained the right to secede. The only state remotely stupid enough to try would be Texas, and only 60.9% of its residents are natives.
The Montana state legislature passed a resolution when the Supreme Court was deliberating the DC vs. Heller case, saying that if the court did not find that there is an individual right to keep and bear arms, that it would constitute a violation of the written agreement under which Montana entered the union and Montana would therefore withdraw. I could definitely see some of the other Mountain West states joining them, especially Idaho and Wyoming, and if all three of them went, many of the Mountain West and Southwest states might go as well.
I don't think any of that is at all likely, but it's possible and I don't see the rest of the country being willing to resort to military force to prevent it. I agree that Texas isn't likely to secede.
Except now Google is presenting itself as an authority on the status of certificates that it has no business doing so with to the users of chrome.
This is a bad thing.
Google is already the authority which decides which CAs will be trusted by Chrome. How does it really change anything if Google also collects the CA CRLs and pushes them to the browser? Other than making revocations much more reliable.
As many others have pointed out, your scheme doesn't accomplish anything.
I think the real trick is to arrange things so that if the police ever confiscate your computer, they'll inadvertently destroy the data in the process. But you must be able to argue (successfully!) that your countermeasures were intended to defeat any sort of unauthorized access, rather than being targeted specifically at the police, and you must be able to explain in detail how the scheme worked and what the police did to destroy it. Even better if you can prove both that it worked before and that it now cannot work. Also, the scheme has to be easy enough to use that you can actually use it on a daily basis, and sufficiently robust against unexpected events that you don't lose your data all the time.
Yeah, they don't care. You can play your stupid games in a jail cell while they wait. There's no time limit on contempt, so if you don't remember, that's fine, you'll just sit in jail literally the rest of your life.
I think you could make the argument that the punishment for contempt shouldn't greatly exceed the crime you were being charged with. It might therefore make sense to sit in jail for contempt rather than to divulge information which would prove you guilty of a more serious crime than the one you were charged with.
Fine, then encryption is tied to some physical object--like a smart chip that self-destructs. I wasn't proposing an idea, just curious to what extent the law is capable of dealing with the notion of encryption vis-a-vis the analogy to a physical safe.
If we theorize a self-encrypting drive which implements a self-destruct and can't usefully be ghosted (because the security chip containing the actual data encryption key can't be copied), then I'd say that if the cops tried to guess their way in and destroyed the data you'd be off the hook. If, however, you were ordered to hand over the password and gave them an incorrect one, causing them to trigger the self-destruct, then you'd be guilty of destroying evidence.
Encrypting seems to be indicative of guilt or the need to hide something. The presumption of innocence suddenly does not seem to apply.
I don't participate in any criminal activities, and have nothing to hide from the courts, but I routinely employ full-disk encryption on all of my computers. Why? Because while there is nothing I need to hide from the court system, there's plenty of private information on there, including personal documents, financial documents, medical documents, etc. Plus, encrypting everything is just good data hygiene.
Many of those millionaire investment bankers aren't taking risks with their money.
I didn't say it was their money they were risking, I said it was their income/jobs. I understand your point that in some situations the commissions are essentially pre-paid, but how long does an investment banker who continues losing money keep getting paid?
I am not going to claim that malicious users can be prevented from doing any damage. All I am saying is that a malicious user's ability to do damage can be restricted in a well designed system.
+1
Most of my job as a security engineer is about devising and implementing countermeasures against malicious or stupid action by insiders. If you can defeat potentially-malicious insiders (while still enabling them to do their jobs), outsiders have no chance.
I'm totally biased when I say this, but engineers are one of the profession that's grossly underpaid and under-regarded. Some investment make millions just by moving some virtual values - usually worthless - left and right on a computer screens, while engineers responsible for the success of projects worth in the multi-billion "real dollars" range, or indirectly responsible for countless lives, struggle to get decent salaries and usually don't even come close to 6 digit figures.
I think you're comparing averages to outliers.
An analogous comparison would be to look at drama majors and assume they all make crazy money because A-list Hollywood actors are millionaires. There are large numbers of people who study finance and business -- and are good at it -- but who don't have the particular breed of genius mixed with insanity required to succeed in Wall Street, which is the pinnacle of that career field.
In my field, software, there are plenty of millionaire engineers, and a few billionaires. They made their money as much by luck, being in the right place at the right time with the right ideas, as by skill and hard work, but that's also true of the Wall Street types. Oh, and the software "outliers" have orders of magnitude more money than the Wall Street types.
Further, those millionaire investment bankers don't make money by just taking a nice, safe and predictable salary... their compensation is almost entirely performance-based, and the nature of their business is that performing well requires taking risks. If those risks don't pan out, they get very little and lose their jobs. Lots of people go that route and wash out, but we don't hear about them. The analogous sort in the software field is the guys who spend their careers in Silicon Valley, hopping from startup to startup, working insane hours for peanuts plus worthless stock, hoping that this time the stock becomes valuable. I don't know what the analogous risk-taking, shoot-for-the-moon career path looks like in, say, aviation engineering, but working for Boeing isn't it.
I think there are plenty of opportunities for engineers to make huge money by taking big risks. There are also plenty of opportunities for engineers to make a decent living working 40-50 hours per week, doing what they like, with a paycheck that shows up like clockwork. It's also important to keep in mind that the lower stress of the steady paycheck is also a form of compensation, and not a trivial one. It's huge if you want to have a family and to be involved in your kids' lives, for example.
Personally I like the Apple model most because as consumer I prefer an app crashing than becoming unresponsive or worse
As a consumer, I notice that I see far fewer unresponsive apps on my Nexus than I did with my iPhone 4. This is probably partly due to the fact that the Android OS is so quick to intervene and offer to forcibly close an app -- which turns an unresponsive app into a crash and would contribute to Android apps crashing more than iOS apps.
as developer I dislike having a jungle of try/catches.
Then structure your code so you don't have a jungle of try/catch blocks. If your exception handling code is complex, it's often a sign that the code in general is too complex and needs refactoring. It's a code smell.
I'll argue. J2ME barely shows in the smartphone market. Dumbphones aren't relevant to a conversation about platforms that support user-downloadable third-party applications.
The whole point of JME is to support user-downloadable third-party applications. JME was also supported on smartphones, for example on Symbian.
That may have been the whole point, but it's not what has happened, not in any big way. The market relevant to this conversation is led by Android, with iOS a close second, Blackberry third, Windows mobile a very distant fourth, and Symbian barely showing.
Killing premeditated and planned is murder. Accidental killing is manslaughter.
Manslaughter is unpremeditated but intentional killing. Think "heat of the moment".
There's another category in most jurisdictions, which is often called "negligent homicide", which is when you don't intend to cause death but do something that you know, or should know, could cause death.
Truly accidental killing isn't a crime at all, just a tragedy.
The "willful" part plays a huge role in most crimes, though.
In most jurisdictions, intent is an essential element of crime, except where specifically excluded. And you're right, the prosecution can and does prove intent beyond a reasonable doubt. Often.
Yeah, unfortunately some of their lofty ideals had dirty, dirty undertones, and we had to fight a war to sort those out. States Rights lost that war.
So, then, the Constitution was changed to reflect that?
Indeed it was. The 14th amendment empowered the federal government to restrain rights infringements by the states. That makes a lot of sense. The Civil War also stripped the states of one other right they thought they had, the right to secede but I think they actually have recovered that right, because I don't think we have the stomach for another Civil War.
However, what we've done since then is to further, and massively, increase the power of the central government, sometimes via constitutional processes (e.g. 16th and 17th amendments) but more often by stretching the language of the constitution beyond recognition (e.g. Commerce Clause) or by simply ignoring constitutional questions (c.f. Court Packing).
it's pretty generalistic when compared to market leader j2me(by numbers, don't argue)
I'll argue. J2ME barely shows in the smartphone market. Dumbphones aren't relevant to a conversation about platforms that support user-downloadable third-party applications.
thing is, what would be needed would be the option to allow/disallow actions when they happen(with "allow always" "allow for a day" etc options) - not at install time. and for example if it's sending a sms, show where it's sending it when asking for permission - and for each app there could be a option to view their security log from app manager.
I posit that would reduce security, not enhance it. It's difficult enough to convince users to take the time to read the permissions they're granting during installation. Later popups would quickly train users to just dismiss any security prompts, especially because they would come up at a moment when the user is, presumably, trying to actually accomplish something.
I do think there's room for improvement. I'm not sure what it would look like, though. Getting average, non-technical users to make informed, well thought-out security decisions is very hard. On the other hand, taking the decision away from the user is wrong.
Google Voice, is this for real? I've never called someone and had google voice answer (I use google voice, so I know it scares callers away, but I've never even heard what it says).
I don't think many Google Voice users have it do call screening. I know I don't.
You can read RFID cards in peoples wallets at 30 ft with a transponder with higher send signal and a better antenna.
Depends on what you mean by "RFID". There are a bunch of different technologies that fall under that large umbrella, some active, some passive, some of the passive powered inductively, some via capacitance, with different antenna sizes, communicating on different frequencies, etc.
In the case of the ISO 14443-related technologies used by payment cards, no, you can't. Under laboratory conditions with specialized equipment you might be able to get 20 cm. Maybe. 10 cm is difficult. Under real-world conditions, with off-the-shelf readers, max range is about 2 cm.
Responsibility of challenging a law you deem bad doesn't mean just lying down and getting stomped on as a means to fight it. It also means fighting to win otherwise you're at the mercy of everyone else to do something instead of doing it yourself. We use the tools and methods at hand that work. If it means blowing off the feet of those trying to stomp you so be it.
The goal is to make of yourself a public example to show just how bad the law is. That means making sure that your violation of the law is as visible as possible, to ensure that you get caught, and admitting publicly and in court that you did it because you believe it's not wrong. Then, to make it really effective, you also need to get saddled with an egregiously unfair punishment to rouse public ire. You don't do that by fighting it.
Otherwise, it's not civil disobedience, it's just being a scofflaw. Or, in this case, justifying copyright infringement. If the truth is that you just want to get free music, hope not to get caught, and will weasel out of it any way possible if you do get caught, just say so.
Now, personally, I don't blame you a bit for downloading music illegally. I think the content owners have skewed copyright law so massively in their favor, and so thoroughly violated the underlying social contract, that there is no moral force behind their position, and I don't believe it is at all wrong to download their stuff illegally. Especially if you also try to find ways to compensate the actual artists, who we really do want to support. However, casting it as civil disobedience just devalues the meaning of the term unless you're actively seeking a confrontation with the record labels, and looking to get slammed hard by them as an example of how screwed up the system is.
I don't think states have regained the right to secede. The only state remotely stupid enough to try would be Texas, and only 60.9% of its residents are natives.
The Montana state legislature passed a resolution when the Supreme Court was deliberating the DC vs. Heller case, saying that if the court did not find that there is an individual right to keep and bear arms, that it would constitute a violation of the written agreement under which Montana entered the union and Montana would therefore withdraw. I could definitely see some of the other Mountain West states joining them, especially Idaho and Wyoming, and if all three of them went, many of the Mountain West and Southwest states might go as well.
I don't think any of that is at all likely, but it's possible and I don't see the rest of the country being willing to resort to military force to prevent it. I agree that Texas isn't likely to secede.
Except now Google is presenting itself as an authority on the status of certificates that it has no business doing so with to the users of chrome.
This is a bad thing.
Google is already the authority which decides which CAs will be trusted by Chrome. How does it really change anything if Google also collects the CA CRLs and pushes them to the browser? Other than making revocations much more reliable.
As many others have pointed out, your scheme doesn't accomplish anything.
I think the real trick is to arrange things so that if the police ever confiscate your computer, they'll inadvertently destroy the data in the process. But you must be able to argue (successfully!) that your countermeasures were intended to defeat any sort of unauthorized access, rather than being targeted specifically at the police, and you must be able to explain in detail how the scheme worked and what the police did to destroy it. Even better if you can prove both that it worked before and that it now cannot work. Also, the scheme has to be easy enough to use that you can actually use it on a daily basis, and sufficiently robust against unexpected events that you don't lose your data all the time.
Tall order. Hmm.
Yeah, they don't care. You can play your stupid games in a jail cell while they wait. There's no time limit on contempt, so if you don't remember, that's fine, you'll just sit in jail literally the rest of your life.
I think you could make the argument that the punishment for contempt shouldn't greatly exceed the crime you were being charged with. It might therefore make sense to sit in jail for contempt rather than to divulge information which would prove you guilty of a more serious crime than the one you were charged with.
Fine, then encryption is tied to some physical object--like a smart chip that self-destructs. I wasn't proposing an idea, just curious to what extent the law is capable of dealing with the notion of encryption vis-a-vis the analogy to a physical safe.
If we theorize a self-encrypting drive which implements a self-destruct and can't usefully be ghosted (because the security chip containing the actual data encryption key can't be copied), then I'd say that if the cops tried to guess their way in and destroyed the data you'd be off the hook. If, however, you were ordered to hand over the password and gave them an incorrect one, causing them to trigger the self-destruct, then you'd be guilty of destroying evidence.
Encrypting seems to be indicative of guilt or the need to hide something. The presumption of innocence suddenly does not seem to apply.
I don't participate in any criminal activities, and have nothing to hide from the courts, but I routinely employ full-disk encryption on all of my computers. Why? Because while there is nothing I need to hide from the court system, there's plenty of private information on there, including personal documents, financial documents, medical documents, etc. Plus, encrypting everything is just good data hygiene.
So what you're saying is that the positions you're describing are typical commissioned sales jobs, but with higher stakes.
Many of those millionaire investment bankers aren't taking risks with their money.
I didn't say it was their money they were risking, I said it was their income/jobs. I understand your point that in some situations the commissions are essentially pre-paid, but how long does an investment banker who continues losing money keep getting paid?
I am not going to claim that malicious users can be prevented from doing any damage. All I am saying is that a malicious user's ability to do damage can be restricted in a well designed system.
+1
Most of my job as a security engineer is about devising and implementing countermeasures against malicious or stupid action by insiders. If you can defeat potentially-malicious insiders (while still enabling them to do their jobs), outsiders have no chance.
Awesome!
I'm totally biased when I say this, but engineers are one of the profession that's grossly underpaid and under-regarded. Some investment make millions just by moving some virtual values - usually worthless - left and right on a computer screens, while engineers responsible for the success of projects worth in the multi-billion "real dollars" range, or indirectly responsible for countless lives, struggle to get decent salaries and usually don't even come close to 6 digit figures.
I think you're comparing averages to outliers.
An analogous comparison would be to look at drama majors and assume they all make crazy money because A-list Hollywood actors are millionaires. There are large numbers of people who study finance and business -- and are good at it -- but who don't have the particular breed of genius mixed with insanity required to succeed in Wall Street, which is the pinnacle of that career field.
In my field, software, there are plenty of millionaire engineers, and a few billionaires. They made their money as much by luck, being in the right place at the right time with the right ideas, as by skill and hard work, but that's also true of the Wall Street types. Oh, and the software "outliers" have orders of magnitude more money than the Wall Street types.
Further, those millionaire investment bankers don't make money by just taking a nice, safe and predictable salary... their compensation is almost entirely performance-based, and the nature of their business is that performing well requires taking risks. If those risks don't pan out, they get very little and lose their jobs. Lots of people go that route and wash out, but we don't hear about them. The analogous sort in the software field is the guys who spend their careers in Silicon Valley, hopping from startup to startup, working insane hours for peanuts plus worthless stock, hoping that this time the stock becomes valuable. I don't know what the analogous risk-taking, shoot-for-the-moon career path looks like in, say, aviation engineering, but working for Boeing isn't it.
I think there are plenty of opportunities for engineers to make huge money by taking big risks. There are also plenty of opportunities for engineers to make a decent living working 40-50 hours per week, doing what they like, with a paycheck that shows up like clockwork. It's also important to keep in mind that the lower stress of the steady paycheck is also a form of compensation, and not a trivial one. It's huge if you want to have a family and to be involved in your kids' lives, for example.
If users have selected Bing or Yahoo! as their default search engine, are 404 correction queries still sent to Google?
Personally I like the Apple model most because as consumer I prefer an app crashing than becoming unresponsive or worse
As a consumer, I notice that I see far fewer unresponsive apps on my Nexus than I did with my iPhone 4. This is probably partly due to the fact that the Android OS is so quick to intervene and offer to forcibly close an app -- which turns an unresponsive app into a crash and would contribute to Android apps crashing more than iOS apps.
as developer I dislike having a jungle of try/catches.
Then structure your code so you don't have a jungle of try/catch blocks. If your exception handling code is complex, it's often a sign that the code in general is too complex and needs refactoring. It's a code smell.
I'll argue. J2ME barely shows in the smartphone market. Dumbphones aren't relevant to a conversation about platforms that support user-downloadable third-party applications.
The whole point of JME is to support user-downloadable third-party applications. JME was also supported on smartphones, for example on Symbian.
That may have been the whole point, but it's not what has happened, not in any big way. The market relevant to this conversation is led by Android, with iOS a close second, Blackberry third, Windows mobile a very distant fourth, and Symbian barely showing.
Killing premeditated and planned is murder. Accidental killing is manslaughter.
Manslaughter is unpremeditated but intentional killing. Think "heat of the moment".
There's another category in most jurisdictions, which is often called "negligent homicide", which is when you don't intend to cause death but do something that you know, or should know, could cause death.
Truly accidental killing isn't a crime at all, just a tragedy.
The "willful" part plays a huge role in most crimes, though.
In most jurisdictions, intent is an essential element of crime, except where specifically excluded. And you're right, the prosecution can and does prove intent beyond a reasonable doubt. Often.
Yeah, unfortunately some of their lofty ideals had dirty, dirty undertones, and we had to fight a war to sort those out. States Rights lost that war.
So, then, the Constitution was changed to reflect that?
Indeed it was. The 14th amendment empowered the federal government to restrain rights infringements by the states. That makes a lot of sense. The Civil War also stripped the states of one other right they thought they had, the right to secede but I think they actually have recovered that right, because I don't think we have the stomach for another Civil War.
However, what we've done since then is to further, and massively, increase the power of the central government, sometimes via constitutional processes (e.g. 16th and 17th amendments) but more often by stretching the language of the constitution beyond recognition (e.g. Commerce Clause) or by simply ignoring constitutional questions (c.f. Court Packing).
it's pretty generalistic when compared to market leader j2me(by numbers, don't argue)
I'll argue. J2ME barely shows in the smartphone market. Dumbphones aren't relevant to a conversation about platforms that support user-downloadable third-party applications.
thing is, what would be needed would be the option to allow/disallow actions when they happen(with "allow always" "allow for a day" etc options) - not at install time. and for example if it's sending a sms, show where it's sending it when asking for permission - and for each app there could be a option to view their security log from app manager.
I posit that would reduce security, not enhance it. It's difficult enough to convince users to take the time to read the permissions they're granting during installation. Later popups would quickly train users to just dismiss any security prompts, especially because they would come up at a moment when the user is, presumably, trying to actually accomplish something.
I do think there's room for improvement. I'm not sure what it would look like, though. Getting average, non-technical users to make informed, well thought-out security decisions is very hard. On the other hand, taking the decision away from the user is wrong.
The multi-level structures are usually called parking garages. It's possible they're called parking ramps somewhere in the country, though.
American: 'parking ramp'
Parking lot, actually.
I have a slashdot stalker!
Google Voice, is this for real? I've never called someone and had google voice answer (I use google voice, so I know it scares callers away, but I've never even heard what it says).
I don't think many Google Voice users have it do call screening. I know I don't.
Useful projects are the "bread" in "bread and circuses".
No, welfare programs are the "bread".
You can read RFID cards in peoples wallets at 30 ft with a transponder with higher send signal and a better antenna.
Depends on what you mean by "RFID". There are a bunch of different technologies that fall under that large umbrella, some active, some passive, some of the passive powered inductively, some via capacitance, with different antenna sizes, communicating on different frequencies, etc.
In the case of the ISO 14443-related technologies used by payment cards, no, you can't. Under laboratory conditions with specialized equipment you might be able to get 20 cm. Maybe. 10 cm is difficult. Under real-world conditions, with off-the-shelf readers, max range is about 2 cm.
Responsibility of challenging a law you deem bad doesn't mean just lying down and getting stomped on as a means to fight it. It also means fighting to win otherwise you're at the mercy of everyone else to do something instead of doing it yourself. We use the tools and methods at hand that work. If it means blowing off the feet of those trying to stomp you so be it.
The goal is to make of yourself a public example to show just how bad the law is. That means making sure that your violation of the law is as visible as possible, to ensure that you get caught, and admitting publicly and in court that you did it because you believe it's not wrong. Then, to make it really effective, you also need to get saddled with an egregiously unfair punishment to rouse public ire. You don't do that by fighting it.
Otherwise, it's not civil disobedience, it's just being a scofflaw. Or, in this case, justifying copyright infringement. If the truth is that you just want to get free music, hope not to get caught, and will weasel out of it any way possible if you do get caught, just say so.
Now, personally, I don't blame you a bit for downloading music illegally. I think the content owners have skewed copyright law so massively in their favor, and so thoroughly violated the underlying social contract, that there is no moral force behind their position, and I don't believe it is at all wrong to download their stuff illegally. Especially if you also try to find ways to compensate the actual artists, who we really do want to support. However, casting it as civil disobedience just devalues the meaning of the term unless you're actively seeking a confrontation with the record labels, and looking to get slammed hard by them as an example of how screwed up the system is.
That's be the best thing that could happen for Google+.
Yeah because the MBA types always move in lockstep herd-like mentality
Except that Google has vanishingly few MBA types, and basically none in any decision-making positions.