same for me with StarCraft... played a pirated copy for years and then bought it one day because I had the dosh and I wanted the books and to be able to play online if I felt like it (never have yet)
Then Blizzard became the ass of a company they are today.
"security through obscurity" is sometimes implemented in addition to authentication as part of "defense in depth"
an example of this (which fits the accepted meaning of "security by obscurity") is setting the "ServerTokens" directive in "/etc/apache2/conf.d/security" to "Prod" so as to hide the Apache version number in the default error pages... many webmasters do this, but only in addition to other security measures as required (not as their primary security measure). While not usually that much of an issue for up-to-date servers, setting "ServerTokens" to "Full" can help a potential hacker use exploits known for a version of Apache (a server in a datacenter might be updated on a schedule rather than whenever updates are released). If hackers can see your Apache version, they can look up the vulnerabilities for that version (below) and bust in.
What is the total time that people spend reviewing FOSS code?
probably nobody knows the answer to that question (I don't see any mathematics in it though), but I would guess that a lot more people have reviewed various aspects of the Linux kernel source than Windows kernel source, even solely from the point of view that Linux used in any critical task would probably require at least some review by any organization relying it (probably including NASA, DoD, Google, Red Hat, IBM, etc). Even aspects like competition with Windows and the controversy surrounding patents and copyright violation in the Linux kernel would have attracted eyeballs, with Microsoft most likely looking for bugs and exploits to use in smear campaigns. Then there is the embedded market, with set top box manufacturers likely having a squiz at aspects that affected the functionality of their hardware. The Linux kernel is probably the crowning achievement of the FOSS community because despite being free, it is worth so much to many organizations that depend on it that the many scrutinizing eyeballs on the Linux kernel are probably less interested in the kernel as a product itself, but as something that will cause significant grief (financial and otherwise) if it fails. Windows on the other hand presents a risk to any organization who selects it for a mission critical app because they can't inspect the source code and the organization has no control over it (whereas if a bug was found in the Linux kernel, its possible that an in-house patch could be "hacked" together to get things moving again.
What happens when code is so badly written that you can't effectively review it
When you can't review it, you test it, but I would never personally use code I couldn't understand. If it was the only code I could find that did what I wanted, I would probably spend the time reinventing the wheel. Having said that, if the code worked and was accessible, even if poorly presented you should still be able to read it. I would argue that the likelihood of there being code that couldn't be reviewed at all would be pretty slim (its just text). Even if I had to use one of those programs that improves presentation (puts line breaks after non-string semicolons or after "then" in the case of Pascal/Delphi etc), or I could roll my own if I didn't like any on the net. Poorly written code also probably wouldn't last long in a public FOSS project (sourceforge, github, google code, etc) in a team of programmers who actually gave a crap.
FOSS programmers review FOSS code, because it can improve their skills or can be used in their program (GPL code can be reused in other GPL projects), and there are a lot of FOSS programmers out there (look at the Debian package repository for example).
I think you are mistaking possibilities with realities
You're right, but there are for example lots and lots of eyeballs on the Linux kernel source. Also, at least FOSS has this possibility (and while not always being reality, it is sometimes).
Yes there can be profit in FOSS, but its not usually from the software itself (by definition "free" as in usually both "free beer" and "freedom"). Profit for companies dealing with FOSS is usually from selling boxed versions of the software, documentation or support contracts. The "features on demand" that you mentioned, if sold for profit, aren't really FOSS are they (even if the underlying application is FOSS).
Hacking has evolved beyond the original "tinkering" definition of yesteryear. It's now associated with unauthorized access.
From http://www.extremeprogramming.org/ "instead of delivering everything you could possibly want on some date far in the future [extreme programming] delivers the software you need as you need it". "Hacking something together and pushing it into production" might not adhere to all the rules of extreme programming, but I think it fits the extreme programming model well enough, particularly for in-house development where the customer and the developer both work within the same company.
As such is the opposite to engineering, which is about insure the results.
As long as any software produces the correct result, how it achieves it is usually of secondary importance. Many people with CS degrees focus too much on the "how".
i've already acknowledged multiple definitions of "obscurity".
at the end of the day though, the accepted industry definition only relates to the one I put forward, which is quite acceptable (it still fits into a definition, even if its not the one you like best).
That you can't understand that all security ultimately is based on something concealed is sad
but I do understand that security is based on something concealed. what i'm trying to get you to understand (among other people who have apparently also been wasting their breaths) is that "security by obscurity" has an accepted meaning, and that not all security measures fit that meaning
Obviously there is no such thing as 100% secure, and obviously passwords are meant to be concealed, but "security by obscurity" is when the concealment IS the security measure.
Password concealment is part of the authentication process, but if a user gives away their password (removing the concealment aspect) it doesn't necessarily make the system itself insecure (it just offers access to whatever that password permits). Even if I don't know a password, if I know that I require a password, the security measure isn't concealed or hidden, so its not considered security by obscurity.
Why do you think most systems (such as online banking) are usually authenticated using a username and password combination rather than a unique complex URL with no password protection? Why do you think credentials are never passed as GET parameters in a URL?
Security measures considered "security by obscurity" are the ones that are bypassed when the security measure itself is discovered. If you do some googling you'll see what I mean.
Biometrics isn't security by obscurity because the security measure is obvious, but knowing how the system is secured still requires the necessary credentials (the correct fingerprint). The person whose fingerprint is required might be sitting next to you such that their fingers are in plain sight (no obscurity even by your own definition), but unless they put their finger on the scanner, you're still no closer to getting in.
You can either accept that passwords aren't "security by obscurity" or you can't. Even if you can't, it doesn't mean you're going to change the generally accepted meaning. It just means when you use the term in discussion with other geeks, you'll wind up being ridiculed for not understanding it to mean what is generally accepted.
And the public wonders why most software is bug-ridden, badly designed shite
only a problem for software you pay good money for
with proprietary closed source software, users pay to become beta testers because not only are there less eyes on the source compared to the FOSS model, but closed source projects are run on unrealistic timelines and budgets. software companies make software to maximize profit, not to produce bug-free product. they do enough debugging to minimize complaints to a point where they can maintain their reputability, but no more. once the release date is reached, the product moves from development to sales, and the development team moves onto the next product.
FOSS is often a step behind, but that is because there is no such pressure to achieve marketing deadlines or breakeven, because there is no profit, but this also means that the programmers are free to take as long as they like to debug the software to their own satisfaction, and like any art or skill, programmers can be their own worst critics, particularly if they are developing software they wish to use themselves
I don't think I've ever come across an actual bug in a FOSS application because I stick with Debian Stable mostly (sometimes Testing), but even if a program misbehaved, I would be disappointed but given I paid nothing for it, I can't really complain that much. On the other hand, if I pay for a Windows game (Sim City 4 for example) and it crashes regularly on a newish machine and web searches don't reveal an answer (and the vendor's website is a useless piece of shit), I'm going to be pissed off for wasting my money.
In response to the OP, I don't have a CS degree but I develop software in my job (engineering), as well as at home. I must admit I've never debugged on paper before (is that what you meant by "prints"?). I usually just get a feature to a stage where I think it should work, and then I compile/test the crap out of it, finding/fixing bugs as I go. Its much more fun and practical than looking for bugs that might not exist on paper. Maybe its just because I'm not that old, but I couldn't even imagine debugging on paper.
I wouldn't call it "hacking" though. I think its actually called "extreme programming" or "agile software development".
open wifi + new p2p internet protocol with no dependence on any existing internet infrastructure or dns (no encryption required)
much more difficult to control if there's no obvious target
all it would take is an app for android and iphone that turns the phone into a wifi repeater, as well as a browser that uses a new protocol (developed by whoever makes the app first, but i would suggest simpler than the existing tiered tcp)
gateways to the internet could be through translator software (also from any terminal), and content would be immediately distributed when downloaded
to prevent bandwidth bottlenecks, the system could start off text only like the original interweb
i'm a bit confused about (multiple) slashdotters have somehow connected the possibility of man's "pigeonholing" of seasons being out of whack to the global warming debate. i guess it's related, but global warming/climate change actually had nothing to do with the intention of the OP.
not to say that the global warming/climate change debate isn't relevant, and it is interesting
i agree that global warming is a money-grabbing hoax, but it merely takes after a long history of similar money-grubbing endeavors. its also why the corporate sector is cheering, after putting in all sorts of government grant applications containing words like "green", "clean", "environmentally friendly", etc for development of products that have nothing to do with climate change or global warming but give companies a means to squander even more tax-payer money for their faithful shareholder friends
scientific methodology may be the right way, but it doesn't sell
as I’ve eluded to in other posts, allowing companies to freely chug out noxious fumes (CO, excessive amounts of CO2, NOx and SOx, amongst many others) into the air we breath isn't necessarily a good thing either (regardless of global warming/climate change). EPA limits are good, but they probably aren't tight enough and penalties for exceeding limits aren't enough to deter abuse or encourage investment in cleaner technology
i don't think its man-made. sort of like my sig says, just cos we reckon it should be cold in winter doesn't mean the actual climate/weather is going to behave that way. if trends are consistent, maybe a slight corrective recalibration of the seasons is in order?
but in any case i think the short term environmental effects will be negligible if any
but i think in the long run it will be better, not only for the environment, but for development of newer cleaner industries that will eventually supersede old technology that was previously cheaper before being taxed
no, I don't think the carbon tax in Australia has had any effect on CO2 output, but I don't believe that is its purpose
the carbon tax in Australia has little to do with climate change or global warming or CO2 as many people claim... all it does is put environmental impact into a corporate balance sheet
it simply makes more environmentally friendly technologies cheaper in the longer term and more polluting technologies more expensive in the longer term
its unfortunate that people get so fired up about the possibility of things costing more that they lose sight of the bigger picture and start looking for someone to blame
electricity bills in Australia will rise as a result of the carbon tax, but they would anyway (if not for a carbon tax, another excuse for raising prices would be found easily enough), but there is nobody forcing people to stick with their current electricity distributor, and there are other distributors (AGL for example) that will be less adversely impacted by the carbon tax due to less reliance on fossil fuel generation
it will also level the playing field a bit, making more environmentally friendly technologies that little bit cheaper relative to their hole-digging, smog-spewing relatives
its easy to think that Australia doesn't produce anywhere near as much pollution as countries like China, but according to http://en.wikipedia.org/wiki/List_of_countries_by_greenhouse_gas_emissions_per_capita each Australian produces on average 26 tonnes of emissions per year, whereas each Chinese produces a mere 4 tonnes. Australia is the 9th highest emitter of greenhouse gases per-capita in the world, so who do you think should show the initiative (Australia or China)?
mercury in the atmosphere? that one's new to me. I thought mercury was a heavy liquified metal, but I'm no chemist. mercury in the water table is definitely an issue in some places (gets into fish that’s eaten by people).
i don't think CO2 is a problem except excessive amounts that can cause thermal inversion around cities, but CO, NOx and SOx definitely are, and these should be the pollutants targeted in any solution. most farming may not produce dangerous atmospheric pollutants, but farming introduces other problems like soil erosion (removal of trees) and fertilizers getting into water supplies
the carbon tax imposed in Australia has been very unpopular, but the problem is if high per-capita polluters like Australia don't step up and take a leading role in environmental economics, countries with lower per-capita pollution but large populations (like China and India) will never feel any incentive to make the change. the US is another high per-capita polluter, and its a shame that there are only more localised solutions like the ETS in California. Congress should really be stepping up to the plate and having a hit as best they can rather than putting their hands in their pockets (or the pockets of their corporate campaign financiers).
lucky i'm not in a position where my opinion of anything related to weather or climate will get me fired. i'm employed for my ability to crunch numbers and check numbers crunched by my colleagues, as well as my programming and computer skills. i never heard of an engineer getting fired for commenting on the weather.
i agree, but not encouraging any improvement at all probably isn't great either. regardless of the global warming debate, its pretty hard to argue that more environmentally friendly processes wouldn't be a good thing.
measures with lesser economic impact might be the way to go, although for any actual implementation by the corporate sector, there must either be a cost saving by going green, or an additional cost for not going green. corporations only speak in dollars and cents, not common sense.
a security measure that presents a password prompt for authentication is a security measure that doesn't fit into the "security by obscurity" definition because the security measure itself is obvious. if on the other hand all you needed to know was a non-advertised URL (say) to get into the system, it would be considered "security by obscurity" because the system is still technically insecure
that you don't have the password to access a system doesn't make a password authentication security measure "obscure". there's nothing really obscure about it even in the normal definition (the word has multiple definitions, but one of them is (2) "not readily understood or clearly expressed" according to http://www.merriam-webster.com/dictionary/obscure
that you don't agree with the industry definition of "security by obscurity" is irrelevant, except that your apparent lack of understanding of it implies you don't work in the industry
arguing that your opponent is wrong merely because they don't have any evidence that you're wrong isn't much of an argument
btw, i meant a "hypothesis" is a statement of something yet to be proven, but i think a "thesis statement" probably has a similar meaning to most anyway
Slashdot Mirror
same for me with StarCraft... played a pirated copy for years and then bought it one day because I had the dosh and I wanted the books and to be able to play online if I felt like it (never have yet)
Then Blizzard became the ass of a company they are today.
i would be interested to know what photoshop can do that gimp can't
can you offer any examples?
you are obviously versed in both or you would be full of shit
can I get angry birds for linux?
wy wife bought my the windows version of angry birds, but my computer runs linux. wtf!?
i guess that's why women are from venus and men are from mars, though there are some people that come from uranus
you only go public when your desperate for cash anyway
in the US, it only depends on how good your lawyer is
every bit of hiding (obscuring) information helps
"security through obscurity" is sometimes implemented in addition to authentication as part of "defense in depth"
an example of this (which fits the accepted meaning of "security by obscurity") is setting the "ServerTokens" directive in "/etc/apache2/conf.d/security" to "Prod" so as to hide the Apache version number in the default error pages... many webmasters do this, but only in addition to other security measures as required (not as their primary security measure). While not usually that much of an issue for up-to-date servers, setting "ServerTokens" to "Full" can help a potential hacker use exploits known for a version of Apache (a server in a datacenter might be updated on a schedule rather than whenever updates are released). If hackers can see your Apache version, they can look up the vulnerabilities for that version (below) and bust in.
http://httpd.apache.org/security/vulnerabilities_20.html
What is the total time that people spend reviewing FOSS code?
probably nobody knows the answer to that question (I don't see any mathematics in it though), but I would guess that a lot more people have reviewed various aspects of the Linux kernel source than Windows kernel source, even solely from the point of view that Linux used in any critical task would probably require at least some review by any organization relying it (probably including NASA, DoD, Google, Red Hat, IBM, etc). Even aspects like competition with Windows and the controversy surrounding patents and copyright violation in the Linux kernel would have attracted eyeballs, with Microsoft most likely looking for bugs and exploits to use in smear campaigns. Then there is the embedded market, with set top box manufacturers likely having a squiz at aspects that affected the functionality of their hardware. The Linux kernel is probably the crowning achievement of the FOSS community because despite being free, it is worth so much to many organizations that depend on it that the many scrutinizing eyeballs on the Linux kernel are probably less interested in the kernel as a product itself, but as something that will cause significant grief (financial and otherwise) if it fails. Windows on the other hand presents a risk to any organization who selects it for a mission critical app because they can't inspect the source code and the organization has no control over it (whereas if a bug was found in the Linux kernel, its possible that an in-house patch could be "hacked" together to get things moving again.
What happens when code is so badly written that you can't effectively review it
When you can't review it, you test it, but I would never personally use code I couldn't understand. If it was the only code I could find that did what I wanted, I would probably spend the time reinventing the wheel. Having said that, if the code worked and was accessible, even if poorly presented you should still be able to read it. I would argue that the likelihood of there being code that couldn't be reviewed at all would be pretty slim (its just text). Even if I had to use one of those programs that improves presentation (puts line breaks after non-string semicolons or after "then" in the case of Pascal/Delphi etc), or I could roll my own if I didn't like any on the net. Poorly written code also probably wouldn't last long in a public FOSS project (sourceforge, github, google code, etc) in a team of programmers who actually gave a crap.
FOSS programmers review FOSS code, because it can improve their skills or can be used in their program (GPL code can be reused in other GPL projects), and there are a lot of FOSS programmers out there (look at the Debian package repository for example).
I think you are mistaking possibilities with realities
You're right, but there are for example lots and lots of eyeballs on the Linux kernel source. Also, at least FOSS has this possibility (and while not always being reality, it is sometimes).
Yes there can be profit in FOSS, but its not usually from the software itself (by definition "free" as in usually both "free beer" and "freedom"). Profit for companies dealing with FOSS is usually from selling boxed versions of the software, documentation or support contracts. The "features on demand" that you mentioned, if sold for profit, aren't really FOSS are they (even if the underlying application is FOSS).
Hacking has evolved beyond the original "tinkering" definition of yesteryear. It's now associated with unauthorized access.
From http://www.extremeprogramming.org/ "instead of delivering everything you could possibly want on some date far in the future [extreme programming] delivers the software you need as you need it". "Hacking something together and pushing it into production" might not adhere to all the rules of extreme programming, but I think it fits the extreme programming model well enough, particularly for in-house development where the customer and the developer both work within the same company.
As such is the opposite to engineering, which is about insure the results.
As long as any software produces the correct result, how it achieves it is usually of secondary importance. Many people with CS degrees focus too much on the "how".
at the end of the day though, the accepted industry definition only relates to the one I put forward, which is quite acceptable (it still fits into a definition, even if its not the one you like best).
That you can't understand that all security ultimately is based on something concealed is sad
but I do understand that security is based on something concealed. what i'm trying to get you to understand (among other people who have apparently also been wasting their breaths) is that "security by obscurity" has an accepted meaning, and that not all security measures fit that meaning
Obviously there is no such thing as 100% secure, and obviously passwords are meant to be concealed, but "security by obscurity" is when the concealment IS the security measure.
Password concealment is part of the authentication process, but if a user gives away their password (removing the concealment aspect) it doesn't necessarily make the system itself insecure (it just offers access to whatever that password permits). Even if I don't know a password, if I know that I require a password, the security measure isn't concealed or hidden, so its not considered security by obscurity.
Why do you think most systems (such as online banking) are usually authenticated using a username and password combination rather than a unique complex URL with no password protection? Why do you think credentials are never passed as GET parameters in a URL?
Security measures considered "security by obscurity" are the ones that are bypassed when the security measure itself is discovered. If you do some googling you'll see what I mean.
Biometrics isn't security by obscurity because the security measure is obvious, but knowing how the system is secured still requires the necessary credentials (the correct fingerprint). The person whose fingerprint is required might be sitting next to you such that their fingers are in plain sight (no obscurity even by your own definition), but unless they put their finger on the scanner, you're still no closer to getting in.
You can either accept that passwords aren't "security by obscurity" or you can't. Even if you can't, it doesn't mean you're going to change the generally accepted meaning. It just means when you use the term in discussion with other geeks, you'll wind up being ridiculed for not understanding it to mean what is generally accepted.
only a problem for software you pay good money for
with proprietary closed source software, users pay to become beta testers because not only are there less eyes on the source compared to the FOSS model, but closed source projects are run on unrealistic timelines and budgets. software companies make software to maximize profit, not to produce bug-free product. they do enough debugging to minimize complaints to a point where they can maintain their reputability, but no more. once the release date is reached, the product moves from development to sales, and the development team moves onto the next product.
FOSS is often a step behind, but that is because there is no such pressure to achieve marketing deadlines or breakeven, because there is no profit, but this also means that the programmers are free to take as long as they like to debug the software to their own satisfaction, and like any art or skill, programmers can be their own worst critics, particularly if they are developing software they wish to use themselves
I don't think I've ever come across an actual bug in a FOSS application because I stick with Debian Stable mostly (sometimes Testing), but even if a program misbehaved, I would be disappointed but given I paid nothing for it, I can't really complain that much. On the other hand, if I pay for a Windows game (Sim City 4 for example) and it crashes regularly on a newish machine and web searches don't reveal an answer (and the vendor's website is a useless piece of shit), I'm going to be pissed off for wasting my money.
In response to the OP, I don't have a CS degree but I develop software in my job (engineering), as well as at home. I must admit I've never debugged on paper before (is that what you meant by "prints"?). I usually just get a feature to a stage where I think it should work, and then I compile/test the crap out of it, finding/fixing bugs as I go. Its much more fun and practical than looking for bugs that might not exist on paper. Maybe its just because I'm not that old, but I couldn't even imagine debugging on paper.
I wouldn't call it "hacking" though. I think its actually called "extreme programming" or "agile software development".
http://en.wikipedia.org/wiki/Extreme_programming
open wifi + new p2p internet protocol with no dependence on any existing internet infrastructure or dns (no encryption required)
much more difficult to control if there's no obvious target
all it would take is an app for android and iphone that turns the phone into a wifi repeater, as well as a browser that uses a new protocol (developed by whoever makes the app first, but i would suggest simpler than the existing tiered tcp)
gateways to the internet could be through translator software (also from any terminal), and content would be immediately distributed when downloaded
to prevent bandwidth bottlenecks, the system could start off text only like the original interweb
futurlec or sparkfun... all sorts of cool geek gadgets there, even if you're completely incompetent with a soldering iron, like me
if you can't see the circuit boards, its just not cool
i'm a bit confused about (multiple) slashdotters have somehow connected the possibility of man's "pigeonholing" of seasons being out of whack to the global warming debate. i guess it's related, but global warming/climate change actually had nothing to do with the intention of the OP.
not to say that the global warming/climate change debate isn't relevant, and it is interesting
i agree that global warming is a money-grabbing hoax, but it merely takes after a long history of similar money-grubbing endeavors. its also why the corporate sector is cheering, after putting in all sorts of government grant applications containing words like "green", "clean", "environmentally friendly", etc for development of products that have nothing to do with climate change or global warming but give companies a means to squander even more tax-payer money for their faithful shareholder friends
scientific methodology may be the right way, but it doesn't sell
as I’ve eluded to in other posts, allowing companies to freely chug out noxious fumes (CO, excessive amounts of CO2, NOx and SOx, amongst many others) into the air we breath isn't necessarily a good thing either (regardless of global warming/climate change). EPA limits are good, but they probably aren't tight enough and penalties for exceeding limits aren't enough to deter abuse or encourage investment in cleaner technology
i don't think its man-made. sort of like my sig says, just cos we reckon it should be cold in winter doesn't mean the actual climate/weather is going to behave that way. if trends are consistent, maybe a slight corrective recalibration of the seasons is in order?
actually i think the carbon tax is yet to be imposed - July 2012 according to http://www.carbontax.net.au/
but in any case i think the short term environmental effects will be negligible if any
but i think in the long run it will be better, not only for the environment, but for development of newer cleaner industries that will eventually supersede old technology that was previously cheaper before being taxed
cool. didn't know about that. thanks for the link too.
no, I don't think the carbon tax in Australia has had any effect on CO2 output, but I don't believe that is its purpose
the carbon tax in Australia has little to do with climate change or global warming or CO2 as many people claim... all it does is put environmental impact into a corporate balance sheet
it simply makes more environmentally friendly technologies cheaper in the longer term and more polluting technologies more expensive in the longer term
its unfortunate that people get so fired up about the possibility of things costing more that they lose sight of the bigger picture and start looking for someone to blame
electricity bills in Australia will rise as a result of the carbon tax, but they would anyway (if not for a carbon tax, another excuse for raising prices would be found easily enough), but there is nobody forcing people to stick with their current electricity distributor, and there are other distributors (AGL for example) that will be less adversely impacted by the carbon tax due to less reliance on fossil fuel generation
it will also level the playing field a bit, making more environmentally friendly technologies that little bit cheaper relative to their hole-digging, smog-spewing relatives
its easy to think that Australia doesn't produce anywhere near as much pollution as countries like China, but according to http://en.wikipedia.org/wiki/List_of_countries_by_greenhouse_gas_emissions_per_capita each Australian produces on average 26 tonnes of emissions per year, whereas each Chinese produces a mere 4 tonnes. Australia is the 9th highest emitter of greenhouse gases per-capita in the world, so who do you think should show the initiative (Australia or China)?
mercury in the atmosphere? that one's new to me. I thought mercury was a heavy liquified metal, but I'm no chemist. mercury in the water table is definitely an issue in some places (gets into fish that’s eaten by people).
i don't think CO2 is a problem except excessive amounts that can cause thermal inversion around cities, but CO, NOx and SOx definitely are, and these should be the pollutants targeted in any solution. most farming may not produce dangerous atmospheric pollutants, but farming introduces other problems like soil erosion (removal of trees) and fertilizers getting into water supplies
the carbon tax imposed in Australia has been very unpopular, but the problem is if high per-capita polluters like Australia don't step up and take a leading role in environmental economics, countries with lower per-capita pollution but large populations (like China and India) will never feel any incentive to make the change. the US is another high per-capita polluter, and its a shame that there are only more localised solutions like the ETS in California. Congress should really be stepping up to the plate and having a hit as best they can rather than putting their hands in their pockets (or the pockets of their corporate campaign financiers).
lucky i'm not in a position where my opinion of anything related to weather or climate will get me fired. i'm employed for my ability to crunch numbers and check numbers crunched by my colleagues, as well as my programming and computer skills. i never heard of an engineer getting fired for commenting on the weather.
i agree, but not encouraging any improvement at all probably isn't great either. regardless of the global warming debate, its pretty hard to argue that more environmentally friendly processes wouldn't be a good thing.
measures with lesser economic impact might be the way to go, although for any actual implementation by the corporate sector, there must either be a cost saving by going green, or an additional cost for not going green. corporations only speak in dollars and cents, not common sense.
a security measure that presents a password prompt for authentication is a security measure that doesn't fit into the "security by obscurity" definition because the security measure itself is obvious. if on the other hand all you needed to know was a non-advertised URL (say) to get into the system, it would be considered "security by obscurity" because the system is still technically insecure
that you don't have the password to access a system doesn't make a password authentication security measure "obscure". there's nothing really obscure about it even in the normal definition (the word has multiple definitions, but one of them is (2) "not readily understood or clearly expressed" according to http://www.merriam-webster.com/dictionary/obscure
that you don't agree with the industry definition of "security by obscurity" is irrelevant, except that your apparent lack of understanding of it implies you don't work in the industry
arguing that your opponent is wrong merely because they don't have any evidence that you're wrong isn't much of an argument
btw, i meant a "hypothesis" is a statement of something yet to be proven, but i think a "thesis statement" probably has a similar meaning to most anyway
there also appears to be a glaring omission of any evidence to prove they are right
a thesis is merely a statement of something yet to be proven
nobody ever got fired for buying microsoft products either
i'm pretty sure the stargate in antarctica was destroyed by the borg