Yes but you can perform a transformation to translate from one reference frame to another, and while the universe may not give special meaning to any particular reference frame, there's nothing stopping us from doing so. So in theory you can define a "universal" time if you want.
Similar to choosing where to place the origin on a sheet of graph paper. It doesn't really matter where you put it (mathematically at least) but once its there you have a perfectly meaningful "universal" point of reference to use when describing the positions of other objects.
The trouble of course is computing the transformation parameters with enough accuracy to matter, which I'm assuming is implausible on our not-mathematically-perfect planet.
Hopefully prior to that, you would have gotten a weekly (if not daily) warning on your cell phone that your taillight is out. That would remove ignorance of the issue as an excuse, and it would help people like me who legitimately don't notice shit like that 90% of the time. The only time I'd notice a taillight out is if I was reversing in near-darkness for some reason.
I don't know why not.. I mean there should be lots of geologic-timescale events in the past few decades to compare.
And that's ignoring the fact that while the earth has certainly been hotter in the past, the speed of increase over the past 100-150 years is, as far as we know, entirely unprecedented.
So yeah. Should be simple to find examples of similar occurrences.
Tell that to the more than 50,000 veterans who are still suffering from Agent Orange exposure.
Yeah I realized I should have explicitly stated "in this context" after I hit the Submit button. Pretty much a guarantee that somebody on Slashdot will fill in between the lines when there's nothing there to be read. Obviously it matters to those directly affected by it.
My point was that in the greater context, the world has decided that its nasty shit that shouldn't be sprayed anymore and put the issue to rest. Which isn't to say we shouldn't be vigilant for the next horrific action that somebody pulls off, but using events that old for anything other than teaching us to try not to repeat them is just grudge-holding.
Why are all these "pro-Science" people so horrible at basic arithmetic? Agent Orange was used (and manufactured) until at least1971. Is that really "70 years ago" according to your Science?
I'm not sure why you're bothering to equate math and science (though given your capital S I can take a guess..)
But aside from your hyperbole, I admit I was less clear on this one. The 70 years was an (approximate) reference to when AO was created rather than when it was last used. But since I was arguing that Monsanto's people in charge (and probably all of their other employees) have almost assuredly changed since that contract was signed, it seems like the more relevant date.
Everything a company does is "under contract". What do you think that even means?
It means that there's a difference between "here's a giant bunker full of money if you do something evil" and "I'm going do something evil because I feel like it."
And no, not everything a company does is under contract. Most successful companies perform their own R&D to create or improve products and services without waiting around hoping for someone to tell them what they should make next.
Remember this: When the US Government wanted the nastiest, most deadly chemical possible, who did they call? Monsanto exceeded the wildest hopes for deadliness, manufacturing 20,000,000 gallons of the stuff.
I'm sure they called every other company they thought would have the capability of delivering as well. The fact that Monsanto got the contract is a matter of history, not fate. If Monsanto had failed to deliver for whatever reason, we'd just be bitching about the next company on their Rolodex. Unless you can find some evidence that every other company pulled out for ethical reasons or something similar, there's simply no reason to single out Monsanto as anything but the "lucky" winner of the bid.
And do you really think that was the last deadly poison Monsanto made?
No. I'm sure they make thousands of deadly poisons. Most of them are useful for various industrial processes.
I can't begin to guess whether Monsanto knew at the time that their chemical was going to be used for warfare (probably could have at least guessed given the buyer and quantity if they weren't outright told..) I don't know whether Monsanto or anyone in the government expected the human toll of the chemical (it was designed to kill plants after all..) I'm guessing they probably had a pretty good idea of that by 1971 of course, but when they first developed it? Hard to say. Obviously at the very least there was some serious negligence in the safety testing if it wasn't explicitly meant to be toxic to humans, but negligence isn't necessarily evil in itself.
Overall though, my point is that focusing unnecessary rage on one specific company really isn't beneficial to yourself or the world as a whole. There's lots of shitty companies out there, and it was so long ago that Monsanto is effectively a different company today than it was 70 (or even 40) years ago. Should we just trust Monsanto then? Hell no! But neither should we distrust them any more than we distrust any other company of their size. All companies have to potential to be evil when there's enough money involved.
A better model would be random partial replication between servers.
Not sufficient. My on-ramp server could potentially edit my post before passing it on for replication. I'm not sure if this is solved by your later comment about putatively authoritative servers or if that one only applies between the replication servers? I don't know enough about the iApple model to judge this one here.
It also requires a level of cooperation that's unlikely between competing players. I have little doubt that had usenet been created today that it would be a boxed-in system with a few large competing players each running their own newsgroups rather than the flood fill model it currently enjoys.
This interferes with the "I want to be able to unsay stupid stuff"/"I want to be able to use the server while high or drunk and fix it later" feature
No it doesn't. If the protocol includes a "delete message X" command and all of the replicating servers are honest, then the problem is solved (and essentially all of the servers would need to be honest -- at least in terms of the public-facing view of my profile -- or they'd face their own pressure to shape up under threat of being dropped from the replication pool by the other servers.)
But it solves the "domain name hostage" problem for profiles.
Again, its likely a "delete entire profile" command would be built into the protocol. Though in this case the pressure against servers would be to NOT to something evil like pass an unrequested delete around for replication, so you are correct that it should mostly solve the problem over the long term.
You're being disingenuous, or intentionally obtuse.
Intentionally obtuse. The only difference between putting my rant on a server I host and a server Facebook hosts is that I don't have to deal with someone else' system and ToS and such. It doesn't make one scrap of practical difference in the world if my url is www.thisiswhereirant.com or www.facebook.com/thisiswhereirant. Well OK, one difference. FB gives me a little bit of exposure that I wouldn't have on my own site (via friend-of-friend linking.)
That more of a consequence of the inability of the journalists to classify it
What? I'm pretty sure someone could have come up with "impermanent social media" if the permanence aspect was something anyone cared about in relation to the term "social media." But they don't.
I'm starting to wonder if you're interpreting "social" as in "socialism" rather than as in "socializing." That would explain a lot. Most people (myself included) think about the latter when they discuss "social media" though.
I think I pretty much want to out Bob as a Nazi everywhere.
Ok so your next post is "Bob's a Nazi jerk so I defriended him and you all should too!" Right after defriending him. Wow. That was hard.
If you want to take on a dedicated mission against Bob well then you're welcome to do that, but that's going well beyond the scope of social media and into the realm of maybe you being a bit crazy as well.
Younger users accept *all* friend requests. If it turns out they don't like what the person is saying or doing, they "unfriend" them later.
And that invalidates my argument exactly how? At the end of the day, the jerk is still not a friend (in either the real life or social media sense of the term.)
I think you haven't been following the whole GamerGate sock puppet situation very closely.
Again, that's relevant exactly how? Just because an ingrained problem happened to be exposed via a particular medium doesn't mean its intrinsically tied to that medium. Sexism was alive and well in gamer culture long before anybody made the first terrible post.
Once you are inside the web of trust, you're inside, and even if someone wants to not hear from you
That's what defriend and ignore are for. Bob might still be in my friend-of-friend "web" and perhaps you'll still see the things I post on their wall (or equivalent) but I don't have to see any of Bob's rants myself. If my (remaining) friends want to continue seeing Bob then that's up to them.
This is, in fact, precisely how the TOR network had been infiltrated by various third parties: peer-of-peer implied trust relationships.
Again, not sure what this has to do with anything. The fact that the TOR design turned out to have flaws doesn't mean they can't be corrected.
It also has little bearing on a decentralized social network unless that network piggybacks on the TOR protocol or intentionally makes the same mistakes TOR did.
Finally keep in mind that while the profile itself would need to rely on a computer-to-computer web of trust, what you as a person actually see would be based on your friends list and associated preferences. Bob's profile may well be stored on your computer as part of the protocol but that doesn't mean it ever has to be visible to you. Once you defriend him it just becomes another anonymous profile that you're only storing for the sake of decentralization.
And when you're getting 10,000 of these "friend" requests daily? Even if you never hear from any specific one again that's a hell of a lot of BS to wade through if you're doing it manually.
You can argue about how transparent the algorithms "should" be or what particular algorithms to use or other technicalities, but its pretty hard to argue that you don't need them at all given that we know spammers and trolls exist and aren't going away any time soon.
Right. And if the second factor is a fingerprint, having my fingerprint only means that you've cloned my fingerprint (or cut off my finger.) It doesn't prove that you are me.
The idea isn't to guarantee perfect security (that's impossible.) The idea is to provide a minimal level of guarantee.
In this case, its very unlikely that you both know my password AND have grabbed my keyfob, unless I've specifically allowed you to do so. You can lose a keyfob sure. But that by itself tells you nothing.. not even what account its for generally and sometimes not even what site/program.
Similarly you can have your password stolen (keylogger or whatever) but without the keyfob, that password is similarly useless.
Hence two factor -- one factor is something you know (the password) and the other factor is something you have (the fob.) Either one could be obtained by an attacker with (relative) ease, but BOTH being obtained at the same time is fairly unlikely.
And shame on you for wanting to known if the food you eat has been licensed from the company that invented Agent Orange and dioxin, right? I mean, stupid people...
Actually, that is pretty stupid. AO was 70 years ago, almost certainly made under the reign of a completely different set of directors and C?Os, and made under contract (as in, has fuck all to do with their regular commercial operations in the first place.)
One mistake (especially one that only turns out to be a mistake in retrospect) does not define a company with the size and history of a Monsanto. Pretending that something they did three quarters of a century ago has any bearing on their modern operations is just silly.
Which isn't to say you shouldn't hate their modern operations if you take a dislike to them.. but we're around 5-6 decades past where its meaningful to bring up AO anymore, if it ever was.
In particular, a negative result doesn't rule out the possibility that the dark photons could exist with other properties that the experiment didn't test.
And you fail your check when I use Correct instead of correct.. or corr3ct.. or whatever. That adds a LOT of complexity to the basic 4^10k. Throw in variable punctuation and spacing and things start looking a little uglier to an attacker.
And yes, 16 completely random characters is probably still harder to crack, but how many people use completely random characters? How many people would be able to remember their passwords even if they did make such a one? And if you're using a password program rather than trying to remember it, you may as well make it 64 completely random characters cause why not.
There's a tradeoff between perfect security and practical security. You can't just assume that because your favorite scheme is 10 or 100 or 10^100 times more secure than the one that's currently in use that anyone's actually going to switch if it means an enormous amount of extra work on the part of the users.
That's where trusted authorities and public key encryption comes into play. The trusted authority essentially acts as the "different means."
Of course its still susceptible to MITM if the attacker can get between you and the point where the data transmission splits off between the CA and the destination site (and of course are already in place at the time you register with the CA and have the private key on the wire.)
Not impossible, but also pretty difficult to achieve since it usually means physical access to something relatively local to the sender. At least until the ISPs themselves become the MITM attacker (which is becoming more and more probable unfortunately in the modern age of Orwellian surveillance attempts.)
Of course yes, the most obvious solution is to just pass the key over a different communications channel. But nothing is ever absolutely secure. If you meet the person face-to-face to exchange the secret, you have no guarantee that he isn't in collusion with or coerced by an attacker, or won't be at some point in the future.
The only way to be 100% sure that a secret is safe is to keep it in your head (don't even write it out or save it to your hard drive!) At least until we figure out mind-reading devices. But most secrets need to be shared with someone to be useful so that's not always a plausible solution.
Not exactly true. It can to be a secret that the user themselves don't know. Many (most? all?) keyfobs work that way. The fob itself has a secret that only it and the fob provider know. And in particular, its a secret that you as the fob user doesn't know.
That's a long time in the coming. Screwing around with a keyfob or other physical item is a pain in the ass. Sometimes a worthwhile pain in the ass, but enough of one that "everywhere" is going to be a stretch.
Unless they can make the second factor an intrinsic value (that is, something built into the computer or the OS that could be passed without the user having to physically do much.)
It wouldn't even be all THAT hard to do, but it pretty much means having to set up some sort of certificate system which requires CAs and whatnot and figuring out how to decide they're trusted and the such.
For example when Windows is installed, it generates a certificate and registers the public key with MS. When a website wants authentication it has to go ask MS for the public key. They then send you a token that you encrypt with your private key and send back as the second factor.
Have an easy-to-use system (preferably client-to-client directly to limit MITM attacks) to clone your certificate between your various devices and you have a fairly decent second factor without too much hassle for the user.
The hard part is getting everyone to agree on how to do this. Its not going to work if my Windows machine uses a different authentication system than my iPhone which uses a different system than my Nexus tablet. It would have to be standard across _all_ devices.
No.. CAPTCHA is a concept. Several specific CAPTCHA algorithms have been broken over the years, but new ones come to take their place.
Image-based CAPTCHAs (that is, stored images not ones that are generated on-the-fly) are trivially broken by building a database of them and solving them. Of course building such a database without being detected is the tricky part -- you can't just spam Recaptcha's server with 100 million requests and not raise some flags. The best / hardest to detect I've heard about is getting an MITM installed on a legitimate website and then when (real) users solve (real) captchas, you fire the answer back to your database. That's probably what you mean by the "trickle" you mentioned above (or something similar to it.)
Algorithmic image creation (ie: create a random string of letters/digits and then muck it up to make it hard for OCR software to read) is a lot more secure.. but at the same time its also a lot harder for a human user to successfully answer. Some of them get so bad that you can't even tell that they ARE letters never mind which ones.
Recaptcha (being pretty much the biggest third-party captcha provider out there) is interesting in the sense that they mix multiple algorithms. They use stored images.. they use generated images.. their generated images are obscured using multiple algorithms.
Sure adding an additional algorithm is only a linear complexity increase, but if you go from say 1 algo to 3 algos, you've dropped an attacker's chances of success by 66% (unless one of your algos is trivially breakable but we'll assume you know what you're doing when you introduce a new one.) That's not insignificant even if its only linear. And I'm pretty sure Recaptcha is up to a dozen or more different obscuring techniques.
It's only useful for web based logins, yes?
No, its useful any time you need to distinguish a real person from a machine attacker (in principle at least.) There's just very little need to make that distinction in most offline software. And of course you need to have at least the ability to pass images in order for a captcha to work at all, so you couldn't add a captcha to say telnet, which is intrinsically a text-based protocol.
As long as your DB is connected to any network in any fashion, its susceptible to cracking. You can't possibly know what new attack vectors may arise. And even if you somehow manage to guarantee 100% security in your software (which is frankly unlikely to the point of impossible -- software is hard!) you still can't guarantee that some human participant won't either go rogue or screw up, allowing access to the DB that doesn't require _any_ technological cracking.
The only way to completely lock down a computer is to keep it shut off in a vault that literally nobody can open. But of course that also makes it no more useful than a rock.
As for web dev's comprehension of security.. again, software is hard. When they say its "secured" what they mean is "I can't think of a way in." But of course that's a totally irrelevant metric because they aren't the attacker.
And that fact applies to everyone, up to and including the most experienced security researcher in the world, because of the obvious fact that if they could think of a way in, they'd patch it. Its always the ones you don't think of that get you.
No matter how smart you are, there will be a maximum program size you hit before the complexity overwhelms you and you have to internally abstract things, and every abstraction is a potential security hole that you may or may not ever consider. Never mind relying on third party libraries or for that matter the security of the hardware layers.
We've definitely come up with some best practices, and its no secret that there are loads of people who don't know, don't care, or don't have the time to implement the best practices.. but all the best practices in the world don't solve the problem of program complexity exceeding (full) human comprehension.
Welcome to America. Big Brother is watching you. Anything you put on the network is insecure.
So? Unless my family or my boss has become a super cracker when I wasn't looking, that's pretty much irrelevant. The only organization people really care about privacy from and who simultaneously has the tools to disrupt that privacy is the government. And lo and behold, we're seeing all sorts of stink being raised about PRISM and associated invasions of privacy.
"Insecure" only matters if it fails to be secure against the people you don't want to see it. Yes, for national security and banking information and other such high-profile data that list of people is essentially "everyone," but the bar is a hell of a lot lower when it comes to pictures of drunken frolicking. Unless you're in or planning to run for office but that's not most people.
Most people believe in personal gods who give a shit about their sex lives, too. What "most people" think is irrelevant, and invoking them is fallacious.
Its fallacious for creating laws that (theoretically) affect all people equally. Its perfectly valid for creating a business model where you only care about the largest target audience (which will generally not be "everyone" unless you have one hell of an awesome business.)
That sounds like a business opportunity to me.
Sounds like a business opportunity to many people, and there's all sorts of places that will build you a web site. But guess what? They charge money. And that gets back to most people not caring (or at least not caring enough.)
Which is why Facebook and similar work so well -- they're essentially giving you a framework to publish.. whatever.. on the web without having to build your own website (or pay to have it done.. at least not directly.)
But as soon as that becomes easy to do, all the troll and assholes start coming out of the woodwork. So you need a way to filter them out.. and eventually there's so many of them that doing it manually is impractical.. so then you need algorithms.. and then we're back where we started anyway.
You're acting like a social network is a web site. It's not, it's a fabric. If you want to be able to do this type of editing, fine, put up a web page, but don't try to pretend that you posting something that makes you look like an asshole, and then me commenting on it, calling you out for being an asshole, and then you changing the original posting so that it looks like I'm the asshole for engaging in an ad hominim attack, is somehow OK.
I'm not sure how this relates to anything, or how "put up a webpage" makes any sense at all (every social media site I've heard of uses a webpage of sorts..)
There's nothing about "social media" that says "permanence." Snapchat for example does the exact opposite of permanence and automatically deletes things for you. It still falls under the label "social media" though. Social media is not a history, its a communication tool. Some communication is more permanent than others to be sure, but permanence is not a defining quality.
I can't just erase our shared context from my memory, if I decide Bob is a Nazi after the fact.
No, but you can go ahead and not tell all your friends that Bob's a great guy and cut him out of your life. I'm not sure how any of that has anything to do with any specific communication tool though. The internet does not work like a human brain, for better or worse.
Am I just supposed to "de-friend" everyone?
Or you could just you know, put Bob himself specifically on ignore or whatever equivalent exists. Sure he might still show up in your friends-of-friends lists but he shouldn't be able to shower your wall with hate speech (though again, you should really be questioning your associations if your "real" friends are perfectly OK with Bob's rants.)
By allowing the rewrite of history (discussed earlier), you remove the need for the social lubricants of politeness, civility, and (possibly pretend) rationality, which are required in real-world interactions.
Except this is explicitly a network of "friends." If you don't like someone, don't friend them. That solves the troll problem in all but the worst cases (which would be the equivalent of a real-world stalker.) And even then, the worst they could do would be spam you with friend requests which you could ignore.
Them looking up your (public!) postings does NOT necessarily mean you have to return the favor.
You seem to have this impression that social media is (or should be) some sort of historical record of fact that just isn't an intrinsic part of the medium. In fact its intrinsically not a part of the medium. Social media is about communication, not about history.
Posting a few examples of obvious combinations does not preclude the existence of non-obvious combinations. Especially if you expand your definition of patents to all patents rather than being limited to software patents (which have a very poor history of failing the obviousness claim even if you ignore all of the "X on a computer but otherwise unchanged"-type patents.)
And yes. Including a library in a program should have a predictable result. The part that could potentially be non-obvious is deciding to include that specific library in the first place. This is again a pretty poor example though as the fact that a library already exists means that its meant to be included in programs. Software in general is really not the place to find truly innovative A+B+C ideas, since in most cases if A+B and C exist independently and they're useful together, chances are many places are already using them as independent entities and yes its then obvious to combine them into a single software package. It would have to be tremendously off-the-wall for an A+B+C type idea to actually be new in the software world given a pre-existing A+B and a pre-existing C.
But how about a piece of wire and a small glass vase? Those "obviously" go together, don't they? Well its a little more obvious if you already know what a light bulb is than if you're just looking at a couple of random things on your work bench. But we certainly knew what wire was and we certainly knew how to blow glass before Edison (*cough*) figured out how to put them together in the right manner.
Who would have thought that SMS-length text messages would be useful to anyone outside of ancient cell phones? Well, Twitter did. They're not particularly small or unknown. I have no idea if they actually tried to patent anything.. but its certainly not obvious to limit message sizes so much on a medium where walls of text with embedded movies and whatever else is commonplace.
That's still a huge difference. I can educate myself to see through the manipulation. I have no defense against someone with more guns than me telling me what to do or else. We have a choice and the fact that we let ourselves be manipulated says more about the human condition than it does about democracy.
The North Korean peoples' only choices are a) live with it, b) die to it or c) try to escape from it, which I'm guessing ends up as (b) more often than not. For obvious reasons, we only hear from the ones who didn't die during their escapes and NK certainly isn't about to release information on failed attempts any time soon.
now regret to the point that you're willing to rewrite history
And this is bad how? Its your history. If you post something and a week later you decide it probably shouldn't be public knowledge, who really cares if you take it down? Its not like you (for most values of "you" at least) are the sole historian of an important event or other politically-charged information.
Hell.. its your own page.. does it matter if you just write complete BS in the first place?
I'm also not sure I'd be comfortable with some types of content showing up in "my feed", particularly content that happens to be illegal in my jurisdiction. I certainly don't want... able to post Nazi propaganda into Germany,...
So don't be friends with people who would do that. And if you don't know about their leanings before they post that shit, you can just de-friend them and delete their rant (see above.)
I don't have much to say on your third point as it would be wholly dependent on actual implementation as to whether this theoretical distributed service provides "weak" or "strong" links (whatever the hell that means.)
Also keep in mind that Facebook and Twitter are completely different services with completely different purposes. They may have been glommed together under the "social media" category but that's like saying cats and dogs are the same thing because they both fall into the "common pet" category. They have similarities to be sure, but they have far more in the way of differences.
You have to concern yourself with privacy issues though. For all that FB sells your life to advertisers (and probably the government,) they're pretty good about not showing your naked keg stand to your boss (though admittedly they DID have to be forced into it to some degree..)
Though when I think about it it might not be all THAT hard. Generate a public/private key pair and send the public half to your friends. Encrypt your profile with the private half and distribute it randomly around to whoever will take it. Pretty simple I guess, though you'd need a way to reject friends (which would probably amount to generating a new keypair and re-encrypting your profile.. and a way to distribute the new key to your now-reduced set of friends and only to them..)
Also need a way for clients to figure out what the most recent version of your profile is since there could be multiple versions flying around the internet at the same time depending on whether each of the random cache copies have realized that its time to purge and/or update their own copy..
If you want to keep secrets, keep them in your head.
Sure.. but what about things that aren't really "secret" and yet you want to restrict? I don't really care if an advertiser sees that I drank way too many Molson's last weekend.. I kind of want my friends to see that crap. My family and boss? Not so much. By your definition I should either never show anyone or just assume I'm showing everyone. That's a bit of a false dichotomy.
Really, most people care about their privacy as it applies to: The government, their employer, their family. Most people really couldn't care less if FB sells their preferences to an advertising firm for the purposes of putting in "better" ads that they're just going to ignore anyway.
I want an unfiltered feed, with a reverse chronological ordering by default with options to sort and filter as I deem fit. Facebook doesn't offer that, but a decent feed reader does.
I take it you don't have a whole lot of FB "friends." There's a lot of people who sit there spamming you with loads of inane bullshit. Yes you can defriend them, but that gets into the point of having such an algorithm in the first place -- not having to do that.
Fine if you want to wade through 150 posts every day that's nothing but links to the same Youtube video being cross-posted by everyone you know, but I'm perfectly happy not having to bother.
I'm assuming you don't run any spam filters on your email either. Those are just algorithms deciding what you want to see as well. Perhaps you really like P3n!s pills?
I don't care about upsetting people.
Good for you. You are not the target audience of social media if you're proud to be an anti-social asshat. Suppose that answers my question above regarding the number of FB friends you likely have.
I can do that without Facebook. I wrap the img tag in a figure tag, and wrap information about the photo in a figcaption tag. That shit can be automated if you aren't a demon-ridden idiot.
Cool. You and most of the other programmers out there, even the ones who aren't proud to be assholes. Sadly, the world also requires janitors and teachers and car mechanics and fast food workers, and most of them won't have the skills needed to manually write pages themselves.
Like "facebook.com"? Sorry; that was a cheap shot.
OK, agreed there. I suppose the OP's remark should have been "more than one meaningless URL."
The great thing about being a misanthropic asshole is that a calendar app on my phone is fine for organizing events.
Yup. When even your dog doesn't want to hang out with you, a personal calendar probably is a decent way to go.
Slashdot Mirror
Yes but you can perform a transformation to translate from one reference frame to another, and while the universe may not give special meaning to any particular reference frame, there's nothing stopping us from doing so. So in theory you can define a "universal" time if you want.
Similar to choosing where to place the origin on a sheet of graph paper. It doesn't really matter where you put it (mathematically at least) but once its there you have a perfectly meaningful "universal" point of reference to use when describing the positions of other objects.
The trouble of course is computing the transformation parameters with enough accuracy to matter, which I'm assuming is implausible on our not-mathematically-perfect planet.
Hopefully prior to that, you would have gotten a weekly (if not daily) warning on your cell phone that your taillight is out. That would remove ignorance of the issue as an excuse, and it would help people like me who legitimately don't notice shit like that 90% of the time. The only time I'd notice a taillight out is if I was reversing in near-darkness for some reason.
I don't know why not.. I mean there should be lots of geologic-timescale events in the past few decades to compare.
And that's ignoring the fact that while the earth has certainly been hotter in the past, the speed of increase over the past 100-150 years is, as far as we know, entirely unprecedented.
So yeah. Should be simple to find examples of similar occurrences.
Tell that to the more than 50,000 veterans who are still suffering from Agent Orange exposure.
Yeah I realized I should have explicitly stated "in this context" after I hit the Submit button. Pretty much a guarantee that somebody on Slashdot will fill in between the lines when there's nothing there to be read. Obviously it matters to those directly affected by it.
My point was that in the greater context, the world has decided that its nasty shit that shouldn't be sprayed anymore and put the issue to rest. Which isn't to say we shouldn't be vigilant for the next horrific action that somebody pulls off, but using events that old for anything other than teaching us to try not to repeat them is just grudge-holding.
Why are all these "pro-Science" people so horrible at basic arithmetic? Agent Orange was used (and manufactured) until at least1971. Is that really "70 years ago" according to your Science?
I'm not sure why you're bothering to equate math and science (though given your capital S I can take a guess..)
But aside from your hyperbole, I admit I was less clear on this one. The 70 years was an (approximate) reference to when AO was created rather than when it was last used. But since I was arguing that Monsanto's people in charge (and probably all of their other employees) have almost assuredly changed since that contract was signed, it seems like the more relevant date.
Everything a company does is "under contract". What do you think that even means?
It means that there's a difference between "here's a giant bunker full of money if you do something evil" and "I'm going do something evil because I feel like it."
And no, not everything a company does is under contract. Most successful companies perform their own R&D to create or improve products and services without waiting around hoping for someone to tell them what they should make next.
Remember this: When the US Government wanted the nastiest, most deadly chemical possible, who did they call? Monsanto exceeded the wildest hopes for deadliness, manufacturing 20,000,000 gallons of the stuff.
I'm sure they called every other company they thought would have the capability of delivering as well. The fact that Monsanto got the contract is a matter of history, not fate. If Monsanto had failed to deliver for whatever reason, we'd just be bitching about the next company on their Rolodex. Unless you can find some evidence that every other company pulled out for ethical reasons or something similar, there's simply no reason to single out Monsanto as anything but the "lucky" winner of the bid.
And do you really think that was the last deadly poison Monsanto made?
No. I'm sure they make thousands of deadly poisons. Most of them are useful for various industrial processes.
I can't begin to guess whether Monsanto knew at the time that their chemical was going to be used for warfare (probably could have at least guessed given the buyer and quantity if they weren't outright told..) I don't know whether Monsanto or anyone in the government expected the human toll of the chemical (it was designed to kill plants after all..) I'm guessing they probably had a pretty good idea of that by 1971 of course, but when they first developed it? Hard to say. Obviously at the very least there was some serious negligence in the safety testing if it wasn't explicitly meant to be toxic to humans, but negligence isn't necessarily evil in itself.
Overall though, my point is that focusing unnecessary rage on one specific company really isn't beneficial to yourself or the world as a whole. There's lots of shitty companies out there, and it was so long ago that Monsanto is effectively a different company today than it was 70 (or even 40) years ago. Should we just trust Monsanto then? Hell no! But neither should we distrust them any more than we distrust any other company of their size. All companies have to potential to be evil when there's enough money involved.
Being a hypocrite doesn't invalidate what he was saying.
A better model would be random partial replication between servers.
Not sufficient. My on-ramp server could potentially edit my post before passing it on for replication. I'm not sure if this is solved by your later comment about putatively authoritative servers or if that one only applies between the replication servers? I don't know enough about the iApple model to judge this one here.
It also requires a level of cooperation that's unlikely between competing players. I have little doubt that had usenet been created today that it would be a boxed-in system with a few large competing players each running their own newsgroups rather than the flood fill model it currently enjoys.
This interferes with the "I want to be able to unsay stupid stuff"/"I want to be able to use the server while high or drunk and fix it later" feature
No it doesn't. If the protocol includes a "delete message X" command and all of the replicating servers are honest, then the problem is solved (and essentially all of the servers would need to be honest -- at least in terms of the public-facing view of my profile -- or they'd face their own pressure to shape up under threat of being dropped from the replication pool by the other servers.)
But it solves the "domain name hostage" problem for profiles.
Again, its likely a "delete entire profile" command would be built into the protocol. Though in this case the pressure against servers would be to NOT to something evil like pass an unrequested delete around for replication, so you are correct that it should mostly solve the problem over the long term.
You're being disingenuous, or intentionally obtuse.
Intentionally obtuse. The only difference between putting my rant on a server I host and a server Facebook hosts is that I don't have to deal with someone else' system and ToS and such. It doesn't make one scrap of practical difference in the world if my url is www.thisiswhereirant.com or www.facebook.com/thisiswhereirant. Well OK, one difference. FB gives me a little bit of exposure that I wouldn't have on my own site (via friend-of-friend linking.)
That more of a consequence of the inability of the journalists to classify it
What? I'm pretty sure someone could have come up with "impermanent social media" if the permanence aspect was something anyone cared about in relation to the term "social media." But they don't.
I'm starting to wonder if you're interpreting "social" as in "socialism" rather than as in "socializing." That would explain a lot. Most people (myself included) think about the latter when they discuss "social media" though.
I think I pretty much want to out Bob as a Nazi everywhere.
Ok so your next post is "Bob's a Nazi jerk so I defriended him and you all should too!" Right after defriending him. Wow. That was hard.
If you want to take on a dedicated mission against Bob well then you're welcome to do that, but that's going well beyond the scope of social media and into the realm of maybe you being a bit crazy as well.
Younger users accept *all* friend requests. If it turns out they don't like what the person is saying or doing, they "unfriend" them later.
And that invalidates my argument exactly how? At the end of the day, the jerk is still not a friend (in either the real life or social media sense of the term.)
I think you haven't been following the whole GamerGate sock puppet situation very closely.
Again, that's relevant exactly how? Just because an ingrained problem happened to be exposed via a particular medium doesn't mean its intrinsically tied to that medium. Sexism was alive and well in gamer culture long before anybody made the first terrible post.
Once you are inside the web of trust, you're inside, and even if someone wants to not hear from you
That's what defriend and ignore are for. Bob might still be in my friend-of-friend "web" and perhaps you'll still see the things I post on their wall (or equivalent) but I don't have to see any of Bob's rants myself. If my (remaining) friends want to continue seeing Bob then that's up to them.
This is, in fact, precisely how the TOR network had been infiltrated by various third parties: peer-of-peer implied trust relationships.
Again, not sure what this has to do with anything. The fact that the TOR design turned out to have flaws doesn't mean they can't be corrected.
It also has little bearing on a decentralized social network unless that network piggybacks on the TOR protocol or intentionally makes the same mistakes TOR did.
Finally keep in mind that while the profile itself would need to rely on a computer-to-computer web of trust, what you as a person actually see would be based on your friends list and associated preferences. Bob's profile may well be stored on your computer as part of the protocol but that doesn't mean it ever has to be visible to you. Once you defriend him it just becomes another anonymous profile that you're only storing for the sake of decentralization.
And when you're getting 10,000 of these "friend" requests daily? Even if you never hear from any specific one again that's a hell of a lot of BS to wade through if you're doing it manually.
You can argue about how transparent the algorithms "should" be or what particular algorithms to use or other technicalities, but its pretty hard to argue that you don't need them at all given that we know spammers and trolls exist and aren't going away any time soon.
Right. And if the second factor is a fingerprint, having my fingerprint only means that you've cloned my fingerprint (or cut off my finger.) It doesn't prove that you are me.
The idea isn't to guarantee perfect security (that's impossible.) The idea is to provide a minimal level of guarantee.
In this case, its very unlikely that you both know my password AND have grabbed my keyfob, unless I've specifically allowed you to do so. You can lose a keyfob sure. But that by itself tells you nothing.. not even what account its for generally and sometimes not even what site/program.
Similarly you can have your password stolen (keylogger or whatever) but without the keyfob, that password is similarly useless.
Hence two factor -- one factor is something you know (the password) and the other factor is something you have (the fob.) Either one could be obtained by an attacker with (relative) ease, but BOTH being obtained at the same time is fairly unlikely.
And shame on you for wanting to known if the food you eat has been licensed from the company that invented Agent Orange and dioxin, right? I mean, stupid people...
Actually, that is pretty stupid. AO was 70 years ago, almost certainly made under the reign of a completely different set of directors and C?Os, and made under contract (as in, has fuck all to do with their regular commercial operations in the first place.)
One mistake (especially one that only turns out to be a mistake in retrospect) does not define a company with the size and history of a Monsanto. Pretending that something they did three quarters of a century ago has any bearing on their modern operations is just silly.
Which isn't to say you shouldn't hate their modern operations if you take a dislike to them.. but we're around 5-6 decades past where its meaningful to bring up AO anymore, if it ever was.
They have a great responsibility to pump up their bottom line. Does that count?
In particular, a negative result doesn't rule out the possibility that the dark photons could exist with other properties that the experiment didn't test.
And you fail your check when I use Correct instead of correct.. or corr3ct.. or whatever. That adds a LOT of complexity to the basic 4^10k. Throw in variable punctuation and spacing and things start looking a little uglier to an attacker.
And yes, 16 completely random characters is probably still harder to crack, but how many people use completely random characters? How many people would be able to remember their passwords even if they did make such a one? And if you're using a password program rather than trying to remember it, you may as well make it 64 completely random characters cause why not.
There's a tradeoff between perfect security and practical security. You can't just assume that because your favorite scheme is 10 or 100 or 10^100 times more secure than the one that's currently in use that anyone's actually going to switch if it means an enormous amount of extra work on the part of the users.
That's where trusted authorities and public key encryption comes into play. The trusted authority essentially acts as the "different means."
Of course its still susceptible to MITM if the attacker can get between you and the point where the data transmission splits off between the CA and the destination site (and of course are already in place at the time you register with the CA and have the private key on the wire.)
Not impossible, but also pretty difficult to achieve since it usually means physical access to something relatively local to the sender. At least until the ISPs themselves become the MITM attacker (which is becoming more and more probable unfortunately in the modern age of Orwellian surveillance attempts.)
Of course yes, the most obvious solution is to just pass the key over a different communications channel. But nothing is ever absolutely secure. If you meet the person face-to-face to exchange the secret, you have no guarantee that he isn't in collusion with or coerced by an attacker, or won't be at some point in the future.
The only way to be 100% sure that a secret is safe is to keep it in your head (don't even write it out or save it to your hard drive!) At least until we figure out mind-reading devices. But most secrets need to be shared with someone to be useful so that's not always a plausible solution.
requires non-secret means for identity
Not exactly true. It can to be a secret that the user themselves don't know. Many (most? all?) keyfobs work that way. The fob itself has a secret that only it and the fob provider know. And in particular, its a secret that you as the fob user doesn't know.
That's a long time in the coming. Screwing around with a keyfob or other physical item is a pain in the ass. Sometimes a worthwhile pain in the ass, but enough of one that "everywhere" is going to be a stretch.
Unless they can make the second factor an intrinsic value (that is, something built into the computer or the OS that could be passed without the user having to physically do much.)
It wouldn't even be all THAT hard to do, but it pretty much means having to set up some sort of certificate system which requires CAs and whatnot and figuring out how to decide they're trusted and the such.
For example when Windows is installed, it generates a certificate and registers the public key with MS. When a website wants authentication it has to go ask MS for the public key. They then send you a token that you encrypt with your private key and send back as the second factor.
Have an easy-to-use system (preferably client-to-client directly to limit MITM attacks) to clone your certificate between your various devices and you have a fairly decent second factor without too much hassle for the user.
The hard part is getting everyone to agree on how to do this. Its not going to work if my Windows machine uses a different authentication system than my iPhone which uses a different system than my Nexus tablet. It would have to be standard across _all_ devices.
CAPTCHA had been cracked?
No.. CAPTCHA is a concept. Several specific CAPTCHA algorithms have been broken over the years, but new ones come to take their place.
Image-based CAPTCHAs (that is, stored images not ones that are generated on-the-fly) are trivially broken by building a database of them and solving them. Of course building such a database without being detected is the tricky part -- you can't just spam Recaptcha's server with 100 million requests and not raise some flags. The best / hardest to detect I've heard about is getting an MITM installed on a legitimate website and then when (real) users solve (real) captchas, you fire the answer back to your database. That's probably what you mean by the "trickle" you mentioned above (or something similar to it.)
Algorithmic image creation (ie: create a random string of letters/digits and then muck it up to make it hard for OCR software to read) is a lot more secure.. but at the same time its also a lot harder for a human user to successfully answer. Some of them get so bad that you can't even tell that they ARE letters never mind which ones.
Recaptcha (being pretty much the biggest third-party captcha provider out there) is interesting in the sense that they mix multiple algorithms. They use stored images.. they use generated images.. their generated images are obscured using multiple algorithms.
Sure adding an additional algorithm is only a linear complexity increase, but if you go from say 1 algo to 3 algos, you've dropped an attacker's chances of success by 66% (unless one of your algos is trivially breakable but we'll assume you know what you're doing when you introduce a new one.) That's not insignificant even if its only linear. And I'm pretty sure Recaptcha is up to a dozen or more different obscuring techniques.
It's only useful for web based logins, yes?
No, its useful any time you need to distinguish a real person from a machine attacker (in principle at least.) There's just very little need to make that distinction in most offline software. And of course you need to have at least the ability to pass images in order for a captcha to work at all, so you couldn't add a captcha to say telnet, which is intrinsically a text-based protocol.
As long as your DB is connected to any network in any fashion, its susceptible to cracking. You can't possibly know what new attack vectors may arise. And even if you somehow manage to guarantee 100% security in your software (which is frankly unlikely to the point of impossible -- software is hard!) you still can't guarantee that some human participant won't either go rogue or screw up, allowing access to the DB that doesn't require _any_ technological cracking.
The only way to completely lock down a computer is to keep it shut off in a vault that literally nobody can open. But of course that also makes it no more useful than a rock.
As for web dev's comprehension of security.. again, software is hard. When they say its "secured" what they mean is "I can't think of a way in." But of course that's a totally irrelevant metric because they aren't the attacker.
And that fact applies to everyone, up to and including the most experienced security researcher in the world, because of the obvious fact that if they could think of a way in, they'd patch it. Its always the ones you don't think of that get you.
No matter how smart you are, there will be a maximum program size you hit before the complexity overwhelms you and you have to internally abstract things, and every abstraction is a potential security hole that you may or may not ever consider. Never mind relying on third party libraries or for that matter the security of the hardware layers.
We've definitely come up with some best practices, and its no secret that there are loads of people who don't know, don't care, or don't have the time to implement the best practices.. but all the best practices in the world don't solve the problem of program complexity exceeding (full) human comprehension.
Welcome to America. Big Brother is watching you. Anything you put on the network is insecure.
So? Unless my family or my boss has become a super cracker when I wasn't looking, that's pretty much irrelevant.
The only organization people really care about privacy from and who simultaneously has the tools to disrupt that privacy is the government. And lo and behold, we're seeing all sorts of stink being raised about PRISM and associated invasions of privacy.
"Insecure" only matters if it fails to be secure against the people you don't want to see it. Yes, for national security and banking information and other such high-profile data that list of people is essentially "everyone," but the bar is a hell of a lot lower when it comes to pictures of drunken frolicking. Unless you're in or planning to run for office but that's not most people.
Most people believe in personal gods who give a shit about their sex lives, too. What "most people" think is irrelevant, and invoking them is fallacious.
Its fallacious for creating laws that (theoretically) affect all people equally. Its perfectly valid for creating a business model where you only care about the largest target audience (which will generally not be "everyone" unless you have one hell of an awesome business.)
That sounds like a business opportunity to me.
Sounds like a business opportunity to many people, and there's all sorts of places that will build you a web site. But guess what? They charge money. And that gets back to most people not caring (or at least not caring enough.)
Which is why Facebook and similar work so well -- they're essentially giving you a framework to publish.. whatever.. on the web without having to build your own website (or pay to have it done.. at least not directly.)
But as soon as that becomes easy to do, all the troll and assholes start coming out of the woodwork. So you need a way to filter them out.. and eventually there's so many of them that doing it manually is impractical.. so then you need algorithms.. and then we're back where we started anyway.
You're acting like a social network is a web site. It's not, it's a fabric. If you want to be able to do this type of editing, fine, put up a web page, but don't try to pretend that you posting something that makes you look like an asshole, and then me commenting on it, calling you out for being an asshole, and then you changing the original posting so that it looks like I'm the asshole for engaging in an ad hominim attack, is somehow OK.
I'm not sure how this relates to anything, or how "put up a webpage" makes any sense at all (every social media site I've heard of uses a webpage of sorts..)
There's nothing about "social media" that says "permanence." Snapchat for example does the exact opposite of permanence and automatically deletes things for you. It still falls under the label "social media" though. Social media is not a history, its a communication tool. Some communication is more permanent than others to be sure, but permanence is not a defining quality.
I can't just erase our shared context from my memory, if I decide Bob is a Nazi after the fact.
No, but you can go ahead and not tell all your friends that Bob's a great guy and cut him out of your life. I'm not sure how any of that has anything to do with any specific communication tool though. The internet does not work like a human brain, for better or worse.
Am I just supposed to "de-friend" everyone?
Or you could just you know, put Bob himself specifically on ignore or whatever equivalent exists. Sure he might still show up in your friends-of-friends lists but he shouldn't be able to shower your wall with hate speech (though again, you should really be questioning your associations if your "real" friends are perfectly OK with Bob's rants.)
By allowing the rewrite of history (discussed earlier), you remove the need for the social lubricants of politeness, civility, and (possibly pretend) rationality, which are required in real-world interactions.
Except this is explicitly a network of "friends." If you don't like someone, don't friend them. That solves the troll problem in all but the worst cases (which would be the equivalent of a real-world stalker.) And even then, the worst they could do would be spam you with friend requests which you could ignore.
Them looking up your (public!) postings does NOT necessarily mean you have to return the favor.
You seem to have this impression that social media is (or should be) some sort of historical record of fact that just isn't an intrinsic part of the medium. In fact its intrinsically not a part of the medium. Social media is about communication, not about history.
Posting a few examples of obvious combinations does not preclude the existence of non-obvious combinations. Especially if you expand your definition of patents to all patents rather than being limited to software patents (which have a very poor history of failing the obviousness claim even if you ignore all of the "X on a computer but otherwise unchanged"-type patents.)
And yes. Including a library in a program should have a predictable result. The part that could potentially be non-obvious is deciding to include that specific library in the first place. This is again a pretty poor example though as the fact that a library already exists means that its meant to be included in programs. Software in general is really not the place to find truly innovative A+B+C ideas, since in most cases if A+B and C exist independently and they're useful together, chances are many places are already using them as independent entities and yes its then obvious to combine them into a single software package. It would have to be tremendously off-the-wall for an A+B+C type idea to actually be new in the software world given a pre-existing A+B and a pre-existing C.
But how about a piece of wire and a small glass vase? Those "obviously" go together, don't they? Well its a little more obvious if you already know what a light bulb is than if you're just looking at a couple of random things on your work bench. But we certainly knew what wire was and we certainly knew how to blow glass before Edison (*cough*) figured out how to put them together in the right manner.
Who would have thought that SMS-length text messages would be useful to anyone outside of ancient cell phones? Well, Twitter did. They're not particularly small or unknown. I have no idea if they actually tried to patent anything.. but its certainly not obvious to limit message sizes so much on a medium where walls of text with embedded movies and whatever else is commonplace.
That's still a huge difference. I can educate myself to see through the manipulation. I have no defense against someone with more guns than me telling me what to do or else. We have a choice and the fact that we let ourselves be manipulated says more about the human condition than it does about democracy.
The North Korean peoples' only choices are a) live with it, b) die to it or c) try to escape from it, which I'm guessing ends up as (b) more often than not. For obvious reasons, we only hear from the ones who didn't die during their escapes and NK certainly isn't about to release information on failed attempts any time soon.
now regret to the point that you're willing to rewrite history
And this is bad how? Its your history. If you post something and a week later you decide it probably shouldn't be public knowledge, who really cares if you take it down? Its not like you (for most values of "you" at least) are the sole historian of an important event or other politically-charged information.
Hell.. its your own page.. does it matter if you just write complete BS in the first place?
I'm also not sure I'd be comfortable with some types of content showing up in "my feed", particularly content that happens to be illegal in my jurisdiction. I certainly don't want ... able to post Nazi propaganda into Germany, ...
So don't be friends with people who would do that. And if you don't know about their leanings before they post that shit, you can just de-friend them and delete their rant (see above.)
I don't have much to say on your third point as it would be wholly dependent on actual implementation as to whether this theoretical distributed service provides "weak" or "strong" links (whatever the hell that means.)
Also keep in mind that Facebook and Twitter are completely different services with completely different purposes. They may have been glommed together under the "social media" category but that's like saying cats and dogs are the same thing because they both fall into the "common pet" category. They have similarities to be sure, but they have far more in the way of differences.
You have to concern yourself with privacy issues though. For all that FB sells your life to advertisers (and probably the government,) they're pretty good about not showing your naked keg stand to your boss (though admittedly they DID have to be forced into it to some degree..)
Though when I think about it it might not be all THAT hard. Generate a public/private key pair and send the public half to your friends. Encrypt your profile with the private half and distribute it randomly around to whoever will take it. Pretty simple I guess, though you'd need a way to reject friends (which would probably amount to generating a new keypair and re-encrypting your profile.. and a way to distribute the new key to your now-reduced set of friends and only to them..)
Also need a way for clients to figure out what the most recent version of your profile is since there could be multiple versions flying around the internet at the same time depending on whether each of the random cache copies have realized that its time to purge and/or update their own copy..
Probably all doable, but its not a simple task.
If you want to keep secrets, keep them in your head.
Sure.. but what about things that aren't really "secret" and yet you want to restrict? I don't really care if an advertiser sees that I drank way too many Molson's last weekend.. I kind of want my friends to see that crap. My family and boss? Not so much. By your definition I should either never show anyone or just assume I'm showing everyone. That's a bit of a false dichotomy.
Really, most people care about their privacy as it applies to: The government, their employer, their family. Most people really couldn't care less if FB sells their preferences to an advertising firm for the purposes of putting in "better" ads that they're just going to ignore anyway.
I want an unfiltered feed, with a reverse chronological ordering by default with options to sort and filter as I deem fit. Facebook doesn't offer that, but a decent feed reader does.
I take it you don't have a whole lot of FB "friends." There's a lot of people who sit there spamming you with loads of inane bullshit. Yes you can defriend them, but that gets into the point of having such an algorithm in the first place -- not having to do that.
Fine if you want to wade through 150 posts every day that's nothing but links to the same Youtube video being cross-posted by everyone you know, but I'm perfectly happy not having to bother.
I'm assuming you don't run any spam filters on your email either. Those are just algorithms deciding what you want to see as well. Perhaps you really like P3n!s pills?
I don't care about upsetting people.
Good for you. You are not the target audience of social media if you're proud to be an anti-social asshat. Suppose that answers my question above regarding the number of FB friends you likely have.
I can do that without Facebook. I wrap the img tag in a figure tag, and wrap information about the photo in a figcaption tag. That shit can be automated if you aren't a demon-ridden idiot.
Cool. You and most of the other programmers out there, even the ones who aren't proud to be assholes. Sadly, the world also requires janitors and teachers and car mechanics and fast food workers, and most of them won't have the skills needed to manually write pages themselves.
Like "facebook.com"? Sorry; that was a cheap shot.
OK, agreed there. I suppose the OP's remark should have been "more than one meaningless URL."
The great thing about being a misanthropic asshole is that a calendar app on my phone is fine for organizing events.
Yup. When even your dog doesn't want to hang out with you, a personal calendar probably is a decent way to go.