Yep, the two or three or four files I change are no longer identical. The other 4,997 files in the project haven't changed, they are identical in both versions (forks). GitHub, presents my version of the *project*. It doesn't only show the differences and force users to download from someone else's fork, then apply my changes. They can just download my version of the project. (GitHub can also show the differences, if that's what someone wants to see.)
That does NOT mean GitHub physically stores all those different copies on disk. It just presents my version of the project, including files that are the same as someone else's version.
> You can clone/download all what you wish and enjoy it on your own machine, but why having publicly accessible codes which have been basically developed by other people
There are a couple major reasons to make your version of the project accessible on the internet. Maybe the most important is so that other people can see your pull requests. As an example, I used to do a lot of work on some software called Moodle, which is used by many schools. Moodle has a mature development process, so any changes to Moodle code are reviewed, commented on, and approved by at least two people other than the author. Typically three to five people comment on a pull request. It would be pretty hard for my peers to make suggestions about my proposed changes, or approve them, if they couldn't see them. Making the changes I propose available allows us all to work together - very much the spirit of open source.
Additionally, "enjoy on your own machine" brings up the question which of my machines? Primary desktop at work, where I type most the code? The development server where I test it? My laptop I use when I work at home? Having the source available on the internet is useful for the same reasons it's useful to be able to access your Gmail from anywhere, not just from one "local computer".
At my current job, our *company* has forks that our *team* works on before submitting a pull request upstream. Which local computer would you save our copy on that our whole team could see it and work with it?
Also, a few dozen schools use changes and additional modules I wrote which never made it into the official distribution. They aren't currently cross-platform enough for the project to include them because the main project runs on Mysql, MariaDB, Ms-SQL, Postgres, Oracle, and some others. It's still useful for my stuff to be accessible for those who want to use it. They'll just have to use either MySQL/Maria or MS SQL, or make their own adjustments to my code if they use Oracle.
To me the main reason is the first reason, though - it allows other people to see and comment on my change, review it, before the change is integrated into the official package everyone uses.
There is certainly an argument to be made that free speech should allow a company to provide access to full Wikipedia, for free. Since the entire text of the whole English Wikipedia is 12GB, and a typical user won't read more than 0.01% of that. Figuring an average article size of 40KB, someone reading 75 Wikipedia articles per month would use only 3MB. Someone might certainly be able to provide a free wireless plan which includes 75 articles of Wikipedia access free each month, or have a wireless plan that costs $1 / month and has access to Wikipedia and similar educational sites. Those 3MB only cost the provider pennies. There is a free speech argument that someone should be allowed to do that, as a public service or otherwise. The organization offering this would probably also provide access to their own web site, of course.
On the other hand, 3MB is TWO SECONDS of video on pornhub. Providing access to watch pornhub costs the provider thousands of times as much as providing access to Wikipedia. If the government says "you may not provide free access to Wikipedia unless you also provide free access to pornhub", the practical effect is that they just made it illegal to provide low-income people with free access to Wikipedia. By artificially making it cost thousands of times as much, they prevent it from happening. (This isn't theory, this actually happened - the free wireless plan offering educational content was actually cancelled due to "net neutrality" requirements.)
There are of course counter-arguments, reasonable arguments to the contrary. I'm not expressing any opinion one way or the other about which arguments are best, but that's the first amendment argument. It's certainly a cogent argument.
I mostly agree with everything you said. One major impediment to Trump's proposal was / is that some leading Republicans like Bob Corker said they will not support any plan that increases the deficit, and I agree with you that he's right to take a stand. Senators Jeff Flake and Todd Young also come to mind for opposing deficits this year. Of course there is also much disagreement about how much the deficit will be affected - lower *percentage* tax rates and simpler tax laws tend to stimulate the economy, increasing revenue to some degree.
Investment tax (capital gains tax) rates are an interesting thing. There are three different factors at play to come up with the ideal rate. Most industrialized countries have looked at these three factors and calculated the ideal rates are far below the current US rates. We have some of the highest business taxes in the world, and we pay a price for it. Let's look at these three factors.
Obviously, higher rates tend to increase short-term revenue. That probably doesn't require any explanation.
The second is that higher rates decrease investment (savings), which has very negative effects on the economy. Consider two people you know makes you these offers: Loan Bob $1000 today and he'll pay you back $2000 next week (unless he breaks his promise). Loan Joe $1000 today and he'll pay you back $1001 next week (unless he breaks his promise).
Bob's offer is more attractive. People will invest more with Bob's offer, which has higher returns. Investment is crucial - it's investment money that is used to build factories, fiber optic lines, and everything else you need for a successful country and a successful economy. Investment is also how the ordinary middle class gets rich slowly, so they can retire with their own money instead of being a burden on all the younger tax payers. High taxes on investment discourage investment, which is very bad for everyone. Discouraging investment is bad for the W-2 employee too - the company you hope will hire you won't be hiring anyone if there isn't investment money available to grow the business. This is a strong case for very low taxes on investment and most successful countries consider this much more strongly than the US does.
Another factor is similar. If you're Joe, offering a very low return on investment due to high taxes, you won't just get a LOW rate of investment because people would rather keep their cash. Joe has been outbid by Bob, so the people who do invest will invest with Bob, not with Joe. Institutional investors and companies especially see the low investment taxes in other countries and send their money over their. So you have American companies investing their money in building new facilities in other countries, rather than having those facilities here. The COMPETITION for investment capital between countries is also a big deal. A LOT of money is invested overseas, high tech facilities built elsewhere, because the lower taxes there make other countries more attractive to investors and companies.
When you do all the modeling you can figure out which tax rate brings in the most revenue. People argue about what the ideal rate is. A third of OECD member countries have figured 0% capital gains is the best rate. Investment is so important, to everyone in the country, that any capital gains tax at all is damaging, in their analysis. Another third of nations have a moderate marginal investment tax rate of 10% - 20%, figuring that a tax at that level brings in enough revenue to offset the economic costs (or just not thinking long term). The US has among the highest marginal rates in the developed world, at 28.6%. Not surprisingly, the US also has a savings rate well below the worldwide average - people don't save up a lot of money when saving means the government takes a huge chunk.of the money. Most countries agree that's damaging because it's too high, and they set their rates lower than the US does.
So that's how the best tax rate on investment is figured - trying to raise revenue
That's what chairman Pai wrote, that the Comcast and torrents issue should have been addressed under anti-trust and consumer protection laws, rather than the failed way they tried to it, which the court threw out due to lack of legislative authority.
His statement that what they did was a mistake is true almost by definition - the court threw it out. The "pages of legal arguments" the the Verge whines about is Pai explaining how the government could have regulated Comcast's behavior in a way that would stand up in court. The FCC isn't Congress, they can't make laws. They have to regulate within the framework of law that Congress passed, using the authority granted by Congress. The approach they tried wasn't legal and that's why the court threw it out.
> For instance, we have the idea that magically if we cut the corps taxes and the rich peoples that it will make life better for everyone
Nothing magical about it if you think about it for a minute. Suppose there are four countries:
Adanac: 12% tax rate, located in North America Ocixem: 30% tax rate, located in North America Asu: 40% tax rate, located in North America Tarcomed: 100% tax rate (you don't keep any money you make, the government takes it all), located in North America
Which country would YOU most likely put YOUR corporate headquarters in? Is there any chance in hell you'd choose Tarcomed, where the government takes ALL the money as taxes, so you can't possibly make any money? Would YOU invest your 401k savings in a company that can only lose your money, it can't possibly make any money, because any and all profits go to taxes? Of course you wouldn't, unless you're brain dead. Nobody would risk their savings investing in a company that can only lose money.
So we KNOW, it is obvious, that very high corporate tax rates mean nobody will invest their savings and you'll have no businesses in your country. They'd have to be insane to risk their savings if the government was going to take most or all of the profits as taxes. The only question is HOW MUCH do people reduce investment at each possible tax rate? We know 100% tax will mean no businesses, and therefore no economy, absolute ruin. That's obvious.
It's also obvious that some companies will choose to pay the 12% net tax in Canada (or 30% in Mexico) rather than pay 39% by having their headquarters in the US. The only questions are HOW MUCH damage are we doing to the economy by having tax rates twice as high as most industrialized nations, and how high can we go before the economy is utterly and completely destroyed.
I forgot the footnote about "owning" the competing company. That company was an S Corp, so technically I owned all the *stock* in the company. It wasn't a sole proprietorship, which is sometimes implied when someone says they own a company. I owned 100% of the stock of the corporation.
Do you have any source for that assertion, that "most" salaried employees have such conditions? My own experience has been that the employment agreement has said I won't work for a COMPETING firm while working for them. The reasoning there was obvious. At my last job, it was very common for salaried employees to have a side gig, often a little company they owned. For example, one programmer ran a lawn-care business.
At my current job, the non-compete clause was problematic because I still owned a company* that was in roughly the same industry, though I wasn't actively involved in day-to-day operations. We negotiated a bit and changed it to say I would continue to own the other company, but not provide them with any information I learned at my new company. We also discussed saying I would sell the other company within 1 year. I don't recall if that ended up in the final contract or not.
HIDING anything significant, including significant outside employment, from your boss and the rest of the company could of course damage trust.
To clarify, I think what most people probably think of for a "dish washing robot" would have the robot clean the dishes that are in the sink. So the human still has to put the dish IN the sink, probably after scraping any big chunks of food into the trash. So that's still the human putting the dish somewhere before the robot does it's job.
I propose that since the human has to put the dish somewhere, they may as well skip the sink and just put the dish into the robot (dishwasher drawer).
In our house, laundry would definitely be near the top of the list.
A dishwashing machine / robot is actually pretty simple. It's just used slightly differently than the habit most people have. Currently, we put our dirty dish in the sink, perhaps after rinsing it first. A day or two later, we wash / scrub the dried-on food, then put it in the "dishwasher" to finish the job. So five steps done by a human:
1 Rinse 2 Put in sink 3 Scrub dried food 4 Put in dishwasher 5 Put in cupboard
That can be easily reduced to one or two steps: 1 Put in drawer, which is dishwasher
Optionally the two or three step version: Rinse (optional) Put in dishwashing drawer Put in cupboard (optional)
The "innovation" is a dishwasher which consists of units of only one rack, and instead of having a door you open and then a rack that pulls out, the two are combined - the dishwasher opens like a drawer. Because it's small, it'll be full (enough) daily and there is no step of handling food that has been drying on the plates for two days. Optionally, every time you close it it could trigger a 5 second blast of water to rinse off the food while it's still fresh.
An appliance might consist of 2-4 such washing drawers in a stack, with a light to indicate which is the current "dirty" drawer for dirty dishes to go in.
It wouldn't handle large mixing bowls unless you had one extra-tall drawer for the big items, but rather each drawer would be sized for the cups, cereal bowls, flatware etc that people use daily.
> So we want to get into the history of Occam's razor rather than it's actual definition as used in modern English?... Rather, Ockam was frequently known to have used Occam's Razor as a debating technique, rejecting complex ideas in favour of simpler ones.
I'm sure you can see that is exactly what I addressed FIRST, saying "if you're really thinking about which is simpler..." I know you can see what I wrote. I'd assume you're not purposely lying to me, and to yourself, about what I wrote, so I suppose you just read WAY to fast and completely missed the first few sentences entirely. On the other hand, if you do want to keep insisting that what we can both see right here in black and white isn't there, well then of course we're done. There's no helping someone who denies what is right in front of him.
AFTER addressing what I suspected you meant (KISS), yes of course I pointed out that what Ockam said is precisely the opposite of what you are claiming his support for. You can't very well say "of course heavy things float up - gravity anyone?" and not expect someone to point out that gravity says heavy things fall down, the opposite of the thesis claiming to be supported by gravity.
Similarly, in looking at the meta-analysis you linked to I'm going to assume again you're actually interested in seeking truth, so you just read your own link that you cited too fast, and missed both the introduction and the author's conclusions. I assume you're not trying to lie to you and me about what your own link said, because we can both read. The analysis looked at studies of intercessory prayer for people in hospitals. The introduction mentions some of the studies they looked at: -- The California Pacific Medical Center in San Francisco conducted a study of the effects of intercessory prayer on patients with advanced AIDS. Patients in that study who received prayer survived in greater numbers, got sick less often and recovered faster than those not receiving prayer. (23). Over time studies have shown intercessory prayer to have positive health effects across a variety of disorders, including cardiovascular disease, acquired immune deficiency syndrome (AIDS), bloodstream infection, leukemia, and in vitro fertilization and egg transfer.(24) --
After analyzing all of the studies, the analysis you linked to concludes that research indicates intercessory prayer for hospitalized patients is [only] moderately effective overall, with some studies showing a clear correlation and some not. That puts it's effectiveness similar to many medications, which are effective for perhaps 10%-60% of patients. That's what the analysis you linked to says. I know you can read it. Whether you choose to pretend you can't and deny all evidence that doesn't fit your first guess is entirely up to you.
So candidate theories would be: 1) The rocks are lined up because someone / something lined them up.
2) There are actually infinite number of those rocks in an infinite number of arrangements, in an infinite number of forests...
You mentioned Occam's Razor above. Sometimes people confuse Occam's and the KISS principle. If you're really thinking about which is simpler, it seems to me that #1 is the much simpler explanation. Infinitely so, in fact. If one misunderstands Occam's Razor to mean the simpler explanation is more likely, theory #1 would be infinitely more likely.
What William of Ockam said was:
Numquam ponenda est pluralitas sine necessitate (Plurality must never be posited without necessity)
So that's an outright rejection of the "infinite universes" idea unless and until there is no possible explanation remaining that doesn't require a plurality of universes.
Unfortunately, neither theory can be tested publicly in a rigorous scientific way. Both are also very much subject to ad hoc additions or changes. The Biblical definition of God is "that which has always been, and always will be". Will that God certainly exists, by definition. It would be pretty silly to argue that "that which has always been" isn't, so we can only end up discussing the details of how we might describe God. Everyone has their own ideas, some more specific than others, some more Biblical than others, but thousands of different descriptions, so we can never publicly prove or disprove much about all of them.
I said "publicly prove", a curious phrase. Aside from the scientific method involving experiments, it's also possible to know your leg hurts based on private experience. You may know without a doubt that your leg hurts, and have no possible way to ever prove it publicly. One might, whenever one feels angry or frustrated, receive silent words of love, guidance, or encouragement and they'd know that happens to them, but never be able to prove it scientifically. Things can be known which cannot be proved. An observer could only look at how the person handles tough situations and see that there is something special going on.
If curious what exactly makes this person so calm, loving, and wise, you could only do two things - ask them, then if they say they do certain things, you could try it out for yourself. In my case, I saw a group of people who obviously had *something* special going on in their lives. I asked them about it and they said some kind of power, or set of principles, which they couldn't explain, was at work when they did certain things, such as praying for guidance to do tell right things. "You can try saying this prayer once a day for 30 days", they said, "it works for us". I couldn't prove anything mathematically, but I *could* try it, so I did. I privately know it works for me. In the same way I know that I'm hungry at the moment I also know that something is helping me today. I don't pretend to understand that something, which I call "God" because I know of no better word for it.
As an example, a week ago I found out that I was going to miss a week of pay this month. That kinda throw a wrench in the budget a little bit. I also have the week off of work. So I wouldn't mind doing a gig this week. It would put my income back where it normally is so I don't have to juggle things.
In my case, I have 20 years of experience in IT security and programming, so ideally I'd do a project that uses that experience, but that's not the point. In fact, a former coworker contacted me a while back about possibly doing a small project for the organization I used to work for, a gig, so I'll give him a call.
As you pointed out, opportunities certainly exist for anyone who wants to be their own boss and who puts forth the effort. I've known multiple people who did well in lawn care, mostly people with criminal records who had difficulty finding traditional jobs right away.
There is also a place for gigs, but you have to be careful using them to replace a traditional job as a long-term thing. Lack of benefits like health insurance and double taxation mean any contractor work has to pay a lot more on paper in order to be worth as much making the same nominal dollar figure. Where they probably fit in better is when someone is in-between jobs for a month, when you want to make a few extra dollars for a special purchase, etc.
The original pitch of Uber was ride-sharing. If you're already commuting to work every day anyway, you may as well split expenses with someone else who is also going downtown. That is, you'd pick up a few extra dollars sharing the commute, basically letting the passenger pay what the gas and tire wear costs. That makes sense. It's not a job, it's a way to make an extra $10-$20 / day on your way to work. You can use it that way. Uber doesn't say it's supposed to be a full-time job, because it's not good as a full-time job.
I've had periods of my life when I was poor (homeless in fact, living behind a Target store) and times when I was pretty well off financially. I've had people mentor me and help me see where I messed up that caused things to go bad and where I've done things that worked out well. There is a very obvious pattern.
90% of the bad results in my life have been due to short-term thinking vs long-term. Doing what I feel like doing right now vs what will bring me rewards later is how I screw up, most of the time. That includes dropping out of school, buying what I wanted instead of paying my taxes (a $73,000 mistake), marrying the woman who was giving me good sex today instead of looking for a relationship that would lead to long-term happiness, etc.
Good results have come from going back to school, planning to work hard for four years so that I could be better off four or ten years later. Dating the responsible, caring woman who said "no sex before marriage", because I wanted long-term happiness more than I wanted sex today, etc. These things have worked well, financially and otherwise.
A tendency to think short-term absolutely will make someone end up broke, whether they started out broke or not. Lottery winners demonstrate this - almost everyone who wins more a million dollars is right back to their old financial condition within five years. It's as if the person and their habits, they way they habitually make decisions, determines their wealth - handing them $10 million doesn't have any permanent effect on their wealth whatsoever. If someone starts out mega-rich, short-term thinking may end up with them $12 million in the hole - not only broke but owing $12 million. That's just another flavor of broke.
> You're pushing a false narrative that poor people are poor because they have bad morals.
"Morals" is a word philosophers have struggled to define for centuries. For sake of discussion today, let's say that "morals" includes biblical teachings such as:
Learn from your elders Don't fuck your neighbor's wife Plan ahead with a budget when you start a project Save up for a rainy day Don't murder Don't commit perjury Don't be jealous Don't worship material things Actually, only fuck your own wife
That's most of the seven deadly sins and the ten commandments, so it's a reasonable list of morals. In fact, each of those things DOES tend to lead to trouble, financial trouble and other trouble. They also tend to have a common theme, "don't do stuff that is fun today, but hurts tomorrow". If you look at the news this week you'll see a lot of people who had great success in life but they are losing it because they didn't follow the last one.
So yes, people who live in the ghetto their whole life and never get out normally ARE stuck in the ghetto mindset of short-term thinking. They play lottery or buy 20" rims today (or worse, rent rims) rather than saving up that money for when something bad happens. People who think long-term, who save up to be able to fix a broken car, who put in the time to work hard in school, tend to move out of the ghetto. I did.
Insurance is something that pays to cover risks, things that probably won't happen to you this year, and the expense would be more than the customer afford to cover out of their own pocket.
For example, home insurance will replace your house if it burns to the ground. You buy insurance because you couldn't afford to buy a new house out of your own pocket. You don't insure against needing to replace a toilet paper holder, or paint the walls, or weed the garden. These are ordinary, expected expenses that you just pay.
Car insurance will replace your car if it gets totaled. The average driver doesn't expect for their car to get totaled, and can't afford to pay for a new one with their own cash. Car insurance does NOT cover gas, oil, tires, spark plugs - ordinary, expected expenses.
Modern US health care plans get involved in every little $30-$60 doctor visit, and all the bureaucracy and red tape doubles the total cost of simple things like a checkup or vaccine. That's NOT insurance. Insurance is for unexpected events that you can't cover from your own bank account. An annual check-up, or flu vaccine, is both expected and affordable; it's not an insurable risk.
We used to be able to buy medical INSURANCE, coverage for *unexpected* events too costly to pay from your own checking account (ie major surgery or catastrophic illness). That was fairly affordable. For the ordinary, expected health care expenses you kept a few dollars in the bank, and later in a specific bank account called a Health Savings Account. Over the years various things have forced more and more crap to be covered by "health care plans" - you can't just buy medical INSURANCE anymore. That's added a lot of paperwork expense to what used to be a $25 visit for a sinus infection. Now you have $25 worth of doctor time and $30 spent on paperwork with the healthcare plan and government, so it costs $55.
Anybody who chooses Solaris over Linux based on memory allocation policy is simply uninformed. If you set vm.overcommit_memory = 2, Linux will behave just like Solaris in this respect, except a tad safer. Linux is a tad smarter about memory allocation, whereas Solaris is very - uhm, "straightforward" (aka dumb).
With Linux you can ALSO choose other options, depending on the workload, and can tune the exact percentages to best fit your workload. Solaris provides no such options. It does exactly what it does and that's it, the admin has no say in the matter. Programs just get fatal errors and crash, with no option to make appropriate use of swap etc.
As you know, CGI programs run on the server. To do something in the *browser*, you had to use Java, or maybe Flash.
> And the Applet never caught on for too long.
Only for five years or so, but long enough to achieve critical mass since it was the only real option. ActiveX (formerly known as COM, formerly known as OLE) was very much not designed for the browser in the first place, and only worked (kinda) in IE, so it wasn't a real option for internet sites. It was used a bit for intranet.
For many years, Java was basically the only way to write software that ran in the browser. It was with either Java or try to get web site visitors to install your custom plugin for your site. That's how Java got critical mass - developers who knew the language, books, libraries in Java, etc.
At that time, Java was only used in the browser because back then it was dog slow, inconsistent, and just generally not a good programming language - but it was the language browsers supported, so it was the language you had to use.
Java has gotten a lot better as a language since then.
The fire code is written by the National Fire Protection Association, a group formed by insurance companies, in order to reduce their losses from fires. Underwriters Laboratories (UL Listed) who check products for fire and electrical safety - same thing. "Underwriters" means insurance companies. Insurance companies are professionals at analyzing and reducing risk and they do a VERY good job of it. They use very advanced methods to determine risk. I'd LOVE to see insurance companies get involved in IT security, the same way they are involved in fire safety. Ever noticed car commercials advertising their high IIHS safety rating? IIHS is Insurance Institute for Highway Safety, insurance companies testing cars to make them safer.
> Insurance can pay out on the promises, and the insurers themselves are borrowing against still future promises to pay, which when they come due can be rolled over or hedged and thus the cycle continues...
That's not how insurance works. The insurance company uses mathematical models to determine that of they insure 10,000 customers with a given risk profile, about 1% of those customers will have a claim. The average claim will be about $3,000, suppose. That's $300,000 the insurance company will have to pay out this year. Divided by the 10,000 customers, that's $30 per customer in claims. Each customer also costs $3 for mailing invoices and such, so the average cost per customer this year is $33. Therefore the premium they charge is $43. $10 gross profit per customer.
Insurance companies aren't betting hoping they don't have claims. They have a million customers, of course they'll have claims. With a million customers, the law of averages kicks in and they can predict rather accurately how much the total claims will be this year. So then they set the premiums (their prices) for the year a bit higher than their costs.
The one big thing that can screw that up is a major flood. A major flood could have a million people making claims all at once. That's why insurance companies don't sell flood insurance. Only the government sells flood insurance. (In the US at least).
That's true . In fact we can SAVE developers tons of time working with them to be more secure. Security isn't just confidentiality. It's making sure the software works correctly - even when someone is trying to make it break. Fixing bugs takes a lot of time. Following security best practices means the software won't mess up even when someone is trying to make it mess up. That implies it won't mess up when people are using it normally - far fewer bugs to investigate and fix.
It's also availability - avoiding DOS by making sure an application won't crash, even under heavy load. Ever had to re-architect something because it couldn't handle the load? Ever had to do that as an emergency because it can't handle the load *right now*? Had the whole network go down because one switch had a power supply failure? Consulting with your security person at the architecture design stage can help ensure the design is able to scale, and doesn't have single points of failure that can bring the whole thing down. Following good security practices means most emergencies are eliminated because it's designed to be robust enough to keep working correctly - even if someone is attacking it, and certainly when nobody is attacking it.
Another thing to think about to understand it is that for thousands of years, people tried to make secure locks; every time locksmiths figured out how to open them - pretty easily. Security is very hard. Offline, it's okay that Pop-A-Lock can open your lock for $20. That's the accepted level of security.
Online, people thousands of miles away can use computers to try to crack the security on tens of thousands of victims, while the attacker is sleeping. They don't need to be skilled attackers, they just get hacking tools (software) from the relatively few people who are skilled. Popular web sites can be attacked a thousand times per day or more. Not even Chuck Norris can fight off a thousand attackers every day and never lose. On the WEB security is very hard. You MUST have layers of security, because somebody will break through the first layer, and the must have well-disciplined operational security.
* Medeco has finally done a reasonably good job of making physical locks that are hard for a locksmith to open. Not impossible, but hard. Breaking a window is still as easy as ever, though.
I think most companies don't know how to produce reasonably secure software cost-effectively. They aren't motivated enough to spend a ton of money on security. So they give up on trying all that hard, to varying degrees.
Some companies try educating programmers a bit about security. That's good, but not sufficient. Programmers are constantly learning new frameworks, new libraries, new languages, new systems they have to integrate with... They aren't going to be security experts too.
In my experience, the main cost-effective way to improve security is to have a security professional consult with developers at three points in the process of a software project. Then integrate part of what's learned into automated parts of the DevOps build and release process. One hour from a security person at each of these three points can really make a difference, not only in the current project, but in future projects. Have the security person join a meeting and be part of the discussion at these three points:
The initial overall design / architecture
This will allow the security professional to point out spots where security issues commonly occur, "be sure to use TLS (ssl) for this connection". It will also catch major architectural decisions that lead to big security problems that are very hard to fix later (such as an ISP planning on managing customer modems over their public IPs).
Finalizing the design details
Similar to the above, but at a finer-grained level
Pre-release testing and approval
Around the time you're starting integration testing, your security person can review the implementation based on notes they took in the two earlier stages. For some of these code-level things they can add to your existing pipeline, so from then on Git will warn you immediately when you try to commit code that follows a dangerous pattern such as use of std::process::Command with variables influenced by user input, or improper reuse of mutable buffers. (Here I use Rust terminology, the same errors can be made in most languages. Few bugs are langauge-specific).
Not only will this catch issues in the current project, but everybody learns from the interaction in order to avoid creating similar problems in the next project. Instead of studying 2,000 pages about security, the developers are being made aware of the specific issues that they tend to create in the specific domain the company is writing software for.
This process allows one security professional to effectively serve many programmers on many projects, much like your database expert might work with developers on many projects. You can get a lot of security improvement for not much money.
* Before somebody says "2,000 pages is ridiculous. Security is easy, all you need is the OWASP Top 10â, I'm a member of OWASP. I know very well the quick "rules of thumb" we publish. I've personally read over 10,000 pages about security and I don't know anywhere NEAR all that there is to know.
Given that anywhere the secret service is, the windows are closed, I think you'll find a metal pan breaks through a window a lot easier than a plastic drone does. It also makes a much bigger explosion, breaking through windows all around.
> . I can control a drone while sitting in a hot tub & sipping beer several miles away
With a 400gram load (a grenade) attached, range is several hundred feet, maybe a thousand feet, depending on the breeze. The range of a pneumatic potato gun is about 1000 yards - a little bit more than the drone.
Slashdot Mirror
> corresponding file stops being identical
Yep, the two or three or four files I change are no longer identical. The other 4,997 files in the project haven't changed, they are identical in both versions (forks). GitHub, presents my version of the *project*. It doesn't only show the differences and force users to download from someone else's fork, then apply my changes. They can just download my version of the project. (GitHub can also show the differences, if that's what someone wants to see.)
That does NOT mean GitHub physically stores all those different copies on disk. It just presents my version of the project, including files that are the same as someone else's version.
> You can clone/download all what you wish and enjoy it on your own machine, but why having publicly accessible codes which have been basically developed by other people
There are a couple major reasons to make your version of the project accessible on the internet. Maybe the most important is so that other people can see your pull requests. As an example, I used to do a lot of work on some software called Moodle, which is used by many schools. Moodle has a mature development process, so any changes to Moodle code are reviewed, commented on, and approved by at least two people other than the author. Typically three to five people comment on a pull request. It would be pretty hard for my peers to make suggestions about my proposed changes, or approve them, if they couldn't see them. Making the changes I propose available allows us all to work together - very much the spirit of open source.
Additionally, "enjoy on your own machine" brings up the question which of my machines? Primary desktop at work, where I type most the code? The development server where I test it? My laptop I use when I work at home? Having the source available on the internet is useful for the same reasons it's useful to be able to access your Gmail from anywhere, not just from one "local computer".
At my current job, our *company* has forks that our *team* works on before submitting a pull request upstream. Which local computer would you save our copy on that our whole team could see it and work with it?
Also, a few dozen schools use changes and additional modules I wrote which never made it into the official distribution. They aren't currently cross-platform enough for the project to include them because the main project runs on Mysql, MariaDB, Ms-SQL, Postgres, Oracle, and some others. It's still useful for my stuff to be accessible for those who want to use it. They'll just have to use either MySQL/Maria or MS SQL, or make their own adjustments to my code if they use Oracle.
To me the main reason is the first reason, though - it allows other people to see and comment on my change, review it, before the change is integrated into the official package everyone uses.
There is certainly an argument to be made that free speech should allow a company to provide access to full Wikipedia, for free. Since the entire text of the whole English Wikipedia is 12GB, and a typical user won't read more than 0.01% of that. Figuring an average article size of 40KB, someone reading 75 Wikipedia articles per month would use only 3MB. Someone might certainly be able to provide a free wireless plan which includes 75 articles of Wikipedia access free each month, or have a wireless plan that costs $1 / month and has access to Wikipedia and similar educational sites. Those 3MB only cost the provider pennies. There is a free speech argument that someone should be allowed to do that, as a public service or otherwise. The organization offering this would probably also provide access to their own web site, of course.
On the other hand, 3MB is TWO SECONDS of video on pornhub. Providing access to watch pornhub costs the provider thousands of times as much as providing access to Wikipedia. If the government says "you may not provide free access to Wikipedia unless you also provide free access to pornhub", the practical effect is that they just made it illegal to provide low-income people with free access to Wikipedia. By artificially making it cost thousands of times as much, they prevent it from happening. (This isn't theory, this actually happened - the free wireless plan offering educational content was actually cancelled due to "net neutrality" requirements.)
There are of course counter-arguments, reasonable arguments to the contrary. I'm not expressing any opinion one way or the other about which arguments are best, but that's the first amendment argument. It's certainly a cogent argument.
I mostly agree with everything you said. One major impediment to Trump's proposal was / is that some leading Republicans like Bob Corker said they will not support any plan that increases the deficit, and I agree with you that he's right to take a stand. Senators Jeff Flake and Todd Young also come to mind for opposing deficits this year. Of course there is also much disagreement about how much the deficit will be affected - lower *percentage* tax rates and simpler tax laws tend to stimulate the economy, increasing revenue to some degree.
Investment tax (capital gains tax) rates are an interesting thing. There are three different factors at play to come up with the ideal rate. Most industrialized countries have looked at these three factors and calculated the ideal rates are far below the current US rates. We have some of the highest business taxes in the world, and we pay a price for it. Let's look at these three factors.
Obviously, higher rates tend to increase short-term revenue. That probably doesn't require any explanation.
The second is that higher rates decrease investment (savings), which has very negative effects on the economy. Consider two people you know makes you these offers:
Loan Bob $1000 today and he'll pay you back $2000 next week (unless he breaks his promise).
Loan Joe $1000 today and he'll pay you back $1001 next week (unless he breaks his promise).
Bob's offer is more attractive. People will invest more with Bob's offer, which has higher returns. Investment is crucial - it's investment money that is used to build factories, fiber optic lines, and everything else you need for a successful country and a successful economy. Investment is also how the ordinary middle class gets rich slowly, so they can retire with their own money instead of being a burden on all the younger tax payers. High taxes on investment discourage investment, which is very bad for everyone. Discouraging investment is bad for the W-2 employee too - the company you hope will hire you won't be hiring anyone if there isn't investment money available to grow the business. This is a strong case for very low taxes on investment and most successful countries consider this much more strongly than the US does.
Another factor is similar. If you're Joe, offering a very low return on investment due to high taxes, you won't just get a LOW rate of investment because people would rather keep their cash. Joe has been outbid by Bob, so the people who do invest will invest with Bob, not with Joe. Institutional investors and companies especially see the low investment taxes in other countries and send their money over their. So you have American companies investing their money in building new facilities in other countries, rather than having those facilities here. The COMPETITION for investment capital between countries is also a big deal. A LOT of money is invested overseas, high tech facilities built elsewhere, because the lower taxes there make other countries more attractive to investors and companies.
When you do all the modeling you can figure out which tax rate brings in the most revenue. People argue about what the ideal rate is. A third of OECD member countries have figured 0% capital gains is the best rate. Investment is so important, to everyone in the country, that any capital gains tax at all is damaging, in their analysis. Another third of nations have a moderate marginal investment tax rate of 10% - 20%, figuring that a tax at that level brings in enough revenue to offset the economic costs (or just not thinking long term). The US has among the highest marginal rates in the developed world, at 28.6%. Not surprisingly, the US also has a savings rate well below the worldwide average - people don't save up a lot of money when saving means the government takes a huge chunk.of the money. Most countries agree that's damaging because it's too high, and they set their rates lower than the US does.
So that's how the best tax rate on investment is figured - trying to raise revenue
That's what chairman Pai wrote, that the Comcast and torrents issue should have been addressed under anti-trust and consumer protection laws, rather than the failed way they tried to it, which the court threw out due to lack of legislative authority.
His statement that what they did was a mistake is true almost by definition - the court threw it out. The "pages of legal arguments" the the Verge whines about is Pai explaining how the government could have regulated Comcast's behavior in a way that would stand up in court. The FCC isn't Congress, they can't make laws. They have to regulate within the framework of law that Congress passed, using the authority granted by Congress. The approach they tried wasn't legal and that's why the court threw it out.
> For instance, we have the idea that magically if we cut the corps taxes and the rich peoples that it will make life better for everyone
Nothing magical about it if you think about it for a minute. Suppose there are four countries:
Adanac: 12% tax rate, located in North America
Ocixem: 30% tax rate, located in North America
Asu: 40% tax rate, located in North America
Tarcomed: 100% tax rate (you don't keep any money you make, the government takes it all), located in North America
Which country would YOU most likely put YOUR corporate headquarters in? Is there any chance in hell you'd choose Tarcomed, where the government takes ALL the money as taxes, so you can't possibly make any money? Would YOU invest your 401k savings in a company that can only lose your money, it can't possibly make any money, because any and all profits go to taxes? Of course you wouldn't, unless you're brain dead. Nobody would risk their savings investing in a company that can only lose money.
So we KNOW, it is obvious, that very high corporate tax rates mean nobody will invest their savings and you'll have no businesses in your country. They'd have to be insane to risk their savings if the government was going to take most or all of the profits as taxes. The only question is HOW MUCH do people reduce investment at each possible tax rate? We know 100% tax will mean no businesses, and therefore no economy, absolute ruin. That's obvious.
It's also obvious that some companies will choose to pay the 12% net tax in Canada (or 30% in Mexico) rather than pay 39% by having their headquarters in the US. The only questions are HOW MUCH damage are we doing to the economy by having tax rates twice as high as most industrialized nations, and how high can we go before the economy is utterly and completely destroyed.
I forgot the footnote about "owning" the competing company. That company was an S Corp, so technically I owned all the *stock* in the company. It wasn't a sole proprietorship, which is sometimes implied when someone says they own a company. I owned 100% of the stock of the corporation.
Do you have any source for that assertion, that "most" salaried employees have such conditions?
My own experience has been that the employment agreement has said I won't work for a COMPETING firm while working for them. The reasoning there was obvious. At my last job, it was very common for salaried employees to have a side gig, often a little company they owned. For example, one programmer ran a lawn-care business.
At my current job, the non-compete clause was problematic because I still owned a company* that was in roughly the same industry, though I wasn't actively involved in day-to-day operations. We negotiated a bit and changed it to say I would continue to own the other company, but not provide them with any information I learned at my new company. We also discussed saying I would sell the other company within 1 year. I don't recall if that ended up in the final contract or not.
HIDING anything significant, including significant outside employment, from your boss and the rest of the company could of course damage trust.
To clarify, I think what most people probably think of for a "dish washing robot" would have the robot clean the dishes that are in the sink. So the human still has to put the dish IN the sink, probably after scraping any big chunks of food into the trash. So that's still the human putting the dish somewhere before the robot does it's job.
I propose that since the human has to put the dish somewhere, they may as well skip the sink and just put the dish into the robot (dishwasher drawer).
In our house, laundry would definitely be near the top of the list.
A dishwashing machine / robot is actually pretty simple. It's just used slightly differently than the habit most people have. Currently, we put our dirty dish in the sink, perhaps after rinsing it first. A day or two later, we wash / scrub the dried-on food, then put it in the "dishwasher" to finish the job. So five steps done by a human:
1 Rinse
2 Put in sink
3 Scrub dried food
4 Put in dishwasher
5 Put in cupboard
That can be easily reduced to one or two steps:
1 Put in drawer, which is dishwasher
Optionally the two or three step version:
Rinse (optional)
Put in dishwashing drawer
Put in cupboard (optional)
The "innovation" is a dishwasher which consists of units of only one rack, and instead of having a door you open and then a rack that pulls out, the two are combined - the dishwasher opens like a drawer. Because it's small, it'll be full (enough) daily and there is no step of handling food that has been drying on the plates for two days. Optionally, every time you close it it could trigger a 5 second blast of water to rinse off the food while it's still fresh.
An appliance might consist of 2-4 such washing drawers in a stack, with a light to indicate which is the current "dirty" drawer for dirty dishes to go in.
It wouldn't handle large mixing bowls unless you had one extra-tall drawer for the big items, but rather each drawer would be sized for the cups, cereal bowls, flatware etc that people use daily.
> So we want to get into the history of Occam's razor rather than it's actual definition as used in modern English? ... Rather, Ockam was frequently known to have used Occam's Razor as a debating technique, rejecting complex ideas in favour of simpler ones.
I'm sure you can see that is exactly what I addressed FIRST, saying "if you're really thinking about which is simpler ..." I know you can see what I wrote. I'd assume you're not purposely lying to me, and to yourself, about what I wrote, so I suppose you just read WAY to fast and completely missed the first few sentences entirely. On the other hand, if you do want to keep insisting that what we can both see right here in black and white isn't there, well then of course we're done. There's no helping someone who denies what is right in front of him.
AFTER addressing what I suspected you meant (KISS), yes of course I pointed out that what Ockam said is precisely the opposite of what you are claiming his support for. You can't very well say "of course heavy things float up - gravity anyone?" and not expect someone to point out that gravity says heavy things fall down, the opposite of the thesis claiming to be supported by gravity.
Similarly, in looking at the meta-analysis you linked to I'm going to assume again you're actually interested in seeking truth, so you just read your own link that you cited too fast, and missed both the introduction and the author's conclusions. I assume you're not trying to lie to you and me about what your own link said, because we can both read. The analysis looked at studies of intercessory prayer for people in hospitals. The introduction mentions some of the studies they looked at:
--
The California Pacific Medical Center in San Francisco conducted a study of the effects of intercessory prayer
on patients with advanced AIDS. Patients in
that study who received prayer survived in
greater numbers, got sick less often and
recovered faster than those not receiving
prayer. (23).
Over time studies have shown intercessory prayer to have positive health effects across a variety of disorders,
including cardiovascular disease, acquired
immune deficiency syndrome (AIDS), bloodstream infection, leukemia, and in vitro fertilization and egg transfer.(24)
--
After analyzing all of the studies, the analysis you linked to concludes that research indicates intercessory prayer for hospitalized patients is [only] moderately effective overall, with some studies showing a clear correlation and some not. That puts it's effectiveness similar to many medications, which are effective for perhaps 10%-60% of patients. That's what the analysis you linked to says. I know you can read it. Whether you choose to pretend you can't and deny all evidence that doesn't fit your first guess is entirely up to you.
So candidate theories would be:
1) The rocks are lined up because someone / something lined them up.
2) There are actually infinite number of those rocks in an infinite number of arrangements, in an infinite number of forests ...
You mentioned Occam's Razor above. Sometimes people confuse Occam's and the KISS principle. If you're really thinking about which is simpler, it seems to me that #1 is the much simpler explanation. Infinitely so, in fact. If one misunderstands Occam's Razor to mean the simpler explanation is more likely, theory #1 would be infinitely more likely.
What William of Ockam said was:
Numquam ponenda est pluralitas sine necessitate (Plurality must never be posited without necessity)
So that's an outright rejection of the "infinite universes" idea unless and until there is no possible explanation remaining that doesn't require a plurality of universes.
Unfortunately, neither theory can be tested publicly in a rigorous scientific way. Both are also very much subject to ad hoc additions or changes. The Biblical definition of God is "that which has always been, and always will be". Will that God certainly exists, by definition. It would be pretty silly to argue that "that which has always been" isn't, so we can only end up discussing the details of how we might describe God. Everyone has their own ideas, some more specific than others, some more Biblical than others, but thousands of different descriptions, so we can never publicly prove or disprove much about all of them.
I said "publicly prove", a curious phrase. Aside from the scientific method involving experiments, it's also possible to know your leg hurts based on private experience. You may know without a doubt that your leg hurts, and have no possible way to ever prove it publicly. One might, whenever one feels angry or frustrated, receive silent words of love, guidance, or encouragement and they'd know that happens to them, but never be able to prove it scientifically. Things can be known which cannot be proved. An observer could only look at how the person handles tough situations and see that there is something special going on.
If curious what exactly makes this person so calm, loving, and wise, you could only do two things - ask them, then if they say they do certain things, you could try it out for yourself. In my case, I saw a group of people who obviously had *something* special going on in their lives. I asked them about it and they said some kind of power, or set of principles, which they couldn't explain, was at work when they did certain things, such as praying for guidance to do tell right things. "You can try saying this prayer once a day for 30 days", they said, "it works for us". I couldn't prove anything mathematically, but I *could* try it, so I did. I privately know it works for me. In the same way I know that I'm hungry at the moment I also know that something is helping me today. I don't pretend to understand that something, which I call "God" because I know of no better word for it.
As an example, a week ago I found out that I was going to miss a week of pay this month. That kinda throw a wrench in the budget a little bit. I also have the week off of work. So I wouldn't mind doing a gig this week. It would put my income back where it normally is so I don't have to juggle things.
In my case, I have 20 years of experience in IT security and programming, so ideally I'd do a project that uses that experience, but that's not the point. In fact, a former coworker contacted me a while back about possibly doing a small project for the organization I used to work for, a gig, so I'll give him a call.
As you pointed out, opportunities certainly exist for anyone who wants to be their own boss and who puts forth the effort. I've known multiple people who did well in lawn care, mostly people with criminal records who had difficulty finding traditional jobs right away.
There is also a place for gigs, but you have to be careful using them to replace a traditional job as a long-term thing. Lack of benefits like health insurance and double taxation mean any contractor work has to pay a lot more on paper in order to be worth as much making the same nominal dollar figure. Where they probably fit in better is when someone is in-between jobs for a month, when you want to make a few extra dollars for a special purchase, etc.
The original pitch of Uber was ride-sharing. If you're already commuting to work every day anyway, you may as well split expenses with someone else who is also going downtown. That is, you'd pick up a few extra dollars sharing the commute, basically letting the passenger pay what the gas and tire wear costs. That makes sense. It's not a job, it's a way to make an extra $10-$20 / day on your way to work. You can use it that way. Uber doesn't say it's supposed to be a full-time job, because it's not good as a full-time job.
I've had periods of my life when I was poor (homeless in fact, living behind a Target store) and times when I was pretty well off financially. I've had people mentor me and help me see where I messed up that caused things to go bad and where I've done things that worked out well. There is a very obvious pattern.
90% of the bad results in my life have been due to short-term thinking vs long-term. Doing what I feel like doing right now vs what will bring me rewards later is how I screw up, most of the time. That includes dropping out of school, buying what I wanted instead of paying my taxes (a $73,000 mistake), marrying the woman who was giving me good sex today instead of looking for a relationship that would lead to long-term happiness, etc.
Good results have come from going back to school, planning to work hard for four years so that I could be better off four or ten years later. Dating the responsible, caring woman who said "no sex before marriage", because I wanted long-term happiness more than I wanted sex today, etc. These things have worked well, financially and otherwise.
A tendency to think short-term absolutely will make someone end up broke, whether they started out broke or not. Lottery winners demonstrate this - almost everyone who wins more a million dollars is right back to their old financial condition within five years. It's as if the person and their habits, they way they habitually make decisions, determines their wealth - handing them $10 million doesn't have any permanent effect on their wealth whatsoever. If someone starts out mega-rich, short-term thinking may end up with them $12 million in the hole - not only broke but owing $12 million. That's just another flavor of broke.
> You're pushing a false narrative that poor people are poor because they have bad morals.
"Morals" is a word philosophers have struggled to define for centuries. For sake of discussion today, let's say that "morals" includes biblical teachings such as:
Learn from your elders
Don't fuck your neighbor's wife
Plan ahead with a budget when you start a project
Save up for a rainy day
Don't murder
Don't commit perjury
Don't be jealous
Don't worship material things
Actually, only fuck your own wife
That's most of the seven deadly sins and the ten commandments, so it's a reasonable list of morals. In fact, each of those things DOES tend to lead to trouble, financial trouble and other trouble. They also tend to have a common theme, "don't do stuff that is fun today, but hurts tomorrow". If you look at the news this week you'll see a lot of people who had great success in life but they are losing it because they didn't follow the last one.
So yes, people who live in the ghetto their whole life and never get out normally ARE stuck in the ghetto mindset of short-term thinking. They play lottery or buy 20" rims today (or worse, rent rims) rather than saving up that money for when something bad happens. People who think long-term, who save up to be able to fix a broken car, who put in the time to work hard in school, tend to move out of the ghetto. I did.
Insurance is something that pays to cover risks, things that probably won't happen to you this year, and the expense would be more than the customer afford to cover out of their own pocket.
For example, home insurance will replace your house if it burns to the ground. You buy insurance because you couldn't afford to buy a new house out of your own pocket. You don't insure against needing to replace a toilet paper holder, or paint the walls, or weed the garden. These are ordinary, expected expenses that you just pay.
Car insurance will replace your car if it gets totaled. The average driver doesn't expect for their car to get totaled, and can't afford to pay for a new one with their own cash. Car insurance does NOT cover gas, oil, tires, spark plugs - ordinary, expected expenses.
Modern US health care plans get involved in every little $30-$60 doctor visit, and all the bureaucracy and red tape doubles the total cost of simple things like a checkup or vaccine. That's NOT insurance. Insurance is for unexpected events that you can't cover from your own bank account. An annual check-up, or flu vaccine, is both expected and affordable; it's not an insurable risk.
We used to be able to buy medical INSURANCE, coverage for *unexpected* events too costly to pay from your own checking account (ie major surgery or catastrophic illness). That was fairly affordable. For the ordinary, expected health care expenses you kept a few dollars in the bank, and later in a specific bank account called a Health Savings Account. Over the years various things have forced more and more crap to be covered by "health care plans" - you can't just buy medical INSURANCE anymore. That's added a lot of paperwork expense to what used to be a $25 visit for a sinus infection. Now you have $25 worth of doctor time and $30 spent on paperwork with the healthcare plan and government, so it costs $55.
We made the OOM killer smarter a few years ago.
Anybody who chooses Solaris over Linux based on memory allocation policy is simply uninformed. If you set vm.overcommit_memory = 2, Linux will behave just like Solaris in this respect, except a tad safer. Linux is a tad smarter about memory allocation, whereas Solaris is very - uhm, "straightforward" (aka dumb).
With Linux you can ALSO choose other options, depending on the workload, and can tune the exact percentages to best fit your workload. Solaris provides no such options. It does exactly what it does and that's it, the admin has no say in the matter. Programs just get fatal errors and crash, with no option to make appropriate use of swap etc.
As you know, CGI programs run on the server. To do something in the *browser*, you had to use Java, or maybe Flash.
> And the Applet never caught on for too long.
Only for five years or so, but long enough to achieve critical mass since it was the only real option. ActiveX (formerly known as COM, formerly known as OLE) was very much not designed for the browser in the first place, and only worked (kinda) in IE, so it wasn't a real option for internet sites. It was used a bit for intranet.
For many years, Java was basically the only way to write software that ran in the browser. It was with either Java or try to get web site visitors to install your custom plugin for your site. That's how Java got critical mass - developers who knew the language, books, libraries in Java, etc.
At that time, Java was only used in the browser because back then it was dog slow, inconsistent, and just generally not a good programming language - but it was the language browsers supported, so it was the language you had to use.
Java has gotten a lot better as a language since then.
The fire code is written by the National Fire Protection Association, a group formed by insurance companies, in order to reduce their losses from fires. Underwriters Laboratories (UL Listed) who check products for fire and electrical safety - same thing. "Underwriters" means insurance companies. Insurance companies are professionals at analyzing and reducing risk and they do a VERY good job of it. They use very advanced methods to determine risk. I'd LOVE to see insurance companies get involved in IT security, the same way they are involved in fire safety. Ever noticed car commercials advertising their high IIHS safety rating? IIHS is Insurance Institute for Highway Safety, insurance companies testing cars to make them safer.
> Insurance can pay out on the promises, and the insurers themselves are borrowing against still future promises to pay, which when they come due can be rolled over or hedged and thus the cycle continues ...
That's not how insurance works. The insurance company uses mathematical models to determine that of they insure 10,000 customers with a given risk profile, about 1% of those customers will have a claim. The average claim will be about $3,000, suppose. That's $300,000 the insurance company will have to pay out this year. Divided by the 10,000 customers, that's $30 per customer in claims. Each customer also costs $3 for mailing invoices and such, so the average cost per customer this year is $33. Therefore the premium they charge is $43. $10 gross profit per customer.
Insurance companies aren't betting hoping they don't have claims. They have a million customers, of course they'll have claims. With a million customers, the law of averages kicks in and they can predict rather accurately how much the total claims will be this year. So then they set the premiums (their prices) for the year a bit higher than their costs.
The one big thing that can screw that up is a major flood. A major flood could have a million people making claims all at once. That's why insurance companies don't sell flood insurance. Only the government sells flood insurance. (In the US at least).
That's true . In fact we can SAVE developers tons of time working with them to be more secure. Security isn't just confidentiality. It's making sure the software works correctly - even when someone is trying to make it break. Fixing bugs takes a lot of time. Following security best practices means the software won't mess up even when someone is trying to make it mess up. That implies it won't mess up when people are using it normally - far fewer bugs to investigate and fix.
It's also availability - avoiding DOS by making sure an application won't crash, even under heavy load. Ever had to re-architect something because it couldn't handle the load? Ever had to do that as an emergency because it can't handle the load *right now*? Had the whole network go down because one switch had a power supply failure? Consulting with your security person at the architecture design stage can help ensure the design is able to scale, and doesn't have single points of failure that can bring the whole thing down. Following good security practices means most emergencies are eliminated because it's designed to be robust enough to keep working correctly - even if someone is attacking it, and certainly when nobody is attacking it.
Another thing to think about to understand it is that for thousands of years, people tried to make secure locks; every time locksmiths figured out how to open them - pretty easily. Security is very hard. Offline, it's okay that Pop-A-Lock can open your lock for $20. That's the accepted level of security.
Online, people thousands of miles away can use computers to try to crack the security on tens of thousands of victims, while the attacker is sleeping. They don't need to be skilled attackers, they just get hacking tools (software) from the relatively few people who are skilled. Popular web sites can be attacked a thousand times per day or more. Not even Chuck Norris can fight off a thousand attackers every day and never lose. On the WEB security is very hard. You MUST have layers of security, because somebody will break through the first layer, and the must have well-disciplined operational security.
* Medeco has finally done a reasonably good job of making physical locks that are hard for a locksmith to open. Not impossible, but hard. Breaking a window is still as easy as ever, though.
I think most companies don't know how to produce reasonably secure software cost-effectively. They aren't motivated enough to spend a ton of money on security. So they give up on trying all that hard, to varying degrees.
Some companies try educating programmers a bit about security. That's good, but not sufficient. Programmers are constantly learning new frameworks, new libraries, new languages, new systems they have to integrate with ... They aren't going to be security experts too.
In my experience, the main cost-effective way to improve security is to have a security professional consult with developers at three points in the process of a software project. Then integrate part of what's learned into automated parts of the DevOps build and release process. One hour from a security person at each of these three points can really make a difference, not only in the current project, but in future projects. Have the security person join a meeting and be part of the discussion at these three points:
The initial overall design / architecture
This will allow the security professional to point out spots where security issues commonly occur, "be sure to use TLS (ssl) for this connection". It will also catch major architectural decisions that lead to big security problems that are very hard to fix later (such as an ISP planning on managing customer modems over their public IPs).
Finalizing the design details
Similar to the above, but at a finer-grained level
Pre-release testing and approval
Around the time you're starting integration testing, your security person can review the implementation based on notes they took in the two earlier stages. For some of these code-level things they can add to your existing pipeline, so from then on Git will warn you immediately when you try to commit code that follows a dangerous pattern such as use of std::process::Command with variables influenced by user input, or improper reuse of mutable buffers. (Here I use Rust terminology, the same errors can be made in most languages. Few bugs are langauge-specific).
Not only will this catch issues in the current project, but everybody learns from the interaction in order to avoid creating similar problems in the next project. Instead of studying 2,000 pages about security, the developers are being made aware of the specific issues that they tend to create in the specific domain the company is writing software for.
This process allows one security professional to effectively serve many programmers on many projects, much like your database expert might work with developers on many projects. You can get a lot of security improvement for not much money.
* Before somebody says "2,000 pages is ridiculous. Security is easy, all you need is the OWASP Top 10â, I'm a member of OWASP. I know very well the quick "rules of thumb" we publish. I've personally read over 10,000 pages about security and I don't know anywhere NEAR all that there is to know.
Given that anywhere the secret service is, the windows are closed, I think you'll find a metal pan breaks through a window a lot easier than a plastic drone does. It also makes a much bigger explosion, breaking through windows all around.
> . I can control a drone while sitting in a hot tub & sipping beer several miles away
With a 400gram load (a grenade) attached, range is several hundred feet, maybe a thousand feet, depending on the breeze. The range of a pneumatic potato gun is about 1000 yards - a little bit more than the drone.