(c)âFor the purposes of this section, âoeconfidential communicationâ means any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto, but excludes... any other circumstance in which the parties to the communication may reasonably expect that the communication may be overheard or recorded.
Care to explain to me how a hair appointment is confidential? How the circumstances indicate the salon wants to keep it a secret, and they would be confident that it couldn't be overheard?
The main robocall legislation is the Telephone Consumer Protection Act, signed by President Bush in 1991. It generally applies to people trying to sell something. Here are the relevant FCC regulations:
The FTC also has some regulations based on TCPA, but again that's for solicitors.
Besides calls from solicitors, TCPA also restricts automated calls to hospitals, emergency rooms, and doctors' offices. So it may technically be illegal to use Google Assistant to schedule an appointment with a doctor. I don't think it violates the spirit of the law, though, as the law was intended to protect people from receiving unwanted, nuisance bulk calls. So long as Google Assistant does a reasonably good job, it's not a nuisance call.
"You shouldn't record confidential conversations" doesn't seem that weird, does it? Or "don't record people's secrets".
How about "Don't invade people's privacy. Someone preaching on a street corner isn't talking in privacy".
Yeah any time law considers intent it can bring up questions, on the other hand my 3yo can distinguish between someone telling her a secret and someone making an announcement.
Btw still I understand why some might find it a bit spooky. The submission asked if it was illegal, not if it was spooky.
It would be illegal only if the other party was trying to have a confidential discussion and thought there was little or no chance that it might be overheard.
California law (penal code 632) requires consent to record a "confidential communication". It then defines what a confidential communication is and is not.
First, in order to be a "confidential communication", the circumstances must indicate that a party desires it to be confidential between only the people involved in the conversation. In a restaurant or salon, there would have been other people around. If the employee didn't whisper or take the phone into another room, nor talk about personal private matters, they probably didn't intend it to be confidential. Indeed whatever they said to some random person calling, someone they've never met, probably isn't intended to be private.
Secondly, California laws says it's not protected when the parties "may reasonably expect that the communication may be overheard or recorded". (Note the word "may", may be overheard, not "will be overheard". Google assistant says "I'm booking an appointment for a client". It would be reasonable to expect that the client may be overhearing the conversation. People routinely use speakerphone while booking restaurant reservations or hair appointments, so again the restaurant or salon "may reasonably expect that the communication MAY be overheard".
If there was no reasonable expectation of privacy, if it wasn't a confidential communication, recording it doesn't violate the law.
That's an interesting idea. Looking at stalking statutes, this wouldn't be covered. As example statute:
Sec. 42.072. STALKING. (a) A person commits an offense if the person, on more than one occasion and pursuant to the same scheme or course of conduct that is directed specifically at another person, knowingly engages in conduct that [long list of harassment etc]
Stalking is a repeated pattern of behavior fixated on a specific individual. This is the opposite - trying to see as many cars as possible, with the ideal goal of seeing every car in the state.
More accurate would be be "if an ideal (perfect) quantum computer existed, with enough cubits, it could break some types of encryption in a reasonable time".
Ideal quantum computers don't exist, and never will. An open question how near actual, physical quantum computers will get to this theoretical perfect machine. It's kinda like doing physics approximations and starting with "ignoring air resistance and friction...". Well yes, if there were no friction we could build machines that do a lot of things which can't actually be done, because in the real world there is friction.
In a universe that only exists in textbooks, a universe of ideal machines, ideal quantum computers could factor numbers in polynomial time. Not instantly, but it wouldn't take a billion years like it would with classical computers.
Some of the cryptographic algorithms we use today get their strength from the difficulty of factoring certain types of large numbers. Those algorithms would need to be replaced if quantum computers developed sufficiently.
Already, we deprecate cryptographic algorithms every couple of years. Part of my job is checking https, ipsec, and other systems to see that they are configured to use strong algorithms. I have to update our list of currently accepted algorithms a couple times per year. The designers of these protocols were smart in that the designed the protocols to support any algorithm you want. For example, TLS defines that "key exchange" messages should be exchanged, but doesn't define what type of key exchange. It could be RSA key exchange, it could be Diffie-Hellman, it could be elliptic curve Diffie-Hellman, or supersingular elliptic curve Diffie-Hellman. TLS (aka SSL) doesn't know or care. Classical Diffie-Hellman can be replaced with supersingular DH without changing anything about TLS.
> Travelling at c, the Lorenz factor for the light itself is infinite
No, it's not travelling at C, "for it". Also did you mean Lorentz factor? More importantly, did you forget the "relative" in "relativity"?
If you look at it from the light's reference frame, it didn't move, and there's nothing to talk about. It's moving at C only from *our* reference frame. Therefore the only reference frame that's useful to discuss, the reference from from which something happened, is ours. The frame in which it took 12 billion years for the light to reach us.
This article is not about the emulator. That's been around for a while.
This is about reproducing the physical hardware - the switches and lights and all that. You say "that's not rebuilding. That's putting a fancy front on" - you realize one has to design and build the "fancy front" before putting it on, right?
Ideally you wouldn't have encrypted password data on any system outside your own control.
Also, ideally you shouldn't care. Ideally, you encrypt the data sufficiently that you don't care who gets the encrypted file. But encryption algorithms routinely get broken, so it's good to have layers of security - nobody can get the encrypted file, AND even if they did, they can't decrypt it.
The password manager companies are pretty much all very small companies. They often buy shared hosting from Hostgator or whoever. *IF* you're going to have your encrypted password file on someone else's server, it's best to choose a company who has a qualified network security team, qualified application security team, a qualified system security team, routine security audits, etc. IF you're going to use someone else's server, most of the big companies in cloud storage have far, far better security than the little companies. A company who is certified to provide cloud storage to DoD is going to have significantly more mature security than that guy who made an app he calls SecretPassVault or whatever.
My two year old took about ten minutes to learn the iPad, or at least it seemed like about 10 minutes. Kids learn fast, so they'll be able to click shortcut icons in any distribution no problem. The only question is how many weeks it will take before they've subverted your parental protections and have full access to the Internet.
Since the district isn't going to matter to the kids, I'd probably pick whatever the parent is most comfortable setting up an maintaining. Something with good automatic security updates that has long term support.
Since it will probably only take them a few minutes, and at most hours, to learn how to click the icons, after that there is an opportunity for them to learn a little bit about how the computer works. Some distributions make that more visible and discoverable than others.
Or it might just be that the rate of IE use fell, and completely separately, murder rate also fell at the time, with no relationship between the two. They are correlated (more murders happened when people used IE), but that doesn't prove that IE causes murder.
Frequently, two correlated facts are caused directly or indirectly, by some third fact that causes both. As a dumb example, driving to work is correlated with drinking coffee - when people drink coffee, they often drive to work. Coffee doesn't cause the commute, both are caused by morning.
Another thing I've run into has been wanting to use a chunk of code for work and it's pretty apparent that the author intended it to be free for anyone to use. For compliance with whatever, management has to have records showing what license we have for all of our code, with some documentation that we are complying with licenses. A company lawyer checks licenses to make sure we know what can mix with what. We wouldn't want to accidentally mix GPLv2 or GPLv3 code in with our "secret sauce" proprietary code. They get real nervous about "Damn Oregonian said it's cool". Their form has a checkbox for Creative Commons.
Actually you *can* guarantee it. Most people don't completely guarantee it, because low-risk has much higher returns than no-risk. One incredibly simple way to guarantee the outcome is to be long and short on the same stock, at the same price. Obviously you can get far more complex, such as being short and long at different prices, and thereby guarantee whatever you want to guarantee, such as "a gain between 3% and 4%, no higher and no lower".
> Real investors can only hope for actual return
That would be real speculators, aka gamblers. Real investors do things like buy a mutual fund that has 100 well-established companies like Proctor & Gamble, McDonald's, Walmart, CVS, etc. These are companies with a long track record of stable performance, and you're not assuming anything about the performance of any of them. You're assuming only that some will do well, some will do badly, and over the long term the general trend will be that many of them continue to more or less do what they've always done. That is to say, you're figuring that EITHER McDonald's will continue selling burgers, OR Walmart will keep selling socks and soups as always. It's rather unlikely indeed that all of those companies would all suddenly crash together. If they do, that's probably because of global nuclear war, and you have bigger problems than your investment.
> When you buy a stock the company doesn't get any benefit. You are buying someone else's stake. Not supporting that company.
Close, but not exactly. Early in the life of the company, at the IPO, you are of course definitely buying it straight from the company. After that, you might buy it from the company, or might buy it from someone else. Either way supports the company. It's not obvious how buying it from someone else supports the company, so that bears explanation.
The company, and only the company, can create new stock. In fact the company created the stock out of thin air. So if the stock is worth $500 / share, the company can issue 1,000 more shares and get $500,000 for them. The company created it for nothing, and sells it for half a million. Clearly that puts cash into the company. Often the company creates extra shares ahead of time just for this purpose, putting them in their back pocket to sell later. They can also create shares later, called an at-the-market. Obviously, the higher the stock price, the more the company makes selling stock. Your purchase (technically your "bid") pushes the price slightly higher. That may be stock they held back in reserve, or at-the-market.
> Unfortunately the way that investments and capitalism work there is no way to actually guarantee that you will get money back on your investment.
Actually you *can* guarantee it. Most people don't completely guarantee it, because low-risk has much higher returns than no-risk.
> Essentially it is not saving but instead hedging a bet that you can pick the right technology that will benefit society at large and thus create a return on your initial investment.
You used the phrase "hedging a bet" as if it meant "placing a bet". "Hedging a bet" basically means guaranteeing a bet. Suppose the Broncos and the Panthers are playing in the Superbowl. Placing a bet would be putting $100 on the Broncos. Hedging that bet would be ALSO putting $100 on the Panthers. You would be guaranteeing your outcome. You're guaranteed to not lose (or make) any money, assuming even odds on both bets, and the same line. Hedges can get much, much more complex, in order to guarantee whatever you want to guarantee, or select any level of risk you wish.
Here's the thing - individually hand-crafted items are really expensive. You couldn't afford to buy even a fraction of the stuff you buy, if everything was still made the way it was made in the 18th century. Especially if it were carried on tiny little boats rather than huge container ships. Most of what you have, you can have only because of tools, factories, machines - stuff that increases productivity, expensive stuff. Multi-million dollar items like ships and factories are needed in order to produce your TV, your clothes, and everything you that a serf in 1818 didn't have. Foundries, fiber optic networks, etc are all the goose the lays the golden egg for society, the reason you don't pick cotton for $3 / day.
Shifting gears a little, when were young you may or may not have been taught that saving up is a really good idea, because shit happens. If you have a car, you'll have car problems. You can either scramble to come up with the money to fix it AFTER it breaks, maybe via a pawn shop, or you can put a $10 aside each paycheck BEFORE the car breaks and not get fucked over by a pawn shop. "I can't afford to save $10 of my paycheck", some say. But you CAN afford to pay a lot more than that to a pawn shop? Maybe when your car breaks down you'll use a pay day lender, because you can afford to pay back twice as much? If you're broke, you REALLY can't afford to not aside a few bucks for when shit happens.
You know what other kind of shit happens? If you keep living, you will get old. Really old. Putting a few dollars aside from each check so you have it when you're old is a really friggin good idea too.
So we have a need for really expensive things which produce other good stuff, expensive things like factories, power plants, steel mills, trains, ships etc. Those things are called "capital goods". In order for you to get cool shit, we need a bunch of money to buy capital goods (things like motorcycle factories). Also we have a bunch of people saving up money for when shit happens, and saving up more money for when they get old. Pretty much everyone who both a) isn't stupid and b) was raised by someone who had a clue, is saving some money aside. So there is a shitload of money sitting around being saved up.
Here's a great idea. Instead of having that saved money sitting around getting moldy until you retire in 30 years, why don't we use that saved money to build useful stuff like factories, trains, foundries, power plants, and other things that produce good stuff for everyone? That way everyone can get more good stuff, cheaper. Seem like *maybe* a good idea?
There are two alternatives to buying capital goods with savings. You can have a society without any capital goods, a primitive, tribal society. Or you can have a society in which very few very, very wealthy people can afford to personally buy ships, build factories, etc.
So I assume we don't want only Donald Trump getting any benefit from machinery and stuff, while the rest of us live as serfs, picking cotton buy hand. Okay, cool - give me the money you've saved so I can go build a factory. What? You don't want to hand over your money? But if you do, everybody, society as a whole, will be a lot better off. We can buy a $2 million combine harvester instead of all of us picking peanuts one-by-hand, by hand. Yeah, most people don't want to hand over their savings for the betterment of society.
Okay how about this. If you let us use the $500 you have saved, if you want it back a year from now we'll give you back $550. If you don't end up needing it until you retire, we'll pay you back $3,300. Sound better? You put in $500 now toward buying capital goods, you get $3,300 back later. That's a lot better deal for you, a deal that most people will take, if they've been saving at all.
That's investment, that's capitalism. Saving up for a rainy day like your grandma told you too, then pooling those savings to get useful stuff that makes life better for everyone. That's why we're not subsistence farmers in the US, because we invested and bought machines and other capital goods.
I used to install Fedora for other people. The thing is, Fedora has an 18 month life. If you REALLY need some bleeding-edge feature that CentOS / Redhat doesn't have, the trade-off might be worth it. For 98% of use cases, CentOS will do what they want to do, more reliably, and with years of updates and support.
> done my best to say I retain no copyright over this code, and it can be considered public domain.
In Europe "public domain" means something rather different than it does in the US. You can't legally disclaim your copyright in some jurisdictions. Creative Commons 0 license is a good way to meet that objective, because it's designed to give users maximum freedom, with the laws of different jurisdictions in mind.
WTFPL is VERY short license that does the same, though less effectively and in a more entertaining way.
> do NOT use SHA2 for your password database. use bcrypt/scrypt/argon2 instead.
Brypt is indeed designed as a *password* hashing function, so it's better for passwords than sha-2 is. I think sha-2 is also acceptable.
> Thus you would need a giant rainbow table that gives a password for *every single possible 160bit hash
That's actually the difference between a rainbow table and a simple lookup table. The rainbow table can be as big or small as you want. Larger tables allow faster "unhashing". While BUILDING the rainbow table, you have to compute all* the hashes, but not save the results.
> So you could scan through ALL the common password (based on frequent leaked passwords
Definitely don't use a common password. Using "password" as your password will suck no matter what else you do. Therefore it's a mistake to say: Doing X won't help if the passwords suck. Therefore don't do X. Because we know weak passwords will be weak no matter what you do, it probably makes sense to try to make the system as secure as possible +for users who use good passwords+.
Slashdot Mirror
> The Google demo violated CPC 632
CPC 632(c):
(c)âFor the purposes of this section, âoeconfidential communicationâ means any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto, but excludes ... any other circumstance in which the parties to the communication may reasonably expect that the communication may be overheard or recorded.
Care to explain to me how a hair appointment is confidential? How the circumstances indicate the salon wants to keep it a secret, and they would be confident that it couldn't be overheard?
U shud not kneed sell chek neway. Y can't U spel righte withut it? I kan.
The main robocall legislation is the Telephone Consumer Protection Act, signed by President Bush in 1991. It generally applies to people trying to sell something. Here are the relevant FCC regulations:
https://apps.fcc.gov/edocs_pub...
The FTC also has some regulations based on TCPA, but again that's for solicitors.
Besides calls from solicitors, TCPA also restricts automated calls to hospitals, emergency rooms, and doctors' offices. So it may technically be illegal to use Google Assistant to schedule an appointment with a doctor. I don't think it violates the spirit of the law, though, as the law was intended to protect people from receiving unwanted, nuisance bulk calls. So long as Google Assistant does a reasonably good job, it's not a nuisance call.
"You shouldn't record confidential conversations" doesn't seem that weird, does it? Or "don't record people's secrets".
How about "Don't invade people's privacy. Someone preaching on a street corner isn't talking in privacy".
Yeah any time law considers intent it can bring up questions, on the other hand my 3yo can distinguish between someone telling her a secret and someone making an announcement.
Yes, if all parties agree with you that they can reasonably expect someone might be listening.
If the quantum computer is 300 cubits in length, 50 cubits in width and 30 cubits in height - well then it's Noah's ark.
Qubits, of course. My brain does that - I spell well and all, but I tend to write homophones, words that sound identical, because I think audibly.
Btw still I understand why some might find it a bit spooky. The submission asked if it was illegal, not if it was spooky.
It would be illegal only if the other party was trying to have a confidential discussion and thought there was little or no chance that it might be overheard.
California law (penal code 632) requires consent to record a "confidential communication". It then defines what a confidential communication is and is not.
First, in order to be a "confidential communication", the circumstances must indicate that a party desires it to be confidential between only the people involved in the conversation. In a restaurant or salon, there would have been other people around. If the employee didn't whisper or take the phone into another room, nor talk about personal private matters, they probably didn't intend it to be confidential. Indeed whatever they said to some random person calling, someone they've never met, probably isn't intended to be private.
Secondly, California laws says it's not protected when the parties "may reasonably expect that the communication may be overheard or recorded". (Note the word "may", may be overheard, not "will be overheard". Google assistant says "I'm booking an appointment for a client". It would be reasonable to expect that the client may be overhearing the conversation. People routinely use speakerphone while booking restaurant reservations or hair appointments, so again the restaurant or salon "may reasonably expect that the communication MAY be overheard".
If there was no reasonable expectation of privacy, if it wasn't a confidential communication, recording it doesn't violate the law.
That's an interesting idea. Looking at stalking statutes, this wouldn't be covered. As example statute:
Sec. 42.072. STALKING. (a) A person commits an offense if the person, on more than one occasion and pursuant to the same scheme or course of conduct that is directed specifically at another person, knowingly engages in conduct that [long list of harassment etc]
Stalking is a repeated pattern of behavior fixated on a specific individual. This is the opposite - trying to see as many cars as possible, with the ideal goal of seeing every car in the state.
It was an interesting idea, though.
That's very cool that you have that.
If you want to interface it with an RPi, I bet the guy doing the project in the article might like to here from you.
More accurate would be be "if an ideal (perfect) quantum computer existed, with enough cubits, it could break some types of encryption in a reasonable time".
Ideal quantum computers don't exist, and never will. An open question how near actual, physical quantum computers will get to this theoretical perfect machine. It's kinda like doing physics approximations and starting with "ignoring air resistance and friction ...". Well yes, if there were no friction we could build machines that do a lot of things which can't actually be done, because in the real world there is friction.
In a universe that only exists in textbooks, a universe of ideal machines, ideal quantum computers could factor numbers in polynomial time. Not instantly, but it wouldn't take a billion years like it would with classical computers.
Some of the cryptographic algorithms we use today get their strength from the difficulty of factoring certain types of large numbers. Those algorithms would need to be replaced if quantum computers developed sufficiently.
Already, we deprecate cryptographic algorithms every couple of years. Part of my job is checking https, ipsec, and other systems to see that they are configured to use strong algorithms. I have to update our list of currently accepted algorithms a couple times per year. The designers of these protocols were smart in that the designed the protocols to support any algorithm you want. For example, TLS defines that "key exchange" messages should be exchanged, but doesn't define what type of key exchange. It could be RSA key exchange, it could be Diffie-Hellman, it could be elliptic curve Diffie-Hellman, or supersingular elliptic curve Diffie-Hellman. TLS (aka SSL) doesn't know or care. Classical Diffie-Hellman can be replaced with supersingular DH without changing anything about TLS.
> Travelling at c, the Lorenz factor for the light itself is infinite
No, it's not travelling at C, "for it".
Also did you mean Lorentz factor? More importantly, did you forget the "relative" in "relativity"?
If you look at it from the light's reference frame, it didn't move, and there's nothing to talk about. It's moving at C only from *our* reference frame. Therefore the only reference frame that's useful to discuss, the reference from from which something happened, is ours. The frame in which it took 12 billion years for the light to reach us.
This article is not about the emulator. That's been around for a while.
This is about reproducing the physical hardware - the switches and lights and all that. You say "that's not rebuilding. That's putting a fancy front on" - you realize one has to design and build the "fancy front" before putting it on, right?
Ideally you wouldn't have encrypted password data on any system outside your own control.
Also, ideally you shouldn't care. Ideally, you encrypt the data sufficiently that you don't care who gets the encrypted file. But encryption algorithms routinely get broken, so it's good to have layers of security - nobody can get the encrypted file, AND even if they did, they can't decrypt it.
The password manager companies are pretty much all very small companies. They often buy shared hosting from Hostgator or whoever. *IF* you're going to have your encrypted password file on someone else's server, it's best to choose a company who has a qualified network security team, qualified application security team, a qualified system security team, routine security audits, etc. IF you're going to use someone else's server, most of the big companies in cloud storage have far, far better security than the little companies. A company who is certified to provide cloud storage to DoD is going to have significantly more mature security than that guy who made an app he calls SecretPassVault or whatever.
My two year old took about ten minutes to learn the iPad, or at least it seemed like about 10 minutes. Kids learn fast, so they'll be able to click shortcut icons in any distribution no problem. The only question is how many weeks it will take before they've subverted your parental protections and have full access to the Internet.
Since the district isn't going to matter to the kids, I'd probably pick whatever the parent is most comfortable setting up an maintaining. Something with good automatic security updates that has long term support.
Since it will probably only take them a few minutes, and at most hours, to learn how to click the icons, after that there is an opportunity for them to learn a little bit about how the computer works. Some distributions make that more visible and discoverable than others.
This graph demonstrates that as fewer people were subjected to the frustrations of Internet Explorer, murder rates fell significantly:
https://gizmodo.com/5977989/in...
Or it might just be that the rate of IE use fell, and completely separately, murder rate also fell at the time, with no relationship between the two. They are correlated (more murders happened when people used IE), but that doesn't prove that IE causes murder.
Frequently, two correlated facts are caused directly or indirectly, by some third fact that causes both. As a dumb example, driving to work is correlated with drinking coffee - when people drink coffee, they often drive to work. Coffee doesn't cause the commute, both are caused by morning.
Btw thanks for contributing.
Another thing I've run into has been wanting to use a chunk of code for work and it's pretty apparent that the author intended it to be free for anyone to use. For compliance with whatever, management has to have records showing what license we have for all of our code, with some documentation that we are complying with licenses. A company lawyer checks licenses to make sure we know what can mix with what. We wouldn't want to accidentally mix GPLv2 or GPLv3 code in with our "secret sauce" proprietary code. They get real nervous about "Damn Oregonian said it's cool". Their form has a checkbox for Creative Commons.
Where I accidentally wrote "won argue with you", that should be "won't argue with you".
Your entire, fairly long, post seemed like it was going one way, then your final sentence or two made an unexpected turn.
As long as you end up doing the smart thing, saving and investing, I won argue with you about the other stuff.
Actually you *can* guarantee it. Most people don't completely guarantee it, because low-risk has much higher returns than no-risk. One incredibly simple way to guarantee the outcome is to be long and short on the same stock, at the same price. Obviously you can get far more complex, such as being short and long at different prices, and thereby guarantee whatever you want to guarantee, such as "a gain between 3% and 4%, no higher and no lower".
> Real investors can only hope for actual return
That would be real speculators, aka gamblers. Real investors do things like buy a mutual fund that has 100 well-established companies like Proctor & Gamble, McDonald's, Walmart, CVS, etc. These are companies with a long track record of stable performance, and you're not assuming anything about the performance of any of them. You're assuming only that some will do well, some will do badly, and over the long term the general trend will be that many of them continue to more or less do what they've always done. That is to say, you're figuring that EITHER McDonald's will continue selling burgers, OR Walmart will keep selling socks and soups as always. It's rather unlikely indeed that all of those companies would all suddenly crash together. If they do, that's probably because of global nuclear war, and you have bigger problems than your investment.
> When you buy a stock the company doesn't get any benefit. You are buying someone else's stake. Not supporting that company.
Close, but not exactly. Early in the life of the company, at the IPO, you are of course definitely buying it straight from the company. After that, you might buy it from the company, or might buy it from someone else. Either way supports the company. It's not obvious how buying it from someone else supports the company, so that bears explanation.
The company, and only the company, can create new stock. In fact the company created the stock out of thin air. So if the stock is worth $500 / share, the company can issue 1,000 more shares and get $500,000 for them. The company created it for nothing, and sells it for half a million. Clearly that puts cash into the company. Often the company creates extra shares ahead of time just for this purpose, putting them in their back pocket to sell later. They can also create shares later, called an at-the-market. Obviously, the higher the stock price, the more the company makes selling stock. Your purchase (technically your "bid") pushes the price slightly higher. That may be stock they held back in reserve, or at-the-market.
> Unfortunately the way that investments and capitalism work there is no way to actually guarantee that you will get money back on your investment.
Actually you *can* guarantee it. Most people don't completely guarantee it, because low-risk has much higher returns than no-risk.
> Essentially it is not saving but instead hedging a bet that you can pick the right technology that will benefit society at large and thus create a return on your initial investment.
You used the phrase "hedging a bet" as if it meant "placing a bet". "Hedging a bet" basically means guaranteeing a bet. Suppose the Broncos and the Panthers are playing in the Superbowl. Placing a bet would be putting $100 on the Broncos. Hedging that bet would be ALSO putting $100 on the Panthers. You would be guaranteeing your outcome. You're guaranteed to not lose (or make) any money, assuming even odds on both bets, and the same line.
Hedges can get much, much more complex, in order to guarantee whatever you want to guarantee, or select any level of risk you wish.
Here's the thing - individually hand-crafted items are really expensive. You couldn't afford to buy even a fraction of the stuff you buy, if everything was still made the way it was made in the 18th century. Especially if it were carried on tiny little boats rather than huge container ships. Most of what you have, you can have only because of tools, factories, machines - stuff that increases productivity, expensive stuff. Multi-million dollar items like ships and factories are needed in order to produce your TV, your clothes, and everything you that a serf in 1818 didn't have. Foundries, fiber optic networks, etc are all the goose the lays the golden egg for society, the reason you don't pick cotton for $3 / day.
Shifting gears a little, when were young you may or may not have been taught that saving up is a really good idea, because shit happens. If you have a car, you'll have car problems. You can either scramble to come up with the money to fix it AFTER it breaks, maybe via a pawn shop, or you can put a $10 aside each paycheck BEFORE the car breaks and not get fucked over by a pawn shop. "I can't afford to save $10 of my paycheck", some say. But you CAN afford to pay a lot more than that to a pawn shop? Maybe when your car breaks down you'll use a pay day lender, because you can afford to pay back twice as much? If you're broke, you REALLY can't afford to not aside a few bucks for when shit happens.
You know what other kind of shit happens? If you keep living, you will get old. Really old. Putting a few dollars aside from each check so you have it when you're old is a really friggin good idea too.
So we have a need for really expensive things which produce other good stuff, expensive things like factories, power plants, steel mills, trains, ships etc. Those things are called "capital goods". In order for you to get cool shit, we need a bunch of money to buy capital goods (things like motorcycle factories). Also we have a bunch of people saving up money for when shit happens, and saving up more money for when they get old. Pretty much everyone who both a) isn't stupid and b) was raised by someone who had a clue, is saving some money aside. So there is a shitload of money sitting around being saved up.
Here's a great idea. Instead of having that saved money sitting around getting moldy until you retire in 30 years, why don't we use that saved money to build useful stuff like factories, trains, foundries, power plants, and other things that produce good stuff for everyone? That way everyone can get more good stuff, cheaper. Seem like *maybe* a good idea?
There are two alternatives to buying capital goods with savings. You can have a society without any capital goods, a primitive, tribal society. Or you can have a society in which very few very, very wealthy people can afford to personally buy ships, build factories, etc.
So I assume we don't want only Donald Trump getting any benefit from machinery and stuff, while the rest of us live as serfs, picking cotton buy hand. Okay, cool - give me the money you've saved so I can go build a factory. What? You don't want to hand over your money? But if you do, everybody, society as a whole, will be a lot better off. We can buy a $2 million combine harvester instead of all of us picking peanuts one-by-hand, by hand. Yeah, most people don't want to hand over their savings for the betterment of society.
Okay how about this. If you let us use the $500 you have saved, if you want it back a year from now we'll give you back $550. If you don't end up needing it until you retire, we'll pay you back $3,300. Sound better? You put in $500 now toward buying capital goods, you get $3,300 back later. That's a lot better deal for you, a deal that most people will take, if they've been saving at all.
That's investment, that's capitalism. Saving up for a rainy day like your grandma told you too, then pooling those savings to get useful stuff that makes life better for everyone. That's why we're not subsistence farmers in the US, because we invested and bought machines and other capital goods.
I used to install Fedora for other people.
The thing is, Fedora has an 18 month life. If you REALLY need some bleeding-edge feature that CentOS / Redhat doesn't have, the trade-off might be worth it. For 98% of use cases, CentOS will do what they want to do, more reliably, and with years of updates and support.
> done my best to say I retain no copyright over this code, and it can be considered public domain.
In Europe "public domain" means something rather different than it does in the US. You can't legally disclaim your copyright in some jurisdictions. Creative Commons 0 license is a good way to meet that objective, because it's designed to give users maximum freedom, with the laws of different jurisdictions in mind.
WTFPL is VERY short license that does the same, though less effectively and in a more entertaining way.
> do NOT use SHA2 for your password database.
use bcrypt/scrypt/argon2 instead.
Brypt is indeed designed as a *password* hashing function, so it's better for passwords than sha-2 is. I think sha-2 is also acceptable.
> Thus you would need a giant rainbow table that gives a password for *every single possible 160bit hash
That's actually the difference between a rainbow table and a simple lookup table. The rainbow table can be as big or small as you want. Larger tables allow faster "unhashing". While BUILDING the rainbow table, you have to compute all* the hashes, but not save the results.
> So you could scan through ALL the common password (based on frequent leaked passwords
Definitely don't use a common password. Using "password" as your password will suck no matter what else you do. Therefore it's a mistake to say:
Doing X won't help if the passwords suck. Therefore don't do X.
Because we know weak passwords will be weak no matter what you do, it probably makes sense to try to make the system as secure as possible +for users who use good passwords+.