> The concept that this is about protecting civilians is pretty laughable though. >In World War 2 if they had better targeting they would have killed more civilians, not less. > Do you honestly think this is radically different today?
Since the late 1950s we've had bombers that can carry 35 TIMES as much bomb payload as the largest bombers as WW2. A single B-52 sortie can level an area 1 mile by 2 miles. We stopped doing that the instant we got reliable precision guided bombs in the late 1970s. Why do YOU think that is?
>> Wars will continue as long as nations exist. > Probably true. I guess I support one world government after all.
Large countries almost invariably have civil wars. There larger the government, the bigger the stakes. People will always have different desires, which leads to power struggles. Power struggles writ large are war.
Perhaps the ideal, the scenario with the least amount of war (given the realities of human nature), is to have separate, autonomous areas where people can pretty much do their own thing, with one clearly dominant power who is able to put a stop to aggressors, but that isn't imperialistic. That wouldn't mean *no* war, but it would probably be less than any other realistic scenario I can imagine.
> Now, how do we get one of those without it being fascist?
Good question. Given large groups would want the opposite of what those in power are doing, the ones in power would probably have to be ruthless in order to maintain power. In a small group, such as a family, discussion and compromise is relatively easy. Discussion and compromise between Israel and ISIS? Probably not. Between all the nations of the USSR, or the historical British Empire? Nope.
Speaking of discussion and compromise being easier in smaller groups, perhaps the super-power in the above scenario should be composed of smaller divisions which can be relatively autonomous in matters that don't directly affect the other members. In matters of foreign policy they would be united, but each could separately decide of they want to legalize marijuana or that type of thing. The trick would be keeping the union government focused on its limited purposes of foreign affairs, facilitating trade trade between the members with appropriate regulation, etc. Some would be strongly tempted to inappropriately use the union government to control the internal affairs of the members, to force their way of doing things on people from other places, with different values and beliefs. To keep that control, the central government would then have to become more and more powerful, more ruthless and controlling. For this system to work, the central government would need to focus on the common defense and maybe a few other agreed things that benefit all the members, while allowing each member area it's own self-government.
>War is not inevitable. Most wars are deliberately caused and/or fueled by people with something to gain.
Meals are deliberately caused by people who have something to gain (they are hungry). Inevitably, people will continue to eat. Chanting or putting your head in the sand won't change that.
I'm about to go to the restroom, because I'm uncomfortable right now. I have something to gain from heading to the restroom. Pooping is inevitable; people will keep doing it.
The difference between war and pooping is that when one guy, maybe Hirohito or Kim Jong-un, decides they have something to gain from starting or risking war, that brings multiple nations to war. Emperors and dictators will continue to eat, poop, and start wars whenever they think they want to. The only way to make that stop happening, to make that NOT inevitable, is to kill them. Which is called war. Wars will continue as long as nations exist.
That's a good point, to be balanced against the initial gut-reaction of not wanting your technology to be used militarily. Until fairly recently, war was waged by destroying the enemy *country*. Now we target individuals and small groups. We can do that now because we have accurate targeting.
In world war 2, only 20% of bombs hit within 1,000 feet of the target. Most hit within a mile radius, so the real target was something like "the west side of the city". By the gulf war, target radius was 10 meters, 30 feet. We could bomb a vehicle instead of a neighborhood.
If you are against war, it is clearly better to destroy a given vehicle than an entire neighborhood. Therefore more accurate targeting is better, it reduces deaths and injuries.
That's funny. If it's like working with the US government, they spent around $8,000 on the RFP and contract. Bidding and handling government contracts is an industry unto itself, and you need experts in government contracting working for you.
Meanwhile, the drone I designed and built from scratch from scratch at home, in just a few days, works fine.
It runs open source software called inav on an open hardware controller that costs $35. Inav has multiple fail-safes so if it loses GPS it falls back to a safe 'mission abort" procedure. The exact procedure depends on how far it is from its launch point and the settings I choose.
What kind of interactivity did you have in mind, exactly? Limited, I suppose, since you said you're going to scale the same UI design for both 24 inch and 3 inch screens.
> sample screen sizes, OS DPI settings, and browser brands... > Doing "progressive" (self-scaling) right takes a hell of a lot of work
It's a LOT less work if you change your frame of mind to realize my DPI is none of your damn business. The message you wrote, the one I'm replying to, looked great. It looks great on my phone, my laptop, my desktop, my desk monitor - no matter how I resize the window.
You had a heading / subject line, then marked your paragraphs. Then let my browser do its dang job and render your stuff to look nice on my screen.
> Now, maybe an elite UI dev can pull it off
Some people consider me "elite", they come to me for help fixing their stuff. 90% of the time, I fix their stuff by *deleting* some of their code. When they stop telling the browser to make things we wrong, the browser defaults to making things look good.
The original ISO 32000-1:2008 standard includes JavaScript, forms, and multimedia. Only the archival variant, PDF/A, disallows JavaScript because JavaScript standards change over time.
> It's my opinion we need a new standard where the positioning is mostly controlled on the server....scales the UI based on the device's (client) preferences or stated screen-size.
You can do, today! And since 1993, actually. That's called pdf.
Slashdot "Classic" looked good on WebTV and IE4 - better and more useful than either of the new themes, and it's still the best on my phone.
That's because they didn't make an IE version, a Netscape version, and a WebTV version, or write for IE and then use a bunch of NotJavaScript to try to hack it.on other browsers. Instead, they wrote html. It works just great on browsers that were created ten years after the site was coded. They didn't test on Android or iPhone, those things didn't exist yet. They didn't have to test for Android or iphone because they uses html the way it was designed to be used - to describe the document's logical structure, not which pixel should be which color.
When I mentioned credit card information, I was talking about a database full of other people's cards, knowing that some of those people have only one account, with a low balance. A stray $100 charge will have them overdrawn and they'll start getting overdraft fees. Then they won't be able to buy gas or food until pay day. A high level of confidentiality is required.
For MY OWN credit card that I use to buy stuff online every day, I recognize that is sent to a lot of different companies who have widely varying security practices, and it will probably be leaked. Too many of them store it, and store it poorly. Probably already has been leaked. The thing is, when you have a "secret" that you tell hundreds of random people, different people every day, it's no longer really a secret. If you're sending every online merchant full access to all of your funds, you're doing it wrong.
It's COMMON to have all your money in one bank account and use the one debit card on that account to buy everything, but it's very silly. Much more secure is to have a savings or money market account where you save a little money for when your car breaks down or whatever, because shit happens. Then you have your monthly checking account you use to pay the mortgage and such. Lastly, you have a credit card with a $100-$300 limit and that's what you use to buy random crap on the internet. Somebody is probably going to leak your card number eventually; the secure thing is to do is make it so that card number doesn't wreck your life.
So I don't think most people should try to secure their phone and their laptop in such a way that they can store all their card numbers in browser plugin or similar. In fact, the standalone password manager programs have a terrible track record. I trust Google's password manager more than I trust LastPass, but I don't trust every merchant in the world that much, so I shouldn't be exposing all my money via a super-sensitive debit card number that's going to cause me a lot of pain when it leaks.
> keeps that view secret from the world, but: > a. That's kinda creepy
Yes, it is kinda creepy. Agreed.
> b. There are solutions that don't require allowing a company to do that
I'm curious what you have in mind. To replace all Google services with services of similar quality would cost a decent amount of money, I'd they'd STILL have a profile of you based on web surfing and such.
> c. They use that view of you to make money out of you, and the temptation must be strong to do that by understanding aspects of your behaviour you don't understand about yourself
They don't *understand* anything. They have a bunch of numeric identifiers and a math formula that highlights correlations. User #846204628273 is correlated with website #736304638462, which is correlated with web site # 6306384739. They often don't even know that the correlation between the two sites is that they both sell RC plane parts. They don't need to know. They only need to know that people who visit site #74620463027 often also visit site #846934739, so they can advertise the second site to people who visit the first.
> 35+ different mobile device screen sizes and 15 major browsers to code for
This shows he doesn't understand the entire POINT of html, a web browser, and CSS. He clearly doesn't know the difference between a PDF and an html document if he's coding for many different screen sizes with many different browsers. PDF files are sized - you can make a letter-sized PDF or legal-size, for example. The entire PURPOSE of a web browser, of the rendering engine, is to format *information* coming from the server to fit nicely in whatever size the window happens to be at the moment. If you're coding you're web pages for lots of different screen sizes, you're missing the entire point of what a web browser does, and your pages will be fucked when the window isn't maximized. *Maybe* two versions - small and large. Other than that, let the browser do its job. Don't try to force something to be exactly 3 pixels over by loading pixel.gif three times and you won't have to worry about screen size (or window size).
Your html should describe *what* the page elements are, using tags like "header", "list (ul)", "top level heading (h1)". It's the browser's job to figure out how many pixels a top-level heading should be given the screen resolution, user preferences, etc. Your CSS then can give hints including "larger" which should generally apply to all devices.
Code for 35 browsers? Try coding html 4 or html5. Not IEthml, and not loading pixel.gif five times when you detect Mozilla. Just code to the standard. If one of the three or four major browsers is completely broken in respect to the standard for some tag you can adjust for that, but those instances should be rare.
It's an interesting thing. As you said, Google analyzes the data in order to serve relevant ads, and also uses it to provide better services, which they use for more ads. So there is an inherent conflict of interest there. Many people don't use Google services for that reason, and that makes sense.
ALSO like Coca-Cola has their secret formula, and KFC has it's "eleven herbs and spices", every company has their crown jewels. Google is not Microsoft - they don't survive by selling Office 365. Their most valuable asset isn't their source code - they open source much of it. They aren't Apple, selling hardware. The key to their success and survival isn't patents, or market research. The most valuable thing Google has is that data. Their interest, their survival instinct even, is to analyze that data while making sure nobody else gets ahold of it.
Google's self-centered interest is to make sure that only you and them can access that data. Their track record has been much better than Amazon, Microsoft, or other peers. Therefore reasonable people may decide keep their general office documents on a local hard drive, or in Google docs. Both are reasonable options.
Again, for top-secret research and development of the latest fighter jet, different rules apply. We're not talking about top secret information here. I'm talking about things like our onboarding checklist for new developers - install Git and VMware, set up a Linux development VM, etc. The planning sheet for our office party is on Google Docs. I built a system to store credit card numbers and it doesn't use the cloud. Those are stored encrypted on an isolated system with a minimal OS that's only accessible from the local keyboard (after getting past Glock-carrying employees) and from the local secured network using a passphrase-protected ssh key. Even with physical access to the box, one doesn't have access to the CC numbers because they are encrypted. Different levels of security are appropriate for different assets.
> Confidentiality is having everything you do uploaded to the worlds most prolific data collection and advertising agency?
That's something you have to consider. Whether you choose ChromeOS, ChromiumOS, Windows, Ubuntu or something else, and whether you use Google docs or not. You can use Windows and trust Microsoft with all your data of you want to. Personally my "consoles", the machines I touch daily, are just SSH consoles, so Google isn't getting anything from me other than browsing history.
You're right, Google is the world's most prolific data company. Their mission is to organize the world's data, and they are good at it. Their crown jewels, the company's primary asset, is the data, and so far they've done a pretty good job protecting it, so if you're going to use any type of cloud storage and applications Google is certainly a reasonable choice, a choice to consider. If you're working on top secret plans for the next fighter jet (as I may be doing soon), that data shouldn't be in any cloud, or accessible via the internet at all. You shouldn't be using public wi-fi to work on that in the first place.
Most people are going to trust SOMEONE with their data. The world's best data company, Google, is a reasonable option.
First let me establish to what extent I am qualified or not to address this question:
I've been a security professional for 20 years. Most of that time I used Linux exclusively. Recently I've also started using Mac. You'll find my name in the kernel change log.
There are three main areas of security; confidentially, integrity, and availability. Most of the time when people say "security" they mean confidentially first, with some thought to integrity, and they rarely think of availability. For confidentiality and integrity, the top two things an OS can do to help is limit the attack surface (such as not running unnecessary daemons or other software) and provide quick, reliable updates. The only code that can't possibly be hacked is code that isn't there, so the most secure system is the most minimal system. Real-life attacks use known vulnerabilities 99.99% of the time, so quick, automatic updates to resolve known issues are very important.
There is one Linux distribution that stands out for avoiding any unnecessary code (and potential vulnerabilities) and providing quick, reliable updates. That distribution is ChromeOS. It's well ahead of the others. It would be rather difficult indeed to set up a general-purpose distribution such as Ubuntu, which is made to support servers of all kinds, all kinds of workstations, etc, to be as secure as Chrome OS.
The third leg of security is availability. If the features and functions you need aren't available on ChromeOS, it won't work for you. Normally we think of availability as "not subject to denial of service or random crashes", but if the service you need is denied by the creator of the OS, that has the same effect as a denial of service attack.
ChromeOS is therefore well ahead of any general-purpose OS in terms of security - for users who don't need anything ChromeOS doesn't provide. That's a LOT of people. It even suits my needs while traveling because my travel device only needs to SSH to my main machines, and provide a web browser.
Yep, that's one the problems I keep pointing out. People and companies that should be able to keep their domain, EU people, are fucked when it's revoked WITH THE APPEAL PROCESS REMOVED, due to having a UK address listed. Killing the appeal process is either stupid, petty, or both, because the entire point of the appeal process is to protect people who SHOULD NOT have lost their domain because they have every right to keep it.
> > Cancelled, with no appeal just because your main office is in Belgium.
> Belgium is still part of the EU as far as I know, so no, if your main office is in Belgium you are still entitled to a.eu domain and this statement does not apply to you in ANY WAY.
What exactly do you think "without settlement of conflicts process" means in this context? It means the registration dispute resolution process, where an affected person could point out "I moved to Belgium six months ago", or "Brussels Airlines has always been a Belgian company, our UK web host registered the domain". Once you're cancelled for having a UK address listed, it doesn't matter that it's an EU company - they've cancelled the appeal process by which you would address that.
> Read the story. The actual statement from the EC says
Read either the second half of the story, or the actual EU statement, before claiming to know what it says. The EU statement consists of four numbered sections, labeled with bullet points. See "2. REVOCATION OF REGISTERED DOMAIN NAMES": -- 2. REVOCATION OF REGISTERED DOMAIN NAMES":.. revoke such domain name on its own initiative and without submitting the dispute to any extrajudicial settlement of conflicts in accordance with point (b) of Article 20, first subparagraph, of Commission Regulation (EC) No 874/2004. --
Cancelled, with no appeal just because your main office is in Belgium.
To register a.Eu domain, you're supposed to have some connection to the EU. You do not have to prove every 30 days that you're still in the EU to prevent it being cancelled. It makes since to say "UK residents without any connection to the EU can no longer register EU domains". That's no what they are doing.
These domains were properly registered by EU people, who have built communities and businesses under these names. Taking them away, after they were properly and legitimately registered and may have been in active use for several years is petty.
Additionally, they are cancelling all the domains registered to organizations with UK addresses - who may also have offices throughout the UK! Many companies with a UK address are also active in other parts of Europe and may very well qualify for.Eu domains. Heck, the EU itself has offices in England, who have registered at least one domain. I wonder if the EU leadership realises they are cancelling their own domain.
This is a great idea. Have the decisions made by local politicians. If neutrality, fair and unbiased treatment for everyone, is what you want, nobody is more neutral than politicians. A city council has NEVER favored any particular internet-related business before. Those cable monopolies granted by the city councils were for your own good.
Don't worry, if Facebook's contributions to your mayor DO effect his judgement, the federal regulators will step in. You can trust the FCC to make sure everything is fair and neutral.
I say we even take it a step further. Government can own not just the means of transmitting media, but the media. Production as well. We can make sure news reporting is fair and neutral by having the government run the news stations.
Same here. My boss wouldn't call without a darn good reason. In addition, if the shit hits the fan I'd MUCH rather fix it than have someone else TRY to fix it and leave me with a much bigger mess to clean up in the morning.
I've told my boss PLEASE call (or message) me because it's much easier for me to spend 10 minutes properly diagnosing a problem and fixing it, rather than try to figure out wtf all a co-worker did while randomly trying this and that at random hoping to make the problem go away.
===
Heck, even my FORMER my boss, as I was leaving that job, I told them several times - you'll probably run into one or two situations where you have this choice: A) you spend five hours trying to figure out what Ray did B) I spend five minutes answering their email, answering their question I'd much rather me spend 5 minutes answering their question than they spend 5 hours trying to figure it out without asking me.
Of course the old employer left me on as a "hourly employee" at a high rate of $xxx/hour, just in case they needed a couple hours of my time. At well over $100/hour, I'm happy to leave open the possibility of doing a little work for them. Even giving them a few minutes of my time for free.
As it turned out, I think they had one five-minute question for me, and once I asked them to send me a copy of a bit of code I'd written for them because it was a good example of a concept I wanted to demonstrate.
Nothing "what about" to it. In explaining negligent vs intentionally vs knowingly, it makes sense to use the most well-known recent example of what "negligent" means.
It doesn't matter if Apple did it on purpose, that would be "intentionally". "Knowingly" and "negligently" are less than "intentionally". That's just basic law 101. Literally that's something you learn about in your first semester of law school. If you don't like that fact, sorry I can't help you.
I believe Google should win this. I also think your argument has a major weakness.
> And besides, how can Oracle copyright an API that has dozens of things that came before? round() has been around in basically every floating point language ever.
All of the words in John Lennon's song "Imagine" were around before he wrote the song. How could Lennon copyright a song that has dozens of things that came before? Lennon (and Oracle) selected "particular* words and arranged them in a particular way, a skillful way. Lennon can't copyright each word in the lyrics to Imagine, but he can certainly copyright the lyrics as a whole.
There are two reasons I think Oracle should lose:
Copyright, by statute, protects a unique EXPRESSION of an idea and explicitly does not protect the idea itself. For software, I interpret that as meaning the implementation is protected. One cannot copy/paste the source code of Unix without permission, one CAN make a new OS which behaves similarly to Unix.
In practical effect, Oracle's argument is that nobody is allowed to make a JRE that is *compatible with* Oracle's JRE. In order to make a new thing compatible with an old thing, it must use the same interface as the old. It would be bad public policy to rule that it's unlawful to make things compatible by using the interface.
> If they have been used correctly, such as the way ssl does PFS, wherein the keys used at the time are only ever used once then forgotten, it becomes impossible to glean any record of past transactions
SSL PFS has in fact been broken. Over 80% of web servers used group 1, most SSL VPNs used group 2, and all of the others used group 3 or 5. We know for sure group 1 was publicly factored, allowing the (backward) decryption of most web SSL. There is evidence that NSA factored group 2, allowing them to decrypt most SSL VPN sessions.
Your very example of what can't be broken was broken, three years ago.
Slashdot Mirror
> The concept that this is about protecting civilians is pretty laughable though.
>In World War 2 if they had better targeting they would have killed more civilians, not less.
> Do you honestly think this is radically different today?
Since the late 1950s we've had bombers that can carry 35 TIMES as much bomb payload as the largest bombers as WW2. A single B-52 sortie can level an area 1 mile by 2 miles. We stopped doing that the instant we got reliable precision guided bombs in the late 1970s. Why do YOU think that is?
>> Wars will continue as long as nations exist.
> Probably true. I guess I support one world government after all.
Large countries almost invariably have civil wars. There larger the government, the bigger the stakes. People will always have different desires, which leads to power struggles. Power struggles writ large are war.
Perhaps the ideal, the scenario with the least amount of war (given the realities of human nature), is to have separate, autonomous areas where people can pretty much do their own thing, with one clearly dominant power who is able to put a stop to aggressors, but that isn't imperialistic. That wouldn't mean *no* war, but it would probably be less than any other realistic scenario I can imagine.
> Now, how do we get one of those without it being fascist?
Good question. Given large groups would want the opposite of what those in power are doing, the ones in power would probably have to be ruthless in order to maintain power. In a small group, such as a family, discussion and compromise is relatively easy. Discussion and compromise between Israel and ISIS? Probably not. Between all the nations of the USSR, or the historical British Empire? Nope.
Speaking of discussion and compromise being easier in smaller groups, perhaps the super-power in the above scenario should be composed of smaller divisions which can be relatively autonomous in matters that don't directly affect the other members. In matters of foreign policy they would be united, but each could separately decide of they want to legalize marijuana or that type of thing. The trick would be keeping the union government focused on its limited purposes of foreign affairs, facilitating trade trade between the members with appropriate regulation, etc. Some would be strongly tempted to inappropriately use the union government to control the internal affairs of the members, to force their way of doing things on people from other places, with different values and beliefs. To keep that control, the central government would then have to become more and more powerful, more ruthless and controlling. For this system to work, the central government would need to focus on the common defense and maybe a few other agreed things that benefit all the members, while allowing each member area it's own self-government.
>War is not inevitable. Most wars are deliberately caused and/or fueled by people with something to gain.
Meals are deliberately caused by people who have something to gain (they are hungry). Inevitably, people will continue to eat. Chanting or putting your head in the sand won't change that.
I'm about to go to the restroom, because I'm uncomfortable right now. I have something to gain from heading to the restroom. Pooping is inevitable; people will keep doing it.
The difference between war and pooping is that when one guy, maybe Hirohito or Kim Jong-un, decides they have something to gain from starting or risking war, that brings multiple nations to war. Emperors and dictators will continue to eat, poop, and start wars whenever they think they want to. The only way to make that stop happening, to make that NOT inevitable, is to kill them. Which is called war. Wars will continue as long as nations exist.
That's a good point, to be balanced against the initial gut-reaction of not wanting your technology to be used militarily. Until fairly recently, war was waged by destroying the enemy *country*. Now we target individuals and small groups. We can do that now because we have accurate targeting.
In world war 2, only 20% of bombs hit within 1,000 feet of the target. Most hit within a mile radius, so the real target was something like "the west side of the city". By the gulf war, target radius was 10 meters, 30 feet. We could bomb a vehicle instead of a neighborhood.
If you are against war, it is clearly better to destroy a given vehicle than an entire neighborhood. Therefore more accurate targeting is better, it reduces deaths and injuries.
That's funny. If it's like working with the US government, they spent around $8,000 on the RFP and contract. Bidding and handling government contracts is an industry unto itself, and you need experts in government contracting working for you.
Meanwhile, the drone I designed and built from scratch from scratch at home, in just a few days, works fine.
It runs open source software called inav on an open hardware controller that costs $35. Inav has multiple fail-safes so if it loses GPS it falls back to a safe 'mission abort" procedure. The exact procedure depends on how far it is from its launch point and the settings I choose.
What kind of interactivity did you have in mind, exactly?
Limited, I suppose, since you said you're going to scale the same UI design for both 24 inch and 3 inch screens.
> sample screen sizes, OS DPI settings, and browser brands ...
> Doing "progressive" (self-scaling) right takes a hell of a lot of work
It's a LOT less work if you change your frame of mind to realize my DPI is none of your damn business. The message you wrote, the one I'm replying to, looked great. It looks great on my phone, my laptop, my desktop, my desk monitor - no matter how I resize the window.
You had a heading / subject line, then marked your paragraphs. Then let my browser do its dang job and render your stuff to look nice on my screen.
> Now, maybe an elite UI dev can pull it off
Some people consider me "elite", they come to me for help fixing their stuff. 90% of the time, I fix their stuff by *deleting* some of their code. When they stop telling the browser to make things we wrong, the browser defaults to making things look good.
The original ISO 32000-1:2008 standard includes JavaScript, forms, and multimedia. Only the archival variant, PDF/A, disallows JavaScript because JavaScript standards change over time.
> It's my opinion we need a new standard where the positioning is mostly controlled on the server. ...scales the UI based on the device's (client) preferences or stated screen-size.
You can do, today! And since 1993, actually. That's called pdf.
Slashdot "Classic" looked good on WebTV and IE4 - better and more useful than either of the new themes, and it's still the best on my phone.
That's because they didn't make an IE version, a Netscape version, and a WebTV version, or write for IE and then use a bunch of NotJavaScript to try to hack it.on other browsers. Instead, they wrote html. It works just great on browsers that were created ten years after the site was coded. They didn't test on Android or iPhone, those things didn't exist yet. They didn't have to test for Android or iphone because they uses html the way it was designed to be used - to describe the document's logical structure, not which pixel should be which color.
When I mentioned credit card information, I was talking about a database full of other people's cards, knowing that some of those people have only one account, with a low balance. A stray $100 charge will have them overdrawn and they'll start getting overdraft fees. Then they won't be able to buy gas or food until pay day. A high level of confidentiality is required.
For MY OWN credit card that I use to buy stuff online every day, I recognize that is sent to a lot of different companies who have widely varying security practices, and it will probably be leaked. Too many of them store it, and store it poorly. Probably already has been leaked. The thing is, when you have a "secret" that you tell hundreds of random people, different people every day, it's no longer really a secret. If you're sending every online merchant full access to all of your funds, you're doing it wrong.
It's COMMON to have all your money in one bank account and use the one debit card on that account to buy everything, but it's very silly. Much more secure is to have a savings or money market account where you save a little money for when your car breaks down or whatever, because shit happens. Then you have your monthly checking account you use to pay the mortgage and such. Lastly, you have a credit card with a $100-$300 limit and that's what you use to buy random crap on the internet. Somebody is probably going to leak your card number eventually; the secure thing is to do is make it so that card number doesn't wreck your life.
So I don't think most people should try to secure their phone and their laptop in such a way that they can store all their card numbers in browser plugin or similar. In fact, the standalone password manager programs have a terrible track record. I trust Google's password manager more than I trust LastPass, but I don't trust every merchant in the world that much, so I shouldn't be exposing all my money via a super-sensitive debit card number that's going to cause me a lot of pain when it leaks.
> keeps that view secret from the world, but:
> a. That's kinda creepy
Yes, it is kinda creepy. Agreed.
> b. There are solutions that don't require allowing a company to do that
I'm curious what you have in mind. To replace all Google services with services of similar quality would cost a decent amount of money, I'd they'd STILL have a profile of you based on web surfing and such.
> c. They use that view of you to make money out of you, and the temptation must be strong to do that by understanding aspects of your behaviour you don't understand about yourself
They don't *understand* anything. They have a bunch of numeric identifiers and a math formula that highlights correlations. User #846204628273 is correlated with website #736304638462, which is correlated with web site # 6306384739. They often don't even know that the correlation between the two sites is that they both sell RC plane parts. They don't need to know. They only need to know that people who visit site #74620463027 often also visit site #846934739, so they can advertise the second site to people who visit the first.
> 35+ different mobile device screen sizes and 15 major browsers to code for
This shows he doesn't understand the entire POINT of html, a web browser, and CSS. He clearly doesn't know the difference between a PDF and an html document if he's coding for many different screen sizes with many different browsers. PDF files are sized - you can make a letter-sized PDF or legal-size, for example. The entire PURPOSE of a web browser, of the rendering engine, is to format *information* coming from the server to fit nicely in whatever size the window happens to be at the moment. If you're coding you're web pages for lots of different screen sizes, you're missing the entire point of what a web browser does, and your pages will be fucked when the window isn't maximized. *Maybe* two versions - small and large. Other than that, let the browser do its job. Don't try to force something to be exactly 3 pixels over by loading pixel.gif three times and you won't have to worry about screen size (or window size).
Your html should describe *what* the page elements are, using tags like "header", "list (ul)", "top level heading (h1)". It's the browser's job to figure out how many pixels a top-level heading should be given the screen resolution, user preferences, etc. Your CSS then can give hints including "larger" which should generally apply to all devices.
Code for 35 browsers? Try coding html 4 or html5. Not IEthml, and not loading pixel.gif five times when you detect Mozilla. Just code to the standard. If one of the three or four major browsers is completely broken in respect to the standard for some tag you can adjust for that, but those instances should be rare.
It's an interesting thing. As you said, Google analyzes the data in order to serve relevant ads, and also uses it to provide better services, which they use for more ads. So there is an inherent conflict of interest there. Many people don't use Google services for that reason, and that makes sense.
ALSO like Coca-Cola has their secret formula, and KFC has it's "eleven herbs and spices", every company has their crown jewels. Google is not Microsoft - they don't survive by selling Office 365. Their most valuable asset isn't their source code - they open source much of it. They aren't Apple, selling hardware. The key to their success and survival isn't patents, or market research. The most valuable thing Google has is that data. Their interest, their survival instinct even, is to analyze that data while making sure nobody else gets ahold of it.
Google's self-centered interest is to make sure that only you and them can access that data. Their track record has been much better than Amazon, Microsoft, or other peers. Therefore reasonable people may decide keep their general office documents on a local hard drive, or in Google docs. Both are reasonable options.
Again, for top-secret research and development of the latest fighter jet, different rules apply. We're not talking about top secret information here. I'm talking about things like our onboarding checklist for new developers - install Git and VMware, set up a Linux development VM, etc. The planning sheet for our office party is on Google Docs. I built a system to store credit card numbers and it doesn't use the cloud. Those are stored encrypted on an isolated system with a minimal OS that's only accessible from the local keyboard (after getting past Glock-carrying employees) and from the local secured network using a passphrase-protected ssh key. Even with physical access to the box, one doesn't have access to the CC numbers because they are encrypted. Different levels of security are appropriate for different assets.
> Confidentiality is having everything you do uploaded to the worlds most prolific data collection and advertising agency?
That's something you have to consider. Whether you choose ChromeOS, ChromiumOS, Windows, Ubuntu or something else, and whether you use Google docs or not. You can use Windows and trust Microsoft with all your data of you want to. Personally my "consoles", the machines I touch daily, are just SSH consoles, so Google isn't getting anything from me other than browsing history.
You're right, Google is the world's most prolific data company. Their mission is to organize the world's data, and they are good at it. Their crown jewels, the company's primary asset, is the data, and so far they've done a pretty good job protecting it, so if you're going to use any type of cloud storage and applications Google is certainly a reasonable choice, a choice to consider. If you're working on top secret plans for the next fighter jet (as I may be doing soon), that data shouldn't be in any cloud, or accessible via the internet at all. You shouldn't be using public wi-fi to work on that in the first place.
Most people are going to trust SOMEONE with their data. The world's best data company, Google, is a reasonable option.
First let me establish to what extent I am qualified or not to address this question:
I've been a security professional for 20 years. Most of that time I used Linux exclusively. Recently I've also started using Mac. You'll find my name in the kernel change log.
There are three main areas of security; confidentially, integrity, and availability. Most of the time when people say "security" they mean confidentially first, with some thought to integrity, and they rarely think of availability. For confidentiality and integrity, the top two things an OS can do to help is limit the attack surface (such as not running unnecessary daemons or other software) and provide quick, reliable updates. The only code that can't possibly be hacked is code that isn't there, so the most secure system is the most minimal system. Real-life attacks use known vulnerabilities 99.99% of the time, so quick, automatic updates to resolve known issues are very important.
There is one Linux distribution that stands out for avoiding any unnecessary code (and potential vulnerabilities) and providing quick, reliable updates. That distribution is ChromeOS. It's well ahead of the others. It would be rather difficult indeed to set up a general-purpose distribution such as Ubuntu, which is made to support servers of all kinds, all kinds of workstations, etc, to be as secure as Chrome OS.
The third leg of security is availability. If the features and functions you need aren't available on ChromeOS, it won't work for you. Normally we think of availability as "not subject to denial of service or random crashes", but if the service you need is denied by the creator of the OS, that has the same effect as a denial of service attack.
ChromeOS is therefore well ahead of any general-purpose OS in terms of security - for users who don't need anything ChromeOS doesn't provide. That's a LOT of people. It even suits my needs while traveling because my travel device only needs to SSH to my main machines, and provide a web browser.
> you still have a connection with the EU
Yep, that's one the problems I keep pointing out. People and companies that should be able to keep their domain, EU people, are fucked when it's revoked WITH THE APPEAL PROCESS REMOVED, due to having a UK address listed. Killing the appeal process is either stupid, petty, or both, because the entire point of the appeal process is to protect people who SHOULD NOT have lost their domain because they have every right to keep it.
> > Cancelled, with no appeal just because your main office is in Belgium.
> Belgium is still part of the EU as far as I know, so no, if your main office is in Belgium you are still entitled to a .eu domain and this statement does not apply to you in ANY WAY.
What exactly do you think "without settlement of conflicts process" means in this context? It means the registration dispute resolution process, where an affected person could point out "I moved to Belgium six months ago", or "Brussels Airlines has always been a Belgian company, our UK web host registered the domain". Once you're cancelled for having a UK address listed, it doesn't matter that it's an EU company - they've cancelled the appeal process by which you would address that.
> Read the story. The actual statement from the EC says
Read either the second half of the story, or the actual EU statement, before claiming to know what it says. The EU statement consists of four numbered sections, labeled with bullet points. See "2. REVOCATION OF REGISTERED DOMAIN NAMES": ..
--
2. REVOCATION OF REGISTERED DOMAIN NAMES":
revoke such domain name on its own initiative and without submitting the
dispute to any extrajudicial settlement of conflicts in accordance with point (b) of Article
20, first subparagraph, of Commission Regulation (EC) No 874/2004.
--
Cancelled, with no appeal just because your main office is in Belgium.
To register a .Eu domain, you're supposed to have some connection to the EU. You do not have to prove every 30 days that you're still in the EU to prevent it being cancelled. It makes since to say "UK residents without any connection to the EU can no longer register EU domains". That's no what they are doing.
These domains were properly registered by EU people, who have built communities and businesses under these names. Taking them away, after they were properly and legitimately registered and may have been in active use for several years is petty.
Additionally, they are cancelling all the domains registered to organizations with UK addresses - who may also have offices throughout the UK! Many companies with a UK address are also active in other parts of Europe and may very well qualify for .Eu domains. Heck, the EU itself has offices in England, who have registered at least one domain. I wonder if the EU leadership realises they are cancelling their own domain.
This is a great idea. Have the decisions made by local politicians. If neutrality, fair and unbiased treatment for everyone, is what you want, nobody is more neutral than politicians. A city council has NEVER favored any particular internet-related business before. Those cable monopolies granted by the city councils were for your own good.
Don't worry, if Facebook's contributions to your mayor DO effect his judgement, the federal regulators will step in. You can trust the FCC to make sure everything is fair and neutral.
I say we even take it a step further. Government can own not just the means of transmitting media, but the media. Production as well. We can make sure news reporting is fair and neutral by having the government run the news stations.
Same here. My boss wouldn't call without a darn good reason. In addition, if the shit hits the fan I'd MUCH rather fix it than have someone else TRY to fix it and leave me with a much bigger mess to clean up in the morning.
I've told my boss PLEASE call (or message) me because it's much easier for me to spend 10 minutes properly diagnosing a problem and fixing it, rather than try to figure out wtf all a co-worker did while randomly trying this and that at random hoping to make the problem go away.
===
Heck, even my FORMER my boss, as I was leaving that job, I told them several times - you'll probably run into one or two situations where you have this choice:
A) you spend five hours trying to figure out what Ray did
B) I spend five minutes answering their email, answering their question
I'd much rather me spend 5 minutes answering their question than they spend 5 hours trying to figure it out without asking me.
Of course the old employer left me on as a "hourly employee" at a high rate of $xxx/hour, just in case they needed a couple hours of my time. At well over $100/hour, I'm happy to leave open the possibility of doing a little work for them. Even giving them a few minutes of my time for free.
As it turned out, I think they had one five-minute question for me, and once I asked them to send me a copy of a bit of code I'd written for them because it was a good example of a concept I wanted to demonstrate.
Nothing "what about" to it. In explaining negligent vs intentionally vs knowingly, it makes sense to use the most well-known recent example of what "negligent" means.
It doesn't matter if Apple did it on purpose, that would be "intentionally". "Knowingly" and "negligently" are less than "intentionally". That's just basic law 101. Literally that's something you learn about in your first semester of law school. If you don't like that fact, sorry I can't help you.
I believe Google should win this. I also think your argument has a major weakness.
> And besides, how can Oracle copyright an API that has dozens of things that came before? round() has been around in basically every floating point language ever.
All of the words in John Lennon's song "Imagine" were around before he wrote the song. How could Lennon copyright a song that has dozens of things that came before? Lennon (and Oracle) selected "particular* words and arranged them in a particular way, a skillful way. Lennon can't copyright each word in the lyrics to Imagine, but he can certainly copyright the lyrics as a whole.
There are two reasons I think Oracle should lose:
Copyright, by statute, protects a unique EXPRESSION of an idea and explicitly does not protect the idea itself. For software, I interpret that as meaning the implementation is protected. One cannot copy/paste the source code of Unix without permission, one CAN make a new OS which behaves similarly to Unix.
In practical effect, Oracle's argument is that nobody is allowed to make a JRE that is *compatible with* Oracle's JRE. In order to make a new thing compatible with an old thing, it must use the same interface as the old. It would be bad public policy to rule that it's unlawful to make things compatible by using the interface.
> If they have been used correctly, such as the way ssl does PFS, wherein the keys used at the time are only ever used once then forgotten, it becomes impossible to glean any record of past transactions
SSL PFS has in fact been broken. Over 80% of web servers used group 1, most SSL VPNs used group 2, and all of the others used group 3 or 5. We know for sure group 1 was publicly factored, allowing the (backward) decryption of most web SSL. There is evidence that NSA factored group 2, allowing them to decrypt most SSL VPN sessions.
Your very example of what can't be broken was broken, three years ago.