That's not efficient with respect to the marginal utility of an extra hour of light. Imagine that following set of preferences from winter to summer solstices. At the marked point, we would "naturally" (if we left things as they were year round) get another hour of daylight in the morning -- since light gets longer symmetrically from noon.
There is a perfectly rational reason for it -- the additional light we get from longer days in the summer is not distributed according to our preference. The marginal utility of adding an hour of light between 6-7PM is much greater than adding it from 5-6AM. Unfortunately for us, as the days get longer, they get longer equally in both directions from noon (the zenith).
Picture this, it's the winter solstice and the daylight is 8-4. Now someone says "where is the best place to add an hour of light, at the end or the beginning?" -- at first it's equal -- the first 2 hours bring us to 7-5. But after that, the utility of adding 6-7AM is much less than adding 5-6PM, since people aren't going to wake up an hour earlier to take any advance of the former. Similarly for 6-7PM and so forth.
Our preferences are not symmetric, the natural extension of light is. DST fixes that.
By the same token, if you securely encrypt your credentials and refuse to give them the key despite any threats they may bring, they can't meaningfully seize those assets. Of course that "sharing" may come involuntarily via surveillance software surreptitiously installed on your computer.
If it's a legal case (and not some black-ops) and they have a legitimate order, they can compel you to transfer the money or throw you in jail for contempt (note, I didn't say you have to give them the key, only transfer the money). This sort of thing happens all the time in nasty divorce cases where one spouse tries to lock the money up where the court and the other spouse cannot find it. A few persist and spend a long time in jail.
That is, most people have a really way-too-technical notion of what "seizure" usually entails. In most cases that don't involve the SWAT, it just means ordering someone to do something. In the case of divorcees that don't want to abide the decision of the Family Court, this seems like the expedient way to do it.
The tension between KISS and DRY has always been there. Both are fundamental principles and yet at some level they are incompatible, since writing reusable code necessarily involves increasing its complexity. And the less you want to RY, the more complexity you have to build in.
The C++ STL is a shining example of this. Everyday developers shouldn't be writing their own lists and array and hashmaps. They definitely shouldn't write their own string utilities. And they shouldn't have to change those implementations whether they are working on regular strings or wide strings or with a HPC memory allocator. To deal with the genericity, STL is horrendously complex and Thor help me if I have to sit down with an error-page that's 5 pages long and 5 levels of template deep.
At the end of the day, you've just got to deal with that tension and decide what level of repetition (and the incumbent bugs and maintenance costs) you are willing to put up with to increase simplicity. If all you need is a simple array, don't use a library. If you are manipulating XML by using apos, on the other hand...
The fact that the rebels resorted to bombing theaters instead of trying to take and hold territory is itself evidence that they were pretty utterly defeated. But that evidence isn't even necessary, since all the Chechen leaders are dead or have laid down their weapons and the army has long since withdrawn. There's probably more separatists in Montana than Chechnya these days.
Face it, Russia won. They lost a few thousand troops and a couple hundred civilians and won the province back by brute force. Sometimes crime pays.
Game scenarios should not reward players for actions that in real life would be considered war crimes.
So if you are playing as Russia, you should turn the capital into the most destroyed city on earth and kill tens of thousands of civilians and a few ICRC members too. And the accurate-to-real-life consequences of that is that the Chechens laid down their arms and we haven't heard peep from them about independence for a while. Oh, and the political status of the leaders in charge was buoyed by the success, which was seen as redeeming Russia after the loss of status during the dissolution of the USSR.
And before anyone someone jumps on the idea that criticizing Russian conduct in the war is an endorsement of the rebels, they were also guilty of many crimes. This isn't about taking sides, it's about how in real life there are plenty of instances where committing war crimes leads to very positive tactical and strategic advances. I could say it would be nice for cosmic justice to ensure that the guilty never profit from their crimes, but so far that ain't how it is.
The Westgate attackers were, afaik, all captured or killed. Had they struck, killed a bunch of people, and then faded away into the shadows, then I think there would be a lot more fear shown by the Kenyan people.
The attackers themselves were pawns. The guys at Al-Shabab that rented the storefront, got the weapons and organized the attack and the twitter-coverage are still very much alive and probably still capable (perhaps not immediately) of striking again in the future.
Don't confuse the mastermind with the poor shmuck that he sends off to kill and die.
They are doing the least risky thing they can come up with. Right the ship, partially re-float it and haul it off to be scrapped some place else where it will be easier, safer and/or less likely to be a problem for the environment.
I agree with your post except that for this last sentence, and I think we should be honest: the goal is to scrap it in a place where no one cares about the environment or the health of the workers. That's why Alang gets so much business -- no one cares where the waste goes or if there are injuries. In the first world, that sort of work would cost many times as much.
The "Burn Notice" feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient's device.
No, it can't. The recipient could be using a tampered application that ignores the timeout directive. Or it could modify the JVM to lie to the executable about the time or refuse to fire timers. Or modify the JVM to write all the memory transactions to disk (or host) even after the application frees (or GCs) it. Or modify the screen rendering APIs to capture the rendering. Or attach with JDB over ADB and halt the executable while the plaintext is in memory and slurp it out. And, of course, there are apps in the store that will just take a video of the screen.
FWIW, I support the app and I believe the encryption-in-transit is a very worthwhile feature. But the "Burn Notice" is, from a security point of view, useless. If you trust the recipient with the plaintext, you trust the recipient with the plaintext, end of story. Anything else is DRM-esque attempts to put restrictions on a device that you do not own.
Vermont Yankee is the oldest running plant. It should be decommissioned in favor of newer designs.
Part of the dysfunction of the current nuclear regulatory regime is that it's so expensive and difficult to open a new plant, that we end up with an older set that has a worse operating-cost and safety record than could be achieved with new technology. It's a bit like setting new-car safety and economy requirement so high that people continue to repair and drive their decades-old models -- sure it looks good on paper, but the reality is a net decrease in safety and economy.
So yeah, Vermont Yankee, please shut it down. And let's build something from the last few decades to replace it (and maybe some of the other 60s-era designs) which will undoubtedly be a huge safety increase.
So why now? Why not in Rwanda in the 90s? Why not in Burma in the 80s? Hell, why not when Assad Sr bombed the shit out Hama in 1982, killing 20 thousand of his own people?
The perfect is not the enemy of the good. In the perfect case, we would intervene in all the cases which intervention was warranted (in Rwanda*) and skip the ones that would be failures (Iraq v2). In the real case, we have to decide in each instance whether our invention is likely to do more harm than good, independently of our other fuckup actions or fuckup in-actions.
The alternative is to throw our hands up and say that because we are fallible humans, we can never try to do the right thing because we might (and definitely do sometimes) fuck it up and make it worse than if we did nothing at all. There are a lot of muslims alive in Kosovo that might regret that position.
* Rwanda present another real-world complication: it's far from our bases in the ocean and so harder to hit. Meanwhile we could strike Libya and former-Yugoslavia from land bases in Europe and floating bases in the Med.
NSA what? I'm sorry I can't hear you over all this FREEDOM.
You know, one doesn't have to be pro-NSA to imagine that the contemporaneous events really don't have anything to do with each other. The Syrian civil war started before Snowden. The NSA didn't order Assad's goons to use chemical weapons.
ETags on the other hand store an arbitrary attacker-provided string, which is an outright security vulnerability.
I hate to break it to you, but the entire browser is nothing but a device for storing (and then parsing!) arbitrary attacker-provided strings. It's even got a perverse sort of link-chaining mechanism where, after receiving one such string, it will go out and fetch (and parse!) another one at the attacker's choice of address.
This is not a security vulnerability, it's the design of the system in which there was never a requirement to ensure that a client could visit a server multiple times without the server knowing (or inferring) that it was the same client. It's meaningless to say that a protocol is vulnerable because it doesn't meet a property that it was never designed for (any more than RSA is broken because it doesn't offer repudiation).
Now a client can always elect to send random e-tags, slowing himself down (most dynamic content is not time-cached) and adding to the bandwidth load on the server. I'm sure someone will cook up an extension that does this, and we'll be back to where we were before this non-story.
3taps [...] believes that by making public information publicly available on the Internet, without a password, firewall, or other similar restriction, craigslist has authorized, and continues to authorize, everyone to access that information.
This sounds plausible until you realize the subtle trick they are pulling in conflating the information itself with the instance of the information stored on CL servers. 3T does, in fact, have every right to access and publish that information. What they do not have is the right to use any particular server to access that information against the express desire of the owner of that server.
It's a bit like confusing the contents of a book with a particular copy of it. Anyone can read Shakespeare, but if the library forbids you from entering, you can't read the particular copy that is on their shelf -- even if they generally let everyone in without checking ID. Craigslist has not forbidden 3T from accessing the information, they have forbade them from accessing CL's servers.
If I put up a web site that forbid anyone working for or on behalf of any TLA or law enforcement agency from accessing any publically accessible content on my site could I use CFAA against the government when they ignore my wishes and suck the whole thing into a NSA database?
Now, if you gave notice to the individual agencies that they weren't welcome and instituted a technological control measure to block them from accessing it and they circumvented that block, then it would fall within the four corners of the opinion.
[ And anyway, there's probably a provision in the CFAA exempting law enforcement, but even if there weren't, your hypo doesn't even being to cover the fact pattern necessary here. ]
The way the opinion is structured, neither the IP ban nor the C&D letter does enough work by itself. The former does not by itself provide the target with sufficient notice that their conduct is no longer authorized, while the latter doesn't provide the sort of technological barrier (albeit weak) that is circumvented.
The two work together in concert, each providing an element of the crime that the other lacks.
No, the judge explicitly cites the C&D as part of the evidence that 3Tap was on notice that they no longer had authorization to access the site. From the the opinion
The notice issue becomes limited to how clearly the website owner communicates the banning. Here, Craigslist affirmatively communicated its decision to revoke 3Tapsâ(TM) access through its cease-and-desist letter and IP blocking efforts. 3Taps never suggests that those measures did not put 3Taps on notice that Craigslist had banned 3Taps; indeed, 3Taps had to circumvent Craigslistâ(TM)s IP blocking measures to continue scraping, so it indisputably knew that Craigslist did not want it accessing the website at all.
The reason for this disconnect is that macroeconomics also factors in a strong premium for reliability and availability (and de-risking). A trucking company needs to guarantee its customers that it can consistently deliver the goods within a fixed window and hence requires its fuel supply to be likewise guaranteed. The same applies in IT -- business critical service require that the storage backend works 100% to deliver their promises, so even though a home-built storage server can do the same job as $10k (+$500/TB) professional storage solution, but there are many more unknown risks, support risk and a huge premium paid to deliver a reliable solution.
If a farmer wants to grow a bit of extra bio-fuel or pump a dying well, he is cushioned by the fact that if it doesn't work, he can still go to town and get what he needs. But the macro view here is that this is much less valuable than a reliable mass-scale system that can make stronger (but not perfect) availability guarantees.
Also, as a side-note, I'd wonder what the effective wage that a farmer that runs his own wells is paying himself for his own labor in setting it up and tending to it. This might end up being like owning a restaurant where it's only nominally profitable because the owners put in a huge amount of their own time and pay themselves only minimum wage. If they had to hire someone with the appropriate expertise to manage the restaurant, they would not be able to pay the prevailing wage and still make a profit. At some level, I suppose, there is a marginal non-fungibility of labor on your own farm/restaurant as there is on the open market, much in the way that engineers invest thousands of dollars in their own time on pet projects when a market solution would be nominally more efficient.
... will be that the user can tamper with the SSL root certificates (or just add her own) and trick Chrome into giving up the password to a locally-hosted web server presenting an apparently-valid cert for the target domain.
In order to remedy this, Chrome must adopt the policy of asking the server to pinky-swear that they are really the named entity.
As Adi Shamir (the S in RSA) has been trying to point out, cryptography is a method for transferring data between two trusted hosts. So the F-16 zooming above Washington can get some radar data from the airbase in Virginia and no one listening in can decrypt it. At the point where some luser picks up a USB drive off the parking lot floor and plugs it into a computer inside the airbase, all the encryption in the world matters not one whit.
It's a massive change to the model we use to conceptualize the threat -- instead of Alice and Bob trying to communicate with each other and keep Charles from decrypting, we have Alice and Bob trying (a) to protect their machines from Charles compromising it and (b) trying to limit the data done if he does compromise it. This isn't your father's security any more.
What is also means is that we are going to need a lot fewer secrets that are really worth keeping or else spend much more time partitioning our virtual worlds. As BEAST/CRIME show, if you treat your Facebook login cookie as a secret, then you need to access it from a partitioned browser where a malicious page cannot make requests using it.
There are some things simply beyond the pale in any decent society. Entertaining people through showing a grisly, cruel murder can do nothing but harm the family, friends, and love ones of the victim. It has absolutely no political, educational, moral effect, nor any deterrent to any crime. It has no value whatsoever to shock and delight those deranged enough to view a heinous act.
Indeed, and we should all comment to that effect such that our opprobrium is known.
On the other hand, to allow a political system to make a binding decision about what speech is devoid of political value is to endorse to an effectively circular set of reasoning. Freedom of speech is a meta-political value -- its one that informs the means of making political decisions. To put the power to classify speech as politically worthy is to devolve meta-politics into an extension of politics itself.
And since this is/., here is you obligatory strained tech analogy: allowing a government to suppress speech based on their judgment of its worth is like allowing the currently-running program on a computer to control the scheduler as well -- it's a layering violation. We have a set of meta-program rules (an OS) to mediate between programs (which come and go) just as we have a set of meta-political institutions (procedurally) that mediate between individual governments (which come and go).
Those two statements are contradictory. If we start deciding on the impact of potential technology before they exist in a real case, we will be deciding now something that cannot be undone later -- and furthermore without the full benefit of the empirical evidence in the meantime.
What the court did was not decide on anything that was not present in the current record -- and so there's nothing that we can't undo later if the facts change. What they decided is only applicable to the factual situation that is currently at hand -- it prejudges nothing about future (different) factual situations that might be different, which, at any rate, is a matter for a later day. So there's nothing to "undo" later if a court says that full-genome sequencing is an unreasonable search because that decision is perfectly consistent with a decision that says a CODIS profile is a reasonable search.
IOW, the fact-specificity of the decision-making process (and the refusal to speculate about hypothetical situations that did not materialize yet) is exactly the sort of long-sighted process that decides only what is needed today and does not create facts that might be hard to undo later.
They aren't sequencing the entire genome... yet. That only requires advancement in technology. Given enough advancement in technology, a DNA sequencer might be in every Patrol Vehicle in a few years, or at least, every police substation/precinct. Given enough sequencing capability, and many, if not most genomes having been sequenced, it does present a situation like GATTACA.
And if they do, you can bring a case against it that will be totally novel. We don't know how a future court will resolve that case but this could in this case only approved the seizure of DNA to be used for CODIS matching.
Slashdot Mirror
That's not efficient with respect to the marginal utility of an extra hour of light. Imagine that following set of preferences from winter to summer solstices. At the marked point, we would "naturally" (if we left things as they were year round) get another hour of daylight in the morning -- since light gets longer symmetrically from noon.
8H: 8AM-4PM
9H: 8AM-5PM
10H: 7AM-5PM
11H: 7AM-6PM
12H: 7AM-7PM =====
13H: 7AM-8PM
14H: 7AM-9PM
The underlying issue of our asymmetric preferences cannot be wished away without adjusting where the solar zenith falls with respect to noon.
There is a perfectly rational reason for it -- the additional light we get from longer days in the summer is not distributed according to our preference. The marginal utility of adding an hour of light between 6-7PM is much greater than adding it from 5-6AM. Unfortunately for us, as the days get longer, they get longer equally in both directions from noon (the zenith).
Picture this, it's the winter solstice and the daylight is 8-4. Now someone says "where is the best place to add an hour of light, at the end or the beginning?" -- at first it's equal -- the first 2 hours bring us to 7-5. But after that, the utility of adding 6-7AM is much less than adding 5-6PM, since people aren't going to wake up an hour earlier to take any advance of the former. Similarly for 6-7PM and so forth.
Our preferences are not symmetric, the natural extension of light is. DST fixes that.
If it's a legal case (and not some black-ops) and they have a legitimate order, they can compel you to transfer the money or throw you in jail for contempt (note, I didn't say you have to give them the key, only transfer the money). This sort of thing happens all the time in nasty divorce cases where one spouse tries to lock the money up where the court and the other spouse cannot find it. A few persist and spend a long time in jail.
That is, most people have a really way-too-technical notion of what "seizure" usually entails. In most cases that don't involve the SWAT, it just means ordering someone to do something. In the case of divorcees that don't want to abide the decision of the Family Court, this seems like the expedient way to do it.
The tension between KISS and DRY has always been there. Both are fundamental principles and yet at some level they are incompatible, since writing reusable code necessarily involves increasing its complexity. And the less you want to RY, the more complexity you have to build in.
The C++ STL is a shining example of this. Everyday developers shouldn't be writing their own lists and array and hashmaps. They definitely shouldn't write their own string utilities. And they shouldn't have to change those implementations whether they are working on regular strings or wide strings or with a HPC memory allocator. To deal with the genericity, STL is horrendously complex and Thor help me if I have to sit down with an error-page that's 5 pages long and 5 levels of template deep.
At the end of the day, you've just got to deal with that tension and decide what level of repetition (and the incumbent bugs and maintenance costs) you are willing to put up with to increase simplicity. If all you need is a simple array, don't use a library. If you are manipulating XML by using apos, on the other hand ...
Borderline NSFW
The fact that the rebels resorted to bombing theaters instead of trying to take and hold territory is itself evidence that they were pretty utterly defeated. But that evidence isn't even necessary, since all the Chechen leaders are dead or have laid down their weapons and the army has long since withdrawn. There's probably more separatists in Montana than Chechnya these days.
Face it, Russia won. They lost a few thousand troops and a couple hundred civilians and won the province back by brute force. Sometimes crime pays.
So if you are playing as Russia, you should turn the capital into the most destroyed city on earth and kill tens of thousands of civilians and a few ICRC members too. And the accurate-to-real-life consequences of that is that the Chechens laid down their arms and we haven't heard peep from them about independence for a while. Oh, and the political status of the leaders in charge was buoyed by the success, which was seen as redeeming Russia after the loss of status during the dissolution of the USSR.
And before anyone someone jumps on the idea that criticizing Russian conduct in the war is an endorsement of the rebels, they were also guilty of many crimes. This isn't about taking sides, it's about how in real life there are plenty of instances where committing war crimes leads to very positive tactical and strategic advances. I could say it would be nice for cosmic justice to ensure that the guilty never profit from their crimes, but so far that ain't how it is.
The attackers themselves were pawns. The guys at Al-Shabab that rented the storefront, got the weapons and organized the attack and the twitter-coverage are still very much alive and probably still capable (perhaps not immediately) of striking again in the future.
Don't confuse the mastermind with the poor shmuck that he sends off to kill and die.
I agree with your post except that for this last sentence, and I think we should be honest: the goal is to scrap it in a place where no one cares about the environment or the health of the workers. That's why Alang gets so much business -- no one cares where the waste goes or if there are injuries. In the first world, that sort of work would cost many times as much.
No, it can't. The recipient could be using a tampered application that ignores the timeout directive. Or it could modify the JVM to lie to the executable about the time or refuse to fire timers. Or modify the JVM to write all the memory transactions to disk (or host) even after the application frees (or GCs) it. Or modify the screen rendering APIs to capture the rendering. Or attach with JDB over ADB and halt the executable while the plaintext is in memory and slurp it out. And, of course, there are apps in the store that will just take a video of the screen.
FWIW, I support the app and I believe the encryption-in-transit is a very worthwhile feature. But the "Burn Notice" is, from a security point of view, useless. If you trust the recipient with the plaintext, you trust the recipient with the plaintext, end of story. Anything else is DRM-esque attempts to put restrictions on a device that you do not own.
Vermont Yankee is the oldest running plant. It should be decommissioned in favor of newer designs.
Part of the dysfunction of the current nuclear regulatory regime is that it's so expensive and difficult to open a new plant, that we end up with an older set that has a worse operating-cost and safety record than could be achieved with new technology. It's a bit like setting new-car safety and economy requirement so high that people continue to repair and drive their decades-old models -- sure it looks good on paper, but the reality is a net decrease in safety and economy.
So yeah, Vermont Yankee, please shut it down. And let's build something from the last few decades to replace it (and maybe some of the other 60s-era designs) which will undoubtedly be a huge safety increase.
The perfect is not the enemy of the good. In the perfect case, we would intervene in all the cases which intervention was warranted (in Rwanda*) and skip the ones that would be failures (Iraq v2). In the real case, we have to decide in each instance whether our invention is likely to do more harm than good, independently of our other fuckup actions or fuckup in-actions.
The alternative is to throw our hands up and say that because we are fallible humans, we can never try to do the right thing because we might (and definitely do sometimes) fuck it up and make it worse than if we did nothing at all. There are a lot of muslims alive in Kosovo that might regret that position.
* Rwanda present another real-world complication: it's far from our bases in the ocean and so harder to hit. Meanwhile we could strike Libya and former-Yugoslavia from land bases in Europe and floating bases in the Med.
You know, one doesn't have to be pro-NSA to imagine that the contemporaneous events really don't have anything to do with each other. The Syrian civil war started before Snowden. The NSA didn't order Assad's goons to use chemical weapons.
I hate to break it to you, but the entire browser is nothing but a device for storing (and then parsing!) arbitrary attacker-provided strings. It's even got a perverse sort of link-chaining mechanism where, after receiving one such string, it will go out and fetch (and parse!) another one at the attacker's choice of address.
This is not a security vulnerability, it's the design of the system in which there was never a requirement to ensure that a client could visit a server multiple times without the server knowing (or inferring) that it was the same client. It's meaningless to say that a protocol is vulnerable because it doesn't meet a property that it was never designed for (any more than RSA is broken because it doesn't offer repudiation).
Now a client can always elect to send random e-tags, slowing himself down (most dynamic content is not time-cached) and adding to the bandwidth load on the server. I'm sure someone will cook up an extension that does this, and we'll be back to where we were before this non-story.
This sounds plausible until you realize the subtle trick they are pulling in conflating the information itself with the instance of the information stored on CL servers. 3T does, in fact, have every right to access and publish that information. What they do not have is the right to use any particular server to access that information against the express desire of the owner of that server.
It's a bit like confusing the contents of a book with a particular copy of it. Anyone can read Shakespeare, but if the library forbids you from entering, you can't read the particular copy that is on their shelf -- even if they generally let everyone in without checking ID. Craigslist has not forbidden 3T from accessing the information, they have forbade them from accessing CL's servers.
No. Read the opinion.
Now, if you gave notice to the individual agencies that they weren't welcome and instituted a technological control measure to block them from accessing it and they circumvented that block, then it would fall within the four corners of the opinion.
[ And anyway, there's probably a provision in the CFAA exempting law enforcement, but even if there weren't, your hypo doesn't even being to cover the fact pattern necessary here. ]
The way the opinion is structured, neither the IP ban nor the C&D letter does enough work by itself. The former does not by itself provide the target with sufficient notice that their conduct is no longer authorized, while the latter doesn't provide the sort of technological barrier (albeit weak) that is circumvented.
The two work together in concert, each providing an element of the crime that the other lacks.
No, the judge explicitly cites the C&D as part of the evidence that 3Tap was on notice that they no longer had authorization to access the site. From the the opinion
The notice issue becomes limited to how clearly the website owner communicates the banning. Here, Craigslist affirmatively communicated its decision to revoke 3Tapsâ(TM) access through its cease-and-desist letter and IP blocking efforts. 3Taps never suggests that those measures did not put 3Taps on notice that Craigslist had banned 3Taps; indeed, 3Taps had to circumvent Craigslistâ(TM)s IP blocking measures to continue scraping, so it indisputably knew that Craigslist did not want it accessing the website at all.
The kind that can review apps like Facebook, Twitter or Blah-With-Friends that are not meaningful except in conjunction with a web service.
The reason for this disconnect is that macroeconomics also factors in a strong premium for reliability and availability (and de-risking). A trucking company needs to guarantee its customers that it can consistently deliver the goods within a fixed window and hence requires its fuel supply to be likewise guaranteed. The same applies in IT -- business critical service require that the storage backend works 100% to deliver their promises, so even though a home-built storage server can do the same job as $10k (+$500/TB) professional storage solution, but there are many more unknown risks, support risk and a huge premium paid to deliver a reliable solution.
If a farmer wants to grow a bit of extra bio-fuel or pump a dying well, he is cushioned by the fact that if it doesn't work, he can still go to town and get what he needs. But the macro view here is that this is much less valuable than a reliable mass-scale system that can make stronger (but not perfect) availability guarantees.
Also, as a side-note, I'd wonder what the effective wage that a farmer that runs his own wells is paying himself for his own labor in setting it up and tending to it. This might end up being like owning a restaurant where it's only nominally profitable because the owners put in a huge amount of their own time and pay themselves only minimum wage. If they had to hire someone with the appropriate expertise to manage the restaurant, they would not be able to pay the prevailing wage and still make a profit. At some level, I suppose, there is a marginal non-fungibility of labor on your own farm/restaurant as there is on the open market, much in the way that engineers invest thousands of dollars in their own time on pet projects when a market solution would be nominally more efficient.
... will be that the user can tamper with the SSL root certificates (or just add her own) and trick Chrome into giving up the password to a locally-hosted web server presenting an apparently-valid cert for the target domain.
In order to remedy this, Chrome must adopt the policy of asking the server to pinky-swear that they are really the named entity.
As Adi Shamir (the S in RSA) has been trying to point out, cryptography is a method for transferring data between two trusted hosts. So the F-16 zooming above Washington can get some radar data from the airbase in Virginia and no one listening in can decrypt it. At the point where some luser picks up a USB drive off the parking lot floor and plugs it into a computer inside the airbase, all the encryption in the world matters not one whit.
It's a massive change to the model we use to conceptualize the threat -- instead of Alice and Bob trying to communicate with each other and keep Charles from decrypting, we have Alice and Bob trying (a) to protect their machines from Charles compromising it and (b) trying to limit the data done if he does compromise it. This isn't your father's security any more.
What is also means is that we are going to need a lot fewer secrets that are really worth keeping or else spend much more time partitioning our virtual worlds. As BEAST/CRIME show, if you treat your Facebook login cookie as a secret, then you need to access it from a partitioned browser where a malicious page cannot make requests using it.
Indeed, and we should all comment to that effect such that our opprobrium is known.
On the other hand, to allow a political system to make a binding decision about what speech is devoid of political value is to endorse to an effectively circular set of reasoning. Freedom of speech is a meta-political value -- its one that informs the means of making political decisions. To put the power to classify speech as politically worthy is to devolve meta-politics into an extension of politics itself.
And since this is /., here is you obligatory strained tech analogy: allowing a government to suppress speech based on their judgment of its worth is like allowing the currently-running program on a computer to control the scheduler as well -- it's a layering violation. We have a set of meta-program rules (an OS) to mediate between programs (which come and go) just as we have a set of meta-political institutions (procedurally) that mediate between individual governments (which come and go).
Those two statements are contradictory. If we start deciding on the impact of potential technology before they exist in a real case, we will be deciding now something that cannot be undone later -- and furthermore without the full benefit of the empirical evidence in the meantime.
What the court did was not decide on anything that was not present in the current record -- and so there's nothing that we can't undo later if the facts change. What they decided is only applicable to the factual situation that is currently at hand -- it prejudges nothing about future (different) factual situations that might be different, which, at any rate, is a matter for a later day. So there's nothing to "undo" later if a court says that full-genome sequencing is an unreasonable search because that decision is perfectly consistent with a decision that says a CODIS profile is a reasonable search.
IOW, the fact-specificity of the decision-making process (and the refusal to speculate about hypothetical situations that did not materialize yet) is exactly the sort of long-sighted process that decides only what is needed today and does not create facts that might be hard to undo later.
And if they do, you can bring a case against it that will be totally novel. We don't know how a future court will resolve that case but this could in this case only approved the seizure of DNA to be used for CODIS matching.