"According to www.lightbulbrecycling.com, each year an estimated 600 million fluorescent lamps are disposed of in U.S. landfills, amounting to 30,000 pounds of mercury waste. Astonishingly, that's almost half the amount of mercury emitted into the atmosphere by coal-fired power plants each year. It only takes 4mg of mercury to contaminate up to 7,000 gallons of freshwater, meaning that the 30,000 pounds of mercury thrown away in compact fluorescent light bulbs each year is enough to pollute nearly every lake, pond, river and stream in North America (not to mention the oceans)."
1mg of mercury vaporized into the air is not the equivalent of 1mg mercury dumped in a landfill. Distribution counts just as much as quantity when it comes to bioavailability.
Heck, it doesn't take much lead or uranium (or any other heavy metal) to poison a body of water, but so long as you have it in metal form and contained behind layers of isolation, it's not a problem. That's kind of the point of landfills -- to hold garbage away from becoming mixed in with everything else. If you believe that the landfills in your State aren't accomplishing that, you should lobby for stricter standards on them because there's a whole host of nasty shit in there that's just as bad as the mercury in the CFLs. Heck, I'll probably support you in such a quest. Just don't equivocate between throwing something into a hole in the ground and vaporizing it into the air -- they aren't at all similar.
I have a 4G/LTE capable Android phone (Samsung Conquer on Sprint). 4G is fast, where it's available, but I leave it off except when I really need more speed than 3G can provide and I don't have Wi-Fi available, because it kills battery life.
That's not 4G/LTE, it's 4G/WiMAX -- totally different technologies.
Punching someone in the nose, obviously, is taking open source work and making it proprietary.
Unless that person knowingly and voluntarily consented (redundantly I suppose) to having his open source work incorporated into a proprietary project. In which case, it's not so much a punch in the nose as it is doing exactly what it is that they permitted you to do.
Failure to grok this important distinction seems to me to be a really critical mistake -- sort of like confusing surgery with stabbing or consensual sex with rape.
THE WEBSITE IS MINE AND MODIFYING ITS CONTENT WITHOUT MY EXPRESS PERMISSION AND KNOWLEDGE IS A VIOLATION OF MY COPYRIGHT. ALSO I AM DUCK.
The website is yours but the configuration of the hotspot is not. For instance, I have every right to take my router and add a rule to iptables that drops all requests to odd-numbered IP addresses. If you happen to have a webpage that runs with some images at an even numbered IP and some at an odd IP, that doesn't mean you have any right to order me to change my setup just to make your webpage display right.
Otherwise, you are basically announcing a rule stating the content providers have the right to determine the system configuration and behavior of all intermediate machines between themselves and their destinations. That's obviously wrong and, as I tried to explain, was never part of the contract for the internet -- it's not a medium that guarantees any authenticity whatsoever.
But, really thought please pretty pretty please sue someone based on this theory. It's probably the only way you'll ever appreciate how wrong you are.
Dodgy ground? They own the hotspot, they can provide whatever they want. They can replace all the images with cats if they really feel the internet would be better if all images were cat pics. The hotspot does not belong to you, you have no right to dictate its configuration. Not yours.
If you want to communicate with a site securely, you sign the content cryptographically. Otherwise, the internet provides absolutely no guarantee that the message has not been tampered with. It's not part of the spec, never has been, never will be.
If you have to choose between clearly dangerous infection vector and updating ancient and fragile legacy java applets, I'd say Mozilla is the least of your problems.
Unless I have (an) admin machine(s) configured to access only intranet resources for the purpose of managing my legacy java applets. In that case, it would probably be nice to have an switch somewhere in about:config (maybe with a warning) to disable the blacklist. That's the problem with thinking about security without clearly identifying the context in which the policy is being deployed. For a home user Mozilla should absolutely default to not allowing outdated JREs*, for those within other environments, the calculus might be different.
* By the way, can't they just hire the Google dudes that designed Chrome's "I'm always updated but I never bother you" updater? Can't everyone just do that already? It's been shown to be feasible, workable and damned convenient.
** Of course, * comes with a switch to disable auto-updates for enterprise/OCD consumers that want to manage it themselves. I'm talking about default settings, not forcing everyone onto the silent-update train against their will.
I agree, he shouldn't be facing the court of public opinion. He should be facing the court of law. It certainly doesn't look like that is happening.
It looks increasingly likely that he will face a jury. And when he does, the jury will likely be informed of Fla. Stats. 776.041, which states:
776.041âfUse of force by aggressor.â"The justification [of self defense] described in the preceding sections of this chapter is not available to a person who: (1)âfIs attempting to commit, committing, or escaping after the commission of, a forcible felony; or (2)âfInitially provokes the use of force against himself or herself, unless: (a)âfSuch force is so great that the person reasonably believes that he or she is in imminent danger of death or great bodily harm and that he or she has exhausted every reasonable means to escape such danger other than the use of force which is likely to cause death or great bodily harm to the assailant; or (b)âfIn good faith, the person withdraws from physical contact with the assailant and indicates clearly to the assailant that he or she desires to withdraw and terminate the use of force, but the assailant continues or resumes the use of force.
To be brutally honest, I think both his attackers and his defenders sound very silly to me in making bold statements before the facts are in. The prudent thing to do is to simply say that we are not going to condemn him or exonerate him until the process plays out and renders a verdict.
[ Note, I'm not saying that everyone must accept the results of the process -- just because it's the legal result doesn't mean we have to personally believe it. But there is a difference between disagreeing with the result after it happens and jumping to your own conclusion before it has been conducted. The former seems to me reasonable, the latter not so much. ]
And what about all the nerds that actually did it? It's not like he sat around writing code himself. What about their (existent?) scruples? Did they know who paid them or wonder why? Did they just ignore those questions so long as they could?
You want to read this as a morality play about how a bad man did something wrong. I want to read it as being about how some pretty smart coders ran pretty sophisticated hacking ring and either be oblivious or indifferent to the fact that they were acting as modern-day thugs smashing up a rival's store.
It's the old "bad apples" routine -- or as Solzhenitsyn put it more eloquently: "If only there were evil people somewhere insidiously committing evil deeds, and it were necessary only to separate them from the rest of us and destroy them. But the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?â
You're assuming that it's encryption that's the problem. In my case, it's a problem with the size of data vs. how much bandwidth I can use. I get an allocation of 20GB a month, and even that's very expensive. Backing up my 5+ TB to the cloud is simply not an option.
CrashPlan will let you Fedex them a hard drive to get the backup started. From then on, you only need to send deltas.
Your phone provider could just email the file to you, you copy the file to the card and turn on the phone.
Impossible under 3GPP standards. The SIM shall contain certain encryption keys (K_i, K_c) and shall not divulge them directly but only perform the GSM authentication algorithm against a given input data (i.e. you tell the SIM to sign request R, it returns GSM(K_c, R) but you never get to ask for K_c directly). If the keys were stored on a plain storage device like a microSD card, then any rogue application with access to storage could copy them and send them across the network allowing the adversary to create a GSM cloner/interceptor.
Well put. Furthermore, Harold Shipman is my choice of Serial Killer of the Year, as he only ended the lives of the elderly and infirm, and in a humane fashion.
And he is abominable as compared to the billions of people that don't murder anyone at all.
Maybe they use less data because iPhone apps aren't constantly uploading their gps coordinates and downloading ads. If you look at mobile web traffic, iOS beats android. Even when you factor out the iPad.
Which in turn goes to GP's comment that iPhone customers pay more -- in this case, they pay more for apps. Any user that switches (in either direction) can attest to the fact that many apps in Appstore are paid where their Android Market equivalent would be ad-supported.
Consumer protection. Enacted by a government formed by the very citizens the law was enacted to protect. You (most likely) and I (for sure) are from the US; we're not use to government working *for us* though, so I'm not shocked you're unfamiliar with the concept.
As a citizen, I expect to have the freedom to purchase a product with a 3 month warranty, if that's what I chose.
As a geek, I find it insulting (and sad) that my fellow/.ers overwhelmingly believe I'm not competent to make that choice.
As a voter, I will not tolerate a politician that wishes to abrogate my choice and substitute their own decision for my own.
As an adult, I do not accept that the word "protection" ever applies to the act of restricting someone's choices "for their own good". This is the rhetoric of drug warriors, porn-fighters, prohibitionists and nanny-staters.
As a (wanna-be) European, you are not used to being allowed to chose many things for yourself, so I'm not shocked that you are unfamiliar with the concept.
As a consumer, I weigh whether to purchase a particular item from a reputable company with a track record of quality service or a no-name brand. Sometimes the balance of factors weigh towards the former, sometimes the latter -- it really depends on the use case, the deprecation cycle, the expected technological improvements, whether I foresee the product being permanent, how critical a failure might be, how easy it is to repair myself and any number of other factors.
As a/.er, you are not used to fact-intensive decisions being made on a case-by-case basis rather than applying some top-down principle that solves every possible case, so I'm not shocked that you might be unfamiliar with the assertion that sometimes a shitty no-name is the better choice.
Plus, the overall price of the product needs to come into account. Saving $.65 on the privacy invasion purchase of a Blu-Ray movie seems reasonable, but what about purchasing a car, or a new home?
No, it doesn't. If you will drive across town to buy a $100 computer part for $50 then you should drive the same amount to buy a $20,000 car for $19,950. It's a standard economic fallacy to think of savings in terms of percentages rather than raw amount -- driving across town (or whatever other inconvenience) is a fixed cost.
And yes, that is a massive indictment of trial by jury as well. But at least the evidence has a chance to be heard and it's not just one person with all the strings in what's supposed to be a free society.
One person? I think you mean at least: (1) The defendant, who will ultimately make the decision on how to plead. (2) Defendants counsel, who will be appointed for him at State expense if he cannot afford one. (3) The prosecutor, who decided to bring charges and what to offer in the plea. (4) The judge, who has to accept the plea bargain and accept the evidence that the State said they will bring to trial.
Quite a bit different, especially when the ultimate decision rests with the defendant himself.
Yeah, I'm sure that most people picked up on actual criminal charges are guilty, but if your raw chance of innocence is 0.1% then for every 50 people picked up there's only a 50-50 shot they're all guilty. I think it is far better that a thousand guilty people be given full trials than for one innocent person to be bankrupted by one.
Sure, but the idea is to self-select the guilty by having them look at the evidence against them and make a rational decision about whether to proceed to full trial. So it's not "raw chance" but a process of selection that tends to weed out those cases in which the defendant is unlikely to win at trial (and likewise, prosecutors cull their casefiles by throwing out the ones they don't think they can win).
Yes, you have the right to a jury no matter how stupid you are, but you also have the right to waive a jury trial if you think that a jury trial is going to leave you far worse off. No officer or lawyer is "deciding anyone's fate without due process" -- they are just noting the obvious: that if your prospects of winning at trial are very slim, you are better off not wasting everyone's time in a length trial with a nearly foregone conclusion. In the end though, it's the defendant's call whether he wants to fight the charges or not. No one can make that decision for him.
It's a stupid inefficient use of society's resources to allocate a jury even when the defendant wants to plead and, what's more, is likely to make all trials of lower quality simply because we have to produce so many more of them.
More than 90 percent of criminal cases are never tried before a jury, in part because the Supreme Court ruled in 1978 that threatening someone with life imprisonment for a minor crime in an effort to induce him to forfeit a jury trial did not violate his Sixth Amendment right to trial.
That's a bit misleading no. A prosecutor can threaten to charge you with a crime that carries a life sentence but it takes a judge and a jury to impose it. The only reason that to take his threat seriously is because you predict that it's likely that he will prevail at trial. If you think you'll prevail, the threat is totally meaningless -- it's not like the prosecutor can put you in jail of his own accord.
Look, I'm all for better trials (especially in the sense of getting better representation for defendants at the trial level where public defenders are really atrocious) but the idea that plea-bargaining is part of the problem is absurd. Plea bargains are often the most socially effective way of dealing with the most obvious cases. Gee, an officer replied to a DV call of a man beating his wife, comes in and sees a woman with a black eye and a dude that smells of whiskey* -- do we really need a jury to decide that one? Or grand theft auto where the perp is caught in the stolen car.
Those cases abound because the criminals in the justice system are, by selection, the stupider ones: the ones that got caught. It stands to reason that, on average, more of them would be open-and-shut cases that your average crime. Just watch COPS** once to see how blindingly guilty some of these idiots are. The smart criminals are the ones that you don't see and never find and aren't taking plea bargains because of the overwhelming amount of evidence stacked against them.
* This is not a made up anecdote, one of my neighbors served in a rather ho-him middle class suburb and he said that he responded to at least one such case per week, often more and very often with repeat offenders. It depressed him to no end that there was not a "get drunk and hit your wife 20 times in a lifetime and we get to take you out behind the woodshed and knock some sense into you" rule, but that's a different matter.
** Or, as my crim pro prof called it "A 30 minute class on the actual procedure of criminal law that you can watch for free every Saturday".
Yes, I'm seriously thinking web technologies themselves are to blame. Overly complex? Over engineered? Fundamentally flawed? Complexity is the enemy of security. It's time for a re-think.
Complexity is required to perform arbitrary tasks in a dynamically programmable fashion -- which is essentially what modern HTML/Javascript essentially provides. You can't take something like that are "re-think" it into something less complex than some fundamental measure of the complexity of the application for which it is intended. Either the browser has to be able to perform those functions or users are going to have to accept a web with drastically limited capabilities.
In a broader sense, this is a symptom of the annoying idea that some combination of clever engineering and design decisions can destroy complexity and replace it with something simple. This is superficially true but really what's happening is not that complexity is destroyed, only that it is hidden away -- it's a sort of "conservation of complexity": you can shuffle it around between various layers and (hopefully) hide it from the end user but it's still got to be there somewhere. Consider a cell-phone, it's an insanely complex system involving a all kinds of RF, some arcane protocol, software running on the mobile device, software running the backhaul -- just thinking about it for a second is enough to give you a headache. What the user sees when they dial a number isn't complex not because we've made all those things easy, only because we've relocated it somewhere else.,
The same thing happens in the case of a browser -- I log into gmail and Google dynamically instructs my computer ("over the wire") how to create an entire GUI program that interacts with their server. That's nothing short of amazing and when you say "browsers are overly complex and over-engineering" what you are essentially saying that they should not be able to do that because that complexity came fundamentally and inexorably from the statement of the required functionality. No simple system could every do that....
It appears you are trying to install a printer I never seen before.
Or "It appears you are trying to install a printer I have never seen before. OK -- that's fine." Oh wait, this printer driver lets you have raw access to a device that, due to a race condition involving socket creation, lets you overwrite arbitrary memory addresses belonging to other users. Or lets you continue to add printers until you overflow a statically initialized buffer and escalate your privileges. Or.....
The mistake you've made is in assuming without proof that the only thing you can do with this particular privilege is what is intended. That might be true or it might not be, and you won't know until you get some security-trained eyes to take a look at the interface provided and validate that it allows only what it is supposed to allow and nothing more.
Why should he have to do that? Why isn't it sufficient to add the user to the 'lp' group? There's no reason that printing should require root access at all.
Because, in any sane environment, that would require proving that the entier printer-management interface is secure enough not to allow privilege escalation or agent-based attacks. At the very least, that would require a software audit of those components that can be twiddled and probably some pen-testing and/or fuzzing. You can just say "well, this is designed to just let users add a printer so surely it can't be used to do anything else" -- I suppose you *can* say that but you ought to lose your job for that kind of thinking.
We've had large multi-user operating systems for decades now and people still don't seem to understand this basic principle -- if an interface is available to a regular user, it has to be vetted to ensure that it does not allow the user to do any more than what it advertises and that the effects of that are limited to things that the user is supposed to be able to accomplish.
Slashdot Mirror
"According to www.lightbulbrecycling.com, each year an estimated 600 million fluorescent lamps are disposed of in U.S. landfills, amounting to 30,000 pounds of mercury waste. Astonishingly, that's almost half the amount of mercury emitted into the atmosphere by coal-fired power plants each year. It only takes 4mg of mercury to contaminate up to 7,000 gallons of freshwater, meaning that the 30,000 pounds of mercury thrown away in compact fluorescent light bulbs each year is enough to pollute nearly every lake, pond, river and stream in North America (not to mention the oceans)."
1mg of mercury vaporized into the air is not the equivalent of 1mg mercury dumped in a landfill. Distribution counts just as much as quantity when it comes to bioavailability.
Heck, it doesn't take much lead or uranium (or any other heavy metal) to poison a body of water, but so long as you have it in metal form and contained behind layers of isolation, it's not a problem. That's kind of the point of landfills -- to hold garbage away from becoming mixed in with everything else. If you believe that the landfills in your State aren't accomplishing that, you should lobby for stricter standards on them because there's a whole host of nasty shit in there that's just as bad as the mercury in the CFLs. Heck, I'll probably support you in such a quest. Just don't equivocate between throwing something into a hole in the ground and vaporizing it into the air -- they aren't at all similar.
I have a 4G/LTE capable Android phone (Samsung Conquer on Sprint). 4G is fast, where it's available, but I leave it off except when I really need more speed than 3G can provide and I don't have Wi-Fi available, because it kills battery life.
That's not 4G/LTE, it's 4G/WiMAX -- totally different technologies.
Link to phone arena
Punching someone in the nose, obviously, is taking open source work and making it proprietary.
Unless that person knowingly and voluntarily consented (redundantly I suppose) to having his open source work incorporated into a proprietary project. In which case, it's not so much a punch in the nose as it is doing exactly what it is that they permitted you to do.
Failure to grok this important distinction seems to me to be a really critical mistake -- sort of like confusing surgery with stabbing or consensual sex with rape.
THE WEBSITE IS MINE AND MODIFYING ITS CONTENT WITHOUT MY EXPRESS PERMISSION AND KNOWLEDGE IS A VIOLATION OF MY COPYRIGHT. ALSO I AM DUCK.
The website is yours but the configuration of the hotspot is not. For instance, I have every right to take my router and add a rule to iptables that drops all requests to odd-numbered IP addresses. If you happen to have a webpage that runs with some images at an even numbered IP and some at an odd IP, that doesn't mean you have any right to order me to change my setup just to make your webpage display right.
Otherwise, you are basically announcing a rule stating the content providers have the right to determine the system configuration and behavior of all intermediate machines between themselves and their destinations. That's obviously wrong and, as I tried to explain, was never part of the contract for the internet -- it's not a medium that guarantees any authenticity whatsoever.
But, really thought please pretty pretty please sue someone based on this theory. It's probably the only way you'll ever appreciate how wrong you are.
Dodgy ground? They own the hotspot, they can provide whatever they want. They can replace all the images with cats if they really feel the internet would be better if all images were cat pics. The hotspot does not belong to you, you have no right to dictate its configuration. Not yours.
If you want to communicate with a site securely, you sign the content cryptographically. Otherwise, the internet provides absolutely no guarantee that the message has not been tampered with. It's not part of the spec, never has been, never will be.
If you have to choose between clearly dangerous infection vector and updating ancient and fragile legacy java applets, I'd say Mozilla is the least of your problems.
Unless I have (an) admin machine(s) configured to access only intranet resources for the purpose of managing my legacy java applets. In that case, it would probably be nice to have an switch somewhere in about:config (maybe with a warning) to disable the blacklist. That's the problem with thinking about security without clearly identifying the context in which the policy is being deployed. For a home user Mozilla should absolutely default to not allowing outdated JREs*, for those within other environments, the calculus might be different.
* By the way, can't they just hire the Google dudes that designed Chrome's "I'm always updated but I never bother you" updater? Can't everyone just do that already? It's been shown to be feasible, workable and damned convenient.
** Of course, * comes with a switch to disable auto-updates for enterprise/OCD consumers that want to manage it themselves. I'm talking about default settings, not forcing everyone onto the silent-update train against their will.
I agree, he shouldn't be facing the court of public opinion. He should be facing the court of law. It certainly doesn't look like that is happening.
It looks increasingly likely that he will face a jury. And when he does, the jury will likely be informed of Fla. Stats. 776.041, which states:
776.041âfUse of force by aggressor.â"The justification [of self defense] described in the preceding sections of this chapter is not available to a person who:
(1)âfIs attempting to commit, committing, or escaping after the commission of, a forcible felony; or
(2)âfInitially provokes the use of force against himself or herself, unless:
(a)âfSuch force is so great that the person reasonably believes that he or she is in imminent danger of death or great bodily harm and that he or she has exhausted every reasonable means to escape such danger other than the use of force which is likely to cause death or great bodily harm to the assailant; or
(b)âfIn good faith, the person withdraws from physical contact with the assailant and indicates clearly to the assailant that he or she desires to withdraw and terminate the use of force, but the assailant continues or resumes the use of force.
To be brutally honest, I think both his attackers and his defenders sound very silly to me in making bold statements before the facts are in. The prudent thing to do is to simply say that we are not going to condemn him or exonerate him until the process plays out and renders a verdict.
[ Note, I'm not saying that everyone must accept the results of the process -- just because it's the legal result doesn't mean we have to personally believe it. But there is a difference between disagreeing with the result after it happens and jumping to your own conclusion before it has been conducted. The former seems to me reasonable, the latter not so much. ]
And what about all the nerds that actually did it? It's not like he sat around writing code himself. What about their (existent?) scruples? Did they know who paid them or wonder why? Did they just ignore those questions so long as they could?
You want to read this as a morality play about how a bad man did something wrong. I want to read it as being about how some pretty smart coders ran pretty sophisticated hacking ring and either be oblivious or indifferent to the fact that they were acting as modern-day thugs smashing up a rival's store.
It's the old "bad apples" routine -- or as Solzhenitsyn put it more eloquently: "If only there were evil people somewhere insidiously committing evil deeds, and it were necessary only to separate them from the rest of us and destroy them. But the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?â
... like a boss.
You're assuming that it's encryption that's the problem. In my case, it's a problem with the size of data vs. how much bandwidth I can use. I get an allocation of 20GB a month, and even that's very expensive. Backing up my 5+ TB to the cloud is simply not an option.
CrashPlan will let you Fedex them a hard drive to get the backup started. From then on, you only need to send deltas.
How about a /sim/-folder on the microSD?
Your phone provider could just email the file to you, you copy the file to the card and turn on the phone.
Impossible under 3GPP standards. The SIM shall contain certain encryption keys (K_i, K_c) and shall not divulge them directly but only perform the GSM authentication algorithm against a given input data (i.e. you tell the SIM to sign request R, it returns GSM(K_c, R) but you never get to ask for K_c directly). If the keys were stored on a plain storage device like a microSD card, then any rogue application with access to storage could copy them and send them across the network allowing the adversary to create a GSM cloner/interceptor.
Well put. Furthermore, Harold Shipman is my choice of Serial Killer of the Year, as he only ended the lives of the elderly and infirm, and in a humane fashion.
And he is abominable as compared to the billions of people that don't murder anyone at all.
Maybe they use less data because iPhone apps aren't constantly uploading their gps coordinates and downloading ads. If you look at mobile web traffic, iOS beats android. Even when you factor out the iPad.
Which in turn goes to GP's comment that iPhone customers pay more -- in this case, they pay more for apps. Any user that switches (in either direction) can attest to the fact that many apps in Appstore are paid where their Android Market equivalent would be ad-supported.
That in turn goes to developer interest in the iPhone over Android.
Even if they do only sell to NATO, NATO governments haven't exactly had a stellar history of respecting human rights in the past decade.
Compared to who? I'm pretty sure NATO collectively ranks at the very top of human rights respect on this planet.
Consumer protection. Enacted by a government formed by the very citizens the law was enacted to protect. You (most likely) and I (for sure) are from the US; we're not use to government working *for us* though, so I'm not shocked you're unfamiliar with the concept.
As a citizen, I expect to have the freedom to purchase a product with a 3 month warranty, if that's what I chose.
As a geek, I find it insulting (and sad) that my fellow /.ers overwhelmingly believe I'm not competent to make that choice.
As a voter, I will not tolerate a politician that wishes to abrogate my choice and substitute their own decision for my own.
As an adult, I do not accept that the word "protection" ever applies to the act of restricting someone's choices "for their own good". This is the rhetoric of drug warriors, porn-fighters, prohibitionists and nanny-staters.
As a (wanna-be) European, you are not used to being allowed to chose many things for yourself, so I'm not shocked that you are unfamiliar with the concept.
As a consumer, I weigh whether to purchase a particular item from a reputable company with a track record of quality service or a no-name brand. Sometimes the balance of factors weigh towards the former, sometimes the latter -- it really depends on the use case, the deprecation cycle, the expected technological improvements, whether I foresee the product being permanent, how critical a failure might be, how easy it is to repair myself and any number of other factors.
As a /.er, you are not used to fact-intensive decisions being made on a case-by-case basis rather than applying some top-down principle that solves every possible case, so I'm not shocked that you might be unfamiliar with the assertion that sometimes a shitty no-name is the better choice.
This is why binding arbitration should be limited to minor disputes over small sums of money.
Like $100/yr for Netflix that you can cancel at any time if you are dissatisfied?
Mandatory binding arbitration clauses in contracts of adhesion are way beyond unconscionable.
How do you square this with the above?
Plus, the overall price of the product needs to come into account. Saving $.65 on the privacy invasion purchase of a Blu-Ray movie seems reasonable, but what about purchasing a car, or a new home?
No, it doesn't. If you will drive across town to buy a $100 computer part for $50 then you should drive the same amount to buy a $20,000 car for $19,950. It's a standard economic fallacy to think of savings in terms of percentages rather than raw amount -- driving across town (or whatever other inconvenience) is a fixed cost.
Who are you going to trust to decide who gets a jury trial and who doesn't? What kind of oversight do you propose to ensure that power is not abused?
Uhh, the defendant -- you know, the guy makes the decision now ...
And yes, that is a massive indictment of trial by jury as well. But at least the evidence has a chance to be heard and it's not just one person with all the strings in what's supposed to be a free society.
One person? I think you mean at least:
(1) The defendant, who will ultimately make the decision on how to plead.
(2) Defendants counsel, who will be appointed for him at State expense if he cannot afford one.
(3) The prosecutor, who decided to bring charges and what to offer in the plea.
(4) The judge, who has to accept the plea bargain and accept the evidence that the State said they will bring to trial.
Quite a bit different, especially when the ultimate decision rests with the defendant himself.
Yeah, I'm sure that most people picked up on actual criminal charges are guilty, but if your raw chance of innocence is 0.1% then for every 50 people picked up there's only a 50-50 shot they're all guilty. I think it is far better that a thousand guilty people be given full trials than for one innocent person to be bankrupted by one.
Sure, but the idea is to self-select the guilty by having them look at the evidence against them and make a rational decision about whether to proceed to full trial. So it's not "raw chance" but a process of selection that tends to weed out those cases in which the defendant is unlikely to win at trial (and likewise, prosecutors cull their casefiles by throwing out the ones they don't think they can win).
Yes, you have the right to a jury no matter how stupid you are, but you also have the right to waive a jury trial if you think that a jury trial is going to leave you far worse off. No officer or lawyer is "deciding anyone's fate without due process" -- they are just noting the obvious: that if your prospects of winning at trial are very slim, you are better off not wasting everyone's time in a length trial with a nearly foregone conclusion. In the end though, it's the defendant's call whether he wants to fight the charges or not. No one can make that decision for him.
It's a stupid inefficient use of society's resources to allocate a jury even when the defendant wants to plead and, what's more, is likely to make all trials of lower quality simply because we have to produce so many more of them.
More than 90 percent of criminal cases are never tried before a jury, in part because the Supreme Court ruled in 1978 that threatening someone with life imprisonment for a minor crime in an effort to induce him to forfeit a jury trial did not violate his Sixth Amendment right to trial.
That's a bit misleading no. A prosecutor can threaten to charge you with a crime that carries a life sentence but it takes a judge and a jury to impose it. The only reason that to take his threat seriously is because you predict that it's likely that he will prevail at trial. If you think you'll prevail, the threat is totally meaningless -- it's not like the prosecutor can put you in jail of his own accord.
Look, I'm all for better trials (especially in the sense of getting better representation for defendants at the trial level where public defenders are really atrocious) but the idea that plea-bargaining is part of the problem is absurd. Plea bargains are often the most socially effective way of dealing with the most obvious cases. Gee, an officer replied to a DV call of a man beating his wife, comes in and sees a woman with a black eye and a dude that smells of whiskey* -- do we really need a jury to decide that one? Or grand theft auto where the perp is caught in the stolen car.
Those cases abound because the criminals in the justice system are, by selection, the stupider ones: the ones that got caught. It stands to reason that, on average, more of them would be open-and-shut cases that your average crime. Just watch COPS** once to see how blindingly guilty some of these idiots are. The smart criminals are the ones that you don't see and never find and aren't taking plea bargains because of the overwhelming amount of evidence stacked against them.
* This is not a made up anecdote, one of my neighbors served in a rather ho-him middle class suburb and he said that he responded to at least one such case per week, often more and very often with repeat offenders. It depressed him to no end that there was not a "get drunk and hit your wife 20 times in a lifetime and we get to take you out behind the woodshed and knock some sense into you" rule, but that's a different matter.
** Or, as my crim pro prof called it "A 30 minute class on the actual procedure of criminal law that you can watch for free every Saturday".
Yes, I'm seriously thinking web technologies themselves are to blame. Overly complex? Over engineered? Fundamentally flawed? Complexity is the enemy of security. It's time for a re-think.
Complexity is required to perform arbitrary tasks in a dynamically programmable fashion -- which is essentially what modern HTML/Javascript essentially provides. You can't take something like that are "re-think" it into something less complex than some fundamental measure of the complexity of the application for which it is intended. Either the browser has to be able to perform those functions or users are going to have to accept a web with drastically limited capabilities.
In a broader sense, this is a symptom of the annoying idea that some combination of clever engineering and design decisions can destroy complexity and replace it with something simple. This is superficially true but really what's happening is not that complexity is destroyed, only that it is hidden away -- it's a sort of "conservation of complexity": you can shuffle it around between various layers and (hopefully) hide it from the end user but it's still got to be there somewhere. Consider a cell-phone, it's an insanely complex system involving a all kinds of RF, some arcane protocol, software running on the mobile device, software running the backhaul -- just thinking about it for a second is enough to give you a headache. What the user sees when they dial a number isn't complex not because we've made all those things easy, only because we've relocated it somewhere else.,
The same thing happens in the case of a browser -- I log into gmail and Google dynamically instructs my computer ("over the wire") how to create an entire GUI program that interacts with their server. That's nothing short of amazing and when you say "browsers are overly complex and over-engineering" what you are essentially saying that they should not be able to do that because that complexity came fundamentally and inexorably from the statement of the required functionality. No simple system could every do that ....
It appears you are trying to install a printer I never seen before.
Or "It appears you are trying to install a printer I have never seen before. OK -- that's fine." Oh wait, this printer driver lets you have raw access to a device that, due to a race condition involving socket creation, lets you overwrite arbitrary memory addresses belonging to other users. Or lets you continue to add printers until you overflow a statically initialized buffer and escalate your privileges. Or .....
The mistake you've made is in assuming without proof that the only thing you can do with this particular privilege is what is intended. That might be true or it might not be, and you won't know until you get some security-trained eyes to take a look at the interface provided and validate that it allows only what it is supposed to allow and nothing more.
Why should he have to do that? Why isn't it sufficient to add the user to the 'lp' group? There's no reason that printing should require root access at all.
Because, in any sane environment, that would require proving that the entier printer-management interface is secure enough not to allow privilege escalation or agent-based attacks. At the very least, that would require a software audit of those components that can be twiddled and probably some pen-testing and/or fuzzing. You can just say "well, this is designed to just let users add a printer so surely it can't be used to do anything else" -- I suppose you *can* say that but you ought to lose your job for that kind of thinking.
We've had large multi-user operating systems for decades now and people still don't seem to understand this basic principle -- if an interface is available to a regular user, it has to be vetted to ensure that it does not allow the user to do any more than what it advertises and that the effects of that are limited to things that the user is supposed to be able to accomplish.