drinkypoo,
It seems to me that AaronW is summarizing rather than "attempting to deceive" the Slashdot audience with "nefarious bullshit". In context (observe Bartle's joke), he is simply trying to show that Clinton is more honest than Trump. Bernie was mentioned just for completeness.
However, AaronW did make a significant mathematical error by excluding the 32% "mostly false" category for Clinton. Her net false rating is 59%, not 27%. That significantly weakens his implicit claim that Clinton is significantly more honest than Trump, at least until you delve down into the more fine-grained ratings.
Moreover, PolitiFact percentages don't add up to 100% (nor close enough to reflect rounding). Their about page implies that each claim can only be assigned to one category, so quite possibly there's an error in how they are calculating percentages.
At any rate, let's try to conduct these conversations without personal attacks. Well, excluding obvious Microsoft shills anways, because, heh... we're Slashdot after all.:-)
I'm with you AC... I insist that any programming language I use have multiple implementations that are fully and independently audited by sentient supercomputers who have proven their virtue in trial-by-combat with enraged swamp gorillas.aa.uao.ua3u3!#Pi derp
Just kidding! I pick the best tool for the job. If secure programming were paramount, then I'd (personally) be more successful in Rust then C++. YMMV. (BTW, good luck getting an independent audit for your proprietary compilers.)
Mime types are hidden too, at least from the user perspective. File extensions are the most usable way of conveying file type.
Of course, they aren't really usable for security purposes, because of it isn't an EXE, it's a BAT or PS1. And even if you know all your "executable" file types, nothing's to say that PDF or JPG is safe.
What really boggles me though is how hiding file extensions is the default on their freaking server OS'es. I mean, treating the general public with kid gloves I understand, but treating your sys admins like imbecile is dangerous.
Last time somebody claimed to know the identity of Satoshi he posted a denial here after a 5 year hiatus. If Satoshi really wanted to reveal his identity, it would be strange for him not to make that claim on the P2PFoundation website (in addition to creating a technical proof).
I would argue that reduction of discretion is precisely what is required, discretion to prosecute in the first place. Any crime which we are not prepared to attempt to detect, investigate, and prosecute vigorously should be no crime at all.
Without discretion, you get things like the Mike's Hard Lemonade case, people being branded as sex offenders just for peeing in the woods, numerous VERY YOUNG children punished for pointing their finger like a gun (or drawing a gun, or writing a story that involves murder, etc., etc.,), and numerous other forms of zero-tolerance bullshit.
I get that discretion is sometimes a band-aide fix for serious problems (such as vague laws and malicious prosecution), but there's no legislator who can write perfect, high-quality laws, even if that skill was valued by voters. The law is not a computer program; we are not gears in the machine.
In addition, it would be wise to consider the failure of centralized control across a number of human endeavors... see Communism and work-to-rule as examples.
FirefoxOS, Rust, Servo... these are all innovative gambles. While I'm irked at some of their browser changes, I don't see it as unreasonable that Mozilla selectively undertake some of these high-risk, high-reward ventures. FirefoxOS was aimed at the developing world--down-market of the iOS and Android devices that it was to compete with. If it had worked, it would have been a huge coup for Open Source, possibly leveraging HW manufactures into better isolating radio modems and possibly accelerating Google's contributions to AOSP. I say kudos to them for trying, and kudos to them for knowing when to cut their losses.
In contrast to the FirefoxOS failure, Rust successfully introduced a new systems-programming language to a world that desperately needs safer, more secure systems. It may yet flounder, but its future is looking bright.
Calculus was discovered near-simultaneously by two separate individuals. Ditto telephone, lightbulb, and many other truly transformative inventions. This is not a coincidence: inventors take the problems of their day starting from roughly the same base of established knowledge. A super-exceptional individual may be able to advance humanity some couple of decades thru their insight, but with billions of brains on the planet, somebody else would have eventually figured it out. There are valid argument for patents; increasing the pace of technological progress is chief among them, but to argue that NOBODY would ever discover the same thing is just silly.
Consumers prefer female voices. Crying wolf on sexism and racism does nothing to help society address the real inequalities these protected classes face. Jeez... it's almost like these SJW-types are running a false flag operation to tarnish the advances that the last century of feminism brought to society.
The word "obsession" is an especially bothersome bit of hyperlobe. If these companies were truly obsessed with female servants, Siri/Cortana/etc would display OS-tan-style maid animations with easter egg prompts that convince them to go ecchi, complete with deferential titles for their user (master, mistress, -sensai, -sama, etc.). That's what obsession would like... not just a few cherry-picked search results.
Missing from your list is that NPM didn't just pull the npm package, they reassigned it to a different user. Think about the security implications of that... it implies anyone can send a few intimidating emails, gain control of a major project, and then substitute with their own code/malware.
Assuming that's how it played out, it might be a good thing the developer threw a hissy fit: the resulting public fallout may or may not prompt NPM (and NuGet, Cargo, Docker, and so forth) to reconsider the trust problem they have created.
What good does that do? Over 1 in 5 people are Muslim. Treat them poorly and it will only create blowback down the road. Your fishing with way too big a net.
Now yeah, it works for Israel because they're a lot smaller. And they're not afraid to be an authoritarian, constitution-less apartheid state because they know big brother Sam has their back.
Unfortunately, the solutions they're actually considering are more at the analog signals level... e.g., checking various characteristics of the waveform. I'm not an EE, but that probably means the attacks will still be possible [though more difficult] on generation 2 fobs.
Like the other poster said, just checking that the roundtrip time is 40 light-meters would mitigate most of this attack (assuming it's already resilient against replays).
They didn't just dream up giant boulder-hurling waves, they found historical examples and took pictures of them. (See p.22 under the section-heading Megaboulders.)
Let me know once you've got a photograph of the six-winged beasts of Revelations.
My guess is that you'll live long enough to see the ravages of climate change (whether or not they include megaboulders... that part has not been collaborated by other researchers). It won't exactly be an end-of-the-world type thing (sorry to disappoint), but maybe at that point in your adult life you'll be able to reconsider the value of trusting indirect revelation over empirical/rational/mathematical analysis.
It's a replacement of two previous ideas... Mozilla's asm.js ("let's specify a subset of JavaScript that can run faster") and Google's NaCL ("let's ship x86 code directly to the browser"). As best I can tell, the replacement resembles putting a Java/.NET-style virtual machine into the browser to execute a new form of bytecode (.wasm files).
This is good for speed, which is in turn good for developers who want to deliver complex ("Photoshop-like") apps from the cloud.
It's bad for security (expanded attack surface), and it's bad for privacy (more ways to fingerprint the browser).
It's a wash for transparency: today's minified JavaScript is pretty much unreadable anyways.
Probably my biggest concern off the bat is wondering how the ecosystem for web API's is going to work when everyone's developing in their own favorite programming language. Traditionally, JavaScript has been a uniting force in this regard.
As an added bonus it creates 10,000 more exploits...
Servo is written in Rust, which eliminates the vast majority of C/C++/ObjC-style memory-mangling exploits up-front at compile-time. Don't get me wrong, exploits will still be possible (Rust lets you designate unsafe blocks of code, for instance, and some exploits aren't memory-related), but Servo will ultimately improve security for Firefox.
If your goal is to cause large-scale power disruptions, there are more practical options than assaulting the most protected structures in the utility industry.
Government can recognize and protect rights, but they cannot grant them... these rights derive directly from human nature. You have a biological need for air, water, and food: denying these needs means that your body will die. You similarly have needs for privacy, autonomy, self-expression, and so forth: if those needs are denied, you will not live free and let others live free. If, as as society, those needs are denied, then the society will not live free; it will struggle to proper economically; it will be beset by violence and squander it's destiny.
I would like to say that any company (or government) with the engineering competency to mine such an asteroid would also have the economic competency to return it to earth at a controlled rate, so as to extract the max value of their investment. But I can't say that because competency in one domain doesn't imply competency in another domain. (For instance, being a successful jackass reality-TV start doesn't imply you can walk into the White House and avoid steering the country into the ground.)
To build on that, think about the vast amount of trust that everyday commerce requires. Getting your car fixed? You trust the shop to not steal your car, and you trust the court system that you have some legal remedy if they do. Going out to eat? You trust the restaurant to fix your food safely, and they trust you not to dine-and-dash. Staying at a hotel? You trust them not to have hidden perv-cams; you trust them not to break in and kidnap you for ransom (or worse) while you sleep. They trust you not to issue a chargeback on your credit card. Purchasing a snack? The store trusts you to select your own merchandise and bring it to the counter. Purchasing some smokes? You hand the clerk money and trust him to hand you a pack of cigarettes instead of stealing the money. The list goes on and on...
That's not to say that there aren't violations. There are LOTS of trust violations thru miscommunication, incompetence, and outright criminal maliciousness. We rely on reputation systems (word-of-mouth, references, certifications, college diplomas, etc.) and law enforcement (civil justice, criminal justice, regulatory agencies, etc.) and numerous other mechanisms to reinforce the trust we invest to pursue these transactions, but make no mistake... trust is the lubricant of our economy. And the more trust there is in a system (be it a transaction, a team, an organization, etc.), the faster good things can happen.
It's more complicated than that. To touch on but one aspect, the abstract/disconnected nature of the medium leads us to interpret people 2 dimensionally, like stick figures in a cartoon universe with a simplistic good versus evil plot. And it's easy to play hero when all you have to do is gush righteous indignation onto the keyboard.
Outside of the internet, we've developed other mechanism/norms for getting along sensibly. It's impolite to bring up religion and politics at work for instance... unless you know the group well enough to get away with it. Couple, families, coworkers, etc., frequently agree to just quietly disagree. Old folks are indulged their rants. Friends from opposite sides of the political spectrum vacillate between sincere discussion and light-hearted poking fun at themselves. Spouses rein in their too-tipsy others before they make too much an ass of themselves.
No, it doesn't happen everywhere all the time, but in watching myself, I've found it fascinating how often my real-world responses deviate from my internet responses. And part of that is that you are seeing the whole person and part of it is that you work, live, or fraternize with that person and you don't want to harm the relationship.
Slashdot Mirror
Let's let the cameras stay. Additionally, let's allow the public to view the cameras in public and record their presence to the public.
Cute, but unworkable. The power ultimately belongs to those who operate the camera network.
drinkypoo,
It seems to me that AaronW is summarizing rather than "attempting to deceive" the Slashdot audience with "nefarious bullshit". In context (observe Bartle's joke), he is simply trying to show that Clinton is more honest than Trump. Bernie was mentioned just for completeness.
However, AaronW did make a significant mathematical error by excluding the 32% "mostly false" category for Clinton. Her net false rating is 59%, not 27%. That significantly weakens his implicit claim that Clinton is significantly more honest than Trump, at least until you delve down into the more fine-grained ratings.
Moreover, PolitiFact percentages don't add up to 100% (nor close enough to reflect rounding). Their about page implies that each claim can only be assigned to one category, so quite possibly there's an error in how they are calculating percentages.
At any rate, let's try to conduct these conversations without personal attacks. Well, excluding obvious Microsoft shills anways, because, heh... we're Slashdot after all. :-)
Cordially,
firewrought
I'm with you AC... I insist that any programming language I use have multiple implementations that are fully and independently audited by sentient supercomputers who have proven their virtue in trial-by-combat with enraged swamp gorillas.aa.uao.ua3u3!#Pi derp
Just kidding! I pick the best tool for the job. If secure programming were paramount, then I'd (personally) be more successful in Rust then C++. YMMV. (BTW, good luck getting an independent audit for your proprietary compilers.)
Here's another idea: don't give money to people who show a willingness to exploit others.
Mime types are hidden too, at least from the user perspective. File extensions are the most usable way of conveying file type. Of course, they aren't really usable for security purposes, because of it isn't an EXE, it's a BAT or PS1. And even if you know all your "executable" file types, nothing's to say that PDF or JPG is safe. What really boggles me though is how hiding file extensions is the default on their freaking server OS'es. I mean, treating the general public with kid gloves I understand, but treating your sys admins like imbecile is dangerous.
Last time somebody claimed to know the identity of Satoshi he posted a denial here after a 5 year hiatus. If Satoshi really wanted to reveal his identity, it would be strange for him not to make that claim on the P2PFoundation website (in addition to creating a technical proof).
I would argue that reduction of discretion is precisely what is required, discretion to prosecute in the first place. Any crime which we are not prepared to attempt to detect, investigate, and prosecute vigorously should be no crime at all.
Without discretion, you get things like the Mike's Hard Lemonade case, people being branded as sex offenders just for peeing in the woods, numerous VERY YOUNG children punished for pointing their finger like a gun (or drawing a gun, or writing a story that involves murder, etc., etc.,), and numerous other forms of zero-tolerance bullshit.
I get that discretion is sometimes a band-aide fix for serious problems (such as vague laws and malicious prosecution), but there's no legislator who can write perfect, high-quality laws, even if that skill was valued by voters. The law is not a computer program; we are not gears in the machine.
In addition, it would be wise to consider the failure of centralized control across a number of human endeavors... see Communism and work-to-rule as examples.
FirefoxOS, Rust, Servo... these are all innovative gambles. While I'm irked at some of their browser changes, I don't see it as unreasonable that Mozilla selectively undertake some of these high-risk, high-reward ventures. FirefoxOS was aimed at the developing world--down-market of the iOS and Android devices that it was to compete with. If it had worked, it would have been a huge coup for Open Source, possibly leveraging HW manufactures into better isolating radio modems and possibly accelerating Google's contributions to AOSP. I say kudos to them for trying, and kudos to them for knowing when to cut their losses.
In contrast to the FirefoxOS failure, Rust successfully introduced a new systems-programming language to a world that desperately needs safer, more secure systems. It may yet flounder, but its future is looking bright.
Calculus was discovered near-simultaneously by two separate individuals. Ditto telephone, lightbulb, and many other truly transformative inventions. This is not a coincidence: inventors take the problems of their day starting from roughly the same base of established knowledge. A super-exceptional individual may be able to advance humanity some couple of decades thru their insight, but with billions of brains on the planet, somebody else would have eventually figured it out. There are valid argument for patents; increasing the pace of technological progress is chief among them, but to argue that NOBODY would ever discover the same thing is just silly.
Consumers prefer female voices. Crying wolf on sexism and racism does nothing to help society address the real inequalities these protected classes face. Jeez... it's almost like these SJW-types are running a false flag operation to tarnish the advances that the last century of feminism brought to society.
The word "obsession" is an especially bothersome bit of hyperlobe. If these companies were truly obsessed with female servants, Siri/Cortana/etc would display OS-tan-style maid animations with easter egg prompts that convince them to go ecchi, complete with deferential titles for their user (master, mistress, -sensai, -sama, etc.). That's what obsession would like... not just a few cherry-picked search results.
Oooh... all 6 issues. This source shows 24 issues for Trump, as well as for all other candidates.
Those aren't all his policies... for instance, there's nothing about abortion, climate change, education, marijuana, ISIS, Iran, or North Korea.
So... supplement with other sources. For the lazy, here's PBS for a start, though it isn't comprehensive either.
Missing from your list is that NPM didn't just pull the npm package, they reassigned it to a different user. Think about the security implications of that... it implies anyone can send a few intimidating emails, gain control of a major project, and then substitute with their own code/malware.
Assuming that's how it played out, it might be a good thing the developer threw a hissy fit: the resulting public fallout may or may not prompt NPM (and NuGet, Cargo, Docker, and so forth) to reconsider the trust problem they have created.
What good does that do? Over 1 in 5 people are Muslim. Treat them poorly and it will only create blowback down the road. Your fishing with way too big a net.
Now yeah, it works for Israel because they're a lot smaller. And they're not afraid to be an authoritarian, constitution-less apartheid state because they know big brother Sam has their back.
Don't think I'm just being PC here: there are just more useful indicators of radicalization than skin-tone and headwear. Also, threats can come from all directions, not just those you know about.
Unfortunately, the solutions they're actually considering are more at the analog signals level... e.g., checking various characteristics of the waveform. I'm not an EE, but that probably means the attacks will still be possible [though more difficult] on generation 2 fobs.
Like the other poster said, just checking that the roundtrip time is 40 light-meters would mitigate most of this attack (assuming it's already resilient against replays).
Let me know once you've got a photograph of the six-winged beasts of Revelations.
My guess is that you'll live long enough to see the ravages of climate change (whether or not they include megaboulders... that part has not been collaborated by other researchers). It won't exactly be an end-of-the-world type thing (sorry to disappoint), but maybe at that point in your adult life you'll be able to reconsider the value of trusting indirect revelation over empirical/rational/mathematical analysis.
It's a replacement of two previous ideas... Mozilla's asm.js ("let's specify a subset of JavaScript that can run faster") and Google's NaCL ("let's ship x86 code directly to the browser"). As best I can tell, the replacement resembles putting a Java/.NET-style virtual machine into the browser to execute a new form of bytecode (.wasm files).
This is good for speed, which is in turn good for developers who want to deliver complex ("Photoshop-like") apps from the cloud.
It's bad for security (expanded attack surface), and it's bad for privacy (more ways to fingerprint the browser).
It's a wash for transparency: today's minified JavaScript is pretty much unreadable anyways.
Probably my biggest concern off the bat is wondering how the ecosystem for web API's is going to work when everyone's developing in their own favorite programming language. Traditionally, JavaScript has been a uniting force in this regard.
As an added bonus it creates 10,000 more exploits...
Servo is written in Rust, which eliminates the vast majority of C/C++/ObjC-style memory-mangling exploits up-front at compile-time. Don't get me wrong, exploits will still be possible (Rust lets you designate unsafe blocks of code, for instance, and some exploits aren't memory-related), but Servo will ultimately improve security for Firefox.
If your goal is to cause large-scale power disruptions, there are more practical options than assaulting the most protected structures in the utility industry.
Government can recognize and protect rights, but they cannot grant them... these rights derive directly from human nature. You have a biological need for air, water, and food: denying these needs means that your body will die. You similarly have needs for privacy, autonomy, self-expression, and so forth: if those needs are denied, you will not live free and let others live free. If, as as society, those needs are denied, then the society will not live free; it will struggle to proper economically; it will be beset by violence and squander it's destiny.
I would like to say that any company (or government) with the engineering competency to mine such an asteroid would also have the economic competency to return it to earth at a controlled rate, so as to extract the max value of their investment. But I can't say that because competency in one domain doesn't imply competency in another domain. (For instance, being a successful jackass reality-TV start doesn't imply you can walk into the White House and avoid steering the country into the ground.)
To build on that, think about the vast amount of trust that everyday commerce requires. Getting your car fixed? You trust the shop to not steal your car, and you trust the court system that you have some legal remedy if they do. Going out to eat? You trust the restaurant to fix your food safely, and they trust you not to dine-and-dash. Staying at a hotel? You trust them not to have hidden perv-cams; you trust them not to break in and kidnap you for ransom (or worse) while you sleep. They trust you not to issue a chargeback on your credit card. Purchasing a snack? The store trusts you to select your own merchandise and bring it to the counter. Purchasing some smokes? You hand the clerk money and trust him to hand you a pack of cigarettes instead of stealing the money. The list goes on and on...
That's not to say that there aren't violations. There are LOTS of trust violations thru miscommunication, incompetence, and outright criminal maliciousness. We rely on reputation systems (word-of-mouth, references, certifications, college diplomas, etc.) and law enforcement (civil justice, criminal justice, regulatory agencies, etc.) and numerous other mechanisms to reinforce the trust we invest to pursue these transactions, but make no mistake... trust is the lubricant of our economy. And the more trust there is in a system (be it a transaction, a team, an organization, etc.), the faster good things can happen.
It's more complicated than that. To touch on but one aspect, the abstract/disconnected nature of the medium leads us to interpret people 2 dimensionally, like stick figures in a cartoon universe with a simplistic good versus evil plot. And it's easy to play hero when all you have to do is gush righteous indignation onto the keyboard. Outside of the internet, we've developed other mechanism/norms for getting along sensibly. It's impolite to bring up religion and politics at work for instance... unless you know the group well enough to get away with it. Couple, families, coworkers, etc., frequently agree to just quietly disagree. Old folks are indulged their rants. Friends from opposite sides of the political spectrum vacillate between sincere discussion and light-hearted poking fun at themselves. Spouses rein in their too-tipsy others before they make too much an ass of themselves. No, it doesn't happen everywhere all the time, but in watching myself, I've found it fascinating how often my real-world responses deviate from my internet responses. And part of that is that you are seeing the whole person and part of it is that you work, live, or fraternize with that person and you don't want to harm the relationship.