"Sample" is different from "statistical sample". If you qualify "sample" with "statistical", you have to be able to say what a "nonstatistical sample" would be.
The point of a selection procedure is to avoid screwing up the data by introducing biases. In their case, the test group was identical to the control group, so there is basically NO selection procedure they could have used that would have invalidated their finding that the phenomenon exists. If they were trying to compare individual delivery areas against each other in more than an informal "We didn't see this outside the US" way, they would have to be more careful... but their main point is that they do see it in at least some areas of the US, which is valid regardless of whether they covered the US evenly or without bias, or of whether or not it happens outside the US.
Any data CAN be explained by coincidence. It COULD be that there's no causality in the Universe, and every event anybody has observed so far has just been pure coincidence that randomly happened to look causal. The question is how probable you find that to be under reasonable epistemic assumptions.
The standard null-hypothesis p-value method for finding such probabilities puts the chance of coincidence at less than 2 percent for the lost packages, and less than one tenth of a percent for the delays. There are, of course, alternative views on hypothesis testing. I really don't think you want to risk asking the Bayesians what they think, because they're likely to put the probability of coincidence even lower. That leaves you with the philosophies that basically deny that any data can tell you anything at all. Want to go there?
We can argue about causes, but "coincidence" is not credible.
What, exactly, do you mean by "it wasn't a statistical sample"? "Statistical sample" is not a statistical term.
It was a perfectly valid sample over delivery routes, it had a meaningful if not fabulous N, and it also had a control that most data can only dream of. The non-response rate was 4 out of the 89, which means that there really wasn't a chance of selective response removing the significance.
And all the packages WERE NOT delivered. 9 out of 89 packages "atheist" packages never arrived, versus 1 out of 89 "non-atheist" packages. Do 10 percent of your packages get lost? Because I order a lot of stuff by mail, and I don't see lost packages enough to even notice it.
p=.018 on the lost packages. Medical studies wish they could hit that kind of significance on a regular basis. p.001 and a huge effect size on the delays; that sort of thing is treated as more or less certainty in a lot of places, including biology and all of the social sciences.
The only way you could invalidate that would be if you assumed that somebody was outright lying: either the people running the study, or a LOT of the recipients.
I'm forced to conclude that you wouldn't know a "statistical sample" if it bit you on the behind.
I'm not disappointed at all. I'm reacting to somebody who seems to think the job is done when it's not.
All I'm saying is that the present, early stuff is NOT "sufficient for 90% of possible use cases". That doesn't mean I don't realize that things are still at an early stage and progress is being made.
If I tried to teach a human, or indeed if I set an untaught human loose on an unstructured problem, and that human turned around and demanded a huge mass of annotated data, I would not conclude that the human was a good learner, or even "sufficient for 90% of possible use cases". I would conclude that the human didn't have the complete machinery of learning.
What, exactly, do you think "the cloud" is? Hint: what you describe is the essence of the cloud.
How do the data get from the device to the cloud? Why, via a local reader. Essentially the same hardware could give the patient the data without involving the manufacturer, which would be a much more secure and robust design as well as keeping control where it belongs. Whether or not you involve the doctor is a separate decision... but it's a lot easier not to involve the doctor if you don't have to deal with going through the manufacturer and then authenticating who's asking.
And TFA is talking about the fact that patients can't just "dial in and bypass their doctors". They're told nothing at all unless they go through the doctor. In fact, one of the people in the article had a critical malfunction, which I'm sure the device knew about, and wasn't even told that. And that is caused by this design. If the patient's local reader were under local control, then it wouldn't even be possible.
I used to handle ALL of these issues for a very large vendor. Yes, people did wake me up over things, until I wised up that my employer's problems during my off hours were in fact my employer's problems, not mine, and that my employer as an institution didn't give a fuck about anything but saving face.
I quit about the time vendors started trying to dodge responsibility by talking about other people's "responsible disclosure".
You are not entitled to know about a problem before those who are actually affected (hint: that's the users, not you). Your company's unwillingness to staff 24-hour incident response does not entitle it to special consideration. Maybe early disclosure to you would help the customers you've already failed... if you could turn a patch around in, say, a week. So few companies do that that it's not really worth the discoverer's time to think about the possibility. The usual "responsible disclosure" demand for weeks or months to accommodate internal laziness, bureaucracy, incompetence, and spin control is ridiculous and helps nobody but the vendors themselves.
Any vulnerability could very well already be known to some bad guys somewhere... and most vendors leak the information like crazy once they have it, long before they get their patches out. So waiting around for vendors just creates more risk. It's end user self-help or nothing.
Your company really lost all right to act wronged the minute it released the buggy code. If somebody wants to give you a few extra hours, I won't fault that person, but I won't say it's good, either.
Toughen up. Maybe you should try to release fewer bugs.
These devices shouldn't be shipping anything sensitive into the "the cloud" in the first place. They should be delivering the data to local readers operated by patients and/or doctors... who may or may not then choose to give some information to the device builders and/or to others.
That's where regulation should be aiming: total local patient control from the get-go.
Why is the word "slut" used as an insult? Because apparently some people think the worst thing a woman can do is like sex, have a lot of it, and not be anybody's property. I guess that makes people nervous. Of course, it seems a lot of people think the second worst thing a woman can do is be a "stuck-up cockteasing bitch".
So, basically, any woman who wants to make her own sexual choices is going to get shit for it unless her choices exactly match what somebody else wants. Which changes from person to person and from moment to moment. So she's really just shit out of luck.
Which sucks. And is specific to women. So perpetuating it is misogynistic. Even when women do it. Which many do.
It's not misogynistic because somebody guessed that a woman was female. It's misogynistic because it's always misogynistic to use "slut" as an insult. Every time. Regardless of how much sex somebody does or does not have, and regardless of whether or not that has anything to do with whatever's being discussed.
You have no license to use the word, ever. People will call you on it. Grow up and deal with it.
Presumably a "digital blackwater" would be able to double check before attacking.
Here is the kind of double checking we got from "analog blackwater". You may have noticed it caused kind of a bit of concern at the time.
Why would one expect "digital blackwater" to be better, exactly? Cowboys are cowboys.
I am not talking about a nuclear network response that takes out a data center, but hacking the specific system(s) attacking you.
It's not that easy to get into just anything on demand. This team of yours is going to be under pressure to produce results. How long before they decide they have a "critical need" to resort to denial of service? Or before they decide that the best way in is to hack the hosting or virtualization platform itself, get that wrong, and shut down a bunch of innocents?
And shared hosting doesn't totally isolate clients from one another, either. Not even VPSes.
Then the company launching the counter attack would be sued and that would be the end of that, which is why such a team would in fact be careful and now cowboy.
Um, people aren't generally that disciplined. The priorities of the moment take over. Especially because the incentives of the actual humans involved are not the incentives of the corporation. Get the boss off your back...
And what makes you think this mythical tiger team is going to make itself easy to trace and sue, anyway? You want to be stealthy so the "bad guys" don't come back on you. And, hey, you might as well be stealthy so that damaged third parties can't come back on you, either. "After all", these people will reason, "it was just an honest mistake".
So people getting sued would probably be a rarity, and that would lead to a "can't happen to me" attitude.
And once you normalize the behavior, it tends to escalate.
You do know that the Internet doesn't guarantee the authenticity of source IP addresses, right? Among the dozens of other ways you can be misled about the source of something?
Not too smart to let your adversary control your targeting.
You do know that most "computer systems" are shared hosting, right?
I can't imagine a "team expert" doing very damn much good in most cases, but I can sure imagine a team cowboy doing a whole helluva lot of damage to disposable tentacles, and whole helluva lot of collateral damage along with it. And probably calling it a "success", too. Then they'll automate it and make it even more braindead. And it'll be another cash cow for the security equipment makers, and the software industry as a whole will continue to whine that it can't possibly make, you know, software that works and is at least slightly difficult to disrupt.
Also, I challenge you to come up with a symbol for saving files without using a diskette or something like that.
Letter "S", followed by "A", "V", and "E".
Alphabetic writing replaced hieroglyphics because it was superior. Icons were acceptable when you had to know 4 or 5 of them. Dozens of incomprehensible pictograms are a sign that the whole paradigm has gone off the rails.
It may be true that "traditional visual metaphors no longer translate to modern users", but what about older users? Should we just dismiss their needs?
Older users aren't idiots. And most of them learned to read when they were younger.
Right. "Apparent" FTL is not excluded by General Relativity. However, what General Relativity, and even Special Relativity, do say is that, if you have "apparent" FTL, you also have "apparent" time travel, and "apparent" violations of causality.
Neither time travel nor violations of causality are the sorts of things you'd expect to miss on Earth, because you'd have people coming back in time to violate causality all over the place.
So, where are the time travel and causality violations, then? Seems we have pretty strong evidence that FTL, "apparent" or otherwise, is not possible in the actual world.
Oh, yeah, and to take it back to the topic, the question of whether some random black box computer is infected with something is also undecideable. And, worse, impractical to even make a good guess at.
The cases that prove that program property X is undecidable and program property Y is superexponential to determine are almost universally pathological ones that nobody would want to do anyway. When they're not, they can often be worked around.
You CAN prove useful things about large classes of bugs in programs. No, you can't prove those things about every program you can run on a Turing machine, but that's irrelevant, and clinging to it causes serious defeatism that sets back the field. You don't have to be able to prove every arbitrary program; you just have to be able to construct a program you can prove.
If anything, the hard part is formulating what you want to prove. There will always be holes in that, but that doesn't mean it's not worth doing what you can.
y don't have to worry about backing up their local mail, or having a virus delete it. It's there from whatever machine they are using, at home, on the go, at the office, whatever, it's all the same. When their computer dies and they replace it, they can just start up again right where they left off.
Wow, you mean just like what IMAP was doing before the Web was ever invented? Great, webmail has almost gotten the basics into place.
Now all it needs is seamless integration of multiple accounts, easy transfer of mail between accounts, a standard protocol/API for manipulating mail, offline operation, a truly responsive UI, a way to encrypt mail without giving your host the key, timely notifications without keeping a Web page/browser open, ease of installation if you want to run your own server, and whatever else the Web-based toys are missing.
Apparently, by "better", you mean "lowest common denominator".
Um, your culture? Your traditions? Your ancestry? You can't think of anything that somebody might use to define a country other than its location and its government?
I think those things are BS, and I think patriotism is nothing but soft nationalism and needs to go away. But it's just absolutely idiotic to say that governments are all patriotic people have to be attached to. Or even that governments are what most of them are attached to.
Modern software engineering practice doesn't produce uncrackable systems. Not, at least, when it also has to come in at a reasonable cost, show reasonable performance, keep delivering a constant stream of new features under competitive pressure, and support a wide range of applications. Boot loaders have bugs. Kernels have bugs. User space has bugs.
Lots of devices try to have secure boot chains. Few if any succeed. Somebody finds a bug, subverts some piece of code, and pwns. It's the nature of these things. How long does it usually take before there's a software jailbreak for a new iPhone version? A week, maybe? I suspect that the iPhone is architecturally "secure", but in practice you can get control of it.
Maybe it can be stopped for some devices, but it sure can't be stopped "easily", and it usually can't be stopped with great confidence. And "for the mass market", it's not worth the cost to try all that hard.
Here comes the oblibatory car analogy: I buy a car from you. A week later, you decide you didn't want to sell it, so you come over to my house, hotwire it, and stick the money back through my mail slot. Sorry, not going to fly, especially not if, say, I miss work the next day and lose my job because of your actions. It's not your choice any more, and you are civilly and criminally liable for what you did, refund or no refund.
Sony's legal situation isn't that clear cut for several reasons... but their ethical situation is exactly the same, and given that any contract that gives them any "right" to do what they're doing is a surely a contract of adhesion, possibly unconscionable, and possibly contrary to public policy or even direct statute, they're not exactly in the clear legally.
The refund is not going to be an adequate remedy for a lot of people, and even if it were, it's not Sony's choice to make.
Second, small claims court doesn't help.
Small claims court usually has a filing fee, and you have to go down there and appear, thus spending time that has a real monetary value. Then you get to spend more time and money getting Sony to notice your judgement and pay it, possibly including threatening to take them to "real" court". It's not feasible to do that to get a $15 refund or a $50 refund. For most people, it wouldn't be reasonable from a financial point of view if it were less than several hundred dollars. And small claims court can't give you any injunctive relief, either let alone give any third party any injunctive relief.
The only people who mess with small claims court are going to be people who want to spend lots of time to make a point, and there aren't that many people like that. Sony is therefore pretty much free to steal all it wants, as long as it steals it a little at a time. The only real court remedy for something like this is a class action, and that's a huge project that has its own problems.
I can think of no such circumstances where an actual test for impairment at the relevant time wouldn't do a better job.
Make 'em play a video game. Make 'em do a dry run of whatever. Measure their reflexes. Whatever makes sense for the task at hand. The technology exists for essentially every task.
If you're impaired, I don't care WHY you're impaired. What matters is that you're impaired. Testing for some causes and not others is obvious evidence that the impairment isn't what the people ordering the tests care about. Drug testing is and always has been about moral panic (and about hucksters whipping up that panic for their own gain).
Cisco makes gear to let governments spy on their citizens. Every major network equipment manufacturer makes it. All of them. Every major network operator buys it. Practically every government requires it if you're going to build a public network. They sell it, and, yeah, that means they support it, in every sense of the word.
It's called "Lawful Intercept" by its friends, and "sleazy narcing" by its enemies.
It's an idea pioneered right in the U S of A. CALEA, Baby.
Sometimes it's used for Good(TM) and sometimes it's used for Evil(TM). No government is immune to the Evil. The US government, specifically, is almost certainly abusing it, and even if it's not, the EFF sure thinks it is.
Even if it's not being abused in the sense of illegal use, it's being used heavily to enforce laws the EFF and its main backers don't agree with.
So why isn't the EFF coming down on Cisco for selling such equipment in the US? It's not like the EFF believes the US is pure. Nor any of the many other major governments.
The fact is that all the network gear makers sold out ages ago, back when this whole spying thing first came up in the US. The precedent is set, the principle is established. There's no going back. Governments get what they want on the Net, period. US, China, North Korea, whoever.
At this point, it's self help. Encrypt your data, use relays, use steganography, whatever. But it's way too late to try to fix the equipment makers. The EFF is just grandstanding.
OK, let's just have a look at that report, shall we?
"Activations" involving photographs on laptops issued to students were grouped into these categories:
"Stolen student laptops". AKA "playing cop and spying on people who probably stole laptops". 18,782 photographs, 17,258 screenshots. Probably no legal authority. If you or I had done it: probably given a pass because we were trying to identify a Bad Guy and legitimately had no idea where the machines were... however, it's also probably illegal. There's no legal exemption I know of for peeping to find your stolen property. That's for law enforcement with warrants, not random school officials.
"Laptops Not Returned by Students Who Withdrew from School". AKA "playing cop and spying on kids who may have stolen or forgotten to return laptops". 2,366 photographs, 1,332 screenshots. Doesn't say whether they tried, you know, calling the kids on the phone first. Report says "In any event, the wisdom and propriety of activating image tracking in these circumstances are questionable at best." Actual legal justification for doing this: zero. If you or I had done it: criminal charges probable.
"Missing Student Laptops". AKA "if we give them the benefit of the doubt, just taking a peek through the webcam and hoping they can recognize where the machine is". 6,693 photographs, 6,693 screenshots. Photographs probably legal if they weren't actually trying to watch any actual person. Screenshots probably wiretapping. If you or I had done it: get a good lawyer, but you might skate by claiming the screenshots were inadvertant..
"Image-Tracking of Laptop for Which Insurance Fees Were
Unpaid". AKA "total overreaction, spying on a kid to get information
about a machine you accidentally handed to him, with no suspicion of
any intent to on his part to steal it, no attempt to contact him,
and reason to suspect he wouldn't just cooperate with you if you
did contact him, plus bonus
escalation to an investigation of personal activities (probably sex
chat) based on a screen shot.". 210 photographs, many taken after the
precise physical location of the laptop was established. If you or I did it: criminal
charges probable.
"Mistake Activations for Student Laptops". AKA "random incompetence". 6 photographs, 4 screenshots. If you or I had done it: honest mistake, we'd probably be OK.
"Activations for Student Laptops for Reasons Unknown". AKA "nobody bothered to say why", 3/10, "nobody bothered to say anything at all", 7/10. 2,507 photographs, 2,212 screenshots. If you or I did it: probably legally OK because burden would be on the prosecution to prove we did it on purpose and for invalid purposes. However, they'd probably have tried to charge us anyhow, given that it involved kids.
US attorney's decision: "no sufficient evidence of criminal intent"... despite the intentional commission of multiple clearly criminal acts by multiple people working in concert over a long period of time. Chance that you or I would get that kind of consideration for our stupidity or ignorance of the law: approximately zero. Unless we worked for some kind of corporation or other institution with "respectability", in which case the US attorney would similarly serve "justice" by letting us go. It's amazing how much the credibility of the evidence against you varies by who you are.
Bottom line: these people were let skate because they were "nice" types working for the "good guys" and "just trying to do their jobs". Identical behavior by an average citizen acting alone would probably get criminal charges. Identical behavior by somebody actually "anti-establishment" would probably get hundreds, maybe thousands of counts, plus conspiracy and a whole raft of add-ons, and a serious drive for a conviction... which would probably succeed, because the behavior really is illegal.
NO, the Feds don't think it's the right of any government employee to spy on citizens. YES, the Feds won't treat your
Slashdot Mirror
"Sample" is different from "statistical sample". If you qualify "sample" with "statistical", you have to be able to say what a "nonstatistical sample" would be.
The point of a selection procedure is to avoid screwing up the data by introducing biases. In their case, the test group was identical to the control group, so there is basically NO selection procedure they could have used that would have invalidated their finding that the phenomenon exists. If they were trying to compare individual delivery areas against each other in more than an informal "We didn't see this outside the US" way, they would have to be more careful... but their main point is that they do see it in at least some areas of the US, which is valid regardless of whether they covered the US evenly or without bias, or of whether or not it happens outside the US.
Any data CAN be explained by coincidence. It COULD be that there's no causality in the Universe, and every event anybody has observed so far has just been pure coincidence that randomly happened to look causal. The question is how probable you find that to be under reasonable epistemic assumptions.
The standard null-hypothesis p-value method for finding such probabilities puts the chance of coincidence at less than 2 percent for the lost packages, and less than one tenth of a percent for the delays. There are, of course, alternative views on hypothesis testing. I really don't think you want to risk asking the Bayesians what they think, because they're likely to put the probability of coincidence even lower. That leaves you with the philosophies that basically deny that any data can tell you anything at all. Want to go there?
We can argue about causes, but "coincidence" is not credible.
What, exactly, do you mean by "it wasn't a statistical sample"? "Statistical sample" is not a statistical term.
It was a perfectly valid sample over delivery routes, it had a meaningful if not fabulous N, and it also had a control that most data can only dream of. The non-response rate was 4 out of the 89, which means that there really wasn't a chance of selective response removing the significance.
And all the packages WERE NOT delivered. 9 out of 89 packages "atheist" packages never arrived, versus 1 out of 89 "non-atheist" packages. Do 10 percent of your packages get lost? Because I order a lot of stuff by mail, and I don't see lost packages enough to even notice it.
p=.018 on the lost packages. Medical studies wish they could hit that kind of significance on a regular basis. p.001 and a huge effect size on the delays; that sort of thing is treated as more or less certainty in a lot of places, including biology and all of the social sciences.
The only way you could invalidate that would be if you assumed that somebody was outright lying: either the people running the study, or a LOT of the recipients.
I'm forced to conclude that you wouldn't know a "statistical sample" if it bit you on the behind.
I'm not disappointed at all. I'm reacting to somebody who seems to think the job is done when it's not.
All I'm saying is that the present, early stuff is NOT "sufficient for 90% of possible use cases". That doesn't mean I don't realize that things are still at an early stage and progress is being made.
If I tried to teach a human, or indeed if I set an untaught human loose on an unstructured problem, and that human turned around and demanded a huge mass of annotated data, I would not conclude that the human was a good learner, or even "sufficient for 90% of possible use cases". I would conclude that the human didn't have the complete machinery of learning.
True enough. C and all its progeny need to go away. Memory safety and type safety are not optional in critical code.
Or is that not what you meant?
What, exactly, do you think "the cloud" is? Hint: what you describe is the essence of the cloud.
How do the data get from the device to the cloud? Why, via a local reader. Essentially the same hardware could give the patient the data without involving the manufacturer, which would be a much more secure and robust design as well as keeping control where it belongs. Whether or not you involve the doctor is a separate decision... but it's a lot easier not to involve the doctor if you don't have to deal with going through the manufacturer and then authenticating who's asking.
And TFA is talking about the fact that patients can't just "dial in and bypass their doctors". They're told nothing at all unless they go through the doctor. In fact, one of the people in the article had a critical malfunction, which I'm sure the device knew about, and wasn't even told that. And that is caused by this design. If the patient's local reader were under local control, then it wouldn't even be possible.
Nope, but I didn't whine about it.
I used to handle ALL of these issues for a very large vendor. Yes, people did wake me up over things, until I wised up that my employer's problems during my off hours were in fact my employer's problems, not mine, and that my employer as an institution didn't give a fuck about anything but saving face.
I quit about the time vendors started trying to dodge responsibility by talking about other people's "responsible disclosure".
You are not entitled to know about a problem before those who are actually affected (hint: that's the users, not you). Your company's unwillingness to staff 24-hour incident response does not entitle it to special consideration. Maybe early disclosure to you would help the customers you've already failed... if you could turn a patch around in, say, a week. So few companies do that that it's not really worth the discoverer's time to think about the possibility. The usual "responsible disclosure" demand for weeks or months to accommodate internal laziness, bureaucracy, incompetence, and spin control is ridiculous and helps nobody but the vendors themselves.
Any vulnerability could very well already be known to some bad guys somewhere... and most vendors leak the information like crazy once they have it, long before they get their patches out. So waiting around for vendors just creates more risk. It's end user self-help or nothing.
Your company really lost all right to act wronged the minute it released the buggy code. If somebody wants to give you a few extra hours, I won't fault that person, but I won't say it's good, either.
Toughen up. Maybe you should try to release fewer bugs.
You deserve it when you run crappy software that needs a firewall in front of it to be minimally safe.
Especially when that software has to enforce internal permissions and boundaries.
Sorry, but I'm pretty sick of these excuses for garbage code.
These devices shouldn't be shipping anything sensitive into the "the cloud" in the first place. They should be delivering the data to local readers operated by patients and/or doctors... who may or may not then choose to give some information to the device builders and/or to others.
That's where regulation should be aiming: total local patient control from the get-go.
Why is the word "slut" used as an insult? Because apparently some people think the worst thing a woman can do is like sex, have a lot of it, and not be anybody's property. I guess that makes people nervous. Of course, it seems a lot of people think the second worst thing a woman can do is be a "stuck-up cockteasing bitch".
So, basically, any woman who wants to make her own sexual choices is going to get shit for it unless her choices exactly match what somebody else wants. Which changes from person to person and from moment to moment. So she's really just shit out of luck.
Which sucks. And is specific to women. So perpetuating it is misogynistic. Even when women do it. Which many do.
It's not misogynistic because somebody guessed that a woman was female. It's misogynistic because it's always misogynistic to use "slut" as an insult. Every time. Regardless of how much sex somebody does or does not have, and regardless of whether or not that has anything to do with whatever's being discussed.
You have no license to use the word, ever. People will call you on it. Grow up and deal with it.
Here is the kind of double checking we got from "analog blackwater". You may have noticed it caused kind of a bit of concern at the time.
Why would one expect "digital blackwater" to be better, exactly? Cowboys are cowboys.
It's not that easy to get into just anything on demand. This team of yours is going to be under pressure to produce results. How long before they decide they have a "critical need" to resort to denial of service? Or before they decide that the best way in is to hack the hosting or virtualization platform itself, get that wrong, and shut down a bunch of innocents?
And shared hosting doesn't totally isolate clients from one another, either. Not even VPSes.
Um, people aren't generally that disciplined. The priorities of the moment take over. Especially because the incentives of the actual humans involved are not the incentives of the corporation. Get the boss off your back...
And what makes you think this mythical tiger team is going to make itself easy to trace and sue, anyway? You want to be stealthy so the "bad guys" don't come back on you. And, hey, you might as well be stealthy so that damaged third parties can't come back on you, either. "After all", these people will reason, "it was just an honest mistake".
So people getting sued would probably be a rarity, and that would lead to a "can't happen to me" attitude.
And once you normalize the behavior, it tends to escalate.
You do know that the Internet doesn't guarantee the authenticity of source IP addresses, right? Among the dozens of other ways you can be misled about the source of something?
Not too smart to let your adversary control your targeting.
You do know that most "computer systems" are shared hosting, right?
I can't imagine a "team expert" doing very damn much good in most cases, but I can sure imagine a team cowboy doing a whole helluva lot of damage to disposable tentacles, and whole helluva lot of collateral damage along with it. And probably calling it a "success", too. Then they'll automate it and make it even more braindead. And it'll be another cash cow for the security equipment makers, and the software industry as a whole will continue to whine that it can't possibly make, you know, software that works and is at least slightly difficult to disrupt.
No, thanks.
Letter "S", followed by "A", "V", and "E".
Alphabetic writing replaced hieroglyphics because it was superior. Icons were acceptable when you had to know 4 or 5 of them. Dozens of incomprehensible pictograms are a sign that the whole paradigm has gone off the rails.
Older users aren't idiots. And most of them learned to read when they were younger.
Right. "Apparent" FTL is not excluded by General Relativity. However, what General Relativity, and even Special Relativity, do say is that, if you have "apparent" FTL, you also have "apparent" time travel, and "apparent" violations of causality.
Neither time travel nor violations of causality are the sorts of things you'd expect to miss on Earth, because you'd have people coming back in time to violate causality all over the place.
So, where are the time travel and causality violations, then? Seems we have pretty strong evidence that FTL, "apparent" or otherwise, is not possible in the actual world.
Oh, yeah, and to take it back to the topic, the question of whether some random black box computer is infected with something is also undecideable. And, worse, impractical to even make a good guess at.
The cases that prove that program property X is undecidable and program property Y is superexponential to determine are almost universally pathological ones that nobody would want to do anyway. When they're not, they can often be worked around.
You CAN prove useful things about large classes of bugs in programs. No, you can't prove those things about every program you can run on a Turing machine, but that's irrelevant, and clinging to it causes serious defeatism that sets back the field. You don't have to be able to prove every arbitrary program; you just have to be able to construct a program you can prove.
If anything, the hard part is formulating what you want to prove. There will always be holes in that, but that doesn't mean it's not worth doing what you can.
Wow, you mean just like what IMAP was doing before the Web was ever invented? Great, webmail has almost gotten the basics into place.
Now all it needs is seamless integration of multiple accounts, easy transfer of mail between accounts, a standard protocol/API for manipulating mail, offline operation, a truly responsive UI, a way to encrypt mail without giving your host the key, timely notifications without keeping a Web page/browser open, ease of installation if you want to run your own server, and whatever else the Web-based toys are missing.
Apparently, by "better", you mean "lowest common denominator".
Um, your culture? Your traditions? Your ancestry? You can't think of anything that somebody might use to define a country other than its location and its government?
I think those things are BS, and I think patriotism is nothing but soft nationalism and needs to go away. But it's just absolutely idiotic to say that governments are all patriotic people have to be attached to. Or even that governments are what most of them are attached to.
Actually, no, it can't.
Modern software engineering practice doesn't produce uncrackable systems. Not, at least, when it also has to come in at a reasonable cost, show reasonable performance, keep delivering a constant stream of new features under competitive pressure, and support a wide range of applications. Boot loaders have bugs. Kernels have bugs. User space has bugs.
Lots of devices try to have secure boot chains. Few if any succeed. Somebody finds a bug, subverts some piece of code, and pwns. It's the nature of these things. How long does it usually take before there's a software jailbreak for a new iPhone version? A week, maybe? I suspect that the iPhone is architecturally "secure", but in practice you can get control of it.
Maybe it can be stopped for some devices, but it sure can't be stopped "easily", and it usually can't be stopped with great confidence. And "for the mass market", it's not worth the cost to try all that hard.
I have a child. I'm about 50 years old. You are wrong. Grandparent is right.
First, a refund isn't adequate.
Here comes the oblibatory car analogy: I buy a car from you. A week later, you decide you didn't want to sell it, so you come over to my house, hotwire it, and stick the money back through my mail slot. Sorry, not going to fly, especially not if, say, I miss work the next day and lose my job because of your actions. It's not your choice any more, and you are civilly and criminally liable for what you did, refund or no refund.
Sony's legal situation isn't that clear cut for several reasons... but their ethical situation is exactly the same, and given that any contract that gives them any "right" to do what they're doing is a surely a contract of adhesion, possibly unconscionable, and possibly contrary to public policy or even direct statute, they're not exactly in the clear legally.
The refund is not going to be an adequate remedy for a lot of people, and even if it were, it's not Sony's choice to make.
Second, small claims court doesn't help.
Small claims court usually has a filing fee, and you have to go down there and appear, thus spending time that has a real monetary value. Then you get to spend more time and money getting Sony to notice your judgement and pay it, possibly including threatening to take them to "real" court". It's not feasible to do that to get a $15 refund or a $50 refund. For most people, it wouldn't be reasonable from a financial point of view if it were less than several hundred dollars. And small claims court can't give you any injunctive relief, either let alone give any third party any injunctive relief.
The only people who mess with small claims court are going to be people who want to spend lots of time to make a point, and there aren't that many people like that. Sony is therefore pretty much free to steal all it wants, as long as it steals it a little at a time. The only real court remedy for something like this is a class action, and that's a huge project that has its own problems.
I can think of no such circumstances where an actual test for impairment at the relevant time wouldn't do a better job.
Make 'em play a video game. Make 'em do a dry run of whatever. Measure their reflexes. Whatever makes sense for the task at hand. The technology exists for essentially every task.
If you're impaired, I don't care WHY you're impaired. What matters is that you're impaired. Testing for some causes and not others is obvious evidence that the impairment isn't what the people ordering the tests care about. Drug testing is and always has been about moral panic (and about hucksters whipping up that panic for their own gain).
Cisco makes gear to let governments spy on their citizens. Every major network equipment manufacturer makes it. All of them. Every major network operator buys it. Practically every government requires it if you're going to build a public network. They sell it, and, yeah, that means they support it, in every sense of the word.
It's called "Lawful Intercept" by its friends, and "sleazy narcing" by its enemies.
It's an idea pioneered right in the U S of A. CALEA, Baby.
Sometimes it's used for Good(TM) and sometimes it's used for Evil(TM). No government is immune to the Evil. The US government, specifically, is almost certainly abusing it, and even if it's not, the EFF sure thinks it is.
Even if it's not being abused in the sense of illegal use, it's being used heavily to enforce laws the EFF and its main backers don't agree with.
So why isn't the EFF coming down on Cisco for selling such equipment in the US? It's not like the EFF believes the US is pure. Nor any of the many other major governments.
The fact is that all the network gear makers sold out ages ago, back when this whole spying thing first came up in the US. The precedent is set, the principle is established. There's no going back. Governments get what they want on the Net, period. US, China, North Korea, whoever.
At this point, it's self help. Encrypt your data, use relays, use steganography, whatever. But it's way too late to try to fix the equipment makers. The EFF is just grandstanding.
OK, let's just have a look at that report, shall we?
"Activations" involving photographs on laptops issued to students were grouped into these categories:
"Stolen student laptops". AKA "playing cop and spying on people who probably stole laptops". 18,782 photographs, 17,258 screenshots. Probably no legal authority. If you or I had done it: probably given a pass because we were trying to identify a Bad Guy and legitimately had no idea where the machines were... however, it's also probably illegal. There's no legal exemption I know of for peeping to find your stolen property. That's for law enforcement with warrants, not random school officials.
"Laptops Not Returned by Students Who Withdrew from School". AKA "playing cop and spying on kids who may have stolen or forgotten to return laptops". 2,366 photographs, 1,332 screenshots. Doesn't say whether they tried, you know, calling the kids on the phone first. Report says "In any event, the wisdom and propriety of activating image tracking in these circumstances are questionable at best." Actual legal justification for doing this: zero. If you or I had done it: criminal charges probable.
"Missing Student Laptops". AKA "if we give them the benefit of the doubt, just taking a peek through the webcam and hoping they can recognize where the machine is". 6,693 photographs, 6,693 screenshots. Photographs probably legal if they weren't actually trying to watch any actual person. Screenshots probably wiretapping. If you or I had done it: get a good lawyer, but you might skate by claiming the screenshots were inadvertant..
"Image-Tracking of Laptop for Which Insurance Fees Were Unpaid". AKA "total overreaction, spying on a kid to get information about a machine you accidentally handed to him, with no suspicion of any intent to on his part to steal it, no attempt to contact him, and reason to suspect he wouldn't just cooperate with you if you did contact him, plus bonus escalation to an investigation of personal activities (probably sex chat) based on a screen shot.". 210 photographs, many taken after the precise physical location of the laptop was established. If you or I did it: criminal charges probable.
"Mistake Activations for Student Laptops". AKA "random incompetence". 6 photographs, 4 screenshots. If you or I had done it: honest mistake, we'd probably be OK.
"Activations for Student Laptops for Reasons Unknown". AKA "nobody bothered to say why", 3/10, "nobody bothered to say anything at all", 7/10. 2,507 photographs, 2,212 screenshots. If you or I did it: probably legally OK because burden would be on the prosecution to prove we did it on purpose and for invalid purposes. However, they'd probably have tried to charge us anyhow, given that it involved kids.
US attorney's decision: "no sufficient evidence of criminal intent"... despite the intentional commission of multiple clearly criminal acts by multiple people working in concert over a long period of time. Chance that you or I would get that kind of consideration for our stupidity or ignorance of the law: approximately zero. Unless we worked for some kind of corporation or other institution with "respectability", in which case the US attorney would similarly serve "justice" by letting us go. It's amazing how much the credibility of the evidence against you varies by who you are.
Bottom line: these people were let skate because they were "nice" types working for the "good guys" and "just trying to do their jobs". Identical behavior by an average citizen acting alone would probably get criminal charges. Identical behavior by somebody actually "anti-establishment" would probably get hundreds, maybe thousands of counts, plus conspiracy and a whole raft of add-ons, and a serious drive for a conviction... which would probably succeed, because the behavior really is illegal.
NO, the Feds don't think it's the right of any government employee to spy on citizens. YES, the Feds won't treat your