I'm amused by how you're critical of stereotyping humanities students, then move onto stereotyping business students.
You're right that a subset of humanities students would also be successful in a tech field. But there are plenty of tech people who could happily pursue humanities too. There is solid data that STEM majors are more difficult to complete than other fields. A good example is the UCLA Bachelor's Degree study, with figure 3 there being a particularly telling one. If parts of the humanities stepped up their critical thinking difficulty level to where many more students struggle to even absorb it and complete the degree in four years, then you could make a stronger case for the degree teaching those skills. There surely are humanities programs that emphasize that, but you can't really take having a degree as proof that happened.
That's not quite right either. The open-source releases of OpenSSL certainly do not ship with any implied FIPS certification. OpenSSL does offer FIPS validation for a specific build as part of their commercial support program. They say "Support for the FIPS Object Module, including assistance with building a validated module for a specific platform (if possible) is available with the Premium plan". It is not correct that these versions are exactly the same code as the ones first certified long ago.
There was an interesting post to the openssl annoucement mailing list about Flaws in Dual EC DRBG that sheds some more light on this area. It says: "The OpenSSL FIPS module is commonly used as the basis for rebranded proprietary validations (we call these 'private label' validations)", "FIPS 140-2 validations are expensive and difficult, taking on average a year to complete and we have to wait years between validations", and "Even if we wanted to fix it our options are severely constrained by the fact that the CMVP process forbids modifications of any kind (even to address severe vulnerabilities) without the substantial time and expense of formal retesting and review."
All this implies there absolutely are later versions of OpenSSL with FIPS certification out there. You just can't get one without significant input from the commercial end of the OpenSSL Foundation.
I don't expect encryption to save me here in the US, not the way key disclosure law is going so far. There's no perfect solution possible here, and the trade-offs in only having a local copy aren't so great. You have to transport the data over a network to get real redundancy for your notes, which is one of the most important things electronic notes do better than handwritten ones. Recent news has shown in so many ways that you can't expect network privacy either.
I'm skeptical of people who believe their personal systems are beyond monitoring too. If you theorize a world where hostile prosecutors are empowered and interested enough in you to search your private notes, your problems are bigger than how exactly you protected them
It's easy enough to export Evernote data into a directory full of HTML files. I dump mine into the git repo I keep all my important files in. That even keeps formatting and linking, which is a big improvement over most text file oriented solutions. If you're more of a fan of wiki style for that, you can use something like Markdown conversion.
The main tie-breaker reason I ended up at Evernote is full read and write access to the repository on my phone. The days of losing an idea when I'm wandering around are gone. I type it into my phone, and by the time I'm on my desktop that note is stored with more redundancy that I ever achieved on my own.
No dangerous construct warning would have caught heartbleed
Coverity has already come up with such a contruct warning. It is very hindsight oriented.
I'm not sure which part of your long post is the most optimistic. Belief in perfect test coverage? By definition bugs come from things you (and/or the fuzzing developers) didn't think to test. That's at least a noble goal. Can't say the same about deciding to build custom VPN software. You've got some hubris dude.
Some of the models from 1993 and 1994 have a drainage channel for spills. See the Design section of Model M Keyboard to find out the model numbers. I consider those the peak of the Model M design. The quality dropped noticeably starting in 1995, due to cost cutting changes also mentioned there.
Lexmark ruined the design with a set of 1994 cost cutting changes. Models from 1995 and later have a noticeably worse typing feel to them. Unfortunately that lower quality 1995+ version is what Unicomp inherited. They make an OK descendent of the Model M design, but it's surely not the same keyboard as the classic design.
The Model M was redesigned by Lexmark in 1994 to use lighter, cheaper components. All of the units from 1995 and later are substandard compared to the earlier ones. The backplate is just one of the problems.
Engineered quality peaked with the 1993 and 1994 models that were updated to have a liquid drainage channel.
Amazon is in a death spiral, or is already dead to technical people? Dude, you know how to tell a funny story, I'll give you that. I am more troubled by Bezos's inconsistent stand on patents than knee-jerk characterization of his personal politics. Hint: is he a conservative Republican tool, or a super rich liberal? Labels are so tricky.
I am highly skeptical of claims toward the OSS router firmware scene being less useful than manufacturer provided ones. You're right that speed to support new features lags in OSS, but who cares? I buy the router based on the hardware compatibility list, not the other way around. Reliability and longevity is a lot more important to me than the new shiny. You're also right that today it may be difficult to meet all the requirements with open code, with AC support being a sore point. I'd use that as a reason to delay the purchase until i can though, not as an excuse to head any distance back toward less open development models.
I still have two Linksys WRT54GL units left in operation. Long after Cisco/Linksys stopped worrying about that hardware, I was happily served by the software communities around DD-WRT and then Tomato. Manufacturers like Ubiquiti are useful to me to the extent they embrace that philosophy. In the last year Linksys seems to be moving back in the right direction again. We'll see how that plays out.
I'm also skeptical that having two points of failure in a network can ever be more reliable than one, which complicates your flexibility argument. Whenever I decouple routing and wireless onto separate boxes, problem resolution is harder compared to having a single unit to swap out. One of the reasons I ended up with so many cheap WRT54GL units is that I could easily have a spare with a duplicated configuration for every install. At any scent of trouble, I just replaced the whole unit.
I don't know when you got your Netgear GS108T units at, but somewhere in that product's lifecycle it turned bad. My experience mirrors the highest rated critical review at Newegg, circa 2011 and talking about the decline. There are several reasons why the current version of the product only averages 3 stars there, and why 28% of buyers are giving this 1 star now. I have a good, older GS108T and a worthless newer one. Each firmware update is rolling the dice.
That's actually the core argument behind why I won't buy a manufacturer only firmware network product anymore. When the Netgear firmware on a Netgear product is broken and that's the only option, you now have a paperweight. The Tomato firmware upgrade scene for routers is more complicated than I'd like sometimes, but it always gives you multiple options. I'm using an Asus RT-N66 right now, and I don't ever expect its CPU performance is going to be a bottleneck for me. I'm using the Netgear switches only to add more wired ports than it supports.
It's not "simply" though. The interfaces in OpenSSL and GnuTLS are not swappable APIs. We went over this a few years ago for PostgreSQL, and one of the major issues was having too many OpenSSL-isms in our code to swap easily.
Those of us who dislike bad open source licenses have been trying to kick OpenSSL out of projects for years now, and it hasn't gone anywhere but upward in adoption. I've been amazed at how often I see its advertising clause in the credits of video games I play.
You're probably thinking of the 2011 Visa/Mastercard settlement, which explicitly allows variable prices based on form of payment. Not every state was involved in that lawsuit though, and there may very well be some that prohibit it.
The option of a class action lawsuit is being removed here in the US as fast as companies can rewrite contracts to do so, in favor of forced arbitration
Coin locked carts have been at US stores before. Here in Baltimore, the BJ's I used to shop at had them in their lot around 5 years ago. It was interesting to watch that unfold as a new social dynamic. I tried to hand over my activated cart with the quarter in it to parents wrangling smaller children when I left.
Re:Parallel 2/3 didn't work in Windows until 3.3
on
Python 3.4 Released
·
· Score: 1
OK, it took until 3.3 before this was straighforward in Windows. Why is that still relevant today? Python 3.0 came out at the end of 2008, and several parts of the 2.X transition were still pretty rough then. A poster above made a nice comment about how that's played out: "Python 3.3 (or 3.4, as this article is about) is not 3.0 or 3.1. There is a lot of things that have been fixed along the way." Having an upgrade path that's possible to follow smoothly has been a design goal of 3.0 since its early days, but it wasn't quite there yet when 3.0 first shipped. That's history at this point though.
EnterpriseDB is an important part of PostgreSQL development with several contributors, but they still work within the larger development community of contributors. There are other companies with just as many contributors, with one example being how 2ndQuadrant is adding logical replication features.
One way you can tell if an open source project has a real community is whether the project would go on even if the largest company contributing code disappeared. Linux would survive RedHat disappearing, and PostgreSQL would certainly survive EDB going out of business. That's not even a theoretical question, because the PostgreSQL community is informed by having seen it happen once already. A company named Great Bridge hired a good percentage of the PostgreSQL community once, and then failed after running out of VC cash.
Yes, you did miss the expose, there have been hundreds of lawsuits. They went to the supreme court. Farmers who don't use Monsanto's seeds can go out of business from the legal risk they take on. It's a classic protection money racket. You pays your tribute to buy our seeds, or something unfortunate might happen to your crop one day, when our lawyers come to break your kneecaps.
I'm so skeptical I'll even debunk your joke. The mainstream statistic you'll see quoted everywhere is that true celiac disease hits 1 in 133 people. The number of gluten free food shoppers is a multiple of that, because that doesn't count people with milder gluten intolerance; households where everyone eats GF because of one member; and the recent GF fad shoppers. The household ripple alone is so huge, even Betty Crocker runs around selling to this market because they believe "28 percent of consumers seek out gluten-free foods". And all that was going on before GF became mainstream as a dieting fad.
Meanwhile, diabetes hits 8.3% of the population and there isn't nearly as much of a ripple to household members.
I agree with your skepticism that celery derived bacon will have more nitrates. The nitrate amount in the final product is determined by the quantity of curing product used, and presuming that all celery based methods will result in more is impossible. You could surely game that by using more curing product than is strictly necessary on one side of the comparison.
But the reason you are not finding the hard numbers you want is that a simple celery based method doesn't have them, and never will. The amount of nitrate in a celery stalk varies based on how it was grown. You might be able to sample a given batch for its chemical properties, but you cannot predict them. To quote from an intro to meat curing: "There are absolutely no regulations or standards as to the amount of nitrate [celery] contains. Even if you use the same amount in every salami you make, you could quite easily be adding too much or too little nitrate to your cured meats."
Until Whole Foods publishes exactly what their manufacturing QA process is, we can't know how it compares to the well documented "pink salt" formula. I can offer a logical argument that there are probably more nitrates in the end result though. The downsides to using too much curing product are excessive nitrates in the result and too much "salt" flavor. The downside to using too little could be botulism, and inspection may reject it. If you're manufacturing food and the incoming strength of the nitrate is unpredictable, the case with celery, the obvious way to navigate that risk/reward tradeoff is to err toward using more than you strictly need. Then even if that celery batch absorbed a bit less nitrogen than average, you'll still be safe. But the average nitrate of that approach will be higher than a more predictable process.
No, the GF "twits" are the ones who have no allergy issues at all; that's why they're twits for eating this way. If someone is avoiding gluten based on the perception of a food intolerance or allergy--but without test results to back it up--that's not well accepted by mainstream medicine. But no one is suggesting they belong in the group that's being openly mocked here.
The GF section of your average Whole Foods hasn't grown that much since the products became a mainstream fad, you probably just weren't paying attention to it until recently. They've always had a large section for them, and they pushed into that market hard with their own "GlutenFree Bakehouse®" products ten years ago. That was based on the observation that almost 1% of people in the US has celiac disease, and those people heavily sway food purchases for their entire house/family.
Slashdot Mirror
I'm amused by how you're critical of stereotyping humanities students, then move onto stereotyping business students.
You're right that a subset of humanities students would also be successful in a tech field. But there are plenty of tech people who could happily pursue humanities too. There is solid data that STEM majors are more difficult to complete than other fields. A good example is the UCLA Bachelor's Degree study, with figure 3 there being a particularly telling one. If parts of the humanities stepped up their critical thinking difficulty level to where many more students struggle to even absorb it and complete the degree in four years, then you could make a stronger case for the degree teaching those skills. There surely are humanities programs that emphasize that, but you can't really take having a degree as proof that happened.
That's not quite right either. The open-source releases of OpenSSL certainly do not ship with any implied FIPS certification. OpenSSL does offer FIPS validation for a specific build as part of their commercial support program. They say "Support for the FIPS Object Module, including assistance with building a validated module for a specific platform (if possible) is available with the Premium plan". It is not correct that these versions are exactly the same code as the ones first certified long ago.
There was an interesting post to the openssl annoucement mailing list about Flaws in Dual EC DRBG that sheds some more light on this area. It says: "The OpenSSL FIPS module is commonly used as the basis for rebranded proprietary validations (we call these 'private label' validations)", "FIPS 140-2 validations are expensive and difficult, taking on average a year to complete and we have to wait years between validations", and "Even if we wanted to fix it our options are severely constrained by the fact that the CMVP process forbids modifications of any kind (even to address severe vulnerabilities) without the substantial time and expense of formal retesting and review."
All this implies there absolutely are later versions of OpenSSL with FIPS certification out there. You just can't get one without significant input from the commercial end of the OpenSSL Foundation.
That's why I avoid all this open-source hippie code and only use genuine RSA BSAFE.
I don't expect encryption to save me here in the US, not the way key disclosure law is going so far. There's no perfect solution possible here, and the trade-offs in only having a local copy aren't so great. You have to transport the data over a network to get real redundancy for your notes, which is one of the most important things electronic notes do better than handwritten ones. Recent news has shown in so many ways that you can't expect network privacy either.
I'm skeptical of people who believe their personal systems are beyond monitoring too. If you theorize a world where hostile prosecutors are empowered and interested enough in you to search your private notes, your problems are bigger than how exactly you protected them
It's easy enough to export Evernote data into a directory full of HTML files. I dump mine into the git repo I keep all my important files in. That even keeps formatting and linking, which is a big improvement over most text file oriented solutions. If you're more of a fan of wiki style for that, you can use something like Markdown conversion.
The main tie-breaker reason I ended up at Evernote is full read and write access to the repository on my phone. The days of losing an idea when I'm wandering around are gone. I type it into my phone, and by the time I'm on my desktop that note is stored with more redundancy that I ever achieved on my own.
No dangerous construct warning would have caught heartbleed
Coverity has already come up with such a contruct warning. It is very hindsight oriented.
I'm not sure which part of your long post is the most optimistic. Belief in perfect test coverage? By definition bugs come from things you (and/or the fuzzing developers) didn't think to test. That's at least a noble goal. Can't say the same about deciding to build custom VPN software. You've got some hubris dude.
My Dynaco ST-70 tube amp from the early 60's is older than any of the toilets I use regularly.
Some of the models from 1993 and 1994 have a drainage channel for spills. See the Design section of Model M Keyboard to find out the model numbers. I consider those the peak of the Model M design. The quality dropped noticeably starting in 1995, due to cost cutting changes also mentioned there.
Lexmark ruined the design with a set of 1994 cost cutting changes. Models from 1995 and later have a noticeably worse typing feel to them. Unfortunately that lower quality 1995+ version is what Unicomp inherited. They make an OK descendent of the Model M design, but it's surely not the same keyboard as the classic design.
The Model M was redesigned by Lexmark in 1994 to use lighter, cheaper components. All of the units from 1995 and later are substandard compared to the earlier ones. The backplate is just one of the problems.
Engineered quality peaked with the 1993 and 1994 models that were updated to have a liquid drainage channel.
Amazon is in a death spiral, or is already dead to technical people? Dude, you know how to tell a funny story, I'll give you that. I am more troubled by Bezos's inconsistent stand on patents than knee-jerk characterization of his personal politics. Hint: is he a conservative Republican tool, or a super rich liberal? Labels are so tricky.
I am highly skeptical of claims toward the OSS router firmware scene being less useful than manufacturer provided ones. You're right that speed to support new features lags in OSS, but who cares? I buy the router based on the hardware compatibility list, not the other way around. Reliability and longevity is a lot more important to me than the new shiny. You're also right that today it may be difficult to meet all the requirements with open code, with AC support being a sore point. I'd use that as a reason to delay the purchase until i can though, not as an excuse to head any distance back toward less open development models.
I still have two Linksys WRT54GL units left in operation. Long after Cisco/Linksys stopped worrying about that hardware, I was happily served by the software communities around DD-WRT and then Tomato. Manufacturers like Ubiquiti are useful to me to the extent they embrace that philosophy. In the last year Linksys seems to be moving back in the right direction again. We'll see how that plays out.
I'm also skeptical that having two points of failure in a network can ever be more reliable than one, which complicates your flexibility argument. Whenever I decouple routing and wireless onto separate boxes, problem resolution is harder compared to having a single unit to swap out. One of the reasons I ended up with so many cheap WRT54GL units is that I could easily have a spare with a duplicated configuration for every install. At any scent of trouble, I just replaced the whole unit.
I don't know when you got your Netgear GS108T units at, but somewhere in that product's lifecycle it turned bad. My experience mirrors the highest rated critical review at Newegg, circa 2011 and talking about the decline. There are several reasons why the current version of the product only averages 3 stars there, and why 28% of buyers are giving this 1 star now. I have a good, older GS108T and a worthless newer one. Each firmware update is rolling the dice.
That's actually the core argument behind why I won't buy a manufacturer only firmware network product anymore. When the Netgear firmware on a Netgear product is broken and that's the only option, you now have a paperweight. The Tomato firmware upgrade scene for routers is more complicated than I'd like sometimes, but it always gives you multiple options. I'm using an Asus RT-N66 right now, and I don't ever expect its CPU performance is going to be a bottleneck for me. I'm using the Netgear switches only to add more wired ports than it supports.
It's not "simply" though. The interfaces in OpenSSL and GnuTLS are not swappable APIs. We went over this a few years ago for PostgreSQL, and one of the major issues was having too many OpenSSL-isms in our code to swap easily.
Those of us who dislike bad open source licenses have been trying to kick OpenSSL out of projects for years now, and it hasn't gone anywhere but upward in adoption. I've been amazed at how often I see its advertising clause in the credits of video games I play.
You're probably thinking of the 2011 Visa/Mastercard settlement, which explicitly allows variable prices based on form of payment. Not every state was involved in that lawsuit though, and there may very well be some that prohibit it.
The option of a class action lawsuit is being removed here in the US as fast as companies can rewrite contracts to do so, in favor of forced arbitration
Coin locked carts have been at US stores before. Here in Baltimore, the BJ's I used to shop at had them in their lot around 5 years ago. It was interesting to watch that unfold as a new social dynamic. I tried to hand over my activated cart with the quarter in it to parents wrangling smaller children when I left.
They got Anthony Michael Hall the last time.
OK, it took until 3.3 before this was straighforward in Windows. Why is that still relevant today? Python 3.0 came out at the end of 2008, and several parts of the 2.X transition were still pretty rough then. A poster above made a nice comment about how that's played out: "Python 3.3 (or 3.4, as this article is about) is not 3.0 or 3.1. There is a lot of things that have been fixed along the way." Having an upgrade path that's possible to follow smoothly has been a design goal of 3.0 since its early days, but it wasn't quite there yet when 3.0 first shipped. That's history at this point though.
EnterpriseDB is an important part of PostgreSQL development with several contributors, but they still work within the larger development community of contributors. There are other companies with just as many contributors, with one example being how 2ndQuadrant is adding logical replication features.
One way you can tell if an open source project has a real community is whether the project would go on even if the largest company contributing code disappeared. Linux would survive RedHat disappearing, and PostgreSQL would certainly survive EDB going out of business. That's not even a theoretical question, because the PostgreSQL community is informed by having seen it happen once already. A company named Great Bridge hired a good percentage of the PostgreSQL community once, and then failed after running out of VC cash.
Yes, you did miss the expose, there have been hundreds of lawsuits. They went to the supreme court. Farmers who don't use Monsanto's seeds can go out of business from the legal risk they take on. It's a classic protection money racket. You pays your tribute to buy our seeds, or something unfortunate might happen to your crop one day, when our lawyers come to break your kneecaps.
I'm so skeptical I'll even debunk your joke. The mainstream statistic you'll see quoted everywhere is that true celiac disease hits 1 in 133 people. The number of gluten free food shoppers is a multiple of that, because that doesn't count people with milder gluten intolerance; households where everyone eats GF because of one member; and the recent GF fad shoppers. The household ripple alone is so huge, even Betty Crocker runs around selling to this market because they believe "28 percent of consumers seek out gluten-free foods". And all that was going on before GF became mainstream as a dieting fad.
Meanwhile, diabetes hits 8.3% of the population and there isn't nearly as much of a ripple to household members.
I agree with your skepticism that celery derived bacon will have more nitrates. The nitrate amount in the final product is determined by the quantity of curing product used, and presuming that all celery based methods will result in more is impossible. You could surely game that by using more curing product than is strictly necessary on one side of the comparison.
But the reason you are not finding the hard numbers you want is that a simple celery based method doesn't have them, and never will. The amount of nitrate in a celery stalk varies based on how it was grown. You might be able to sample a given batch for its chemical properties, but you cannot predict them. To quote from an intro to meat curing: "There are absolutely no regulations or standards as to the amount of nitrate [celery] contains. Even if you use the same amount in every salami you make, you could quite easily be adding too much or too little nitrate to your cured meats."
Until Whole Foods publishes exactly what their manufacturing QA process is, we can't know how it compares to the well documented "pink salt" formula. I can offer a logical argument that there are probably more nitrates in the end result though. The downsides to using too much curing product are excessive nitrates in the result and too much "salt" flavor. The downside to using too little could be botulism, and inspection may reject it. If you're manufacturing food and the incoming strength of the nitrate is unpredictable, the case with celery, the obvious way to navigate that risk/reward tradeoff is to err toward using more than you strictly need. Then even if that celery batch absorbed a bit less nitrogen than average, you'll still be safe. But the average nitrate of that approach will be higher than a more predictable process.
No, the GF "twits" are the ones who have no allergy issues at all; that's why they're twits for eating this way. If someone is avoiding gluten based on the perception of a food intolerance or allergy--but without test results to back it up--that's not well accepted by mainstream medicine. But no one is suggesting they belong in the group that's being openly mocked here.
The GF section of your average Whole Foods hasn't grown that much since the products became a mainstream fad, you probably just weren't paying attention to it until recently. They've always had a large section for them, and they pushed into that market hard with their own "GlutenFree Bakehouse®" products ten years ago. That was based on the observation that almost 1% of people in the US has celiac disease, and those people heavily sway food purchases for their entire house/family.