US government treats tax cheating as a more serious crime than murder
Hardly surprising. From a government's point of view, spending resources on resolving murder cases is basically just a matter of maintaining good public relations; important, to be sure, but not something they're really interested in. Collecting protection money[1], on the other hand, is their entire reason for existence. Everything a government does resolves around (a) maximizing tax revenues and (b) guarding their turf against incursions from other governments, so they can keep collecting taxes.
[1] They claim to collect taxes for your benefit, but the main threat to your well-being if you decline to pay is the "protectors" themselves. This is a classic protection racket. They've just developed enough power and a good enough PR system to get away with it with minimal public opposition.
No, the right answer is for somebody to come up with a sensible standard for.local certificates in which they are accepted with SSH-like behavior — ask once, and never ask again (with no expiration), but accepted only for that specific hostname, never allowed to be treated as any sort of root cert, etc.
Take a page from I2P's.b32 namespace and Tor's.onion domains, and make the hostname equal to the Base32 encoding of the server's public key fingerprint. If you're connecting to 6lfbxnwh5ed5a3np4ruh4v47zz3lg7soso3waubc3jjontgcn7ja.local, and it responds with a matching (self-signed) key, you already have the equivalent of domain validation and there is no need for a CA signature. Bookmark that URL and you can be sure that the next time you connect to it you're getting the same server.
HTTPS is an option even for private LANs; you just need a public domain name for the server, which can be linked to a private IP address. You can get a Let's Encrypt certificate for the domain using a DNS challenge (which involves updating TXT records) without ever exposing the HTTPS server to the public Internet.
Last time I needed HTTP was just a couple days ago, so that my browser would redirect me to the login page for a public WiFi network.
There are standard URLs designed for that purpose. The one used by recent versions of Android, for example, is <http://connectivitycheck.gstatic.com/generate_204>. You can just bookmark that and use it whenever you need to deal with a captive portal.
Really, though, public network operators and connection managers should just standardize on a protocol for sharing the portal's (HTTPS) URL during connection setup so they can stop hijacking third-party domains. In any other context this sort of MitM attack would be considered a major security breach.
Voters don't have a say in the state and local tax laws?
You're thinking of the wrong group of voters. The ones affected by these laws are exclusively out of state retailers who obviously have no representation in the states where the laws are being passed.
It's sad that the USSC justices on both sides of this ruling focused exclusively on the burden sales tax collection places on retailers and "lost" tax revenues to the states. Policy matters such as these are properly the domain of Congress, not the courts. The issue for the courts to decide is whether the states have the necessary legal jurisdiction to impose their sales tax laws on out-of-state retailers, and the only sensible answer to that question is that no state has any authority to impose tax collection or reporting requirements (or any other requirements) on anyone who is not a resident, a citizen, or physically located within the state.
You're really blaming the wrong party here. Sure, Apple is replacing normal quotes with "smart" quotes, which not everyone prefers for various reasons. By itself, however, that would be a minor issue, and at least they are following the Unicode standard. The way those smart-quotes are mangled is not Apple's fault; that's entirely due to Slashdot. Between the ongoing failure to handle Unicode properly and the persistent lack of IPv6 support, Slashdot is falling remarkably behind the times for a tech-focused site.
Classify the implicit optionality of objects purely as a source of bugs.
Among other issues, this remains my biggest complaint.
This is what you choose to complain about, fixing the "billion-dollar mistake" [infoq.com]? You actually want the language to implicitly accept all messages sent to nil as no-ops with a default return value, regardless of the intended interface, and to allow nil to be passed for any reference parameter even when it makes no sense for the parameter to be omitted?
I would be among the first to promote language-agnostic APIs and allowing the developer to choose the language best suited to the problem domain. However, complaining about the parts of Swift that Apple got right is not very likely to make me more sympathetic to your cause.
Define the convenience and elegance of nil-message passing only as a source of problems. Classify the implicit optionality of objects purely as a source of bugs.
This is what they choose to complain about, fixing the "billion-dollar mistake"? They actually want the language to implicitly accept all messages sent to nil as no-ops with a default return value, regardless of the intended interface, and to allow nil to be passed for any reference parameter even when it makes no sense for the parameter to be omitted?
I would be among the first to promote language-agnostic APIs and allowing the developer to choose the language best suited to the problem domain. However, complaining about the parts of Swift that Apple got right is not very likely to make me more sympathetic to their cause.
It doesn't matter how big the pool is. The pool doesn't own all that hardware; they're just managing it for others. If they tried to abuse their position to execute a 51% attack the miners would either shut down their hardware or jump ship to another pool and the misbehaving pool would no longer control 50% of the hash rate.
As for the smaller altcoins, there is a well-known defense against this issue: merge-mining. This leverages Bitcoin's superior proof-of-work network to provide additional verification for an independent chain which wouldn't otherwise support a hash rate high enough to offer real security.
Frankly, there isn't room for more than one PoW blockchain with real security guarantees. Any chain without a majority of the total hash rate—across all blockchains—will be vulnerable to 51% attacks. The solution, if you still want an altcoin, is to employ Bitcoin's PoW network purely for consensus while maintaining your own independent database of transactions.
the graduated, fair, and equitable system we have in income tax
OK, not off to a great start here. Funny, though.
if your house didn't burn down, you should still pay for your share toward the insurance and fire department who took care of the one that did
Putting aside the fact that home insurance isn't tax-funded to begin with, the "fair" amount that you should be paying toward insurance in general and fire protection in particular is a function of the value of your home (for the insurance), the cost of putting out a fire (including overhead / standby costs), your potential liability to others if a fire spreads, and the probability of a fire. Your income is completely irrelevant and should have no bearing on the amount you pay.
And if you live off the grid in a solar house and walk everywhere, you should still pay your taxes and the price of gasoline should directly go up no more than the price of everything across the board goes up due to the increased tax. The whole point of the system...
The "whole point" of imposing these taxes is to internalize the perceived external costs of burning gasoline so that they are reflected in the price at the pump. Paying to mitigate the effects of burning gasoline out of general income taxes rather than gasoline taxes would mean that those who do not burn gasoline are taxed to clean up the mess created by those who do. There is nothing "fair" or "equitable" in that.
Admittedly it could be something neutral such as the ability to send a message to a contact through Alexa.
This is the most likely explanation by far, IMHO. The device mistook something they said as the activation word, interpreted random audio as a command to send a message to one of their contacts, and then proceeded to record whatever followed as the message. Nothing too far-fetched or nefarious—just the well-known imprecision of voice recognition software in a device designed with the ability to record and send voice messages. One might argue that it was inevitable that this would happen to someone eventually.
It's actually more basic than that. "Warrant" is just a term for the legal authority to search or seize someone's property. In the absence of a legally issued warrant, law enforcement personnel have no more actual authority to search or seize anyone's property than other other group of private citizens. A "warrantless search" is, by definition, an illegal search: one knowingly and openly conducted without any claim to legal authority. What we have here is not a warrantless search, precisely, but rather one conducted under the pretense of an illegal (unconstitutional) warrant. Law enforcement claims to have legal authority to perform the search—a warrant, whether they use that term or not—but whatever law or judicial ruling they are appealing to as justification fails the Constitutional requirement for "probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized", which renders it null and void. The warrant authorizing the search was never legally issued.
You haven't "effectively" created any new shares, either. The stock has not been diluted; each share represents the same fraction of the company as it did before the short. If new shares had "effectively" been created then the ownership and voting rights associated with the existing shares would have decreased proportionally. Or would you say that shares have "effectively" been created when a shareholder with an ordinary long position decides to sell? The effect on the market is exactly the same.
Putting existing shares up for sale does not "effectively" amount to creating new shares.
emit a diagnostic telling the programmer to apply that optimization in the source code
It usually isn't that simple. The obvious source-level optimizations you're describing are relatively rare; the ones which lead to major size and performance improvements come about when you combine generic code in inlined functions and macros—often from distinct source modules, perhaps even different projects—with the results of prior optimizations. To apply these optimizations at the source level you would need to specialize the definitions for each use case.
When you short a stock, you effectively create a new share of the stock, which you then sell; those shares effectively disappear when you cover your short.
Shorting a stock does not create new shares. What you are doing is borrowing shares from an existing shareholder, and then selling those shares. To cover your short you have to buy the same number of shares back so that you can return them to the lender. The total number of shares does not change; the effect on supply and demand is the same as if the original shareholder had chosen to sell their shares and then later buy them back, with one exception: that loan has a time limit, which can force you, the short seller, to buy back the shares at an unfavorable price. This is why—in contrast with normal "long" investments where you may lose your entire investment, but no more, if the price drops to zero—when selling short you can lose far more than your original investment if the price goes up.
To me it is that if you own something, you should be able to sell it.
I completely agree. But what do you actually own here? A piece of paper with your name on it? Even that might remain the property of the issuer; in any case, giving or selling your ticket to someone else does not imply that they have permission from the owner of the venue to enter and participate in the event. That permission was granted to you alone, and is not transferable, regardless of who holds the ticket.
Purporting to sell access to an event when one does not have the right to grant such access is fraud.
Showing up at the event holding a ticket issued to someone else, and claiming to be them in order to gain access, is also fraud.
On the other hand, if the venue is issuing simple "bearer" tickets not tied to any particular identity at below-market prices, then any issues they might have with "scalping" are a problem of their own making. The tickets may still be property of the venue and technically non-transferrable, but dealing with that should be considered the venue's problem. Laws specifically against "scalping" are an aberration.
In the case of server software installed on a Raspberry Pi single-board computer, who is "the device manufacturer"?
The person who installed the server software. If you can set up a web server on a Raspberry Pi, you can handle registering and validating your own domain. I did say "the most common cases"—this isn't one of them. The idea is that when someone with little networking experience picks up their Acme Router with an embedded HTTPS administration service, Acme Company provides them with a DDNS subdomain afa7ds9fd.myacme.com, to be printed on the label alongside the default password, and handles the certificate signing process for them.
Is the domain validation process a hassle for those assembling their own servers? Sure, which is why I suggested an alternative protocol for LAN devices. But it's hardly an insurmountable obstacle, provided the device has an official domain name to validate.
how hard would it be for them to work a command line flag like -gov to not log the certificate they are forging?
Not hard at all, but it doesn't matter since browsers won't accept the certificate if it isn't in the log. That's the point of making CT logging mandatory.
This logging system, it does not appear to provide any new services of meaningful value aside from making moderate-knowledgeable people more able to understand a cert and query it's nature.
The point of the Certificate Transparency logging system is to make it extremely difficult for any CAs to get away with quietly issuing extra certificates for your domains to state actors and others to enable them to carry out MitM attacks. Since any CA can issue certificates for any domain, this is a real threat which undermines confidence in the entire CA system; it's only as strong as its weakest link. With browsers enforcing CT logging this attack is no longer possible; the certificates will not be accepted unless they are first made public, and any CA that issued such certificates openly would immediately lose its trusted status and be finished as a CA.
Besides, how is a global root CA supposed to verify the connection to a device on a non-routable IP/Subnet?
Technically they don't need to. A Domain Validation certificate proves that the certificate holder controls the domain, not the server. Provided you have a (sub)domain you control, you can get a valid DV certificate through a DNS challenge without involving the device at all; the domain's A and/or AAAA records can point to a private or otherwise publicly-unreachable IP address.
This does require a domain name, however, which is extra hassle and expense which most small-network operators shouldn't need to deal with. For the most common cases this could be provided as a service (like DDNS) by the device manufacturer. However, my proposal would be to bypass the CAs altogether: If the first part of the domain is the base-32 encoding of the fingerprint of the certificate (which may be self-signed) then browsers should automatically consider the certificate Domain Validated. The domain name itself identifies a particular certificate—what more evidence is needed? The "fingerprint domains" will be long, of course, but the initial discovery can be handled via an HTTP redirect or mDNS. Afterward, assuming the user bookmarked the full domain name, they can be sure they're connecting to the same device (trust-on-first-use).
Let's Encrypt doesn't issue EV certificates, so no, they don't verify real-world identity. They verify control of the domain name, just like everyone else issuing non-EV certificates. (Put another way, for DV certificates the domain is the identity.) The distinction between DV and EV certificates long predates Let's Encrypt, and their policies regarding domain validation are no more lax than most CAs'. Stricter, actually, since with LE you have to prove that you still control the domain at least once every 90 days.
Now, if I start committing actual crimes, I'm going to lose some rights.
The problem here is twofold. First, if an "actual crime" is whatever the government defines as a crime—regardless of whether we're talking about the whims of a dictator or a democratic legislature passing laws by popular acclaim—then as far as the law is concerned your legal "rights" are really nothing more than privileges which can be revoked at any time simply by declaring the exercise of the right a crime. Your rights should not be in jeopardy due to any action short of deliberately infringing on the rights of others. Second, it makes a difference which rights you stand to lose. Even when harm has been done, the punishment needs to be in proportion to the crime—no maiming someone for life in punishment for stealing a loaf of bread. Fines for theft, injury for assault, the death penalty for murder. Clemency is always an option, but anything more severe would be unjust. The right you lose is exactly the one you chose not to respect. This is basic estoppel: rights, being universal, either apply to everyone or to no one, and you can't simultaneously claim that a right does not exist (by infringing it) and that it does exist (for yourself).
A democratic government is not likely to become too oppressive, no matter what. The people running it will lose too many votes.
You must be assuming that you'll be a member of the majority. A democratic government can be plenty oppressive toward minorities when the majority goes along with it. Of course, the same goes for other systems; even an absolute dictator's capacity for oppression extends only so far as the majority are willing to tolerate. Democracy does not change the fundamental nature of government, it just embraces regularly scheduled changes of leadership in hopes of making them a bit less violent.
A few years later in Russia, all those shares held by the common people had been traded away to buy food or luxury goods. The real winners were the people with the cash who rounded up as much as those shares as possible.
"The real winners"? They may have ended up with the shares, but both sides received something they valued. This is why capitalism works. The people with the cash buying up shares are capitalists; they value capital, which is what those shares represent. The "common people" are not capitalists; most of them don't really have any idea what to do with those shares, and would rather have consumer goods or cash instead. This is not meant as a criticism—investing profitably is a specialty. You shouldn't expect everyone to excel at it, or even be interested in taking on that role. It is no surprise that the majority chose to turn their shares over to specialists who can be expected to use them more profitably in exchange for more immediate and familiar forms of compensation. On the whole this is a reasonable trade, and the resources represented by the shares will be better managed in the hands of the capitalists rather than the general public. If the sellers choose to spend their gains on fleeting consumables, that is their choice, a product of their personal preferences and upbringing. If you would prefer that they make a different choice you are welcome to try to persuade them to your point of view.
Any scheme which attempts to equip the "common people" with an unconditional source of income is likely to run into a similar issue. While there are exceptions, for the most part one doesn't get to the point where one would benefit from a UBI by consistently choosing saving over consuming. If you give everyone a UBI of $1000/mo., a fair number will borrow against it until they're paying $1000/mo. in interest and have nothing left over for basic expenses. You could try to shift the burden onto lenders by making it easy to discharge such debts through bankruptcy, but of course that would also make it impossible to obtain credit. Alternatively, you could choose to micromanage, providing only specific non-transferrable goods and services, but that requires close monitoring, encourages an unhealthy dependence, and takes away all pretense of individual choice and responsibility.
In the end, your options are to either respect people enough to allow them to deal with the consequences of their choices, or else declare them incompetent to choose for themselves and impose yourself as their guardian. The former option does not preclude offering assistance to those in need, but it does mean recognizing that you are not liable for any consequences they may suffer as a result of their own decisions—because if you were responsible then it wouldn't have been their decision.
the repo men just tend to show up in the middle of the night and steal the car back
As long as it's their car—and it is, since you agreed in advance to give it to them if you didn't repay the loan—then what's the issue? You can't "steal" what already rightfully belongs to you. They're just recovering their property.
Anyway, it is not specifically government which principled libertarians and (anarcho-)capitalists object to, but aggression in general. Governments are worse than other aggressors, though, because—in addition to the harm they cause directly—they also claim that their unjustified, non-defensive use of violence is "legitimate". Crime is one thing, but the very concept of "legitimate aggression" is toxic to any society.
"The robber barons cruelty may sometimes sleep, his cupidity may at some points be satiated; but those who torment us for their own good will torment us without end for they do so with the approval of their own conscience." - C. S. Lewis
Slashdot Mirror
US government treats tax cheating as a more serious crime than murder
Hardly surprising. From a government's point of view, spending resources on resolving murder cases is basically just a matter of maintaining good public relations; important, to be sure, but not something they're really interested in. Collecting protection money[1], on the other hand, is their entire reason for existence. Everything a government does resolves around (a) maximizing tax revenues and (b) guarding their turf against incursions from other governments, so they can keep collecting taxes.
[1] They claim to collect taxes for your benefit, but the main threat to your well-being if you decline to pay is the "protectors" themselves. This is a classic protection racket. They've just developed enough power and a good enough PR system to get away with it with minimal public opposition.
No, the right answer is for somebody to come up with a sensible standard for .local certificates in which they are accepted with SSH-like behavior — ask once, and never ask again (with no expiration), but accepted only for that specific hostname, never allowed to be treated as any sort of root cert, etc.
Take a page from I2P's .b32 namespace and Tor's .onion domains, and make the hostname equal to the Base32 encoding of the server's public key fingerprint. If you're connecting to 6lfbxnwh5ed5a3np4ruh4v47zz3lg7soso3waubc3jjontgcn7ja.local, and it responds with a matching (self-signed) key, you already have the equivalent of domain validation and there is no need for a CA signature. Bookmark that URL and you can be sure that the next time you connect to it you're getting the same server.
private LANs where https isn't an option
HTTPS is an option even for private LANs; you just need a public domain name for the server, which can be linked to a private IP address. You can get a Let's Encrypt certificate for the domain using a DNS challenge (which involves updating TXT records) without ever exposing the HTTPS server to the public Internet.
Last time I needed HTTP was just a couple days ago, so that my browser would redirect me to the login page for a public WiFi network.
There are standard URLs designed for that purpose. The one used by recent versions of Android, for example, is <http://connectivitycheck.gstatic.com/generate_204>. You can just bookmark that and use it whenever you need to deal with a captive portal.
Really, though, public network operators and connection managers should just standardize on a protocol for sharing the portal's (HTTPS) URL during connection setup so they can stop hijacking third-party domains. In any other context this sort of MitM attack would be considered a major security breach.
Voters don't have a say in the state and local tax laws?
You're thinking of the wrong group of voters. The ones affected by these laws are exclusively out of state retailers who obviously have no representation in the states where the laws are being passed.
It's sad that the USSC justices on both sides of this ruling focused exclusively on the burden sales tax collection places on retailers and "lost" tax revenues to the states. Policy matters such as these are properly the domain of Congress, not the courts. The issue for the courts to decide is whether the states have the necessary legal jurisdiction to impose their sales tax laws on out-of-state retailers, and the only sensible answer to that question is that no state has any authority to impose tax collection or reporting requirements (or any other requirements) on anyone who is not a resident, a citizen, or physically located within the state.
You're really blaming the wrong party here. Sure, Apple is replacing normal quotes with "smart" quotes, which not everyone prefers for various reasons. By itself, however, that would be a minor issue, and at least they are following the Unicode standard. The way those smart-quotes are mangled is not Apple's fault; that's entirely due to Slashdot. Between the ongoing failure to handle Unicode properly and the persistent lack of IPv6 support, Slashdot is falling remarkably behind the times for a tech-focused site.
Classify the implicit optionality of objects purely as a source of bugs.
Among other issues, this remains my biggest complaint.
This is what you choose to complain about, fixing the "billion-dollar mistake" [infoq.com]? You actually want the language to implicitly accept all messages sent to nil as no-ops with a default return value, regardless of the intended interface, and to allow nil to be passed for any reference parameter even when it makes no sense for the parameter to be omitted?
I would be among the first to promote language-agnostic APIs and allowing the developer to choose the language best suited to the problem domain. However, complaining about the parts of Swift that Apple got right is not very likely to make me more sympathetic to your cause.
Define the convenience and elegance of nil-message passing only as a source of problems. Classify the implicit optionality of objects purely as a source of bugs.
This is what they choose to complain about, fixing the "billion-dollar mistake"? They actually want the language to implicitly accept all messages sent to nil as no-ops with a default return value, regardless of the intended interface, and to allow nil to be passed for any reference parameter even when it makes no sense for the parameter to be omitted?
I would be among the first to promote language-agnostic APIs and allowing the developer to choose the language best suited to the problem domain. However, complaining about the parts of Swift that Apple got right is not very likely to make me more sympathetic to their cause.
bitcoin has had a mining pool over 50% control
It doesn't matter how big the pool is. The pool doesn't own all that hardware; they're just managing it for others. If they tried to abuse their position to execute a 51% attack the miners would either shut down their hardware or jump ship to another pool and the misbehaving pool would no longer control 50% of the hash rate.
As for the smaller altcoins, there is a well-known defense against this issue: merge-mining. This leverages Bitcoin's superior proof-of-work network to provide additional verification for an independent chain which wouldn't otherwise support a hash rate high enough to offer real security.
Frankly, there isn't room for more than one PoW blockchain with real security guarantees. Any chain without a majority of the total hash rate—across all blockchains—will be vulnerable to 51% attacks. The solution, if you still want an altcoin, is to employ Bitcoin's PoW network purely for consensus while maintaining your own independent database of transactions.
the graduated, fair, and equitable system we have in income tax
OK, not off to a great start here. Funny, though.
if your house didn't burn down, you should still pay for your share toward the insurance and fire department who took care of the one that did
Putting aside the fact that home insurance isn't tax-funded to begin with, the "fair" amount that you should be paying toward insurance in general and fire protection in particular is a function of the value of your home (for the insurance), the cost of putting out a fire (including overhead / standby costs), your potential liability to others if a fire spreads, and the probability of a fire. Your income is completely irrelevant and should have no bearing on the amount you pay.
And if you live off the grid in a solar house and walk everywhere, you should still pay your taxes and the price of gasoline should directly go up no more than the price of everything across the board goes up due to the increased tax. The whole point of the system ...
The "whole point" of imposing these taxes is to internalize the perceived external costs of burning gasoline so that they are reflected in the price at the pump. Paying to mitigate the effects of burning gasoline out of general income taxes rather than gasoline taxes would mean that those who do not burn gasoline are taxed to clean up the mess created by those who do. There is nothing "fair" or "equitable" in that.
Admittedly it could be something neutral such as the ability to send a message to a contact through Alexa.
This is the most likely explanation by far, IMHO. The device mistook something they said as the activation word, interpreted random audio as a command to send a message to one of their contacts, and then proceeded to record whatever followed as the message. Nothing too far-fetched or nefarious—just the well-known imprecision of voice recognition software in a device designed with the ability to record and send voice messages. One might argue that it was inevitable that this would happen to someone eventually.
It's actually more basic than that. "Warrant" is just a term for the legal authority to search or seize someone's property. In the absence of a legally issued warrant, law enforcement personnel have no more actual authority to search or seize anyone's property than other other group of private citizens. A "warrantless search" is, by definition, an illegal search: one knowingly and openly conducted without any claim to legal authority. What we have here is not a warrantless search, precisely, but rather one conducted under the pretense of an illegal (unconstitutional) warrant. Law enforcement claims to have legal authority to perform the search—a warrant, whether they use that term or not—but whatever law or judicial ruling they are appealing to as justification fails the Constitutional requirement for "probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized", which renders it null and void. The warrant authorizing the search was never legally issued.
You haven't "effectively" created any new shares, either. The stock has not been diluted; each share represents the same fraction of the company as it did before the short. If new shares had "effectively" been created then the ownership and voting rights associated with the existing shares would have decreased proportionally. Or would you say that shares have "effectively" been created when a shareholder with an ordinary long position decides to sell? The effect on the market is exactly the same.
Putting existing shares up for sale does not "effectively" amount to creating new shares.
emit a diagnostic telling the programmer to apply that optimization in the source code
It usually isn't that simple. The obvious source-level optimizations you're describing are relatively rare; the ones which lead to major size and performance improvements come about when you combine generic code in inlined functions and macros—often from distinct source modules, perhaps even different projects—with the results of prior optimizations. To apply these optimizations at the source level you would need to specialize the definitions for each use case.
When you short a stock, you effectively create a new share of the stock, which you then sell; those shares effectively disappear when you cover your short.
Shorting a stock does not create new shares. What you are doing is borrowing shares from an existing shareholder, and then selling those shares. To cover your short you have to buy the same number of shares back so that you can return them to the lender. The total number of shares does not change; the effect on supply and demand is the same as if the original shareholder had chosen to sell their shares and then later buy them back, with one exception: that loan has a time limit, which can force you, the short seller, to buy back the shares at an unfavorable price. This is why—in contrast with normal "long" investments where you may lose your entire investment, but no more, if the price drops to zero—when selling short you can lose far more than your original investment if the price goes up.
To me it is that if you own something, you should be able to sell it.
I completely agree. But what do you actually own here? A piece of paper with your name on it? Even that might remain the property of the issuer; in any case, giving or selling your ticket to someone else does not imply that they have permission from the owner of the venue to enter and participate in the event. That permission was granted to you alone, and is not transferable, regardless of who holds the ticket.
Purporting to sell access to an event when one does not have the right to grant such access is fraud.
Showing up at the event holding a ticket issued to someone else, and claiming to be them in order to gain access, is also fraud.
On the other hand, if the venue is issuing simple "bearer" tickets not tied to any particular identity at below-market prices, then any issues they might have with "scalping" are a problem of their own making. The tickets may still be property of the venue and technically non-transferrable, but dealing with that should be considered the venue's problem. Laws specifically against "scalping" are an aberration.
In the case of server software installed on a Raspberry Pi single-board computer, who is "the device manufacturer"?
The person who installed the server software. If you can set up a web server on a Raspberry Pi, you can handle registering and validating your own domain. I did say "the most common cases"—this isn't one of them. The idea is that when someone with little networking experience picks up their Acme Router with an embedded HTTPS administration service, Acme Company provides them with a DDNS subdomain afa7ds9fd.myacme.com, to be printed on the label alongside the default password, and handles the certificate signing process for them.
Is the domain validation process a hassle for those assembling their own servers? Sure, which is why I suggested an alternative protocol for LAN devices. But it's hardly an insurmountable obstacle, provided the device has an official domain name to validate.
how hard would it be for them to work a command line flag like -gov to not log the certificate they are forging?
Not hard at all, but it doesn't matter since browsers won't accept the certificate if it isn't in the log. That's the point of making CT logging mandatory.
This logging system, it does not appear to provide any new services of meaningful value aside from making moderate-knowledgeable people more able to understand a cert and query it's nature.
The point of the Certificate Transparency logging system is to make it extremely difficult for any CAs to get away with quietly issuing extra certificates for your domains to state actors and others to enable them to carry out MitM attacks. Since any CA can issue certificates for any domain, this is a real threat which undermines confidence in the entire CA system; it's only as strong as its weakest link. With browsers enforcing CT logging this attack is no longer possible; the certificates will not be accepted unless they are first made public, and any CA that issued such certificates openly would immediately lose its trusted status and be finished as a CA.
Besides, how is a global root CA supposed to verify the connection to a device on a non-routable IP/Subnet?
Technically they don't need to. A Domain Validation certificate proves that the certificate holder controls the domain, not the server. Provided you have a (sub)domain you control, you can get a valid DV certificate through a DNS challenge without involving the device at all; the domain's A and/or AAAA records can point to a private or otherwise publicly-unreachable IP address.
This does require a domain name, however, which is extra hassle and expense which most small-network operators shouldn't need to deal with. For the most common cases this could be provided as a service (like DDNS) by the device manufacturer. However, my proposal would be to bypass the CAs altogether: If the first part of the domain is the base-32 encoding of the fingerprint of the certificate (which may be self-signed) then browsers should automatically consider the certificate Domain Validated. The domain name itself identifies a particular certificate—what more evidence is needed? The "fingerprint domains" will be long, of course, but the initial discovery can be handled via an HTTP redirect or mDNS. Afterward, assuming the user bookmarked the full domain name, they can be sure they're connecting to the same device (trust-on-first-use).
Let's Encrypt doesn't issue EV certificates, so no, they don't verify real-world identity. They verify control of the domain name, just like everyone else issuing non-EV certificates. (Put another way, for DV certificates the domain is the identity.) The distinction between DV and EV certificates long predates Let's Encrypt, and their policies regarding domain validation are no more lax than most CAs'. Stricter, actually, since with LE you have to prove that you still control the domain at least once every 90 days.
Now, if I start committing actual crimes, I'm going to lose some rights.
The problem here is twofold. First, if an "actual crime" is whatever the government defines as a crime—regardless of whether we're talking about the whims of a dictator or a democratic legislature passing laws by popular acclaim—then as far as the law is concerned your legal "rights" are really nothing more than privileges which can be revoked at any time simply by declaring the exercise of the right a crime. Your rights should not be in jeopardy due to any action short of deliberately infringing on the rights of others. Second, it makes a difference which rights you stand to lose. Even when harm has been done, the punishment needs to be in proportion to the crime—no maiming someone for life in punishment for stealing a loaf of bread. Fines for theft, injury for assault, the death penalty for murder. Clemency is always an option, but anything more severe would be unjust. The right you lose is exactly the one you chose not to respect. This is basic estoppel: rights, being universal, either apply to everyone or to no one, and you can't simultaneously claim that a right does not exist (by infringing it) and that it does exist (for yourself).
A democratic government is not likely to become too oppressive, no matter what. The people running it will lose too many votes.
You must be assuming that you'll be a member of the majority. A democratic government can be plenty oppressive toward minorities when the majority goes along with it. Of course, the same goes for other systems; even an absolute dictator's capacity for oppression extends only so far as the majority are willing to tolerate. Democracy does not change the fundamental nature of government, it just embraces regularly scheduled changes of leadership in hopes of making them a bit less violent.
A few years later in Russia, all those shares held by the common people had been traded away to buy food or luxury goods. The real winners were the people with the cash who rounded up as much as those shares as possible.
"The real winners"? They may have ended up with the shares, but both sides received something they valued. This is why capitalism works. The people with the cash buying up shares are capitalists; they value capital, which is what those shares represent. The "common people" are not capitalists; most of them don't really have any idea what to do with those shares, and would rather have consumer goods or cash instead. This is not meant as a criticism—investing profitably is a specialty. You shouldn't expect everyone to excel at it, or even be interested in taking on that role. It is no surprise that the majority chose to turn their shares over to specialists who can be expected to use them more profitably in exchange for more immediate and familiar forms of compensation. On the whole this is a reasonable trade, and the resources represented by the shares will be better managed in the hands of the capitalists rather than the general public. If the sellers choose to spend their gains on fleeting consumables, that is their choice, a product of their personal preferences and upbringing. If you would prefer that they make a different choice you are welcome to try to persuade them to your point of view.
Any scheme which attempts to equip the "common people" with an unconditional source of income is likely to run into a similar issue. While there are exceptions, for the most part one doesn't get to the point where one would benefit from a UBI by consistently choosing saving over consuming. If you give everyone a UBI of $1000/mo., a fair number will borrow against it until they're paying $1000/mo. in interest and have nothing left over for basic expenses. You could try to shift the burden onto lenders by making it easy to discharge such debts through bankruptcy, but of course that would also make it impossible to obtain credit. Alternatively, you could choose to micromanage, providing only specific non-transferrable goods and services, but that requires close monitoring, encourages an unhealthy dependence, and takes away all pretense of individual choice and responsibility.
In the end, your options are to either respect people enough to allow them to deal with the consequences of their choices, or else declare them incompetent to choose for themselves and impose yourself as their guardian. The former option does not preclude offering assistance to those in need, but it does mean recognizing that you are not liable for any consequences they may suffer as a result of their own decisions—because if you were responsible then it wouldn't have been their decision.
the repo men just tend to show up in the middle of the night and steal the car back
As long as it's their car—and it is, since you agreed in advance to give it to them if you didn't repay the loan—then what's the issue? You can't "steal" what already rightfully belongs to you. They're just recovering their property.
Anyway, it is not specifically government which principled libertarians and (anarcho-)capitalists object to, but aggression in general. Governments are worse than other aggressors, though, because—in addition to the harm they cause directly—they also claim that their unjustified, non-defensive use of violence is "legitimate". Crime is one thing, but the very concept of "legitimate aggression" is toxic to any society.
"The robber barons cruelty may sometimes sleep, his cupidity may at some points be satiated; but those who torment us for their own good will torment us without end for they do so with the approval of their own conscience." - C. S. Lewis