If they only had 2-3 transactions a minute, wouldn't it be easy to see where, when and how transactions went wrong?
That's basically traceable by a human.
Only if they were recorded. The bitcoin side is certainly recorded in the block chain (though that is a lot of transactions to look at). The problem is the corresponding currency side of the transactions isn't recorded anywhere.
For example, these are examples of legitimate transactions: You give me 1 bitcoin, I send you a bank transfer of $600. You transfer $600 to me, I deposit 1 bitcoin in the account number you give me.
These are illegitimate transactions: You give me 1 bitcoin, I send myself a bank transfer of $600. You transfer $600 to me, I deposit 1 bitcoin in an account I control.
If you look at the block chain all you see in all 4 cases is one bitcoin changing account numbers. You need all the other context to understand what is going on.
A company doing a billion a year in transactions without a general ledger is INSANE. Small businesses with two employees should have them. A general ledger is just a fancy name for a checkbook, usually with a bit more metadata (though even just running the equivalent of Quicken will get you something).
Also this would be a real problem if BTC was actually used like a major currency and not just played with by speculators as the number of transactions would be orders of magnitude higher, and thus so would the growth.
I think this is a real problem that needs a solution if BTC is ever going to take off. I too was shocked the first time I installed a bitcoin client and saw just how much space it needed to store the block chain. It wasn't the end of the world on my system, though if this were a laptop with an SSD it might cause concerns.
However, the transaction volume for bitcoin is minuscule compared to real-world currencies. If every time anybody anywhere bought a can of soda there were a record in the database, it would grow at astonishing speed. Simply transmitting the most recent transactions might take up a considerable amount of bandwidth. Transaction fees would probably rise to cover this cost as miners would now need a lot more bandwidth to operate. Oh, and transaction fees are only recouped by miners, so a model where all bitcoin clients incur a substantial bandwidth cost might fail (nobody would want to run a client unless they were a miner, and miners are only rewarded in proportion to their computation spend, so simply doing casual mining on your client won't help much).
Sure, maybe you could try to get it to return to some other valid set of code and subvert that
That's exactly what's done. Get it to return to other pieces of code in the application that happen to do what your malicious code wants done.
Certainly agree that no-exec protection isn't going to help at all with that. However, it is a big limit on your attack surface.
Then again, maybe not. I imagine you could point the return address at glibc (something like system()), and arrange for the stack to look like a proper function call after the RET is executed. My ASM is a bit foggy these days, but I'm pretty sure you could do that if the parameters are passed on the stack (to be honestly I'm not sure what the C conventions are these days - if they pass stuff in the registers you'd have no control over that).
Part of the FAA's charter, and a major topic in the FARs, is preventing damage and injury to property and people on the ground.
I don't have a problem with that, but there needs to be reason applied. If a fully-fueled 777 carrying cargo crashes that could destroy the better part of a small town. If a quad-copter crashes maybe somebody might need some stitches. They simply shouldn't be regulated in the same way.
You can be injured by a bicycle, and yet we don't regulate those at all (beyond basic tort law). There just isn't that much potential for permanent injury where bikes are concerned.
You could set a threshold based on maximum kinetic energy of the aircraft (even in a vertical dive there is a limit for any design), or just use weight or thrust. Or you could just wait and see how things develop - heavy/fast drones aren't exactly cheap so people flying them aren't going to be looking to have them crash. Sometimes reactive regulation is better - that's why amatuer RC aircraft are basically entirely unregulated - there are a few guidelines but nothing in the CFRs.
My gripe isn't really with the concept of regulation, but rather with just how ham-fisted the FAA seems to be with just about everything.
I agree that the implementation needs improvement. Cross-distro standardization would also help by pushing more of the configuration upstream. Right now there is no way the Openoffice folks could supply an SELinux policy because all the roles/labels/etc vary by distro (I think - I'm hardly an SELinux expert).
It is a bit like what is envisioned with systemd - units become more distro-agnostic allowing upstream to maintain them. But we could do better still.
Something like the Windows "do you want to allow..." pop-ups might also help for more one-off activities. Editing something like bashrc is going to be uncommon for a typical user, so just have a way to securely prompt them when it happens. Obviously that can get out of hand if not tuned really well.
That is what it boils down to. Do i trust a game company on a secured system? No.
Define secured system. Really the place where SELinux has a lot of potential to improve security is on the desktop, where you run many different processes under the same UID that have no legitimate need to access each other's data.
So, the desktop is a great place for SELinux, and it is also a great place for gaming.
Maybe. The problem is that most of our security problems are the result of a lack of MAC. If you open a document containing an exploit, the word processor will edit your.bashrc to run some kind of trojan on each login, and maybe it will start reaching out to a command/control server for orders. But, why does a word-processor need to be able to edit a.bashrc file, and why does it need to open arbitrary TCP/IP connections? Then maybe it reads your browser cache and uploads data/cookies/etc to some external site, and again, why does a browser need to be able to open your browser cache?
If programs only could perform the activities necessitated by their functionality, then it would be a lot harder to exploit them.
The default linux security model really only protects different users from each other. However, on a typical linux desktop there is only one user in the first place, so the security actually provides little real protection. Who cares if the worm is running as root - it can already do everything it needs to under the user's account.
Doesn't need to be executable. The buffer overflow only needs to overwrite a return address on the stack.
But if the return instruction were executed, what would it return to? If it returns to the data that was in the buffer the CPU will generate an exception, since that address is non-executable.
Sure, maybe you could try to get it to return to some other valid set of code and subvert that, but the typical buffer overflow involves putting executable code in the buffer, and then overwriting the stack to have it return to the code that was loaded in the buffer.
I'm perfectly fine with restricting the use of drones/etc in the immediate vicinity of airports when they are operating or without coordination with the airport or having adequate supervision.
Of course, most airports do not have controlled airspace around them, and certainly most hospital helipads do not as well. How many Class D hospital helipads even exist in the US? Obviously some hospitals are going to be located in class B/C airspace to the surface.
My point wasn't that the FAA doesn't have some kind of legal basis for authority here. My point was that they SHOULDN'T be regulating these kinds of activities.
Flights of light autonomous aircraft within a few hundred feet of the ground not in the immediate vicinity of an airfield shouldn't be regulated by the FAA at all. If somebody has a problem they should just call the police, who should handle it no differently than somebody throwing rocks at people.
Agree on all. The one advantage of the private model is that there is at least some correlation between medical need and potential dollars to be made. An influential senator might end up having a billion dollars spent on some rare condition that somebody he cares about happens to have, and no private pharma company would do that.
The other advantage with the private model is that at least there is competition. Nobody blesses one particular research group and says that they're the only ones allowed to work on cancer drugs, or whatever. You can sometimes get that effect in the government sector (not always).
I think a healthy mix would have more government funding end-to-end than it does today. However, I'm not a fan of getting rid of drug patents - there should be some kind of private incentive for finding treatments for diseases. Sure, they're not perfect, but nobody is forced to take medication (and they'd have alternatives if the government did pursue full development). I think the real objection is to the cost, and considering that most Pharma stocks have been pretty flat it isn't like anybody is making out - the costs just are what they are. Subsidized coverage for drugs would allow the poor to afford them - the issue isn't cost so much as who is paying for it.
What is the likelihood that insurance companies will want to use genetics to exclude benefits? Very high
And very illegal. Has been for years.
Indeed, ACA also made any exclusion of benefits for pre-existing conditions illegal just recently, mandating universal coverage instead (though in a fashion that will probably cause the law to fail unless the tax penalty is significantly raised). I think that this was going to be necessary one way or another, as simply banning exclusion on the basis of genetic testing was not a viable long-term solution.
If you ban exclusion on the basis of any kind of knowledge (including genetic testing), then it means that consumers can use that knowledge to decide whether to seek coverage, but insurers can't use that knowledge to deny coverage. That means that only people likely to be sick would sign up, and thus you get the typical health insurance death spiral.
Really the only way to avoid this is to mandate that everybody buys insurance, so that the healthy subsidize the sick (which is basically how insurance has always worked anyway). In the past it wasn't a problem because genetic testing didn't tell you anything useful. Today it isn't quite far enough along to cause problems with insurance, but some day you might be able to prick a kids toe at birth and tell their mother their anticipated life expectancy (barring accidents).
Oh, I don't know what the status of life insurance is. If it too isn't allowed to discriminate based on genetic testing then eventually that law will need to change or the industry WILL fail. Of course, that could be many years off. It should be obvious though that if individuals are allowed to know their life expectancy and insurers aren't, that there isn't any way to set a price for insurance that anybody will be able to afford. When you walk in and ask for insurance the insurer can safely assume that you're going to die soon, and they'll price their product accordingly. Of course things like accidental death only policies would still be reasonably-priced, since nobody can predict who will need them.
If universities are going to develop drugs they will essentially have to be reconfigured as for profit pharmas to get the job done. Is that really what you want?
I agree with everything you said but this point. There is no reason the NIH couldn't fund drug development (as opposed to drug basic research - which is what they currently fund for the most part). However, it would be very expensive - there is no reason to think that it won't cost them the $12B/drug industry is spending at the moment (on top of whatever they're already spending on research for those drugs).
The main benefit of having the NIH do it would be that it gets rid of the model where the patient pays for the drug, which is what I think most people object to. The downside is that it politicizes drug development. A drug like Viagra might never be developed under that model, despite being quite important if you are of the mindset that sales implies importance.
Personally, I think there is room for both models. Don't get rid of patents, but have the NIH fund more drug development end-to-end (with the resulting drugs being licensed royalty-free to any manufacturer if manufactured in a country that reciprocates). That means more "cheap" drugs, but you don't kill off the industry overnight either. In fact, the existing industry could subcontract for the NIH (they'd just do it fee-for-service and not get an ownership stake).
Look, I understand your argument, but you're trying to apply logic to a situation governed by law and not by logical argument. How YOU would regulate it is immaterial; you're not the Federal government.
We're obviously talking past each other.
I fully concede that Federal Law gives the FAA the legal power to regulate just about anything with wings.
My whole point is that it is not in the public interest for this kind of activity to be regulated in the manner the FAA is seeking to regulate it. I'm arguing what is right, not what is legal. The law is immaterial.:)
It was never about collaboration or exploration. It gets used like that, but it's a terrible fit. It was never intended to encourage discussion. A well-crafted slide deck ends all conversation because all the facts are in. If the leader has to ask questions, or another participant questions your facts or your conclusion, your presentation was sub-optimal.
Generally agree, but it can be useful for covering background, setting up the framework for collaboration, etc. Just going into a room for brainstorming works for some things, especially if it is a completely new space. However, usually you want to go in with some kind of plan of attack.
But I agree with your point - the stuff you want in the presentation is the stuff that is settled: the background. You're not going to use it as a collaborative environment for the stuff you're creating.
I find mind-maps, spreadsheets, etc more useful for online note-taking in a group, depending on the nature of the discussion. That is, when a piece of paper isn't the better solution (again, depends on how many people, how complex the topic is, whether you're brainstorming, refining, data-collecting, etc).
The key is to have lots of tools in the toolbox and to use the right one.
Wha... how the... um, if you need safety glasses for soldering, you may also need to be re-taught how to solder.
The whole point of safety is defense in depth. Why do you need to engines on a plane? Don't you hire competent mechanics?
The point is that if something goes wrong there is no need for 300 people to die. The same is true of solder - to err is human, but to be maimed by an error usually indicates a lack of basic preparation.
Yup, having worked in both I can vouch that the industrial labs are much safer. There really is no expense spared when it comes to the basic OSHA compliance (ventilation, use of PPE, etc). You can be fired for not wearing your eyewear in a lab, and you're talking about a career that would be hard to replace. There are safety procedures for everything, and monitoring of safety equipment like HVAC. People take it seriously, and when there is any kind of adverse trend in safety it becomes a talking point at all levels. The insurance companies and legal wouldn't stand for anything less, because these companies have deep pockets and a dead employee is a MAJOR expense.
I remember a story at work about a manager who wanted to get rid of some safety/disposal procedures because he considered them pointless/wasteful. His subordinate basically pointed out that it was a legal requirement to his boss and the executive told the manager that he wasn't going to go to jail so that his workers could spend a few less minutes a day filling out forms. Safety is an incredible priority at most industrial labs - at least in petrochemicals, pharma, etc - the big players. Now, if you're talking food/etc I can't tell you what it is like.
I've been in academic labs as well and it is FAR more lax. The bigger ones make some efforts, but it isn't anywhere near the same. You also tend to have a less mature workforce in general, and PIs who act like gods and have a definite libertarian streak.
I agree with you. My statement was not about what they should regulate but what they are allowed to regulate, and currently they regulate all flights with commercial purpose.
Well, by law they're probably allowed to regulate paper airplanes.:) We're on the same page though.
That's my frustration with the FAA. It isn't so much that they shouldn't be regulating jets flying overhead. The frustration is that they do a really lousy job of it. The system works, but only at tremendous cost. Cost is also a barrier to safety. There is no reason you couldn't build an ADS-B transponder/TCAS for the cost of a smartphone (it is a GPS, radio, display, and some software). Cost and certification requirements results in most aircraft not having them at all. Clearly that isn't improving safety. Even if the device missed a collision some percentage of the time it would still be a net positive over not having it at all since the procedures don't rely on it - it is an extra safety measure.
The FAA covers airspace from elevation 0 up (FAA myths). They currently don't bother with noncommercial hobby stuff if it's under something like 500 feet and not otherwise being a pain, but they could if they wanted to deal with the paperwork.
That's like saying the FAA could require security screeners to do interrogations under torture. Just because the airspace is their domain doesn't mean that the public wants them to be able to do anything at all in the regulation of it.
There is no public good served by having central Federal regulation of drones at low altitude not operating unmonitored near airports. The FAA should only be regulating things when it serves the public good.
By all means ticket somebody who flies model planes into crowds, just like you'd handle somebody throwing rocks at a crowd. It just isn't a federal issue and it isn't best handled with absolute bans until somebody gets blessed with a $800k light commercial drone design.
Now, at altitude the FAA should be progressive and allow UAV flights using the right technology for collision avoidance/etc. Of course, they can't even modernize their ATC for manned aircraft, so I'm not holding my breath for that. As much as I'd love to be able to fly unsupervised at 14k feet, I recognize the real danger that presents to air travel and fully support not allowing it until procedures are defined. One thing the FAA should do at a minimum is create certification requirements for drone operators that actually reflect the nature of their operations. There is no point training drone operators to land Cessnas with yoke and rudder when the drone is just programmed with waypoints and an FMS. On the other hand, the need for proper procedures around flight planning and testing transponders and dealing with TCAS/etc are more vital than on a piloted aircraft.
Bottom line is the FAA shouldn't treat a UAV like a tiny airliner. It needs to treat them for what they are with regulations that make sense.
If I throw a rock at you, clearly you will have to duck.
But the FAA's policies make specific reference to model aircraft, and repeatedly get into things like "guided" and "sustained" flight. Meaning, the reason an RC drone isn't a rock is that you're actually sending it, under control, through a sustained flight in the air. The FAA's authority begins an inch off the ground, not 100' or 10,000' - which is why they're still in charge of safety when a 747 is 1' off the runway, or 1,000' off the runway.
So, first I'm not aware of any FAA rule that makes reference to model aircraft. There is an advisory circular which as far as I can tell isn't legally binding at all. However, I'm talking about how the FAA SHOULD operate, not how it DOES operate, so the FAA's actual policies aren't really important at all. Their policies SHOULDN'T govern aircraft close to the surface outside of airports and their immediate approaches.
As I already said in my post, I'd view operating aircraft in the vicinity of an in-use airport differently, including helipads.
but I'd say they would only have a case there if a helicopter were attempting to operate in the area and the guy kept flying his plane
A hospital helipad is a 24x7 controlled bit of air space. And more to the point, the pilot in question is all about goggles-on FPV flight. He's seeing where he's going by watching through a small nose camera and a relatively low-res RF video downlink. The guy we're talking about ("Trappy" Pirker) makes a big deal about how he flies FPV out of line of sight. Flying that way, he's got absolutely no situational awareness (say, a medivac helicopter coming in from above or from the side, out of his FPV cam's forward view).
So, hospital helipads generally aren't controlled airspace in the typical definition of the word (they are not Class A-D airspace unless there is a control tower, and hospitals generally don't have those). However, I'm fine with banning FPV flight in the immediate vicinity of airfields unless the aircraft has some certified technology for collision avoidance (which the FAA should first evaluate/etc).
That said, unless he was remotely piloting from a considerable distance he probably still had situational awareness for the helipad. The last time a helicopter operated anywhere within a mile of me I was well aware of it whether I had line of sight or not - they are LOUD!
I'm not saying that drones should be anything-goes (go ahead and land it on the active at SFO and try to miss the rocks). I'm just saying that a complete ban on commercial operations anywhere is overkill. Just limit them to some altitude and horizontal proximity to airports. Piloted aircraft are also limited in minimal altitude for the same sorts of reasons, if for no reason other than every cell tower with a support wire isn't plotted on the sectionals.
If the rock is remotely piloted, it is appropriate for the FAA to deal with.
Why? I get why it is necessary to regulate air traffic in general, because collision is a very real threat and it really can only be prevented via compliance with standardized procedures. That doesn't apply to stuff near the earth.
I'm not saying that it should be legal to fly rocks into cars any more than it shouldn't be legal to drop rocks on cars from bridges. If you put fins on the rock and added laser targeting, I wouldn't regulate it any differently.
Ac91-57 is a joke anyway - it is a "circular" and as far as I can tell is not a rule (CFRs).
Agree with all you said - this should be like throwing a rock at a car. You don't regulate the rock as an aircraft, and you don't regulate it as a military missile system either.
The FAA proposed regs for commercial operations are also over-the-top when you apply it to something like a quad-copter with a camera on it. How does it add value to have a licensed pilot who is tested in their ability to land a plane with conventional controls when the device is computer-controlled and follows a GPS course and isn't really aerodynamically stable in the first place. If you gave a pilot a few handles to control fan speeds, they'd crash it every time.
This is an entire new domain, and they're trying to apply the rules associated with human-piloted passenger jets to quadcopters you can lift with two fingers flown by computers.
RC aircraft MUST be below 400 feet AGL. RC aircraft MUST remain in line of site of the operator. RC aircraft MUST NOT be operated for ANY commercial purpose.
Citation? The only thing I can find on the first two is an advisory from the 80s that doesn't really look like it went through rulemaking. Compliance appears to be voluntary. At least, that seems to be all the laws/regulations say.
I haven't read the commercial rules - they might be more specific, but judging by how this court case went I'm skeptical.
"Pirker operated the aircraft within about 50 feet of numerous individuals, about 20 feet of a crowded street, and within approximately 100 feet of an active heliport at UVA, the FAA alleged.
Define "active." A local hospital has an "active" helipad and you could put a chair on it and eat lunch with little risk of being disturbed. If it was actually in use and he flew nearby then I'm all for tossing the book at him. However, "active" probably just means that it is on the chart and a helicopter could land there at any time. As long as the operation of the aircraft was supervised I don't see a problem with that. You shouldn't throw rocks at helicopters either.
One person had to take "evasive measures" to avoid being struck by the aircraft, the agency said."
Sounds like that should be regulated the same way as when people have to take evasive measures to avoid thrown rocks.
If this thing was operating at such an altitude that it would be a hazard for aircraft in flight (with the risk that the operator couldn't get it out of the way in time - such as if it were really high up with high endurance and it might lose contact) then I could see the FAA getting involved. For things that stay close to the ground why not treat them the same as you treat a baseball during a baseball game? Don't hit it in the direction of anybody's windows/etc.
The FAA should stick to stuff that actually becomes an operational hazard to other aircraft, or operations that are large enough to actually cause substantial damage on the ground (kind of like how we regulate cars differently from bikes).
Slashdot Mirror
If they only had 2-3 transactions a minute, wouldn't it be easy to see where, when and how transactions went wrong?
That's basically traceable by a human.
Only if they were recorded. The bitcoin side is certainly recorded in the block chain (though that is a lot of transactions to look at). The problem is the corresponding currency side of the transactions isn't recorded anywhere.
For example, these are examples of legitimate transactions:
You give me 1 bitcoin, I send you a bank transfer of $600.
You transfer $600 to me, I deposit 1 bitcoin in the account number you give me.
These are illegitimate transactions:
You give me 1 bitcoin, I send myself a bank transfer of $600.
You transfer $600 to me, I deposit 1 bitcoin in an account I control.
If you look at the block chain all you see in all 4 cases is one bitcoin changing account numbers. You need all the other context to understand what is going on.
A company doing a billion a year in transactions without a general ledger is INSANE. Small businesses with two employees should have them. A general ledger is just a fancy name for a checkbook, usually with a bit more metadata (though even just running the equivalent of Quicken will get you something).
Also this would be a real problem if BTC was actually used like a major currency and not just played with by speculators as the number of transactions would be orders of magnitude higher, and thus so would the growth.
I think this is a real problem that needs a solution if BTC is ever going to take off. I too was shocked the first time I installed a bitcoin client and saw just how much space it needed to store the block chain. It wasn't the end of the world on my system, though if this were a laptop with an SSD it might cause concerns.
However, the transaction volume for bitcoin is minuscule compared to real-world currencies. If every time anybody anywhere bought a can of soda there were a record in the database, it would grow at astonishing speed. Simply transmitting the most recent transactions might take up a considerable amount of bandwidth. Transaction fees would probably rise to cover this cost as miners would now need a lot more bandwidth to operate. Oh, and transaction fees are only recouped by miners, so a model where all bitcoin clients incur a substantial bandwidth cost might fail (nobody would want to run a client unless they were a miner, and miners are only rewarded in proportion to their computation spend, so simply doing casual mining on your client won't help much).
Sure, maybe you could try to get it to return to some other valid set of code and subvert that
That's exactly what's done. Get it to return to other pieces of code in the application that happen to do what your malicious code wants done.
Certainly agree that no-exec protection isn't going to help at all with that. However, it is a big limit on your attack surface.
Then again, maybe not. I imagine you could point the return address at glibc (something like system()), and arrange for the stack to look like a proper function call after the RET is executed. My ASM is a bit foggy these days, but I'm pretty sure you could do that if the parameters are passed on the stack (to be honestly I'm not sure what the C conventions are these days - if they pass stuff in the registers you'd have no control over that).
Part of the FAA's charter, and a major topic in the FARs, is preventing damage and injury to property and people on the ground.
I don't have a problem with that, but there needs to be reason applied. If a fully-fueled 777 carrying cargo crashes that could destroy the better part of a small town. If a quad-copter crashes maybe somebody might need some stitches. They simply shouldn't be regulated in the same way.
You can be injured by a bicycle, and yet we don't regulate those at all (beyond basic tort law). There just isn't that much potential for permanent injury where bikes are concerned.
You could set a threshold based on maximum kinetic energy of the aircraft (even in a vertical dive there is a limit for any design), or just use weight or thrust. Or you could just wait and see how things develop - heavy/fast drones aren't exactly cheap so people flying them aren't going to be looking to have them crash. Sometimes reactive regulation is better - that's why amatuer RC aircraft are basically entirely unregulated - there are a few guidelines but nothing in the CFRs.
My gripe isn't really with the concept of regulation, but rather with just how ham-fisted the FAA seems to be with just about everything.
I agree that the implementation needs improvement. Cross-distro standardization would also help by pushing more of the configuration upstream. Right now there is no way the Openoffice folks could supply an SELinux policy because all the roles/labels/etc vary by distro (I think - I'm hardly an SELinux expert).
It is a bit like what is envisioned with systemd - units become more distro-agnostic allowing upstream to maintain them. But we could do better still.
Something like the Windows "do you want to allow..." pop-ups might also help for more one-off activities. Editing something like bashrc is going to be uncommon for a typical user, so just have a way to securely prompt them when it happens. Obviously that can get out of hand if not tuned really well.
That is what it boils down to. Do i trust a game company on a secured system? No.
Define secured system. Really the place where SELinux has a lot of potential to improve security is on the desktop, where you run many different processes under the same UID that have no legitimate need to access each other's data.
So, the desktop is a great place for SELinux, and it is also a great place for gaming.
Maybe. The problem is that most of our security problems are the result of a lack of MAC. If you open a document containing an exploit, the word processor will edit your .bashrc to run some kind of trojan on each login, and maybe it will start reaching out to a command/control server for orders. But, why does a word-processor need to be able to edit a .bashrc file, and why does it need to open arbitrary TCP/IP connections? Then maybe it reads your browser cache and uploads data/cookies/etc to some external site, and again, why does a browser need to be able to open your browser cache?
If programs only could perform the activities necessitated by their functionality, then it would be a lot harder to exploit them.
The default linux security model really only protects different users from each other. However, on a typical linux desktop there is only one user in the first place, so the security actually provides little real protection. Who cares if the worm is running as root - it can already do everything it needs to under the user's account.
Doesn't need to be executable. The buffer overflow only needs to overwrite a return address on the stack.
But if the return instruction were executed, what would it return to? If it returns to the data that was in the buffer the CPU will generate an exception, since that address is non-executable.
Sure, maybe you could try to get it to return to some other valid set of code and subvert that, but the typical buffer overflow involves putting executable code in the buffer, and then overwriting the stack to have it return to the code that was loaded in the buffer.
I'm perfectly fine with restricting the use of drones/etc in the immediate vicinity of airports when they are operating or without coordination with the airport or having adequate supervision.
Of course, most airports do not have controlled airspace around them, and certainly most hospital helipads do not as well. How many Class D hospital helipads even exist in the US? Obviously some hospitals are going to be located in class B/C airspace to the surface.
My point wasn't that the FAA doesn't have some kind of legal basis for authority here. My point was that they SHOULDN'T be regulating these kinds of activities.
Flights of light autonomous aircraft within a few hundred feet of the ground not in the immediate vicinity of an airfield shouldn't be regulated by the FAA at all. If somebody has a problem they should just call the police, who should handle it no differently than somebody throwing rocks at people.
Agree on all. The one advantage of the private model is that there is at least some correlation between medical need and potential dollars to be made. An influential senator might end up having a billion dollars spent on some rare condition that somebody he cares about happens to have, and no private pharma company would do that.
The other advantage with the private model is that at least there is competition. Nobody blesses one particular research group and says that they're the only ones allowed to work on cancer drugs, or whatever. You can sometimes get that effect in the government sector (not always).
I think a healthy mix would have more government funding end-to-end than it does today. However, I'm not a fan of getting rid of drug patents - there should be some kind of private incentive for finding treatments for diseases. Sure, they're not perfect, but nobody is forced to take medication (and they'd have alternatives if the government did pursue full development). I think the real objection is to the cost, and considering that most Pharma stocks have been pretty flat it isn't like anybody is making out - the costs just are what they are. Subsidized coverage for drugs would allow the poor to afford them - the issue isn't cost so much as who is paying for it.
What is the likelihood that insurance companies will want to use genetics to exclude benefits? Very high
And very illegal. Has been for years.
Indeed, ACA also made any exclusion of benefits for pre-existing conditions illegal just recently, mandating universal coverage instead (though in a fashion that will probably cause the law to fail unless the tax penalty is significantly raised). I think that this was going to be necessary one way or another, as simply banning exclusion on the basis of genetic testing was not a viable long-term solution.
If you ban exclusion on the basis of any kind of knowledge (including genetic testing), then it means that consumers can use that knowledge to decide whether to seek coverage, but insurers can't use that knowledge to deny coverage. That means that only people likely to be sick would sign up, and thus you get the typical health insurance death spiral.
Really the only way to avoid this is to mandate that everybody buys insurance, so that the healthy subsidize the sick (which is basically how insurance has always worked anyway). In the past it wasn't a problem because genetic testing didn't tell you anything useful. Today it isn't quite far enough along to cause problems with insurance, but some day you might be able to prick a kids toe at birth and tell their mother their anticipated life expectancy (barring accidents).
Oh, I don't know what the status of life insurance is. If it too isn't allowed to discriminate based on genetic testing then eventually that law will need to change or the industry WILL fail. Of course, that could be many years off. It should be obvious though that if individuals are allowed to know their life expectancy and insurers aren't, that there isn't any way to set a price for insurance that anybody will be able to afford. When you walk in and ask for insurance the insurer can safely assume that you're going to die soon, and they'll price their product accordingly. Of course things like accidental death only policies would still be reasonably-priced, since nobody can predict who will need them.
If universities are going to develop drugs they will essentially have to be reconfigured as for profit pharmas to get the job done. Is that really what you want?
I agree with everything you said but this point. There is no reason the NIH couldn't fund drug development (as opposed to drug basic research - which is what they currently fund for the most part). However, it would be very expensive - there is no reason to think that it won't cost them the $12B/drug industry is spending at the moment (on top of whatever they're already spending on research for those drugs).
The main benefit of having the NIH do it would be that it gets rid of the model where the patient pays for the drug, which is what I think most people object to. The downside is that it politicizes drug development. A drug like Viagra might never be developed under that model, despite being quite important if you are of the mindset that sales implies importance.
Personally, I think there is room for both models. Don't get rid of patents, but have the NIH fund more drug development end-to-end (with the resulting drugs being licensed royalty-free to any manufacturer if manufactured in a country that reciprocates). That means more "cheap" drugs, but you don't kill off the industry overnight either. In fact, the existing industry could subcontract for the NIH (they'd just do it fee-for-service and not get an ownership stake).
Look, I understand your argument, but you're trying to apply logic to a situation governed by law and not by logical argument. How YOU would regulate it is immaterial; you're not the Federal government.
We're obviously talking past each other.
I fully concede that Federal Law gives the FAA the legal power to regulate just about anything with wings.
My whole point is that it is not in the public interest for this kind of activity to be regulated in the manner the FAA is seeking to regulate it. I'm arguing what is right, not what is legal. The law is immaterial. :)
It was never about collaboration or exploration. It gets used like that, but it's a terrible fit. It was never intended to encourage discussion. A well-crafted slide deck ends all conversation because all the facts are in. If the leader has to ask questions, or another participant questions your facts or your conclusion, your presentation was sub-optimal.
Generally agree, but it can be useful for covering background, setting up the framework for collaboration, etc. Just going into a room for brainstorming works for some things, especially if it is a completely new space. However, usually you want to go in with some kind of plan of attack.
But I agree with your point - the stuff you want in the presentation is the stuff that is settled: the background. You're not going to use it as a collaborative environment for the stuff you're creating.
I find mind-maps, spreadsheets, etc more useful for online note-taking in a group, depending on the nature of the discussion. That is, when a piece of paper isn't the better solution (again, depends on how many people, how complex the topic is, whether you're brainstorming, refining, data-collecting, etc).
The key is to have lots of tools in the toolbox and to use the right one.
Serendipity will still happen in labs if you wear safety glasses.
Sure it might, but am I willing to that risk with my students? No.
My kingdom for a mod point...
Wha... how the... um, if you need safety glasses for soldering, you may also need to be re-taught how to solder.
The whole point of safety is defense in depth. Why do you need to engines on a plane? Don't you hire competent mechanics?
The point is that if something goes wrong there is no need for 300 people to die. The same is true of solder - to err is human, but to be maimed by an error usually indicates a lack of basic preparation.
Yup, having worked in both I can vouch that the industrial labs are much safer. There really is no expense spared when it comes to the basic OSHA compliance (ventilation, use of PPE, etc). You can be fired for not wearing your eyewear in a lab, and you're talking about a career that would be hard to replace. There are safety procedures for everything, and monitoring of safety equipment like HVAC. People take it seriously, and when there is any kind of adverse trend in safety it becomes a talking point at all levels. The insurance companies and legal wouldn't stand for anything less, because these companies have deep pockets and a dead employee is a MAJOR expense.
I remember a story at work about a manager who wanted to get rid of some safety/disposal procedures because he considered them pointless/wasteful. His subordinate basically pointed out that it was a legal requirement to his boss and the executive told the manager that he wasn't going to go to jail so that his workers could spend a few less minutes a day filling out forms. Safety is an incredible priority at most industrial labs - at least in petrochemicals, pharma, etc - the big players. Now, if you're talking food/etc I can't tell you what it is like.
I've been in academic labs as well and it is FAR more lax. The bigger ones make some efforts, but it isn't anywhere near the same. You also tend to have a less mature workforce in general, and PIs who act like gods and have a definite libertarian streak.
I agree with you. My statement was not about what they should regulate but what they are allowed to regulate, and currently they regulate all flights with commercial purpose.
Well, by law they're probably allowed to regulate paper airplanes. :) We're on the same page though.
That's my frustration with the FAA. It isn't so much that they shouldn't be regulating jets flying overhead. The frustration is that they do a really lousy job of it. The system works, but only at tremendous cost. Cost is also a barrier to safety. There is no reason you couldn't build an ADS-B transponder /TCAS for the cost of a smartphone (it is a GPS, radio, display, and some software). Cost and certification requirements results in most aircraft not having them at all. Clearly that isn't improving safety. Even if the device missed a collision some percentage of the time it would still be a net positive over not having it at all since the procedures don't rely on it - it is an extra safety measure.
The FAA covers airspace from elevation 0 up (FAA myths). They currently don't bother with noncommercial hobby stuff if it's under something like 500 feet and not otherwise being a pain, but they could if they wanted to deal with the paperwork.
That's like saying the FAA could require security screeners to do interrogations under torture. Just because the airspace is their domain doesn't mean that the public wants them to be able to do anything at all in the regulation of it.
There is no public good served by having central Federal regulation of drones at low altitude not operating unmonitored near airports. The FAA should only be regulating things when it serves the public good.
By all means ticket somebody who flies model planes into crowds, just like you'd handle somebody throwing rocks at a crowd. It just isn't a federal issue and it isn't best handled with absolute bans until somebody gets blessed with a $800k light commercial drone design.
Now, at altitude the FAA should be progressive and allow UAV flights using the right technology for collision avoidance/etc. Of course, they can't even modernize their ATC for manned aircraft, so I'm not holding my breath for that. As much as I'd love to be able to fly unsupervised at 14k feet, I recognize the real danger that presents to air travel and fully support not allowing it until procedures are defined. One thing the FAA should do at a minimum is create certification requirements for drone operators that actually reflect the nature of their operations. There is no point training drone operators to land Cessnas with yoke and rudder when the drone is just programmed with waypoints and an FMS. On the other hand, the need for proper procedures around flight planning and testing transponders and dealing with TCAS/etc are more vital than on a piloted aircraft.
Bottom line is the FAA shouldn't treat a UAV like a tiny airliner. It needs to treat them for what they are with regulations that make sense.
If I throw a rock at you, clearly you will have to duck.
But the FAA's policies make specific reference to model aircraft, and repeatedly get into things like "guided" and "sustained" flight. Meaning, the reason an RC drone isn't a rock is that you're actually sending it, under control, through a sustained flight in the air. The FAA's authority begins an inch off the ground, not 100' or 10,000' - which is why they're still in charge of safety when a 747 is 1' off the runway, or 1,000' off the runway.
So, first I'm not aware of any FAA rule that makes reference to model aircraft. There is an advisory circular which as far as I can tell isn't legally binding at all. However, I'm talking about how the FAA SHOULD operate, not how it DOES operate, so the FAA's actual policies aren't really important at all. Their policies SHOULDN'T govern aircraft close to the surface outside of airports and their immediate approaches.
As I already said in my post, I'd view operating aircraft in the vicinity of an in-use airport differently, including helipads.
but I'd say they would only have a case there if a helicopter were attempting to operate in the area and the guy kept flying his plane
A hospital helipad is a 24x7 controlled bit of air space. And more to the point, the pilot in question is all about goggles-on FPV flight. He's seeing where he's going by watching through a small nose camera and a relatively low-res RF video downlink. The guy we're talking about ("Trappy" Pirker) makes a big deal about how he flies FPV out of line of sight. Flying that way, he's got absolutely no situational awareness (say, a medivac helicopter coming in from above or from the side, out of his FPV cam's forward view).
So, hospital helipads generally aren't controlled airspace in the typical definition of the word (they are not Class A-D airspace unless there is a control tower, and hospitals generally don't have those). However, I'm fine with banning FPV flight in the immediate vicinity of airfields unless the aircraft has some certified technology for collision avoidance (which the FAA should first evaluate/etc).
That said, unless he was remotely piloting from a considerable distance he probably still had situational awareness for the helipad. The last time a helicopter operated anywhere within a mile of me I was well aware of it whether I had line of sight or not - they are LOUD!
I'm not saying that drones should be anything-goes (go ahead and land it on the active at SFO and try to miss the rocks). I'm just saying that a complete ban on commercial operations anywhere is overkill. Just limit them to some altitude and horizontal proximity to airports. Piloted aircraft are also limited in minimal altitude for the same sorts of reasons, if for no reason other than every cell tower with a support wire isn't plotted on the sectionals.
If the rock is remotely piloted, it is appropriate for the FAA to deal with.
Why? I get why it is necessary to regulate air traffic in general, because collision is a very real threat and it really can only be prevented via compliance with standardized procedures. That doesn't apply to stuff near the earth.
I'm not saying that it should be legal to fly rocks into cars any more than it shouldn't be legal to drop rocks on cars from bridges. If you put fins on the rock and added laser targeting, I wouldn't regulate it any differently.
In that case I'd treat it the same as throwing a rock into a crowd of people. It is negligent behavior at the very least.
I wouldn't require a license to handle rocks.
Ac91-57 is a joke anyway - it is a "circular" and as far as I can tell is not a rule (CFRs).
Agree with all you said - this should be like throwing a rock at a car. You don't regulate the rock as an aircraft, and you don't regulate it as a military missile system either.
The FAA proposed regs for commercial operations are also over-the-top when you apply it to something like a quad-copter with a camera on it. How does it add value to have a licensed pilot who is tested in their ability to land a plane with conventional controls when the device is computer-controlled and follows a GPS course and isn't really aerodynamically stable in the first place. If you gave a pilot a few handles to control fan speeds, they'd crash it every time.
This is an entire new domain, and they're trying to apply the rules associated with human-piloted passenger jets to quadcopters you can lift with two fingers flown by computers.
RC aircraft MUST be below 400 feet AGL.
RC aircraft MUST remain in line of site of the operator.
RC aircraft MUST NOT be operated for ANY commercial purpose.
Citation? The only thing I can find on the first two is an advisory from the 80s that doesn't really look like it went through rulemaking. Compliance appears to be voluntary. At least, that seems to be all the laws/regulations say.
I haven't read the commercial rules - they might be more specific, but judging by how this court case went I'm skeptical.
"Pirker operated the aircraft within about 50 feet of numerous individuals, about 20 feet of a crowded street, and within approximately 100 feet of an active heliport at UVA, the FAA alleged.
Define "active." A local hospital has an "active" helipad and you could put a chair on it and eat lunch with little risk of being disturbed. If it was actually in use and he flew nearby then I'm all for tossing the book at him. However, "active" probably just means that it is on the chart and a helicopter could land there at any time. As long as the operation of the aircraft was supervised I don't see a problem with that. You shouldn't throw rocks at helicopters either.
One person had to take "evasive measures" to avoid being struck by the aircraft, the agency said."
Sounds like that should be regulated the same way as when people have to take evasive measures to avoid thrown rocks.
If this thing was operating at such an altitude that it would be a hazard for aircraft in flight (with the risk that the operator couldn't get it out of the way in time - such as if it were really high up with high endurance and it might lose contact) then I could see the FAA getting involved. For things that stay close to the ground why not treat them the same as you treat a baseball during a baseball game? Don't hit it in the direction of anybody's windows/etc.
The FAA should stick to stuff that actually becomes an operational hazard to other aircraft, or operations that are large enough to actually cause substantial damage on the ground (kind of like how we regulate cars differently from bikes).