...which turned into a rather enormous political scandal in Sweden when it became known, and was actually caused mostly by typical Swedish naivety (where the U.S. had promised Swedish ministers not to torture him if he was extradited). It is not for no reason there exists such a lengthy Wikipedia article about the poor man, considering his fate is fare from unique internationally speaking. So the example you bring up is in fact a strong argument for why Assange will very likely not be extradited from Sweden on a whim. Doing that would be political suicide for whoever gives the order.
...both of which could of course also be explained perfectly without the need to complicate it with a large-scale conspiracy.
Google is very much a company of engineers, and from an idealistic engineering perspective, an open and federated architecture like XMPP is nice. But from a business perspective, and with the market penetration and data mining business model that Google has, it can easily be argued that it is not in their interest to open up their platforms like that. That notwithstanding, I suspect the explanation could simply be that it became an unnecessary restraint to the way they wanted to develop their services -- a cost with unclear benefits.
The same goes for "do not track" -- there may be financial benefits in tracking your users, so why not do it if you can? It's what to be expected.
Of course the intelligence agencies of developed countries (to which I include China) want to monitor as much as they can, and they probably are to a large extent, but that doesn't mean everything that happens in this world is centred around that.
Sure, but that decision doesn't have to be made by us, or anyone else on an internet tech forum, and that's not what we are doing here either. Those who do, however, have both the time and the resources to do some thorough research before deciding.
More to the point, there is a difference between making a decision based on intuition, in the face of incomplete knowledge, and stating that intuition as a fact. In a discussion of this sort, it is important to separate what we know from what we presume, and that's what I'm getting at. While I'm also guessing that a blanket ban would probably not be optimal, I don't think it's clear or has been established that the current situation is optimal either, or even net positive. Perhaps it is, perhaps the ideal lies somewhere in between, or even on the side of more chases.
(If I were to continue to speculate, however, I would wager it is more likely that car chases happen too often than too seldom, simply based on the psychological dynamics involved; that it is mentally more rewarding in a heated situation like that to "go after the criminals" rather than to show intellectually conditioned restraint and composure -- and people are not perfect.)
Just to be clear, nevertheless, the anecdotal evidence provided by TFA is not by any means ground for assuming that the police is overeager in going after suspects in high-speed car chases, like many here seem to have assumed. The 1088 deaths figure you provided was much more interesting (although it is incomplete). So thank you for that.
It feels like this is going in circles a bit; are we back at felons again? So in summary, your argument is that felons would not get caught for minor traffic offences as often, because in those cases they would choose to run, and don't particularly mind the judicial aftermath that it could lead to. Sure, you may have a point there. It feels a bit construed, but given that your original claim was only that "more people will run", I have to concede that at least from a strictly formal standpoint you are probably correct.
(By the way, over here no offence can be charged to a vehicle. Speed traps fall in the same category as other traffic offences, meaning they have to prove who the driver is. But like I said, "your mileage may vary".)
Technically, maybe, but they would still drag me to court*, where I would have to argue that I in fact wasn't driving the car, potentially against photographic evidence showing someone resembling me in the drivers seat. It's pretty much the same situation as with a traffic enforcement camera, really. So instead of paying the initial fine, I would drive away in high speed (to my own peril), probably get arrested by police officers at my home for all my neighbours to see, have to explain to my boss that I need to take some days off to go to court, lie under oath in the court, risk getting convicted of much more serious offences, and I would probably still have to pay the expired tag fine.
The "what if the chase never happened" numbers are very difficult to come by as it is almost impossible to know what might have happened.
Sure, estimating such numbers is probably difficult, although hardly impossible. It's the sort of thing someone working as a researcher in the field would spend a lot of time doing (and then hopefully publish!).
I'm not going to argue with your conclusion, since neither I have any data to support a different one. I'll simply satisfy with noting that neither of us knows whether the benefits outweigh the costs, and that I don't think the answer is particularly obvious by only looking at a single case and the total number of innocents dead.
OK, so now we are talking about minor offences instead. I agree that that is a different situation, but I think you are wrong about the first scenario (no chases). What would realistically happen is that the police would look up my license plate, and a couple of them would be waiting at my porch when I got home to greet me, not only with the fine for the expired tag, but with speeding and reckless driving charges as well. So I would certainly not run at high speed.
In the nine year period 1994 through 2002 1088 deaths were of people not in the fleeing vehicle, That is 121 deaths per year in the entire United States. Considering the number of high speed pursuits that occur that is a very small number. That may sound harsh but the benefits of apprehending criminals, who have demonstrated their lack of respect for their lives and the lives of others by entering the high speed chase, outweigh the costs.
The total number of high speed chases isn't a terribly interesting number if you're going to do a cost-benefit analysis. What's important is the number of criminals apprehended by virtue of the high speed chases, that would not have been apprehended by other means, and the amount of damage these criminals would have done while free.* So while you have the cost side pretty much covered -- 121 deaths per year is at least the most obvious component of it, property damages aside (although I would argue that the lives of the people in the chased car have some value as well, even when the driver is suspected to have committed a crime) -- the benefit side isn't at all clear in any quantitative terms, so I'm not sure how you can conclude that the benefits outweigh the costs.
That is, unless you think it's worth 121 human lives per year out of mere principle.
(* Or if you want to be thorough, the number of "criminal hours" times damage per hour. Other means of capture might be slower. On the other hand, most serial criminals would presumably get caught for other crimes sooner or later.)
The problem with not pursuing fleeing felons is that more will flee if they know they can get away by driving fast enough.
What do you base this assertion on? It suggests that with the current situation, a significant number of felons stop and hand themselves over as soon as the police initiates a chase, because they might not get away with certainty. I'm much more inclined to believe that someone who has just committed a felony, and is being chased by the police, is going to flee regardless of their chances. Even if there is just tiny shred of hope of getting away, people try to run.
For what it's worth, that is the standard operating procedure for Swedish police: They fall back and essentially just track the fleeing vehicle at a distance, then coordinate a road block using other vehicles, or just wait until the suspects eventually stop and apprehend them then. The reasoning is that, in most cases, a close pursuit will create even greater danger for innocent bystanders, and for the people in the fleeing car, some of which could be innocent as well (e.g. children).
No, you dimwit, that's exactly the point. Agile is not a silver bullet, it is a framework of good practices, and there is nothing stopping you from sinking a huge and complicated project (or a small one) even if you subscribe to them, precisely because they are no silver bullet.
What the GP refers to is that extensive testing it one of the most emphasised tenets within Agile, and if this project didn't do testing, it calls into question exactly what they were doing at all.
The biggest problem I see with Agile is that people think it is a silver bullet, and expect projects to magically become perfect as soon as you slap on an "Agile" sticker and let everyone go to a seminar, instead of actually understanding why certain practices are recommended and adapt them to their project's particular context.
Having the (Fedoras) install process work different than basically everything else is a bad choice in itself. And changing everything else would be utter idiocy[...]
Seriously, why would you require conformity between all existing installers in such utter detail? Surely, we must allow some room for diversity.
[...] displaying passwords without significant compelling reasons is simply atrociously bad design.
The reason would be that when you are setting a password, it is much more important to get it right. Furthermore, this is normally a rare activity, so the risks of displaying the password are proportionally reduced. I'm not saying this reason necessarily outweighs the risk of shoulder surfing, but I don't think the argument is as black-and-white as you make it.
But then you shouldn't blame a suicide's death on MIT or the Justice Department, either.
Indeed. However, the main issue as I see it isn't the ultimate fate of Aaron Swartz, but what lead up to it. His suicide is relevant only insomuch that it has drawn attention to what appears to be a rather gruesome prosecutorial overreach. These actions from these prosecutors (and possibly MIT, if it turns out that way) would be equally wrong, should Swartz have chosen to live on and endure.
It could probably be translated to "cohabitation partner". The legal term "sambo" refers to each of two people living together as a couple in a long-term relationship with a shared economy (like they were married). So simply sharing an apartment would not qualify from a legal perspective. (This is for example relevant if one of them were to die.)
So, with a government death squad supposedly after him he got a lookalike who he's known for 30 years and who changed his name to John McAfee to hand hmself in?
...in a different country. (But don't let that detail stop you from being 99% sure.)
[...] source is nothing but a modified Quake 2 engine. Quake 2! Seriously?
To be fair, isn't that a rather pointless description? The same could be said of any software that is developed evolutionary. Windows 8 is just a heavily modified version of Windows NT 3.1, Linux 3.6 is just a modified version of the original Intel 80386 exclusive release from 1991 that could run a maximum of 64 processes, and so on. It doesn't really tell you anything.
They did a good job and I appreciate their work, but they aren't the reason X11 was in use when they started X.org and it really says nothing about their understanding of why the X11 features are there, or what the needs of other developers are.
I'd take the word of anyone who has actually gone through implementing a complete X server over that of some random guy on slashdot, though.
This isn't exactly total guesswork. I live by the Baltic Sea, which for a long time has been over-fertilized by sewage treatment plants and agriculture in the surrounding countries, and vast areas of its bottom is today completely void of life due to oxygen depletion. I'm suspecting that by "possible" he means we have don't (yet) have any empirical evidence that it would also happen in that area of the ocean.
Well, so what? The intention may not have been to have the passwords written in plain text to a file, but they were. It doesn't matter how much you salt and encrypt the "master store" if you f*ck up and write them another file in clear text as well. They are there, readable on the disk. The fact that it was a log file doesn't diminish the error the least. In fact makes it even worse, since the security of a log file is likely not looked after to the same degree as a password database (as we can clearly see in this case, where they left it on an ftp). If you write clear text passwords along with user names to an unencrypted file under any circumstance whatsoever, you fail. If you have a clue about security, you simply never, ever do that!
And for that matter, what has invalid attempts got to do with it? Security through infinitesimal obscurity? Unless you have something like a million times as many invalid attempts as valid ones, it is of no consequence.
You'd think that people involved with the IEEE are a group that should know better, and yet the most common passwords according to the analysis reads like the usual suspects list from other breaches.
To be fair, there seem to be at most a few percent having lousy passwords. The other 98% or so of users deserve better protection, wouldn't you say?
Also, if you think about it, looking only at which passwords are the most common isn't a terribly useful metric of anything. If almost everyone choose very strong passwords (meaning few collisions) and 3 people choose "12345", then that would still be the most common password. In part precisely because the rest used strong passwords.
Technologically, you don't really have to choose between a locked down cloud and native only apps. It would be perfectly possible to have independent cloud storage services working with web based applications storing data in open and standardized formats, letting you choose where to store your data and which applications to use to work with it. The problem is it's usually not in the interest of individual corporations to open up in this way -- it's easier to develop when you control the whole stack, and it makes it harder for customers to leave.
Slashdot Mirror
...which turned into a rather enormous political scandal in Sweden when it became known, and was actually caused mostly by typical Swedish naivety (where the U.S. had promised Swedish ministers not to torture him if he was extradited). It is not for no reason there exists such a lengthy Wikipedia article about the poor man, considering his fate is fare from unique internationally speaking. So the example you bring up is in fact a strong argument for why Assange will very likely not be extradited from Sweden on a whim. Doing that would be political suicide for whoever gives the order.
...both of which could of course also be explained perfectly without the need to complicate it with a large-scale conspiracy.
Google is very much a company of engineers, and from an idealistic engineering perspective, an open and federated architecture like XMPP is nice. But from a business perspective, and with the market penetration and data mining business model that Google has, it can easily be argued that it is not in their interest to open up their platforms like that. That notwithstanding, I suspect the explanation could simply be that it became an unnecessary restraint to the way they wanted to develop their services -- a cost with unclear benefits.
The same goes for "do not track" -- there may be financial benefits in tracking your users, so why not do it if you can? It's what to be expected.
Of course the intelligence agencies of developed countries (to which I include China) want to monitor as much as they can, and they probably are to a large extent, but that doesn't mean everything that happens in this world is centred around that.
Sure, but that decision doesn't have to be made by us, or anyone else on an internet tech forum, and that's not what we are doing here either. Those who do, however, have both the time and the resources to do some thorough research before deciding.
More to the point, there is a difference between making a decision based on intuition, in the face of incomplete knowledge, and stating that intuition as a fact. In a discussion of this sort, it is important to separate what we know from what we presume, and that's what I'm getting at. While I'm also guessing that a blanket ban would probably not be optimal, I don't think it's clear or has been established that the current situation is optimal either, or even net positive. Perhaps it is, perhaps the ideal lies somewhere in between, or even on the side of more chases.
(If I were to continue to speculate, however, I would wager it is more likely that car chases happen too often than too seldom, simply based on the psychological dynamics involved; that it is mentally more rewarding in a heated situation like that to "go after the criminals" rather than to show intellectually conditioned restraint and composure -- and people are not perfect.)
Just to be clear, nevertheless, the anecdotal evidence provided by TFA is not by any means ground for assuming that the police is overeager in going after suspects in high-speed car chases, like many here seem to have assumed. The 1088 deaths figure you provided was much more interesting (although it is incomplete). So thank you for that.
Since nether of us have data we have to go on belief.
Yes, well, or not. I those cases I tend to stop at "I don't know". But I guess people are different.
It feels like this is going in circles a bit; are we back at felons again? So in summary, your argument is that felons would not get caught for minor traffic offences as often, because in those cases they would choose to run, and don't particularly mind the judicial aftermath that it could lead to. Sure, you may have a point there. It feels a bit construed, but given that your original claim was only that "more people will run", I have to concede that at least from a strictly formal standpoint you are probably correct.
(By the way, over here no offence can be charged to a vehicle. Speed traps fall in the same category as other traffic offences, meaning they have to prove who the driver is. But like I said, "your mileage may vary".)
Technically, maybe, but they would still drag me to court*, where I would have to argue that I in fact wasn't driving the car, potentially against photographic evidence showing someone resembling me in the drivers seat. It's pretty much the same situation as with a traffic enforcement camera, really. So instead of paying the initial fine, I would drive away in high speed (to my own peril), probably get arrested by police officers at my home for all my neighbours to see, have to explain to my boss that I need to take some days off to go to court, lie under oath in the court, risk getting convicted of much more serious offences, and I would probably still have to pay the expired tag fine.
(* At least where I live, YMMV.)
The "what if the chase never happened" numbers are very difficult to come by as it is almost impossible to know what might have happened.
Sure, estimating such numbers is probably difficult, although hardly impossible. It's the sort of thing someone working as a researcher in the field would spend a lot of time doing (and then hopefully publish!).
I'm not going to argue with your conclusion, since neither I have any data to support a different one. I'll simply satisfy with noting that neither of us knows whether the benefits outweigh the costs, and that I don't think the answer is particularly obvious by only looking at a single case and the total number of innocents dead.
OK, so now we are talking about minor offences instead. I agree that that is a different situation, but I think you are wrong about the first scenario (no chases). What would realistically happen is that the police would look up my license plate, and a couple of them would be waiting at my porch when I got home to greet me, not only with the fine for the expired tag, but with speeding and reckless driving charges as well. So I would certainly not run at high speed.
In the nine year period 1994 through 2002 1088 deaths were of people not in the fleeing vehicle, That is 121 deaths per year in the entire United States. Considering the number of high speed pursuits that occur that is a very small number. That may sound harsh but the benefits of apprehending criminals, who have demonstrated their lack of respect for their lives and the lives of others by entering the high speed chase, outweigh the costs.
The total number of high speed chases isn't a terribly interesting number if you're going to do a cost-benefit analysis. What's important is the number of criminals apprehended by virtue of the high speed chases, that would not have been apprehended by other means, and the amount of damage these criminals would have done while free.* So while you have the cost side pretty much covered -- 121 deaths per year is at least the most obvious component of it, property damages aside (although I would argue that the lives of the people in the chased car have some value as well, even when the driver is suspected to have committed a crime) -- the benefit side isn't at all clear in any quantitative terms, so I'm not sure how you can conclude that the benefits outweigh the costs.
That is, unless you think it's worth 121 human lives per year out of mere principle.
(* Or if you want to be thorough, the number of "criminal hours" times damage per hour. Other means of capture might be slower. On the other hand, most serial criminals would presumably get caught for other crimes sooner or later.)
What do you base this assertion on? It suggests that with the current situation, a significant number of felons stop and hand themselves over as soon as the police initiates a chase, because they might not get away with certainty. I'm much more inclined to believe that someone who has just committed a felony, and is being chased by the police, is going to flee regardless of their chances. Even if there is just tiny shred of hope of getting away, people try to run.
For what it's worth, that is the standard operating procedure for Swedish police: They fall back and essentially just track the fleeing vehicle at a distance, then coordinate a road block using other vehicles, or just wait until the suspects eventually stop and apprehend them then. The reasoning is that, in most cases, a close pursuit will create even greater danger for innocent bystanders, and for the people in the fleeing car, some of which could be innocent as well (e.g. children).
No, you dimwit, that's exactly the point. Agile is not a silver bullet, it is a framework of good practices, and there is nothing stopping you from sinking a huge and complicated project (or a small one) even if you subscribe to them, precisely because they are no silver bullet.
What the GP refers to is that extensive testing it one of the most emphasised tenets within Agile, and if this project didn't do testing, it calls into question exactly what they were doing at all.
The biggest problem I see with Agile is that people think it is a silver bullet, and expect projects to magically become perfect as soon as you slap on an "Agile" sticker and let everyone go to a seminar, instead of actually understanding why certain practices are recommended and adapt them to their project's particular context.
Having the (Fedoras) install process work different than basically everything else is a bad choice in itself. And changing everything else would be utter idiocy[...]
Seriously, why would you require conformity between all existing installers in such utter detail? Surely, we must allow some room for diversity.
[...] displaying passwords without significant compelling reasons is simply atrociously bad design.
The reason would be that when you are setting a password, it is much more important to get it right. Furthermore, this is normally a rare activity, so the risks of displaying the password are proportionally reduced. I'm not saying this reason necessarily outweighs the risk of shoulder surfing, but I don't think the argument is as black-and-white as you make it.
Why PlusFiveTroll is modded up is beyond me.
Perhaps because you didn't actually read the post before you entered rage mode and assumed (s)he was of opposing opinion?
This one is supposed to be older still, at an impressive age of 9550 years.
But then you shouldn't blame a suicide's death on MIT or the Justice Department, either.
Indeed. However, the main issue as I see it isn't the ultimate fate of Aaron Swartz, but what lead up to it. His suicide is relevant only insomuch that it has drawn attention to what appears to be a rather gruesome prosecutorial overreach. These actions from these prosecutors (and possibly MIT, if it turns out that way) would be equally wrong, should Swartz have chosen to live on and endure.
It could probably be translated to "cohabitation partner". The legal term "sambo" refers to each of two people living together as a couple in a long-term relationship with a shared economy (like they were married). So simply sharing an apartment would not qualify from a legal perspective. (This is for example relevant if one of them were to die.)
So, with a government death squad supposedly after him he got a lookalike who he's known for 30 years and who changed his name to John McAfee to hand hmself in?
...in a different country. (But don't let that detail stop you from being 99% sure.)
[...] source is nothing but a modified Quake 2 engine. Quake 2! Seriously?
To be fair, isn't that a rather pointless description? The same could be said of any software that is developed evolutionary. Windows 8 is just a heavily modified version of Windows NT 3.1, Linux 3.6 is just a modified version of the original Intel 80386 exclusive release from 1991 that could run a maximum of 64 processes, and so on. It doesn't really tell you anything.
They did a good job and I appreciate their work, but they aren't the reason X11 was in use when they started X.org and it really says nothing about their understanding of why the X11 features are there, or what the needs of other developers are.
I'd take the word of anyone who has actually gone through implementing a complete X server over that of some random guy on slashdot, though.
This isn't exactly total guesswork. I live by the Baltic Sea, which for a long time has been over-fertilized by sewage treatment plants and agriculture in the surrounding countries, and vast areas of its bottom is today completely void of life due to oxygen depletion. I'm suspecting that by "possible" he means we have don't (yet) have any empirical evidence that it would also happen in that area of the ocean.
Well, so what? The intention may not have been to have the passwords written in plain text to a file, but they were. It doesn't matter how much you salt and encrypt the "master store" if you f*ck up and write them another file in clear text as well. They are there, readable on the disk. The fact that it was a log file doesn't diminish the error the least. In fact makes it even worse, since the security of a log file is likely not looked after to the same degree as a password database (as we can clearly see in this case, where they left it on an ftp). If you write clear text passwords along with user names to an unencrypted file under any circumstance whatsoever, you fail. If you have a clue about security, you simply never, ever do that!
And for that matter, what has invalid attempts got to do with it? Security through infinitesimal obscurity? Unless you have something like a million times as many invalid attempts as valid ones, it is of no consequence.
You'd think that people involved with the IEEE are a group that should know better, and yet the most common passwords according to the analysis reads like the usual suspects list from other breaches.
To be fair, there seem to be at most a few percent having lousy passwords. The other 98% or so of users deserve better protection, wouldn't you say?
Also, if you think about it, looking only at which passwords are the most common isn't a terribly useful metric of anything. If almost everyone choose very strong passwords (meaning few collisions) and 3 people choose "12345", then that would still be the most common password. In part precisely because the rest used strong passwords.
However, the web server access logs logged the passwords entered in plaintext.
So, in other words, they were stored in plaintext.
Technologically, you don't really have to choose between a locked down cloud and native only apps. It would be perfectly possible to have independent cloud storage services working with web based applications storing data in open and standardized formats, letting you choose where to store your data and which applications to use to work with it. The problem is it's usually not in the interest of individual corporations to open up in this way -- it's easier to develop when you control the whole stack, and it makes it harder for customers to leave.