I've often wondered how much all of the X-replacement projects are addressing actual limitations in X11 and how many are simply unable to navigate the terse and undocumented X.org code.
The key idea is that in all countries with "one person - one vote" the effort needed to do a full manual count (which is actually a dual count and verification) is exactly proportional to the size of the country, so it should be just as easy to do this in the US as in Norway!
To which you replied that the USA has a lot more people than Norway. I strongly suspect that this means that you are an idiot.
That doesn't sound right. As I understand it, Ireland has a Single Transferable Vote (STV) system. Under STV, you count all of the first votes, and if no one wins outright then you eliminate the least-popular candidate and redistribute their votes to their second choice. If there's still no clear winner then you eliminate the least-popular remaining candidate and redistribute all of their votes to their second choice if they're still there or to their third choice if they aren't. You repeat this until someone has 50%. You never dump all of the votes out, you only redistribute them from the least-popular candidate.
There are other problems with STV, including some quite odd failure modes. For example, if you have four candidates, A, B, C, and D and 30% vote ABCD, 25% vote CBDA, 24% vote DBCA, and 21% vote BCDA, then candidate A will win. B is eliminated in the first round (because he receives the fewest votes) and all of his votes are redistributed to A. Now A has 51% and so wins, in spite of being there last choice for 70% of the electorate, and B never gets to see any of the second-choice votes in spite of being the first or second choice for 100% of the electorate. Of course, the same problem happens with first past the post, but there you don't have the information required to know that it's happened.
There are some variations on STV that avoid these corner cases, but they make counting harder.
I've heard a lot of programmers make the claim that good code should be self documenting and while there is truth to that, most of the time it's just an excuse to blow off the humdrum work of doing proper documentation fully.
This idea was the core of Knuth's Literate Programming model, where the code was embedded in the documentation and could be extracted and turned into something to feed into a compiler. The closest thing in widespread use is Doxygen, which is pretty poor in comparison to WEB, but a lot better than nothing.
The problem in the US is that they vote on vast numbers of things. At most, in the UK, I'm voting for 3-4 offices at a time (MP, MEP, devolved parliament / assembly representative, local councillor) and these rarely line up so I typically only vote for 1-2 at a time. In the US, they vote for everything from local dog catcher on up. This increases the complexity of the elections considerably (and has secondary effects, such as politicising the judiciary - which in other countries is intended to be apolitical - by making both the judges and the district attorneys elected positions).
EV certs show that the CA has performed some validation that the certificate is associated with a specific organisation, not just with a domain name. It's how you know that the cert for paypal.com is owned by PayPal Inc. and the domain for paypal.scammer.com is not.
The risks of drugs vary a bit depending on which drug and the person. But even in the best case you're ingesting something with minimal testing and understanding of the long-term effects.
We should set up a controlled area for trials and observe the long-term effects on them. Let's call it 'Silicon Valley'.
Symantec doesn't do free certs, so no one is likely to be using them for non-commercial sites where Let's Encrypt would be appropriate. Most of their business is in the form of EV Certs. The process of applying for an EV certificate can take several weeks, once you've picked the replacement provider, because there are several round trips of paperwork. 90 days is probably long enough, but it's cutting it a bit fine for a lot of people.
A year seems a long time. I'd start by immediately downgrading all EV certs from Symantec to normal certs. Then, a month later, remove the padlock icon entirely and treat them as if they were HTTP. Two months after that, distrust them entirely.
As for those innocent businesses: they were sold a cert by Symantec with 'accepted by all major browsers' in the advertising. They're going to get a full refund (and if they don't, you can bet that the class action suit will hurt Symantec more than giving refunds). If there's a rush to switch, you can bet that there are a lot of CAs that would give a discount for the first year for existing Symantec customers.
10 minutes? My laptop's SSD can manage 300MB/s sustained writes on a good day. Ten minutes is enough to write 175GB. The drive is 1TB and about 900GB is used. Assuming that I had the data in a form that I could just stream to the disk without the FS getting in the way, it would take around 50 minutes, and that's assuming that the SSD could actually sustain that write speed for that long (it can't). Either your system disk and your backups are NVMe, or you don't have much data on your computer...
We use Microsoft's equivalents because, when it came to negotiating the license, the Google approach was take it or leave it, whereas MS worked with our IT folk to put together a contract that didn't violate any NDAs or regulatory requirements for data integrity that different departments had. The Google license was basically incompatible with any organisation that has any legal data protection requirements.
Privacy isn't just something that's nice for individuals to have, it's an absolute requirement for a lot of businesses. If you're doing anything with medical records, then you must not share them with anyone without the correct compliance procedures in place. That's an extreme example, but most companies have commercially sensitive data. Similarly, most companies have data retention policies that require that things be deleted after a certain amount of time, but Google has no way of guaranteeing deletion (as a core part of their distributed filesystem design: deletion is implemented by simply stopping replicating some data and waiting for the drives that it's on to fail).
Microsoft's products aren't insecure because they're closed source, and these days MS has pretty good security practices (they're still insecure, because they're so complex, but not more insecure than the rest of the industry). The problem for security with being closed source is that you rely on a single vendor to fix the issue. If Microsoft decides that your version of the product is not going to get security updates anymore and you need to buy the new one (then test and update all of your software to work with it) then this can cause huge delays or costs in rolling out a security update. In contrast, if it's open source and it's important to your business you can find multiple companies that will bid to back-port the security fix to your version.
the performance delta between a computer today and a computer 20 years ago is practically infinite
No it isn't, it's finite and it's a predictable number that is factored into the design of crypto systems. You assume that performance doubles roughly every year (a bit faster than Moore's law, but this factors in changes like GPUs / DSPs / FPGAs becoming cheap). For a symmetric crypto algorithm, adding one bit to the key length doubles the computational cost of attacking it, so if you want your data to be secure in 20 years than you work out how long it would take to crack it today and add 20 bits. Adding 20 bits is a bit awkward, so you round up to the nearest power of two.
Occasionally you make the jump sooner. A lot of things moved from 128-bit AES to 256-bit AES, because it turns out that 256-bit AES is faster. Magical quantum computers aside, that gives an extra century or so before any of these can be cracked (ignoring weaknesses in the implementation, which are how most of these things are broken).
Because Google isn't the only player in most of those markets, only the dominant one, and the EU is the second-largest market in the world. You don't cede the second-largest market in the world to your competitors and expect to remain dominant in the largest and third largest.
Are you sure? I'm pretty sure that they bought the building near Kings Cross, at least.
As far as revenue, it takes all of about 2 days to switch banks for processing
Doesn't help. Any bank that does business in the EU will freeze accounts when required to by law or lose their banking license in the EU. Unless they decide to go entirely to taking payments in Bitcoin, there is no way of avoiding this (and if they looked seriously as if they were trying then they'd also be hit with money laundering charges).
And yes - you could prohibit Google apps from cell phones - and piss off 70% of the population (Android OS is about 70% of all mobile OSes in Europe)
Android OS isn't a Google product, the Google Apps that most handset makers ship in addition to Android are. Samsung and Amazon ship devices with their own replacements for these and would be very happy to suddenly be handed one of the largest markets in the world.
They could repossess the nice big buildings that Google owns in the middle of London, Paris, Dublin, Munich, and so on.. They could confiscate all of the advertising revenue that flows from EU companies to Google via EU banks. They could confiscate all revenue that flows through EU payment processors to the Google Play store. They could prevent mobile phones sold in the EU from including Google apps.
the TRULY poor people can't afford luxuries like smart phones
Not sure about the US, but here it's cheaper to have a pre-pay mobile than to have a landline. If you don't make many calls, the line rental alone on a landline costs more than you'll pay for the calls on the mobile. If you're getting a mobile, it's pretty hard not to get a smartphone. A cheap 4-year-old second-hand Android phone will run the apps and cost next to nothing and can be bought from high street shops. You don't need a data plan, you need to stand near somewhere that has free WiFi, or you need a cheap home Internet connection.
You'll notice if the phone is stolen, but not if the SIM is cloned. Attacks of this nature have been seen in the wild, which is why using a phone as the second factor in 2FA is no longer recommended procedure.
First, the economic value of particular forms of work. If someone is doing work that can be done cheaper by a machine (or which provides no value and can be simply avoided entirely by making workflows more efficient) then there is a benefit to the economy as a whole from automating or eliminating that job.
Second, there is the degree to which labour is used to redistribute capital. In a capitalist system, working is the primary mechanism by which capital flows from those that are born rich to those that are not. Those born poor often have less access to education and so are less likely to be qualified for high-skill jobs. There are basically three options regarding these people: you give them jobs that allow them to acquire capital, you round them up or kill them, or you wait until they turn up at the doors of those who have accumulated disproportionate amounts of wealth with pitchforks and flaming torches, then you reset the system with a different set of rulers.
Finally, there's the social and psychological effect of doing productive work. Humans are social animals and doing work that is of value to others helps encourage social cohesion.
Economists tend to look solely at the first, politicians primarily at the second.
The battery comes with an 8-year warranty. If they discharge to 60%, then it will last for longer than if they discharge to 50%. Battery failures are not 100% predictable though, they're statistical. The extra 10% capacity translates to a higher probability that the battery will fail under warranty. The price of the increase is designed to compensate for this.
If Tesla can sell the same hardware at different price points and still make a profit then the higher price point is simply profiteering. I would rather they sell it at a fair price.
The problem with this argument is that they typically can't. The same is true for Intel binning parts and other manufacturers that have similar practices. They can make a profit if they sell, for example, 75% of them for $n, 20% for $2n, and 5% for $10n. They can't make a profit if they sell all of them at $n. Your choice is for them to either sell them all for $1.65n, or sell 75% of them for $n and charge a premium for the rest. It's even more complicated, because these prices depend on amortising large fixed R&D costs across large numbers of sales and so if selling everything at $1.65n would reduce their sales by 10% then actually they'd have to sell at $1.84n, but if that reduced their sales more then there might not be a point at which they're recoup their R&D costs.
Slashdot Mirror
I'm looking at you, Keith Packard and friends.
I've often wondered how much all of the X-replacement projects are addressing actual limitations in X11 and how many are simply unable to navigate the terse and undocumented X.org code.
The key idea is that in all countries with "one person - one vote" the effort needed to do a full manual count (which is actually a dual count and verification) is exactly proportional to the size of the country, so it should be just as easy to do this in the US as in Norway!
To which you replied that the USA has a lot more people than Norway. I strongly suspect that this means that you are an idiot.
That doesn't sound right. As I understand it, Ireland has a Single Transferable Vote (STV) system. Under STV, you count all of the first votes, and if no one wins outright then you eliminate the least-popular candidate and redistribute their votes to their second choice. If there's still no clear winner then you eliminate the least-popular remaining candidate and redistribute all of their votes to their second choice if they're still there or to their third choice if they aren't. You repeat this until someone has 50%. You never dump all of the votes out, you only redistribute them from the least-popular candidate.
There are other problems with STV, including some quite odd failure modes. For example, if you have four candidates, A, B, C, and D and 30% vote ABCD, 25% vote CBDA, 24% vote DBCA, and 21% vote BCDA, then candidate A will win. B is eliminated in the first round (because he receives the fewest votes) and all of his votes are redistributed to A. Now A has 51% and so wins, in spite of being there last choice for 70% of the electorate, and B never gets to see any of the second-choice votes in spite of being the first or second choice for 100% of the electorate. Of course, the same problem happens with first past the post, but there you don't have the information required to know that it's happened.
There are some variations on STV that avoid these corner cases, but they make counting harder.
I've heard a lot of programmers make the claim that good code should be self documenting and while there is truth to that, most of the time it's just an excuse to blow off the humdrum work of doing proper documentation fully.
This idea was the core of Knuth's Literate Programming model, where the code was embedded in the documentation and could be extracted and turned into something to feed into a compiler. The closest thing in widespread use is Doxygen, which is pretty poor in comparison to WEB, but a lot better than nothing.
The problem in the US is that they vote on vast numbers of things. At most, in the UK, I'm voting for 3-4 offices at a time (MP, MEP, devolved parliament / assembly representative, local councillor) and these rarely line up so I typically only vote for 1-2 at a time. In the US, they vote for everything from local dog catcher on up. This increases the complexity of the elections considerably (and has secondary effects, such as politicising the judiciary - which in other countries is intended to be apolitical - by making both the judges and the district attorneys elected positions).
EV certs show that the CA has performed some validation that the certificate is associated with a specific organisation, not just with a domain name. It's how you know that the cert for paypal.com is owned by PayPal Inc. and the domain for paypal.scammer.com is not.
The risks of drugs vary a bit depending on which drug and the person. But even in the best case you're ingesting something with minimal testing and understanding of the long-term effects.
We should set up a controlled area for trials and observe the long-term effects on them. Let's call it 'Silicon Valley'.
As the fortune file told me: Berkeley is famous for two things, LSD and UNIX. There might be a reason for this.
Symantec doesn't do free certs, so no one is likely to be using them for non-commercial sites where Let's Encrypt would be appropriate. Most of their business is in the form of EV Certs. The process of applying for an EV certificate can take several weeks, once you've picked the replacement provider, because there are several round trips of paperwork. 90 days is probably long enough, but it's cutting it a bit fine for a lot of people.
A year seems a long time. I'd start by immediately downgrading all EV certs from Symantec to normal certs. Then, a month later, remove the padlock icon entirely and treat them as if they were HTTP. Two months after that, distrust them entirely.
As for those innocent businesses: they were sold a cert by Symantec with 'accepted by all major browsers' in the advertising. They're going to get a full refund (and if they don't, you can bet that the class action suit will hurt Symantec more than giving refunds). If there's a rush to switch, you can bet that there are a lot of CAs that would give a discount for the first year for existing Symantec customers.
10 minutes? My laptop's SSD can manage 300MB/s sustained writes on a good day. Ten minutes is enough to write 175GB. The drive is 1TB and about 900GB is used. Assuming that I had the data in a form that I could just stream to the disk without the FS getting in the way, it would take around 50 minutes, and that's assuming that the SSD could actually sustain that write speed for that long (it can't). Either your system disk and your backups are NVMe, or you don't have much data on your computer...
We use Microsoft's equivalents because, when it came to negotiating the license, the Google approach was take it or leave it, whereas MS worked with our IT folk to put together a contract that didn't violate any NDAs or regulatory requirements for data integrity that different departments had. The Google license was basically incompatible with any organisation that has any legal data protection requirements.
Privacy isn't just something that's nice for individuals to have, it's an absolute requirement for a lot of businesses. If you're doing anything with medical records, then you must not share them with anyone without the correct compliance procedures in place. That's an extreme example, but most companies have commercially sensitive data. Similarly, most companies have data retention policies that require that things be deleted after a certain amount of time, but Google has no way of guaranteeing deletion (as a core part of their distributed filesystem design: deletion is implemented by simply stopping replicating some data and waiting for the drives that it's on to fail).
Microsoft's products aren't insecure because they're closed source, and these days MS has pretty good security practices (they're still insecure, because they're so complex, but not more insecure than the rest of the industry). The problem for security with being closed source is that you rely on a single vendor to fix the issue. If Microsoft decides that your version of the product is not going to get security updates anymore and you need to buy the new one (then test and update all of your software to work with it) then this can cause huge delays or costs in rolling out a security update. In contrast, if it's open source and it's important to your business you can find multiple companies that will bid to back-port the security fix to your version.
the performance delta between a computer today and a computer 20 years ago is practically infinite
No it isn't, it's finite and it's a predictable number that is factored into the design of crypto systems. You assume that performance doubles roughly every year (a bit faster than Moore's law, but this factors in changes like GPUs / DSPs / FPGAs becoming cheap). For a symmetric crypto algorithm, adding one bit to the key length doubles the computational cost of attacking it, so if you want your data to be secure in 20 years than you work out how long it would take to crack it today and add 20 bits. Adding 20 bits is a bit awkward, so you round up to the nearest power of two.
Occasionally you make the jump sooner. A lot of things moved from 128-bit AES to 256-bit AES, because it turns out that 256-bit AES is faster. Magical quantum computers aside, that gives an extra century or so before any of these can be cracked (ignoring weaknesses in the implementation, which are how most of these things are broken).
Because Google isn't the only player in most of those markets, only the dominant one, and the EU is the second-largest market in the world. You don't cede the second-largest market in the world to your competitors and expect to remain dominant in the largest and third largest.
Google leases those places
Are you sure? I'm pretty sure that they bought the building near Kings Cross, at least.
As far as revenue, it takes all of about 2 days to switch banks for processing
Doesn't help. Any bank that does business in the EU will freeze accounts when required to by law or lose their banking license in the EU. Unless they decide to go entirely to taking payments in Bitcoin, there is no way of avoiding this (and if they looked seriously as if they were trying then they'd also be hit with money laundering charges).
And yes - you could prohibit Google apps from cell phones - and piss off 70% of the population (Android OS is about 70% of all mobile OSes in Europe)
Android OS isn't a Google product, the Google Apps that most handset makers ship in addition to Android are. Samsung and Amazon ship devices with their own replacements for these and would be very happy to suddenly be handed one of the largest markets in the world.
They could repossess the nice big buildings that Google owns in the middle of London, Paris, Dublin, Munich, and so on.. They could confiscate all of the advertising revenue that flows from EU companies to Google via EU banks. They could confiscate all revenue that flows through EU payment processors to the Google Play store. They could prevent mobile phones sold in the EU from including Google apps.
the TRULY poor people can't afford luxuries like smart phones
Not sure about the US, but here it's cheaper to have a pre-pay mobile than to have a landline. If you don't make many calls, the line rental alone on a landline costs more than you'll pay for the calls on the mobile. If you're getting a mobile, it's pretty hard not to get a smartphone. A cheap 4-year-old second-hand Android phone will run the apps and cost next to nothing and can be bought from high street shops. You don't need a data plan, you need to stand near somewhere that has free WiFi, or you need a cheap home Internet connection.
You'll notice if the phone is stolen, but not if the SIM is cloned. Attacks of this nature have been seen in the wild, which is why using a phone as the second factor in 2FA is no longer recommended procedure.
Only if driving it rough would invalidate the warranty on the parts that have worn out when they'd normally be expected to still be covered.
And how many 3-year-olds get a loan so that someone can teach them to read while their parents are working two jobs?
They are also almost certainly subsidising the batteries of those that don't pay for the upgrade from the money that they make from the upgrades.
First, the economic value of particular forms of work. If someone is doing work that can be done cheaper by a machine (or which provides no value and can be simply avoided entirely by making workflows more efficient) then there is a benefit to the economy as a whole from automating or eliminating that job.
Second, there is the degree to which labour is used to redistribute capital. In a capitalist system, working is the primary mechanism by which capital flows from those that are born rich to those that are not. Those born poor often have less access to education and so are less likely to be qualified for high-skill jobs. There are basically three options regarding these people: you give them jobs that allow them to acquire capital, you round them up or kill them, or you wait until they turn up at the doors of those who have accumulated disproportionate amounts of wealth with pitchforks and flaming torches, then you reset the system with a different set of rulers.
Finally, there's the social and psychological effect of doing productive work. Humans are social animals and doing work that is of value to others helps encourage social cohesion.
Economists tend to look solely at the first, politicians primarily at the second.
The battery comes with an 8-year warranty. If they discharge to 60%, then it will last for longer than if they discharge to 50%. Battery failures are not 100% predictable though, they're statistical. The extra 10% capacity translates to a higher probability that the battery will fail under warranty. The price of the increase is designed to compensate for this.
If Tesla can sell the same hardware at different price points and still make a profit then the higher price point is simply profiteering. I would rather they sell it at a fair price.
The problem with this argument is that they typically can't. The same is true for Intel binning parts and other manufacturers that have similar practices. They can make a profit if they sell, for example, 75% of them for $n, 20% for $2n, and 5% for $10n. They can't make a profit if they sell all of them at $n. Your choice is for them to either sell them all for $1.65n, or sell 75% of them for $n and charge a premium for the rest. It's even more complicated, because these prices depend on amortising large fixed R&D costs across large numbers of sales and so if selling everything at $1.65n would reduce their sales by 10% then actually they'd have to sell at $1.84n, but if that reduced their sales more then there might not be a point at which they're recoup their R&D costs.