Towns have been drowned in pig shit when dams failed. There are plenty of sources of carbon at the moment, thank you. Of course, methane digesters are a proven technology that will also work on pig shit, so it'd be better to just get to work generating power with them, rather than waiting for this pipe dream to become a reality. When people figure out how to make gasoline digesters, we can probably upgrade the methane digesters.
Benzene is toxic. Gut bacteria producing it will probably be bad. Aside from that, yes, gasoline is a really great way to store energy, and internal combustion engines are getting quite efficient, so this might well be a less toxic alternative to batteries. However, until it's reduced to practice there's no point in arguing about it.
Meh, the blight will just hack the people in the cubicle next to him and send them over to make him sit in front of the programming screen. No need to hack him through an ASCII terminal. Prepare to be assimilated! (Speaking of which, why do Borgs always say stuff like that? How do you prepare to be assimilated?)
This is absolutely true. However, the typical user simply doesn't have the mental model they need to evaluate whether they are secure. A solution that gives them security 99% of the time is a lot better than one that gives them security 0% of the time. The remaining 1% could very well completely screw them, but if they were at 0%, they would be completely open to attack. Best is the enemy of good enough.
FWIW, I am not arguing that the system doesn't need to be improved. I'm just saying that throwing it out and replacing it with nothing is not an improvement.
Trust is not binary. It costs some effort to get a key certified for a domain that isn't yours. So a CA cert says "either this key is good, or someone spent a lot of money to compromise it." Of course, you'd much rather that it said "this key is good," but that's not what it says, and the fact that it doesn't say that doesn't mean the cert is valueless—it just means that it has limited value.
We definitely need a stronger system, but the current system is better than no system.
It's great if you have the discipline to do that, but this is not a UI that works for people who do not understand the threat model, because they will get popups all the time, and they don't know how to check whether they are valid. So they'll just get in the habit of clicking yes. So this winds up potentially being _worse_ than the status quo, because now a bad cert will present a similar, if not the same, UI to a good cert, and they'll click through on both without validating either.
In fact something like this exists and may even be supported by your browser, but isn't in wide deployment at the moment. The way it works is that example.com goes out and gets an SSL cert for example.com, signed by some reasonable CA. example.com also configures dnssec for their domain. When you go to https://example.com/ your web browser does a DNS query against _443._tcp.example.com for TLSA records. If it finds any, it validates the cert it gets via TLS against the TLSA record; the TLSA record can specify what certs are valid, or it can specify what certificate authority key (trust anchor) is valid, and there are a few other modes. The basic principle is that you now have two paths for validating the TLS cert: the CA _and_ DNSSEC. If both validate, use the cert. If either fails, don't use it. You can read all about it here.
In addition, TLS provides for certificate revocation, so if someone generates a bogus cert and it is _detected_, the cert can be revoked, or if a key is compromised, the cert for that key can be revoked.
These mechanisms seem more likely to be useful than just requiring certs from two different CAs.
No, actually it isn't going too far. Cryptography is fundamental to the success of the Internet. Every time you log in to a web site, every time you buy something, you are using encryption to avoid revealing your password and your credit card to anybody who happens to be sniffing any wire between you and the web site you are accessing.
When you use "the cloud" to do business, you are relying on the security of a system that is not under your control. If the security of that system can be routinely compromised by the NSA, it might be better not to use it. This in fact does undermine trust in the Internet, and damages businesses that would like you to be able to trust them.
Some of the undermining of trust is actually good. It's good that we are now more realistic about what it means to share our private information with Facebook and Google. But since there is no alternative, it does little good. A few people stop using Facebook, but most people rely on it too much to stop using it.
In the long run, I think this reality check is a good thing, as long as the NSA doesn't now start pushing ideas like the Clipper Chip. The fact that Brazil and Germany are making a big stink about this on the international scene is good. But it is in fact clearly true that what the NSA has done has undermined the technical foundations of the internet, and I worry that the fallout from this fiasco will be a divided internet that is less useful for community, but more lucrative for industry. The ISOC is right to be bringing up this issue, and I hope that some good comes of it.
The patent still has value to practicing entities, just not to NPEs. But your basic point is correct—getting rid of NPEs won't solve the patent problem. Granting patents to all comers is like selling arms to all sides in a civil war. Sure, it's fair, but wouldn't it be better to get them to disarm and resolve their differences some other way?
Global temperature has gone up. This means that storm systems have more energy. This means that we can expect to see more destructive storms. And we are seeing them. This is not animism—it's physics. If you haven't heard of this before, you aren't paying attention to the literature. I will admit that I pulled Joplin out of my hat, and it's too soon to say what the deal with Boulder is. We had extreme weather before the increase in global temperatures became significant, so not every extreme weather event is the result of the recent increases in global temperatures. That said, you can't pour energy into a system and expect the energy output of that system to not to increase as well. So whistle past the graveyard all you want, but that's what you're doing here.
It works pretty well if we pay attention. If we just sit around playing videogames, then yeah, it turns into a catastrophe. But pretty much anything works if we pay attention. Your argument is self-fulfilling—you are telling us we can't win, so there's no point in paying attention. That's exactly the wrong thing to do. It's almost as if you want regulatory capture.
Mitigating global warming is cheap. Just use less carbon. Adapting is expensive. How many Boulders, Joplins and so forth will we have to rebuild? The sad irony is that the carbon economy continues to sputter along not because it is cheaper than a clean economy, but simply because it is the incumbent, and the incentives favor it. Switching would certainly cost a lot of tycoons an easy fortune, but for the average Joe? Switching away from a carbon economy means more, better paying jobs. Who cares about the poor oil tycoons?
It's much more likely that he or she will find more icewm users here. How many mailing lists do you subscribe to that have to do with the various bits of software you run? I'd guess it's not zero, but it's not huge.
You've hit the nail on the head here. What matters is not the experience of the person you are killing—it will be over quickly, whether it is agonizing or not. What matters is how you feel about it after they are dead. With a fatal GSW, you can feel like it was a "good death," because they didn't suffer a lot, whereas with chemical weapons, you would feel like it's a "bad death," because they suffered horribly. So chemical weapons are bad not because they cause the victim to suffer, but because they cause the witnesses to suffer.
I was making a different point: killing is wrong. The main affect that a death that is imposed upon you by another human being has is that you don't get to live the rest of your life. Your family is deprived of your company, and your productivity. You do not have any further opportunity to make something out of your life, to atone for those things you regret, to express your love to the people you care about.
In reality, you can die at any time, of any cause. You can be hit by a car, and die an agonizing death by the side of the road. You can get tetanus, and die as you described, in terrible pain. You can die of old age which, although it is often considered the best possible outcome, is certainly not pleasant, and not something anyone would seek out unless there were no alternative.
Death is the enemy. For a human being to visit death upon another human being is to give aid and comfort to the enemy.
Indeed. The problem is finding enough icewm users to fund a programmer to do maintenance on it. What the OP really ought to be doing is not looking for someone to work on icewm, but for fellow users.
When someone points a gun at you and threatens to kill you, and someone else points a gun at them and says "look, you can kill that guy, but I'll kill you," that's not getting rolled. That's getting stopped. Getting rolled is when they take something from you while you're sleeping. Here, nothing was taken other than the opportunity to buy some new tomahawk missiles. Effectively, Putin saved the American taxpayers from getting rolled.
That's not really the point, though. The point is that a year from now, when that comes up, if progress has been made they can say "look, progress is being made, we don't actually have to bomb Syria" and thereby save face. Or if they want a pretext to bomb Syria, even if progress has been made, they can say "to little, too late" and go ahead with the bombing. The main focus here is on kicking the can down the road. I'd much prefer a rational assessment of the situation, and a constructive solution to the problem, but inaction is better than stupid action.
Indeed, "the use of chemical weapons anywhere in the world is an affront to human dignity" could be reworded as "the use of deadly weapons anywhere in the world is an affront to human dignity" without really changing the meaning—what do I care if you kill me with a sword or with poison gas? I don't want you to kill me with either. That's what an affront to human dignity is in this context.
So the reason for focusing on chemical weapons is that we aren't ready to have that conversation about, say, guns. Which is of course totally ridiculous.
Best is the enemy of good enough. The reason the 9/11 attackers got their knives through security is that security wasn't looking for box cutters—you were allowed to take them on airplanes. Security checkpoints _do_ work. They just don't work _perfectly_, and some of what is being done now is way past the point of diminishing returns. But if having airlines run security is such a great idea, why don't the Israelis do it?
What I mean when I say the incentives are wrong is that if you have the airlines run security, they want two things: throughput, and CYA. If you have the TSA do it, they want the appearance of diligence, and money to spend on toys. They don't get punished for going past the point of diminishing returns. For that to happen requires oversight, but of course the incentives are in the wrong place there too—nobody appears willing to vote their politicians out of office because they support the TSA's current operational practices.
Slashdot Mirror
Hm, sounds like a cheap route to shock therapy!
..what do they sound like?
Towns have been drowned in pig shit when dams failed. There are plenty of sources of carbon at the moment, thank you. Of course, methane digesters are a proven technology that will also work on pig shit, so it'd be better to just get to work generating power with them, rather than waiting for this pipe dream to become a reality. When people figure out how to make gasoline digesters, we can probably upgrade the methane digesters.
Benzene is toxic. Gut bacteria producing it will probably be bad. Aside from that, yes, gasoline is a really great way to store energy, and internal combustion engines are getting quite efficient, so this might well be a less toxic alternative to batteries. However, until it's reduced to practice there's no point in arguing about it.
Meh, the blight will just hack the people in the cubicle next to him and send them over to make him sit in front of the programming screen. No need to hack him through an ASCII terminal. Prepare to be assimilated! (Speaking of which, why do Borgs always say stuff like that? How do you prepare to be assimilated?)
This is absolutely true. However, the typical user simply doesn't have the mental model they need to evaluate whether they are secure. A solution that gives them security 99% of the time is a lot better than one that gives them security 0% of the time. The remaining 1% could very well completely screw them, but if they were at 0%, they would be completely open to attack. Best is the enemy of good enough.
FWIW, I am not arguing that the system doesn't need to be improved. I'm just saying that throwing it out and replacing it with nothing is not an improvement.
No, worse! Let's threaten them with the round pillows!
Trust is not binary. It costs some effort to get a key certified for a domain that isn't yours. So a CA cert says "either this key is good, or someone spent a lot of money to compromise it." Of course, you'd much rather that it said "this key is good," but that's not what it says, and the fact that it doesn't say that doesn't mean the cert is valueless—it just means that it has limited value.
We definitely need a stronger system, but the current system is better than no system.
It's great if you have the discipline to do that, but this is not a UI that works for people who do not understand the threat model, because they will get popups all the time, and they don't know how to check whether they are valid. So they'll just get in the habit of clicking yes. So this winds up potentially being _worse_ than the status quo, because now a bad cert will present a similar, if not the same, UI to a good cert, and they'll click through on both without validating either.
In fact something like this exists and may even be supported by your browser, but isn't in wide deployment at the moment. The way it works is that example.com goes out and gets an SSL cert for example.com, signed by some reasonable CA. example.com also configures dnssec for their domain. When you go to https://example.com/ your web browser does a DNS query against _443._tcp.example.com for TLSA records. If it finds any, it validates the cert it gets via TLS against the TLSA record; the TLSA record can specify what certs are valid, or it can specify what certificate authority key (trust anchor) is valid, and there are a few other modes. The basic principle is that you now have two paths for validating the TLS cert: the CA _and_ DNSSEC. If both validate, use the cert. If either fails, don't use it. You can read all about it here.
In addition, TLS provides for certificate revocation, so if someone generates a bogus cert and it is _detected_, the cert can be revoked, or if a key is compromised, the cert for that key can be revoked.
These mechanisms seem more likely to be useful than just requiring certs from two different CAs.
No, actually it isn't going too far. Cryptography is fundamental to the success of the Internet. Every time you log in to a web site, every time you buy something, you are using encryption to avoid revealing your password and your credit card to anybody who happens to be sniffing any wire between you and the web site you are accessing.
When you use "the cloud" to do business, you are relying on the security of a system that is not under your control. If the security of that system can be routinely compromised by the NSA, it might be better not to use it. This in fact does undermine trust in the Internet, and damages businesses that would like you to be able to trust them.
Some of the undermining of trust is actually good. It's good that we are now more realistic about what it means to share our private information with Facebook and Google. But since there is no alternative, it does little good. A few people stop using Facebook, but most people rely on it too much to stop using it.
In the long run, I think this reality check is a good thing, as long as the NSA doesn't now start pushing ideas like the Clipper Chip. The fact that Brazil and Germany are making a big stink about this on the international scene is good. But it is in fact clearly true that what the NSA has done has undermined the technical foundations of the internet, and I worry that the fallout from this fiasco will be a divided internet that is less useful for community, but more lucrative for industry. The ISOC is right to be bringing up this issue, and I hope that some good comes of it.
Perhaps you could explain why that difference is important? Both outcomes seem bad to me.
The patent still has value to practicing entities, just not to NPEs. But your basic point is correct—getting rid of NPEs won't solve the patent problem. Granting patents to all comers is like selling arms to all sides in a civil war. Sure, it's fair, but wouldn't it be better to get them to disarm and resolve their differences some other way?
Global temperature has gone up. This means that storm systems have more energy. This means that we can expect to see more destructive storms. And we are seeing them. This is not animism—it's physics. If you haven't heard of this before, you aren't paying attention to the literature. I will admit that I pulled Joplin out of my hat, and it's too soon to say what the deal with Boulder is. We had extreme weather before the increase in global temperatures became significant, so not every extreme weather event is the result of the recent increases in global temperatures. That said, you can't pour energy into a system and expect the energy output of that system to not to increase as well. So whistle past the graveyard all you want, but that's what you're doing here.
It works pretty well if we pay attention. If we just sit around playing videogames, then yeah, it turns into a catastrophe. But pretty much anything works if we pay attention. Your argument is self-fulfilling—you are telling us we can't win, so there's no point in paying attention. That's exactly the wrong thing to do. It's almost as if you want regulatory capture.
Mitigating global warming is cheap. Just use less carbon. Adapting is expensive. How many Boulders, Joplins and so forth will we have to rebuild? The sad irony is that the carbon economy continues to sputter along not because it is cheaper than a clean economy, but simply because it is the incumbent, and the incentives favor it. Switching would certainly cost a lot of tycoons an easy fortune, but for the average Joe? Switching away from a carbon economy means more, better paying jobs. Who cares about the poor oil tycoons?
Guns are cheap. Your expensive guns might be better, but a thousand people with cheap guns will overrun you without difficulty.
It's much more likely that he or she will find more icewm users here. How many mailing lists do you subscribe to that have to do with the various bits of software you run? I'd guess it's not zero, but it's not huge.
You've hit the nail on the head here. What matters is not the experience of the person you are killing—it will be over quickly, whether it is agonizing or not. What matters is how you feel about it after they are dead. With a fatal GSW, you can feel like it was a "good death," because they didn't suffer a lot, whereas with chemical weapons, you would feel like it's a "bad death," because they suffered horribly. So chemical weapons are bad not because they cause the victim to suffer, but because they cause the witnesses to suffer.
I was making a different point: killing is wrong. The main affect that a death that is imposed upon you by another human being has is that you don't get to live the rest of your life. Your family is deprived of your company, and your productivity. You do not have any further opportunity to make something out of your life, to atone for those things you regret, to express your love to the people you care about.
In reality, you can die at any time, of any cause. You can be hit by a car, and die an agonizing death by the side of the road. You can get tetanus, and die as you described, in terrible pain. You can die of old age which, although it is often considered the best possible outcome, is certainly not pleasant, and not something anyone would seek out unless there were no alternative.
Death is the enemy. For a human being to visit death upon another human being is to give aid and comfort to the enemy.
Indeed. The problem is finding enough icewm users to fund a programmer to do maintenance on it. What the OP really ought to be doing is not looking for someone to work on icewm, but for fellow users.
When someone points a gun at you and threatens to kill you, and someone else points a gun at them and says "look, you can kill that guy, but I'll kill you," that's not getting rolled. That's getting stopped. Getting rolled is when they take something from you while you're sleeping. Here, nothing was taken other than the opportunity to buy some new tomahawk missiles. Effectively, Putin saved the American taxpayers from getting rolled.
That's not really the point, though. The point is that a year from now, when that comes up, if progress has been made they can say "look, progress is being made, we don't actually have to bomb Syria" and thereby save face. Or if they want a pretext to bomb Syria, even if progress has been made, they can say "to little, too late" and go ahead with the bombing. The main focus here is on kicking the can down the road. I'd much prefer a rational assessment of the situation, and a constructive solution to the problem, but inaction is better than stupid action.
Oh, don't worry, I'm sure they'll find some other way to enrich our military-industrial complex.
Indeed, "the use of chemical weapons anywhere in the world is an affront to human dignity" could be reworded as "the use of deadly weapons anywhere in the world is an affront to human dignity" without really changing the meaning—what do I care if you kill me with a sword or with poison gas? I don't want you to kill me with either. That's what an affront to human dignity is in this context.
So the reason for focusing on chemical weapons is that we aren't ready to have that conversation about, say, guns. Which is of course totally ridiculous.
Best is the enemy of good enough. The reason the 9/11 attackers got their knives through security is that security wasn't looking for box cutters—you were allowed to take them on airplanes. Security checkpoints _do_ work. They just don't work _perfectly_, and some of what is being done now is way past the point of diminishing returns. But if having airlines run security is such a great idea, why don't the Israelis do it?
What I mean when I say the incentives are wrong is that if you have the airlines run security, they want two things: throughput, and CYA. If you have the TSA do it, they want the appearance of diligence, and money to spend on toys. They don't get punished for going past the point of diminishing returns. For that to happen requires oversight, but of course the incentives are in the wrong place there too—nobody appears willing to vote their politicians out of office because they support the TSA's current operational practices.