I think "liable" does not mean what you think it means. It doesn't mean you did it. It means you can plausibly be blamed for it. If you are aware that your roommate is engaging in infringing activities using your Internet connection, and you don't do anything to stop it, then it is just naive to think that you won't be found liable. If you want to be protected from this, move, and do not let your "friend" bring computers to your new apartment.
I don't know who this "we" is to whom you are referring, but I do NOT want to encourage invention. Invention happens whether it's encouraged or not. There is no need to "encourage invention." This is the problem with the patent system: it solves a problem that doesn't exist, at extraordinary expense.
The trick to hijacking a TLD is to do it without being detected. If you can pull that off, you have something extremely valuable. If you can't, what you have is still useful, but only to a limited degree. But that degree is only limited to the extent that certificate checkers do their jobs correctly, and don't have polluted caches, or have access to good data. If you can hijack the root, and everybody's bank account security depends on the root, then you can do a lot of damage before you're detected. You've seen Battlestar Galactica (reimagined), right? It's like that. You're creating a single key that gives the Cylons access to your entire defense grid.
YES. User interface is at least as important as tech in security: if you have a bad UI, it doesn't matter how secure the infrastructure is, because people will use the bad UI to bypass it.
There are some problems with self-signed certs, but they can be addressed by a better UI. You don't want users to get into the habit of clicking through self-signed certs. But an intelligently thought-ought security model here would be a huge win, because as you say, self-signed certs do add value, particularly in a world where HTTP authentication sends passwords in the clear (or effectively in the clear, depending on which model you use).
The trouble with this is that it makes the root cert *insanely* valuable if we start using it in the way you describe. As a practical matter, there needs to be some additional system in place to provide a backstop for the root, so that merely compromising the root is not enough to successfully spoof every domain. DNSSEC + SSL CA is actually not a bad idea. But I am really worried about the push to use DNSSEC as the new single point of failure.
Have you ever met any actual teachers? I ask because my upstairs neighbors are teachers at the local high school, and they are anything but simpering morons. If your school district is hiring simpering morons, you ought to be asking why, and how you can fix it, not just casting aspersions on them behind their back. The reason our high school doesn't hire simpering morons is that we don't let them.
I think the immediate reaction is "stop wasting money." For some reason we can afford to buy kids laptops, but can't afford to make teaching a high-paying job. And yet we expect excellent results. The only way laptops can help students to learn is if they help teachers to teach more effectively. I.e., the laptop in the students' hands is a tool for the teacher, not the student. But that's not how laptops are being used.
Thank you for playing. If we were talking about native speed, you might be right, but the performance multipliers people got out of Javascript recently were necessary and hard won. Throwing away half of them (and I think you're being extraordinarily optimistic here) to get a crippled Scheme is not going to make you any friends in a production development environment.
First of all, it's not at all clear to me that the data this guy is using is any good. I think that the author is either accidentally or intentionally cherry-picking data sources, or doesn't really understand the classification system. The number of data points shown is absurdly low, and includes no buoys. I'd want to see some expert rebuttal or expert agreement before buying into the point the article makes. Hence, I am skeptical of the author's motivation. This sounds like another "this was just hype" story dressed up as science.
But an even more important point is that if, in fact, this really was "only" a tropical storm, and not a hurricane, then we have a problem: we treat tropical storms less seriously than we treat hurricanes. If you can't call it a hurricane, it's going to be harder to get people to cooperate with evacuation orders. It's hard enough when it's called a hurricane. People think "oh, it won't be that bad," and then emergency crews waste resources rescuing them that could be spent addressing problems that weren't caused by non-cooperation.
So if this really wasn't a hurricane, according to the classification system for hurricanes, we have a serious problem with the classification system, and we probably need to stop even using the term "tropical storm." Which of course comes with its own set of problems.
The big difference between this and the Bhola Cyclone, which was definitely a bigger storm, is that the Bhola Cyclone occurred in East Pakistan (now Bangladesh) and the government was woefully ill-equipped to handle it. And of course there were so many people living close to sea level that there was really no way to evacuate them all. By contrast, we live in one of the richest countries in the world, and we did a really good job of preparing for the storm, and to some degree at least we had geography on our side.
If you are complaining about news coverage, I don't have a big problem with that—it's really clear that a lot of news programs looked at this as an opportunity to gain ratings, and could care less whether it was a major storm or not. But it really was a major storm. It probably didn't need 24 hour news coverage for days in advance, but what TFA is talking about is not the news coverage, but rather the science behind deciding what sort of storm it was. I am really skeptical that there was some kind of conspiracy at the NOAA to help Fox News make some more ad money.
Then why are you contributing to the precise mode of thinking that would lead to that boy-who-cried-wolf scenario? This really, really was a bad storm. Nobody cried wolf here. A lot of people would have died without the preparatory measures that were taken, and the occasional heroic emergency rescues that were nevertheless required.
It would be really great if we would treat traffic fatalities with the seriousness that we treat bad weather, but there are a lot of vested interests who work very hard to prevent that. By your logic, we should take a least common denominator approach to risk analysis: if we are stupid about any one sort of risk, we should be exactly that stupid about every other sort of risk. This would definitely have helped to increase the death toll; I'm not sure why that would be a comfort to you, though.
Beach houses *did* get washed away; if people had stayed in them, the would have died. Tunnels in New York were flooded; if people had been in them, they would have died. The Hudson came up over its banks. The east river came up over its banks. Yes, the storm surge wasn't as big as anticipated. But measuring this storm by the number of deaths is completely fallacious. If that reasoning made sense, then we would measure the strength of earthquakes by the death toll as well, and earthquakes in countries with no earthquake code would always measure stronger. And then we'd assume that those countries just got stronger quakes, and there was nothing we could do about it.
The reality is that we, and by we here I specifically mean people tasked with emergency preparedness, cannot predict exactly what effect any given storm will have. All we can do is try to guess accurately, and to make sure that our guess is more pessimistic than any realistic scenario, so that if that scenario happens to be the one that comes to pass, people don't die because we were afraid of over-hyping, and didn't do the prudent thing and evacuate them to higher ground.
I don't understand why anyone would mod the above article flamebait. The fact is that this was a tremendously destructive storm, because of all the moisture that it carried. I'm right there with people who want facts to be reported accurately, but the degree of preparation that went on before this storm was entirely appropriate. Should New York City have kept running the subway lines? The tunnels flooded! Should those people in Groton, CT, who boarded up their windows not have bothered? Some of their neighbors' houses were washed away. What about the damage on the Jersey Shore, and in North Carolina? Hype?
In my town alone, with a population of about 14k, there were 30 swift water rescues during the flooding. Houses were carried downriver. Propane tanks, hissing gas, were carried downriver. A young woman was swept away downriver, and drowned, two towns west of here.
What is amazing about this storm is that despite how serious it was, and despite all the damage that was done, so few lives were lost. Many towns in Vermont flooded, and some can only be reached by class 3 roads that are barely passable because the main road and the alternate have washed out, and the road that _is_ passable has two-foot waves in it.
We were shocked by the ferocity of the flooding. Yesterday morning I foolishly thought that the danger had passed, and this was a flash in the pan. I had no idea what that giant bank of orange on the radar over the Green Mountains meant. I'm really glad someone did, and that people got warnings in time, and weren't in the path of the flood waters when they came roaring down Whetstone Brook. I'm really glad that low-lying trailer parks were successfully evacuated, and that we are not reading about the tragic loss of life that could have occurred, but instead about people wondering when they can go back to assess the damage.
So if there was some scientific inaccuracy in the exact name that was given to the type of storm this was, I guess that's of some academic interest, but if this storm had gotten a different name, and that had resulted in less preparation, that would have really sucked. Some of my neighbors would be dead now.
I think this is the point that the parent was trying to convey. It's not flamebait. If there's a problem to correct, let's make sure that correcting it doesn't result in less hype the next time a storm like this comes through.
So you think you know what my point is, but you don't want to put a stake in it? Javascript is Turing-complete, so you can implement anything in it. The question is, will it perform. The answer is that if you implement a full scheme in Javascript, it probably won't perform well. If you do a javascript-limited subset of Scheme, it will fail to completely suck. But it will suck a lot, because it will be fairly limited. More to the point, it won't be Scheme, so you will still have to program in two different languages, only they'll look really similar, so you'll forget. That way lies madness. *Madness*, I tell you.
Oh please, you're just being difficult. If you want an entirely closed-source application, you can pay them the licensing fee. If you want to go the open source route, but don't want to reveal your passwords, don't put them in the source code: store them in the database.
Yes, and if Javascript weren't so bloody limited, that would be a great solution. Why, oh why, couldn't they just have embedded Scheme, which has all the wins of Javascript, and none of the limitations? Sigh.
It's an integrated solution. You write one piece of code, and the compiler manages the AJAX interface. So you don't have to write your app in two languages and deal with communication between the server side and client side: the language hides that.
It seems like a good deal in a number of ways, and I think for a new application it might be a good choice. However, there are some problems—they have chosen to define a new language, rather than extending an existing language, so you have to learn and be current in another language. They require that you use their database, so if you already have your data in another database, you have to migrate. And of course you still have to know HTML and CSS, so really you're still programming in three different languages. But 34, so I guess it's a start.
Holy shit! If that's for real, the people running this should be jailed for mass assault with a deadly weapon. Watching that video was like watching that movie someone shot of a person being X-rayed for several minutes. You basically knew the person in the picture had to have died of cancer, if they weren't hit by a truck or something first. This is supposed to save lives? At what cost?
Won't help—this stuff penetrates clothes, not car bodies.
It seems like it would be really easy to build detectors for millimeter-wave radar. There's probably money to be had here—I'd want one, so I'd know to get off the street to avoid the radiation. It won't penetrate the walls of buildings, nor (I suspect) the glass in windows, so you'd be pretty safe just stepping into a shop when the detector goes off.
Of course, if they see people noticing and avoiding the scanner (i.e., opting out), they'll probably want to do precautionary pat-downs...:)
The frustrating thing here is that there's a lot of old tech that solves this problem, but it's not sexy. It's good that Gates is publicizing this stuff; I hope he doesn't invent some new plastic monstrosity to solve the problem, though.
My Buddhist group built a retreat center on the quick last year, and one of the problems we had was insufficient sewer capacity (sewer systems and septic systems are expensive and sometimes difficult to install). The way we solved the problem was *extremely* low tech: we built outhouses with two leakproof basins with a lot of capacity.
The end-user uses one of the two basins exclusively for several months, dumping a bit of cellulose (grass or wood shavings) in afterwards. When it gets full, the user switches to the other basin, leaving the first basin to compost for several months. When that one's full, the compost in the other one is ready, and can be dug out and used to fertilize soil. We tested this extensively to make sure that it was safe, and it is; there's no fecal coliform bacteria in the compost.
This kind of system is probably $10k or more cheaper than the next cheapest alternative. Making it work for public toilets would be more difficult, because the volumes are higher, but I think it would still be doable. There are commercial composting toilets that use an electrically driven drum to turn the compost, so that you don't have to have a two-seater, but this solution is much less expensive, and much easier to build.
Slashdot Mirror
I think "liable" does not mean what you think it means. It doesn't mean you did it. It means you can plausibly be blamed for it. If you are aware that your roommate is engaging in infringing activities using your Internet connection, and you don't do anything to stop it, then it is just naive to think that you won't be found liable. If you want to be protected from this, move, and do not let your "friend" bring computers to your new apartment.
I don't know who this "we" is to whom you are referring, but I do NOT want to encourage invention. Invention happens whether it's encouraged or not. There is no need to "encourage invention." This is the problem with the patent system: it solves a problem that doesn't exist, at extraordinary expense.
The trick to hijacking a TLD is to do it without being detected. If you can pull that off, you have something extremely valuable. If you can't, what you have is still useful, but only to a limited degree. But that degree is only limited to the extent that certificate checkers do their jobs correctly, and don't have polluted caches, or have access to good data. If you can hijack the root, and everybody's bank account security depends on the root, then you can do a lot of damage before you're detected. You've seen Battlestar Galactica (reimagined), right? It's like that. You're creating a single key that gives the Cylons access to your entire defense grid.
Yeah it does. Go look at your account settings again. I've been using SSL on facebook for several months now.
YES. User interface is at least as important as tech in security: if you have a bad UI, it doesn't matter how secure the infrastructure is, because people will use the bad UI to bypass it.
There are some problems with self-signed certs, but they can be addressed by a better UI. You don't want users to get into the habit of clicking through self-signed certs. But an intelligently thought-ought security model here would be a huge win, because as you say, self-signed certs do add value, particularly in a world where HTTP authentication sends passwords in the clear (or effectively in the clear, depending on which model you use).
The trouble with this is that it makes the root cert *insanely* valuable if we start using it in the way you describe. As a practical matter, there needs to be some additional system in place to provide a backstop for the root, so that merely compromising the root is not enough to successfully spoof every domain. DNSSEC + SSL CA is actually not a bad idea. But I am really worried about the push to use DNSSEC as the new single point of failure.
Have you ever met any actual teachers? I ask because my upstairs neighbors are teachers at the local high school, and they are anything but simpering morons. If your school district is hiring simpering morons, you ought to be asking why, and how you can fix it, not just casting aspersions on them behind their back. The reason our high school doesn't hire simpering morons is that we don't let them.
I think the immediate reaction is "stop wasting money." For some reason we can afford to buy kids laptops, but can't afford to make teaching a high-paying job. And yet we expect excellent results. The only way laptops can help students to learn is if they help teachers to teach more effectively. I.e., the laptop in the students' hands is a tool for the teacher, not the student. But that's not how laptops are being used.
Thank you for playing. If we were talking about native speed, you might be right, but the performance multipliers people got out of Javascript recently were necessary and hard won. Throwing away half of them (and I think you're being extraordinarily optimistic here) to get a crippled Scheme is not going to make you any friends in a production development environment.
First of all, it's not at all clear to me that the data this guy is using is any good. I think that the author is either accidentally or intentionally cherry-picking data sources, or doesn't really understand the classification system. The number of data points shown is absurdly low, and includes no buoys. I'd want to see some expert rebuttal or expert agreement before buying into the point the article makes. Hence, I am skeptical of the author's motivation. This sounds like another "this was just hype" story dressed up as science.
But an even more important point is that if, in fact, this really was "only" a tropical storm, and not a hurricane, then we have a problem: we treat tropical storms less seriously than we treat hurricanes. If you can't call it a hurricane, it's going to be harder to get people to cooperate with evacuation orders. It's hard enough when it's called a hurricane. People think "oh, it won't be that bad," and then emergency crews waste resources rescuing them that could be spent addressing problems that weren't caused by non-cooperation.
So if this really wasn't a hurricane, according to the classification system for hurricanes, we have a serious problem with the classification system, and we probably need to stop even using the term "tropical storm." Which of course comes with its own set of problems.
The big difference between this and the Bhola Cyclone, which was definitely a bigger storm, is that the Bhola Cyclone occurred in East Pakistan (now Bangladesh) and the government was woefully ill-equipped to handle it. And of course there were so many people living close to sea level that there was really no way to evacuate them all. By contrast, we live in one of the richest countries in the world, and we did a really good job of preparing for the storm, and to some degree at least we had geography on our side.
If you are complaining about news coverage, I don't have a big problem with that—it's really clear that a lot of news programs looked at this as an opportunity to gain ratings, and could care less whether it was a major storm or not. But it really was a major storm. It probably didn't need 24 hour news coverage for days in advance, but what TFA is talking about is not the news coverage, but rather the science behind deciding what sort of storm it was. I am really skeptical that there was some kind of conspiracy at the NOAA to help Fox News make some more ad money.
Then why are you contributing to the precise mode of thinking that would lead to that boy-who-cried-wolf scenario? This really, really was a bad storm. Nobody cried wolf here. A lot of people would have died without the preparatory measures that were taken, and the occasional heroic emergency rescues that were nevertheless required.
What about this smacks of "crying wolf" to you?
It would be really great if we would treat traffic fatalities with the seriousness that we treat bad weather, but there are a lot of vested interests who work very hard to prevent that. By your logic, we should take a least common denominator approach to risk analysis: if we are stupid about any one sort of risk, we should be exactly that stupid about every other sort of risk. This would definitely have helped to increase the death toll; I'm not sure why that would be a comfort to you, though.
Beach houses *did* get washed away; if people had stayed in them, the would have died. Tunnels in New York were flooded; if people had been in them, they would have died. The Hudson came up over its banks. The east river came up over its banks. Yes, the storm surge wasn't as big as anticipated. But measuring this storm by the number of deaths is completely fallacious. If that reasoning made sense, then we would measure the strength of earthquakes by the death toll as well, and earthquakes in countries with no earthquake code would always measure stronger. And then we'd assume that those countries just got stronger quakes, and there was nothing we could do about it.
The reality is that we, and by we here I specifically mean people tasked with emergency preparedness, cannot predict exactly what effect any given storm will have. All we can do is try to guess accurately, and to make sure that our guess is more pessimistic than any realistic scenario, so that if that scenario happens to be the one that comes to pass, people don't die because we were afraid of over-hyping, and didn't do the prudent thing and evacuate them to higher ground.
I don't understand why anyone would mod the above article flamebait. The fact is that this was a tremendously destructive storm, because of all the moisture that it carried. I'm right there with people who want facts to be reported accurately, but the degree of preparation that went on before this storm was entirely appropriate. Should New York City have kept running the subway lines? The tunnels flooded! Should those people in Groton, CT, who boarded up their windows not have bothered? Some of their neighbors' houses were washed away. What about the damage on the Jersey Shore, and in North Carolina? Hype?
In my town alone, with a population of about 14k, there were 30 swift water rescues during the flooding. Houses were carried downriver. Propane tanks, hissing gas, were carried downriver. A young woman was swept away downriver, and drowned, two towns west of here.
What is amazing about this storm is that despite how serious it was, and despite all the damage that was done, so few lives were lost. Many towns in Vermont flooded, and some can only be reached by class 3 roads that are barely passable because the main road and the alternate have washed out, and the road that _is_ passable has two-foot waves in it.
We were shocked by the ferocity of the flooding. Yesterday morning I foolishly thought that the danger had passed, and this was a flash in the pan. I had no idea what that giant bank of orange on the radar over the Green Mountains meant. I'm really glad someone did, and that people got warnings in time, and weren't in the path of the flood waters when they came roaring down Whetstone Brook. I'm really glad that low-lying trailer parks were successfully evacuated, and that we are not reading about the tragic loss of life that could have occurred, but instead about people wondering when they can go back to assess the damage.
So if there was some scientific inaccuracy in the exact name that was given to the type of storm this was, I guess that's of some academic interest, but if this storm had gotten a different name, and that had resulted in less preparation, that would have really sucked. Some of my neighbors would be dead now.
I think this is the point that the parent was trying to convey. It's not flamebait. If there's a problem to correct, let's make sure that correcting it doesn't result in less hype the next time a storm like this comes through.
So you think you know what my point is, but you don't want to put a stake in it? Javascript is Turing-complete, so you can implement anything in it. The question is, will it perform. The answer is that if you implement a full scheme in Javascript, it probably won't perform well. If you do a javascript-limited subset of Scheme, it will fail to completely suck. But it will suck a lot, because it will be fairly limited. More to the point, it won't be Scheme, so you will still have to program in two different languages, only they'll look really similar, so you'll forget. That way lies madness. *Madness*, I tell you.
Oh please, you're just being difficult. If you want an entirely closed-source application, you can pay them the licensing fee. If you want to go the open source route, but don't want to reveal your passwords, don't put them in the source code: store them in the database.
Yes, and if Javascript weren't so bloody limited, that would be a great solution. Why, oh why, couldn't they just have embedded Scheme, which has all the wins of Javascript, and none of the limitations? Sigh.
That was 3 < 4, not Rule 34, in case anyone was wondering...
It's an integrated solution. You write one piece of code, and the compiler manages the AJAX interface. So you don't have to write your app in two languages and deal with communication between the server side and client side: the language hides that.
It seems like a good deal in a number of ways, and I think for a new application it might be a good choice. However, there are some problems—they have chosen to define a new language, rather than extending an existing language, so you have to learn and be current in another language. They require that you use their database, so if you already have your data in another database, you have to migrate. And of course you still have to know HTML and CSS, so really you're still programming in three different languages. But 34, so I guess it's a start.
Also, once you have Irene cornered, no monologueing.
Holy shit! If that's for real, the people running this should be jailed for mass assault with a deadly weapon. Watching that video was like watching that movie someone shot of a person being X-rayed for several minutes. You basically knew the person in the picture had to have died of cancer, if they weren't hit by a truck or something first. This is supposed to save lives? At what cost?
Won't help—this stuff penetrates clothes, not car bodies.
It seems like it would be really easy to build detectors for millimeter-wave radar. There's probably money to be had here—I'd want one, so I'd know to get off the street to avoid the radiation. It won't penetrate the walls of buildings, nor (I suspect) the glass in windows, so you'd be pretty safe just stepping into a shop when the detector goes off.
Of course, if they see people noticing and avoiding the scanner (i.e., opting out), they'll probably want to do precautionary pat-downs... :)
The latency, of course, is *horrible*.
The frustrating thing here is that there's a lot of old tech that solves this problem, but it's not sexy. It's good that Gates is publicizing this stuff; I hope he doesn't invent some new plastic monstrosity to solve the problem, though.
My Buddhist group built a retreat center on the quick last year, and one of the problems we had was insufficient sewer capacity (sewer systems and septic systems are expensive and sometimes difficult to install). The way we solved the problem was *extremely* low tech: we built outhouses with two leakproof basins with a lot of capacity.
The end-user uses one of the two basins exclusively for several months, dumping a bit of cellulose (grass or wood shavings) in afterwards. When it gets full, the user switches to the other basin, leaving the first basin to compost for several months. When that one's full, the compost in the other one is ready, and can be dug out and used to fertilize soil. We tested this extensively to make sure that it was safe, and it is; there's no fecal coliform bacteria in the compost.
This kind of system is probably $10k or more cheaper than the next cheapest alternative. Making it work for public toilets would be more difficult, because the volumes are higher, but I think it would still be doable. There are commercial composting toilets that use an electrically driven drum to turn the compost, so that you don't have to have a two-seater, but this solution is much less expensive, and much easier to build.