Then explain why DEB, RPM, Maven, CPAN, etc infrastructures work just fine?
I honestly don't know how those work fine. How did the first Debian Maintainer on each continent travel to get his key signed by a Debian Developer, as the process requires?
If the boss subconsciously bases raises and promotions in part on participation in water cooler discussion, under the umbrella "team player", it's a business expense.
As Bitcoin asymptotically approaches its cap of 21 million or whatever, mining will continue, focusing on collecting transaction fees. Likewise for similarly structured altcoins.
How much of a job would I have to have in order to buy a lawfully made copy of the film Song of the South in a mainstream video format in the United States?
new package uploaders would then also need to be "approved" - it would need to become impossible for just any arbitrary-named package to be uploaded, as their GPG key would need to be verified as being part of the web-of-trust.
Then how would a new developer enter the web of trust without traveling internationally to a key-signing party?
if you're using a mac or using windows, you could at least have a mirror-machine where you do (if it's debian) "apt-get install python-mysqldb" or "apt-get source python-mysqldb" and then copy that over?
Good luck with that when after having installed Debian for the first time on your mirror-machine, your mirror-machine can't connect to the network because its NIC is unsupported.
A key-signing party will let you verify the identity of living in the same city who have attended the same key-signing party as you. How will it let you verify someone on another continent, especially when you have no way of verifying the trustworthiness of intermediate signers to verify other people?
maybe they are better at spotting a whole different author identity
Good luck with that, as email addresses and author usernames can also be typosquatted, and unless you have the resources of Facebook to bruteforce a hash, key IDs aren't going to be as memorable as "boobies" or "dead beef".
installing urllib, signed by 0xb00b1e5 'original@outlook.com' # vs. installing urlib, signed by 0xdeadbeef 'origina1@outlook.com'
I'm more of a Perl guy than Python guy [...] but if the most common non-core modules are developed by a few known authors
Does CPAN have the same situation where "common non-core modules are developed by a few known authors"?
Yet another way to use cryptography, would be to take notice from GPG's web of trust
I imagine OpenPGP's web of trust would have two significant practical problems.
Small world isn't as small as some believe
First, the small world problem wouldn't work if there isn't a critical mass of developers who fly internationally to conventions in order to make the web more dense. Or people born with an interpersonal skills disability (such as myself) or who live in a small or medium-size town with few or no other PyPI package developers would have trouble attending even a local key signing party.
Transitivity of trust
Just because you trust someone's identity doesn't mean you trust someone's ability to verify others' identity. This reflects itself as a low weight on edges of the web of trust not adjacent to you, amplifying the "Small world isn't as small as some believe" problem.
or from PKI's root certificates
Members of the CA/Browser Forum PKI will happily sign a domain-validated certificate for a typosquatted domain.
it could also be useful that pypi.org refuse to automatically open new modules repositories for modules whose name isn't beyond a certain levenstein distance of other name present
Uhuh. Stop using the most popular libraries on the web to switch for something no one has ever heard of.
In case you didn't read or misunderstood the pages I linked, "vanilla" means coding directly to the W3C DOM, which is practical in all major supported browsers. Besides, once the user has loaded five sites that use five different version numbers of jQuery hosted by Google, it's just as bad as five sites each self-hosting their own copy of jQuery.
something that isn't at all broken
Every site causing users to make their browsing habits known to Google through the Cookie:, ETag:, and Referer: request headers is broken.
By contrast, for $169/mo I can get 4 Verizon phones with "unlimited" data and have change left over.;)
Does this include tethering to a desktop or laptop computer, or must the "unlimited" data (which in practice is more similar to a 30 GB Liberty Pass) be transferred to and from apps running on one of the four phones? If it doesn't include tethering, would it be practical to attempt to use an Android phone as a computer by installing GNURoot Debian and XSDL and connecting a Bluetooth keyboard and mouse and HDMI monitor?
That or site operators should ask themselves if a site really needs jQuery at all as opposed to a lighter-weight framework that runs on top of vanilla. In fact, if a site presents mostly static documents, it can present a view that doesn't require script at all. This is a lot easier now that IE 9 and earlier have reached their end of official support, and IE 11 requires far fewer heavyweight polyfills.
"But I have users who still use unsupported versions of Internet Explorer!" Count them again. If you still have them over the past 30 days, let them know through an occasional message in a lightbox that Microsoft has stopped fixing defects in their operating system, and latent forever-day vulnerabilities will put their computers at risk for intrusion.
And the icing on the cake: Once you stop using googleapis.com, Google can't data mine which sites are referring users to googleapis.com anymore.
The alternative in theory is finding a job in a city that has fiber to the home and moving your family there. Some Slashdot users find this practical; others do not. But if you have to move for a job anyway, consider the availability of fiber before you accept the job offer.
Staying a year behind may be practical for some series. But it isn't very practical for programming with a short shelf life, such as sports, political talk shows, or scripted dramatic series whose most popular discussion forum closes the thread for each episode two weeks to six months after its first airing. The same is true of video games, where you end up a year closer to having the online multiplayer matchmaking service terminated permanently.
You can start and stop streaming services as needed.
Until streaming services realize this and jack up the price without an annual commitment. Amazon Prime service, for example, is typically sold by the year.
Same with HBO.
Except HBO still trickles out its series weekly. If your subscription is on hiatus, you're vulnerable to being left out of water cooler conversations among active subscribers.
I like baseball so I get the MLB.tv subscription and watch all I want.
But you still have to keep your subscription active throughout the season unless you like months-old baseball. And last I checked, the leagues still sold particular matches exclusively to traditional TV outlets such as Disney's ESPN and ABC, causing them to be blacked out online for days. You address that somewhat:
Fortunately I don't care about the local team anyway so I don't need cable.
The streaming services tend to black out playoffs and other games that are televised nationally. So the team you follow is likely to end up blacked out at some time.
Streaming has saved me a ton of money and I don't have to purchase cable "news"
So when you want to sit in a recliner, unwind from a day's work, and catch up on current events, what do you do instead of watching TV news?
Our favorite sport has extremely bad coverage here and NBC geo-blocks our access to purchase the world-wide (except USA) web streaming service offered with their exclusive license for the USA of that content - which they don't show.
When you complained to NBC about its failure to transmit the programming to which it holds an exclusive license, what was the reply? When you complained to the licensor about NBC's gross misuse of its exclusive license, what was the reply?
Is that "limited basic", which is only the locals, public access, and home shopping, or is it "expanded basic", with MSNBC, ESPN, and the rest? And does $72/mo include the local programming retransmission consent surcharge ($3/mo in my area) and the regional sports retransmission consent surcharge ($5/mo in my area)?
a lot of folks use their phones as a de-facto Internet connection (video, FB, whatever), since an actual hardline ISP connection is either out of their budget (Satellite)
I don't see how that's the case. Last I checked, Exede Satellite Internet was cheaper than Verizon's LTE Internet Installed. Verizon has 10 GB/mo for $60/mo or 20 GB/mo for $90/mo, with $10/GB thereafter. Exede has 12 GB/mo for $50/mo or 25 GB/mo for $75/mo, with the meter stopped at 0300-0600 local time ("Free Zone"), and deprioritization instead of overage fees ("Liberty Pass").
google is going to disable installation of apps from other sources
Android 8 "Oreo" does lose the "Unknown sources" checkbox. In its place, as described in the article I linked previously, it offers the user a "this is a store" checkbox for every app installed on a device. If the user has marked a particular app as a store, the app can call the APK installer. This way, the user can set Google Play Store, Amazon Appstore, and F-Droid as stores but nothing else, and no other app can install APKs.
If you're referring to Android P, I'd be interested to see your source for this.
Reddit can and does remove subs dedicated to hate speech. If Gab refuses to do so, Google has more of a case against carrying Gab's app than against carrying Reddit's.
Fallacy does not determine truth or falsity of an argument; to claim it does so is the fallacy fallacy. But it does help people identify which arguments to consider verifying or falsifying and which to ignore. Otherwise, if people attempted to verify or falsify all arguments, they would have little or no time to do anything else. Some fallacies make better heuristics than others.
European [...] European [...] Europe
How many refugees from the U.S. and Canadian ISP regimes are European countries ready to accept?
Then explain why DEB, RPM, Maven, CPAN, etc infrastructures work just fine?
I honestly don't know how those work fine. How did the first Debian Maintainer on each continent travel to get his key signed by a Debian Developer, as the process requires?
If the boss subconsciously bases raises and promotions in part on participation in water cooler discussion, under the umbrella "team player", it's a business expense.
As Bitcoin asymptotically approaches its cap of 21 million or whatever, mining will continue, focusing on collecting transaction fees. Likewise for similarly structured altcoins.
How much of a job would I have to have in order to buy a lawfully made copy of the film Song of the South in a mainstream video format in the United States?
As long as [...] the server side content provider gets the same average return
Good luck getting much mining out of the dinky little ARM CPU in a smartphone or tablet.
new package uploaders would then also need to be "approved" - it would need to become impossible for just any arbitrary-named package to be uploaded, as their GPG key would need to be verified as being part of the web-of-trust.
Then how would a new developer enter the web of trust without traveling internationally to a key-signing party?
if you're using a mac or using windows, you could at least have a mirror-machine where you do (if it's debian) "apt-get install python-mysqldb" or "apt-get source python-mysqldb" and then copy that over?
Good luck with that when after having installed Debian for the first time on your mirror-machine, your mirror-machine can't connect to the network because its NIC is unsupported.
A key-signing party will let you verify the identity of living in the same city who have attended the same key-signing party as you. How will it let you verify someone on another continent, especially when you have no way of verifying the trustworthiness of intermediate signers to verify other people?
maybe they are better at spotting a whole different author identity
Good luck with that, as email addresses and author usernames can also be typosquatted, and unless you have the resources of Facebook to bruteforce a hash, key IDs aren't going to be as memorable as "boobies" or "dead beef".
I'm more of a Perl guy than Python guy [...] but if the most common non-core modules are developed by a few known authors
Does CPAN have the same situation where "common non-core modules are developed by a few known authors"?
Yet another way to use cryptography, would be to take notice from GPG's web of trust
I imagine OpenPGP's web of trust would have two significant practical problems.
Small world isn't as small as some believe First, the small world problem wouldn't work if there isn't a critical mass of developers who fly internationally to conventions in order to make the web more dense. Or people born with an interpersonal skills disability (such as myself) or who live in a small or medium-size town with few or no other PyPI package developers would have trouble attending even a local key signing party. Transitivity of trust Just because you trust someone's identity doesn't mean you trust someone's ability to verify others' identity. This reflects itself as a low weight on edges of the web of trust not adjacent to you, amplifying the "Small world isn't as small as some believe" problem.or from PKI's root certificates
Members of the CA/Browser Forum PKI will happily sign a domain-validated certificate for a typosquatted domain.
it could also be useful that pypi.org refuse to automatically open new modules repositories for modules whose name isn't beyond a certain levenstein distance of other name present
This raises an exception I found to Python's batteries-included philosophy: Levenshtein distance comes with one of Python's major competitors, but it's behind an third-party module in Python.
Uhuh. Stop using the most popular libraries on the web to switch for something no one has ever heard of.
In case you didn't read or misunderstood the pages I linked, "vanilla" means coding directly to the W3C DOM, which is practical in all major supported browsers. Besides, once the user has loaded five sites that use five different version numbers of jQuery hosted by Google, it's just as bad as five sites each self-hosting their own copy of jQuery.
something that isn't at all broken
Every site causing users to make their browsing habits known to Google through the Cookie:, ETag:, and Referer: request headers is broken.
By contrast, for $169/mo I can get 4 Verizon phones with "unlimited" data and have change left over. ;)
Does this include tethering to a desktop or laptop computer, or must the "unlimited" data (which in practice is more similar to a 30 GB Liberty Pass) be transferred to and from apps running on one of the four phones? If it doesn't include tethering, would it be practical to attempt to use an Android phone as a computer by installing GNURoot Debian and XSDL and connecting a Bluetooth keyboard and mouse and HDMI monitor?
That or site operators should ask themselves if a site really needs jQuery at all as opposed to a lighter-weight framework that runs on top of vanilla. In fact, if a site presents mostly static documents, it can present a view that doesn't require script at all. This is a lot easier now that IE 9 and earlier have reached their end of official support, and IE 11 requires far fewer heavyweight polyfills.
"But I have users who still use unsupported versions of Internet Explorer!" Count them again. If you still have them over the past 30 days, let them know through an occasional message in a lightbox that Microsoft has stopped fixing defects in their operating system, and latent forever-day vulnerabilities will put their computers at risk for intrusion.
And the icing on the cake: Once you stop using googleapis.com, Google can't data mine which sites are referring users to googleapis.com anymore.
And when a Slashdot story's featured article is on such a site, watch the other users give you a hard time for not having Read The Featured Article.
The alternative in theory is finding a job in a city that has fiber to the home and moving your family there. Some Slashdot users find this practical; others do not. But if you have to move for a job anyway, consider the availability of fiber before you accept the job offer.
Staying a year behind may be practical for some series. But it isn't very practical for programming with a short shelf life, such as sports, political talk shows, or scripted dramatic series whose most popular discussion forum closes the thread for each episode two weeks to six months after its first airing. The same is true of video games, where you end up a year closer to having the online multiplayer matchmaking service terminated permanently.
You can start and stop streaming services as needed.
Until streaming services realize this and jack up the price without an annual commitment. Amazon Prime service, for example, is typically sold by the year.
Same with HBO.
Except HBO still trickles out its series weekly. If your subscription is on hiatus, you're vulnerable to being left out of water cooler conversations among active subscribers.
I like baseball so I get the MLB.tv subscription and watch all I want.
But you still have to keep your subscription active throughout the season unless you like months-old baseball. And last I checked, the leagues still sold particular matches exclusively to traditional TV outlets such as Disney's ESPN and ABC, causing them to be blacked out online for days. You address that somewhat:
Fortunately I don't care about the local team anyway so I don't need cable.
The streaming services tend to black out playoffs and other games that are televised nationally. So the team you follow is likely to end up blacked out at some time.
Streaming has saved me a ton of money and I don't have to purchase cable "news"
So when you want to sit in a recliner, unwind from a day's work, and catch up on current events, what do you do instead of watching TV news?
phone
Try written; that might get you past tier 1.
Our favorite sport has extremely bad coverage here and NBC geo-blocks our access to purchase the world-wide (except USA) web streaming service offered with their exclusive license for the USA of that content - which they don't show.
When you complained to NBC about its failure to transmit the programming to which it holds an exclusive license, what was the reply? When you complained to the licensor about NBC's gross misuse of its exclusive license, what was the reply?
Is that "limited basic", which is only the locals, public access, and home shopping, or is it "expanded basic", with MSNBC, ESPN, and the rest? And does $72/mo include the local programming retransmission consent surcharge ($3/mo in my area) and the regional sports retransmission consent surcharge ($5/mo in my area)?
a lot of folks use their phones as a de-facto Internet connection (video, FB, whatever), since an actual hardline ISP connection is either out of their budget (Satellite)
I don't see how that's the case. Last I checked, Exede Satellite Internet was cheaper than Verizon's LTE Internet Installed. Verizon has 10 GB/mo for $60/mo or 20 GB/mo for $90/mo, with $10/GB thereafter. Exede has 12 GB/mo for $50/mo or 25 GB/mo for $75/mo, with the meter stopped at 0300-0600 local time ("Free Zone"), and deprioritization instead of overage fees ("Liberty Pass").
Which of these cases has struck down 18 USC 875(c), which criminalizes interstate threats of violence?
google is going to disable installation of apps from other sources
Android 8 "Oreo" does lose the "Unknown sources" checkbox. In its place, as described in the article I linked previously, it offers the user a "this is a store" checkbox for every app installed on a device. If the user has marked a particular app as a store, the app can call the APK installer. This way, the user can set Google Play Store, Amazon Appstore, and F-Droid as stores but nothing else, and no other app can install APKs.
If you're referring to Android P, I'd be interested to see your source for this.
not having moderation in place to deal with content that advocates violence or hatred against groups of people.
And this is the big one. The U.S. Supreme Court has held for decades that the First Amendment does not protect fighting words.
Reddit can and does remove subs dedicated to hate speech. If Gab refuses to do so, Google has more of a case against carrying Gab's app than against carrying Reddit's.
Fallacy does not determine truth or falsity of an argument; to claim it does so is the fallacy fallacy. But it does help people identify which arguments to consider verifying or falsifying and which to ignore. Otherwise, if people attempted to verify or falsify all arguments, they would have little or no time to do anything else. Some fallacies make better heuristics than others.