A full, immediate pardon. (as a legal mechanism, not because he committed any crimes by being a whistleblower).
Presidential Medal of Freedom
A serious discussion and legislative effort about surveillance and how surveillance was allowed to reach clearly illegal levels
A continous whistleblower award for the rest of his life, so that he doesn't have to work ever again. He put everything on the line for his beliefs, did more than the vast majority of people. The SEC and other groups already give out multimillion dollar whistleblowing awards for mere white collar crime, exposing the surveillance programs ought to rate higher.
Pilots either need more control or we should admit that they're just safety technicians in case something goes wrong and train them accordingly - an air marshall for the plane itself who doesn't do anything under normal circumstances.
Not only a security problem, that's just the surface, but the smothering care of Oracle plus the whole 1999 feeling makes for a combination that made this step necessary years ago.
The real thing that's turning javascript into the lingua franca of the web are really three things:
JS is already supported by all major browsers, modern ones with JIT
asm.js - which turns anything from a LLVM intermediate representation into javascript code that runs around 2x the speed of native c/c++ code in supported browsers and as fast as any other piece of JS code in all the other browsers
If we ask the question: "for how many days in a year is a specific browser/application vulnerable to an unpatched exploit?", then we get awful numbers. There are plenty of applications used by millions of people where that number is more than half of the year.
The 7 day limit is probably a compromise between trying to get the vendor to fix the vulnerability that is actively being exploited and disclosing the information and thus increasing the pool of people who'd use the exploit.
For vulnerabilities where there is no known active exploitation, we should assume that there is. 30/60day delays are unforgivable.
The current mostly advertisement supported model that's dominant on the internet is warping how we interact with each other and how we use services - reminds me of a bad mix of Orwell's 1984 and The Matrix (the part where humans are used as batteries).
I'd gladly pay for a lot of content on the internet, but currently I either don't have the option or the pricing is outrageous - scientific articles and newspaper subscription comes to mind as being way overpriced. We need microtransactions and the first step is building the infrastructure to make it possible. Things like app.net instead of surveillance supported services like facebook are the step in the right direction.
I'll just link to this post that explains what the news reports misunderstood. It contains quotes from the original authors of the study whose results are misrepresented here.
I believe the article was referring to the UK. I don't know what the laws are there, but here in the U.S., a company would be closed down quickly if it were found the meat had been adulterated like that.
Oh boy, you're in for a shock then. Meat (and in general, food) safety in the US is way behind most of the EU countries. Eric Schlossers' excellent book - Fast Food Nation - details the US meat packing industry (from wikipedia's summary):
In his examination of the meat packing industry, Schlosser finds that it is now dominated by casual, easily exploited immigrant labor and that levels of injury are among the highest of any occupation in the United States. Schlosser discusses his findings on meat packing companies IBP, Inc. and on Kenny Dobbins. Schlosser also recounts the steps involved in meat processing and reveals several hazardous practices unknown to many consumers, such as the practice of rendering dead pigs and horses and chicken manure into cattle feed.
Schlosser notes that practices like these were responsible for the spread of bovine spongiform encephalopathy (BSE, aka Mad Cow Disease, p. 202-3), as well as for introducing harmful bacteria into the food supply, such as E. coli O157:H7 (ch. 9, "What's In The Meat"). A later section of the book discusses the fast food industry's role in globalization, linking increased obesity in China and Japan with the arrival of fast food. The book also includes a summary of the McLibel Case.
There is much more material, but this should suffice as a quick summary. The book is a decade old, the problems are current however.
I'm going to undo a bunch of mod points with this post, but I wanted to point out that the blog post you cite is flat out wrong.
I'd like to say that I'm for building more nuclear plants of 4th or later generation design and that even with the LNT model, the maximum number of deaths from Fukushima might be on the level of a single bus accident. That said, the blogpost is incredibly misleading. It took me a while to track down the original source that the post claims to cite from UNSCEAR and it's this paragraph:
In general, increases in the incidence of health effects in populations
cannot be attributed reliably to chronic exposure to radiation at levels that are
typical of the global average background levels of radiation. This is because of the
uncertainties associated with the assessment of risks at low doses, the current
absence of radiation-specific biomarkers for health effects and the insufficient
statistical power of epidemiological studies. Therefore, the Scientific Committee
does not recommend multiplying very low doses by large numbers of individuals to
estimate numbers of radiation-induced health effects within a population exposed to
incremental doses at levels equivalent to or lower than natural background levels;
What they are saying in short is that the statistical uncertainty is strong enough at low levels of radiation doses WRT cancer risk is that it's not possible to tell whether the LNT model is true or not and THEREFOR it shouldn't be used to say "this many people will die from this much low level radiation". They aren't saying that LNT is wrong. They aren't saying that LNT is right. They are saying we don't know.
The quote from the report is from here. It's from the latest report to the general assembly, page 16.
This is exactly what I wanted for my home: to measure temperature/light/humidity with 4-5 various sensors placed around the house that transmit data wirelessly to a base station which is capable of logging / exporting / graphing the data in fairly standard ways, without the proprietary junk.
I was considering this controller with some sensors, but at $150 each, it's a tad expensive. I could probably build it myself from some raspberry pi derivative, however I'd rather not reinvent everything from scratch.
I was really surprised not to find a much less expensive solution and an open source ecosystem that provides this kind of home monitoring solution (with the possibility to base some home automation on this)
In the name of security Google has been pestering for my phone number for years, while their motives are much less about my security and more about their business reasons.
You can always do better, especially with the advantage of hindsight. Worrying about Fukushima's failure in retrospect is however the equivalent of picking faults in the security of a garden gate when there is no fence around the property at all.
If it was irresponsible to build a power plant without higher flood protection and keep the old design running for as long as they did, how much more irresponsible was neglecting tsunami protection for the half million people in the area that resulted in more than 15k deaths and 340k people getting displaced?. The parliamentary inquiry should have been focused on that, not driven by the people's irrational and overblown fear of the word "nuclear".
There has been a tsunami that killed over 10000 people and demolished multiple cities and dozens of chemical plants and factories. If this was a man-made disaster where the fuck was the planning to prevent it? Why are we still talking about the nuclear plant, where at most a couple of dozen people will die in the next hundred years?
Sure, we could have done more to prevent the damage in Fukushima, like build units from a newer generation (fukushima daichi's sister plant survived the same tsunami, but was slightly younger and thus had much less problems), have better oversight, regulation, emergency response etc. However, that is like asking what could have been done better about shark deaths in Nevada ("noone expected it to happen", "zomg, sharks!"), and totally ignoring deaths by drugs abuse, cancer, transportation accidents and cardiovascular causes in the meantime.
The point is, reinforcing Fukushima would have been a waste of money and effort, money and effort that would have been better spent on building better flood barriers to protect places where people actually live.
All the IBM engineers will do is decrease the issue of traffic by a couple of percent, maybe raise efficiency by 10-20% here and there, but the real issue is cultural. Cars suck for a dense urban environment, you need people on bikes, carpooling and the most important thing: good public transportation.
Good public transportation means though forcing cars out from city centers by creating bus lanes, creating tram lines on previously car-only roads, building enough parking space at the edge of the city where people could switch over to public transport, etc.
I think this short snippet from Rasmus is priceless:
The point of the question here is if anybody remembers why we decided not to parse command line args for the cgi version? I could easily see it being useful to be able to write a cgi script like:
#!/usr/local/bin/php-cgi -d include_path=/path
and have it work both from the command line and from a web context.
As far as I can tell this wouldn't conflict with anything, but somebody at some point must have had a reason for disallowing this.
Yeah, passing arguments with full shell expansion to the bloody binary from the unsecure web sounds like a brilliant idea! Who would want to disallow that?!
It was pretty funny so far, but then I've seen this:
13-01: Vulnerability discovered, used to pwn Nullcon Hackim 2012 scoreboard 13-01: We discuss the issue with Nullcon admins, find out it is a php 0day 17-01: We contact security@php.net with a full report and a suggested patch 01-02: We ask PHP to confirm receipt, state our intent to hand off the vulnerability to CERT if progress is not made 01-02: PHP forwards vulnerability report to PHP CGI maintainer 23-02: CERT acknowledges receipt of vulnerability and attempts to contact PHP. 05-04: We ask CERT for a status update 05-04: CERT responds saying that PHP is still working on a fix 20-04: We ask CERT to proceed with disclosure unless a patch is imminent 26-04: CERT prepares draft advisory. 02-05: CERT notifies us that PHP is testing a patch and would like more time. we agree. 03-05: Someone posts a mirror of the internal PHP bug to reddit/r/netsec/r/opensource and/r/technology. It was apparently accidentaly marked public.
The PHP security people sat on this 0day remote code exploit for four months, ignoring multiple attempts to get them to fix this serious vulnerability. That makes me feel angry, sometimes incompetence is just not funny anymore.
The uncertainties are so large around life that currently noone can call "we will find life for sure" whimsical or optimistic compared to "we won't find life elsewhere for sure". It's just as uncertain.
I giggled like a schoolchild when I've read the next paragraph from that lecture:
And now we have the multimedia/communication hype: the best bits are those that just arrived from far away, and if you are not "on line", "on the Net", you just don't count, you are not of this world (which is virtual anyhow...). Apart from a change in vocabulary, it is the same hype, the same snake oil over and over again, and you can do me a favour by not getting excited by all the time you are supposed to save by switching to "home banking".
Sometimes very smart people can be mostly insightful, but very spectacularly wrong on some points.
Slashdot Mirror
Let's see:
Pilots either need more control or we should admit that they're just safety technicians in case something goes wrong and train them accordingly - an air marshall for the plane itself who doesn't do anything under normal circumstances.
Not only a security problem, that's just the surface, but the smothering care of Oracle plus the whole 1999 feeling makes for a combination that made this step necessary years ago.
Is it some proxy? Is it a weirdly labeled block of IPv4 addresses? Is it some DNS level trickery?
The real thing that's turning javascript into the lingua franca of the web are really three things:
It's an inside-out stack.
If we ask the question: "for how many days in a year is a specific browser/application vulnerable to an unpatched exploit?", then we get awful numbers. There are plenty of applications used by millions of people where that number is more than half of the year.
The 7 day limit is probably a compromise between trying to get the vendor to fix the vulnerability that is actively being exploited and disclosing the information and thus increasing the pool of people who'd use the exploit.
For vulnerabilities where there is no known active exploitation, we should assume that there is. 30/60day delays are unforgivable.
The current mostly advertisement supported model that's dominant on the internet is warping how we interact with each other and how we use services - reminds me of a bad mix of Orwell's 1984 and The Matrix (the part where humans are used as batteries).
I'd gladly pay for a lot of content on the internet, but currently I either don't have the option or the pricing is outrageous - scientific articles and newspaper subscription comes to mind as being way overpriced. We need microtransactions and the first step is building the infrastructure to make it possible. Things like app.net instead of surveillance supported services like facebook are the step in the right direction.
No. You must be new here. :)
I'll just link to this post that explains what the news reports misunderstood. It contains quotes from the original authors of the study whose results are misrepresented here.
Oh boy, you're in for a shock then. Meat (and in general, food) safety in the US is way behind most of the EU countries. Eric Schlossers' excellent book - Fast Food Nation - details the US meat packing industry (from wikipedia's summary):
There is much more material, but this should suffice as a quick summary. The book is a decade old, the problems are current however.
I'm going to undo a bunch of mod points with this post, but I wanted to point out that the blog post you cite is flat out wrong.
I'd like to say that I'm for building more nuclear plants of 4th or later generation design and that even with the LNT model, the maximum number of deaths from Fukushima might be on the level of a single bus accident. That said, the blogpost is incredibly misleading. It took me a while to track down the original source that the post claims to cite from UNSCEAR and it's this paragraph:
What they are saying in short is that the statistical uncertainty is strong enough at low levels of radiation doses WRT cancer risk is that it's not possible to tell whether the LNT model is true or not and THEREFOR it shouldn't be used to say "this many people will die from this much low level radiation". They aren't saying that LNT is wrong. They aren't saying that LNT is right. They are saying we don't know.
The quote from the report is from here. It's from the latest report to the general assembly, page 16.
This is exactly what I wanted for my home: to measure temperature/light/humidity with 4-5 various sensors placed around the house that transmit data wirelessly to a base station which is capable of logging / exporting / graphing the data in fairly standard ways, without the proprietary junk.
I was considering this controller with some sensors, but at $150 each, it's a tad expensive. I could probably build it myself from some raspberry pi derivative, however I'd rather not reinvent everything from scratch.
I was really surprised not to find a much less expensive solution and an open source ecosystem that provides this kind of home monitoring solution (with the possibility to base some home automation on this)
This is why we need mandatory trial registration, so that we have a paper trail for abandoned trials and trials which fail to confirm an effect.
In the name of security Google has been pestering for my phone number for years, while their motives are much less about my security and more about their business reasons.
He's referring to the reasons the US/UK engineered the 1953 Iranian coup
For 1-2$ tops, sure. Without a keyboard and mouse, who's going to pay dozens of dollars for a game?
You can always do better, especially with the advantage of hindsight. Worrying about Fukushima's failure in retrospect is however the equivalent of picking faults in the security of a garden gate when there is no fence around the property at all.
If it was irresponsible to build a power plant without higher flood protection and keep the old design running for as long as they did, how much more irresponsible was neglecting tsunami protection for the half million people in the area that resulted in more than 15k deaths and 340k people getting displaced?. The parliamentary inquiry should have been focused on that, not driven by the people's irrational and overblown fear of the word "nuclear".
There has been a tsunami that killed over 10000 people and demolished multiple cities and dozens of chemical plants and factories. If this was a man-made disaster where the fuck was the planning to prevent it? Why are we still talking about the nuclear plant, where at most a couple of dozen people will die in the next hundred years?
Sure, we could have done more to prevent the damage in Fukushima, like build units from a newer generation (fukushima daichi's sister plant survived the same tsunami, but was slightly younger and thus had much less problems), have better oversight, regulation, emergency response etc. However, that is like asking what could have been done better about shark deaths in Nevada ("noone expected it to happen", "zomg, sharks!"), and totally ignoring deaths by drugs abuse, cancer, transportation accidents and cardiovascular causes in the meantime.
The point is, reinforcing Fukushima would have been a waste of money and effort, money and effort that would have been better spent on building better flood barriers to protect places where people actually live.
Absolutely. The UK sent people to Libya while Gaddafi was still in power in exchange for lucrative business opportunities.
All the IBM engineers will do is decrease the issue of traffic by a couple of percent, maybe raise efficiency by 10-20% here and there, but the real issue is cultural. Cars suck for a dense urban environment, you need people on bikes, carpooling and the most important thing: good public transportation.
Good public transportation means though forcing cars out from city centers by creating bus lanes, creating tram lines on previously car-only roads, building enough parking space at the edge of the city where people could switch over to public transport, etc.
I think this short snippet from Rasmus is priceless:
Yeah, passing arguments with full shell expansion to the bloody binary from the unsecure web sounds like a brilliant idea! Who would want to disallow that?!
It was pretty funny so far, but then I've seen this:
The PHP security people sat on this 0day remote code exploit for four months, ignoring multiple attempts to get them to fix this serious vulnerability. That makes me feel angry, sometimes incompetence is just not funny anymore.
The uncertainties are so large around life that currently noone can call "we will find life for sure" whimsical or optimistic compared to "we won't find life elsewhere for sure". It's just as uncertain.
Sometimes very smart people can be mostly insightful, but very spectacularly wrong on some points.
Would you consider adding Flattr along Paypal to the donation options? I'd rather not support Paypal, but I would like to donate.