a slice by a lightsaber is fairly useless in the long run as any wounds incurred are instantly cauderized
A lightsaber is evidently some kind of precisely contained energy field. It also glows, which is to say it dissipates an extremely tiny amount of its reportedly massive energy as visible light.
Depictions of lightsabers do not typically show them annihilating objects, melting them, or setting them on fire. No smoke appears to be produced when a lightsaber cuts through an object, and the cut produces no discernible kerf. Certainly the kerf is not as wide as the visibly glowing area of the device. The lightsaber does not appear to glow more brightly when cutting an object.
So based on the evidence -- and as we might dare to infer from its name -- a lightsaber normally operates purely by applying a cutting force along its length. In effect, it's a line segment formed out of energy.
The energy transferred to the object is thus very nearly exactly that required to physically separate it into two pieces. There is no reason to expect to see any fusing or cauterization on the cut surfaces. They would probably not even be measurably warmer as a result of being cut.
But parallax is measured with respect to a given point. That point is being measured relative to a surface 620 km away, the only difference being its height.
The curvature of the surface is not relevant to the calculation, thus neither is the radius of the earth. To consider the extreme cases, the surface could be absolutely flat (radius infinite), or it could be a point (radius zero). Either way, your two cameras are still 620km away from that surface. The object is still at some other distance which we can measure purely by comparing the difference in parallax between the two.
This is just supposition, based on the fact that two cameras on a satellite would not be far enough apart to generate parallax.
Makes sense, though. According to the article, the orbit is at 620km. To obtain 1.0 degrees of stereo separation would require cameras placed 10.8km apart.
The explicit intent of HTML is to define content while leaving decisions of layout as much as possible to the browser.
In many circumstances this can be an effective approach to document presentation. In many others, it's not, most importantly where documents must formally comply with established layout requirements. Most archival documents fall into this category, for example legal forms, theses, papers submitted to refereed journals, and so on. In some cases these formats are legislatively mandated, in others they follow a longstanding convention that may date back through decades or centuries of collected material. Such formats will not change quickly.
I'm sure that, at some future date, existing requirements will be converted from physical dimensions to something that can be expressed directly in a standard layout language. The OASIS effort is an extremely important step in that direction, because it establishes a working proof of concept. Then the world will be in a reasonable position to consider changing how it espresses its document standards, and ultimately how such documents are instantiated. This could take awhile, so don't hold your breath.
The answer to your question, "Why use documents anyway?" is because, in the way the world actually works, there is presently no alternative.
OK, now that so many home users have Firefox, and that it works really well, maybe it is time to tackle the corporate front?
A consulting group with which I'm associated just completed a half-day product integration demo for one of our clients using Firefox, as this was the specified preference of the client. Of course, this is an elightened client, which is exactly the kind we prefer.
If you are deploying FF on your network, have you found a way to do it without going to every machine and setting it up manually?
One simple litmus test I have for software installation in a Unix environment is to target the installation onto a shared filesystem. This directly demonstrates two kinds of relocatability:
the software installs correctly on the server, for example in/export/share/software, and
the software runs correctly on the client, for example in/mnt/share/software.
For practical reasons, this is not always the way software will be deployed in a production environment, but it is a canonical deployment which every site should consider using to define its repository of installed software. If installation works in this case, it's safe to infer that it will also work when distributed by any other means such as cfengine.
I wish that I had some points today so I could mod you up. You've expressed a couple of insightful ideas here that I've never heard before.
But something I've been thinking about lately is how it would take all of maybe 5 minutes for the US government to force a US company to open its IP if, say, national interests depended on it.
Food for thought. Yes, I can see that scenario too. It first strikes me as reassuringly feasible, but then on further thought seems extremely unlikely. With so many hands reaching into so many pockets, there is not one single "national interest" but instead an elaborate mesh of interests, dominated more often than not in proportion to the money involved, by industry, by political opportunity, and even by religious ideology. You've heard of the Golden Rule: he who has the gold makes the rules. Microsoft, having revenues in excess of most national economies, is not in the position of being marginalized here.
So I think you hit on it. It's a comforting illusion that the public interest in access to public data can be safely neglected because, after all, it would only take a brief flexing of government muscle to put everything back on track. The problems are first, that there's no credible scenario under which that would ever happen, and second, that such action would not substantially repair the damage already done.
We should remember that we're discussing a particularly American dilemma. It's always refreshing to look at how other governments are making progress at integrating open source with the public interest. That seems to be coming along very well, as long as there is no industrial hegemony getting in the way.
(Don't ask me what to do about classified data and hardware projects.)
There is no contradiction. Secure data encryption doesn't depend on obscuring the data format, it depends on good crypto. In practice, the most secure cryptosystems are the ones which have withstood the most exposure. Open data formats enhance data security.
Am I the only one that sees this as possibly a bad thing?
Probably not, but that has no logical bearing on the discussion.
The problem with any software which attempts to interoperate with a proprietary data format is that the proprietary format is designed to exclude that interoperation. Don't blame the other software for that! The same is true whether the other software is free or encumbered.
You're right, it is about your tax dollars, and mine, and our children's. It's an egregiously bad idea for governments, operating with public funds in the public trust, to allow themselves to get locked into any proprietary data format. At best, that data, our data, becomes hostage to proprietary interest. And as you've clearly illustrated, the consequences can be severe.
Security restricts and breaks functionality, sometimes deliberately, with the tradeoff that you are now accepting less overall risk in your environment.
Security improvements only restrict functionality which was insecure all along. That functionality should never have been delivered in the first place!
Okay, so while that's true in an ideal world, we realize that designs are not always perfect from the beginning. We can accept that sometimes design errors are not caught early, but instead have to be corrected after implementation and deployment, even though this is far and away the most expensive time to fix them.
But Microsoft is notorious for releasing designs that have fundamental security flaws. Executable content is just one example among many, a fundamentally insecure design capable of being exploited by children.
Did Microsoft "do the right thing" and forbear from introducing this obviously dangerous capability at the design stage, when it would have been least expensive for all concerned? Or did it deliberately ignore the security practices of the day for the sake of capturing market share?
At issue is certainly not whether the earth can sustain itself when not burdened by excess human population. That is already firmly established. We also know that ecosystems do not need to be unbounded in order to be sustainable. Your explanation seems to tacitly assume the converse.
It seems to me that the burden is on you to explain why an untested strategy of space colonization would be an effective alternative to solutions we substantially, if not completely, understand through long experience. You need to quantify the resources required to achieve and sustain such a program, the risks involved, and the benefits it would realistically yield in comparison with existing approaches based on sustainable resource management.
Since we have never completed a space colonization project, it would be difficult to claim that such projects are likely to be successful. I appreciate that any information you provide will be largely speculative. It would be more credible, therefore, for your estimates to be grounded in at least some generally accepted research.
We already use the resources on Earth, so getting off Earth and beinging a wise, conservation based use of Space resources should be our HIGHEST priority.
Only if reasonable analysis shows that strategy is more likely to succeed than conservation alternatives.
Show me that analysis, and we can have a reasonable discussion about it.
It's unrealistic and irresponsible to present space colonization as a solution to risks on earth, especially now that we understand what the imminent risks are.
I'm not saying that we won't get there eventually but what is the big rush all of a sudden? The vast majority of our problems here on earth do not arise from a sudden increase in solar flares, meteor bombardment, volcanic eruption, and so on. Those phenomena have been consistently with us throughout our history.
Our substantial and urgent problems are all caused by too many people trying to take too many resources. Are these problems too obvious to be interesting? An effective way to solve them would be to have fewer people using resources more modestly.
It's not clear that proposals to send a very few people into space at an enormous cost in resources would be effective for any practical purpose, let alone in comparison to the alternatives and specific purposes at hand. So my advice would be for us to grow up and get our priorities straight, or we'll all die a miserable death of resource exhaustion long before our species is ready to go to space.
By all means, let's work on the Space Elevator and other projects, but slowly, thoughtfully, and with due regard for our preeminent responsibility to this planet.
It sounds like they don't have a problem with the entire population of Canada being present (barring physical restrictions) but for some reason replicating the information later is bad.
Correct.
If you are physically present at the inquiry, there is no question that you are getting a 100% accurate experience of being present at the inquiry.
If, however, you rely on reports of what took place at the inquiry, those reports are 0% guaranteed to be representative of what actually took place.
At points between this inquiry and subsequent judicial proceedings, the above difference can create a risk of bias, and thus be harmful to justice. That's an important consideration, though in Canada at least it tends to be weighed against other considerations as well.
As you suggest, some countries might solve the problem quite simply by holding a secret inquiry, making it illegal for anyone to say anything about it to anyone outside the courtroom. In Canada we tend not to take quite such a fundamentalist position as that. This isn't a police state. I think it would be correct to say that we expect our citizens to be able to handle the gray areas as well as the black and white ones. Our laws are written accordingly, and what may be most interesting of all, they are enforced accordingly.
Let me get this straight: If I attend the proceedings, I'm not allowed to tell anybody? Even a spouse? Or am I only allowed to tell people I meet in person?
I have not attended this inquiry, so I don't have firsthand knowledge of the instructions regarding publication, which would probably clear up most of your questions. But clearly they refer to publication, and clearly their purpose is to reduce the risk of bias which publication might be expected to induce. We know that ordinary conversation between individuals is not publication, and we can see that the risk is low. Flying a banner behind an aircraft all day over Toronto which reads "CHUCK GUITÉ FUNNELLED $20M TO CHRÉTIEN" would probably be considered publication, not to mention being in bad taste.
The whole thing seems to be based on the distinction between members of the press and non-publicators. This distinction is arbitrary and archaic.
Perhaps, though that conclusion doesn't follow from the commentary you've offered. More likely the situation is related to the exercise of common sense. I believe the test in law is that of a "person, acting reasonably".
And at some level he probably senses his disadvantage when interacting with you. The problem for us is that it's not always a conscious perception. His discomfort becomes either an urge to assert power, or it becomes denial. Either are radically counterproductive.
In many industries, that social effect has had time to be worked out. A manager of an aircraft facility today probably thinks twice before overriding the decisions of its turbine engineers. But that wasn't always so. Steam boilers commonly used to explode, either because management ignored engineering in its effort to cut costs, or because the appropriate engineering just wasn't done. The eventual result was regulatory oversight, because the industry was not able to regulate itself. Until that happened, a regard for professional competence was not entirely rewarding to the industry.
Today the software industry is in the much same place. Software, despite its inherent complexity, could be much more reliable, more secure, and more standards compliant than what we accept today. It's remarkable how good open source software looks against commercial software, not because of a fundamentally different development methodology, but simply by having different development priorities.
To my way of thinking, that's a big reason why working in open source can be so rewarding, because it tends to put you in an environment where comprehension, and therefore professional respect, is the norm.
A phenomenon that I've noticed over the course of my career is a overall decrease in respect for computing professionals as computing becomes more ubiquitous.
This only makes sense. An increasing proportion of people who use computers come from the general population. In relation to computing professionals, their position is increasingly that of consumers rather than colleagues. The traditional respect for a professional which is based on an informed recognition of ability is bound to suffer.
That's one main factor, as I see it. The other is that our culture is going through a characteristic phase of technology change in which adoption is followed by social disruption. The same process happened as agriculture transformed social structure, and again during the industrial revolution. This time around, we have other major forces of social disruption at play as well, including globalization, the inversion of market and social values, and the accumulation of ecological effects which began with the previous two revolutions.
Some of these forces are pretty abstract, even though their effects are not. But the force of technological change is manifest in an unprecedented flood of new artifacts into people's lives. As bearers of that change, we make a very visible target for frustration not only with the artifacts and their mysterious technology, but with disruptive forces in general. Our very competence can become a liability.
When an engineer designs and builds a new bridge it is entirely possible that no bridge like it has ever been designed or built before. Sure, there are some base cases that just get churned out, but there are also big, new, creative designs that occur for bridges.
And guess which of the two classes of bridges are more prone to failure?
The differences between designs of physical systems and software systems are fundamental for three reasons:
Software systems are built out of abstractions. In other words, above the level of computation there is nothing analogous to laws of physics that would constrain the solution and establish a common body of knowledge.
Software operates in the discrete domain whereas most of our assumptions about the world are based on continuous properties.
The configuration space of a software system is many orders of magnitude higher than for a physical system. And as Fred Brooks pointed out, whereas a large physical system is essentially a smaller system scaled up and built with larger numbers of identical components, a software system is not measured by physical but by conceptual size.
Software systems only appear simple through a great deal of human effort. That illusion of simplicity vanishes as soon as something goes wrong. You don't get a bridge whose truss length suddenly doubles because a bit has been flipped somewhere in the system.
None of this goes against your point that formal methods are valuable. However, it's worth remembering that such methods don't transform the fundamental properties of a software system into something analogous to a physical system. And even the design of physical systems using our best science and engineering methodologies can produce imperfect implementations.
I always wonder what motivates people to spin the disadvantage of being locked into a single source of supplyas if it were some kind of positive advantage. It's not tolerated in any other industry, so what makes people treat the software industry as an exception?
A heroin addict might equally claim that the cost of straightening out is too great to bear, and from their perspective I suppose it makes the same limited kind of sense. If you're only looking as far as your next fix, everything gets converted to that end. But it's no way to live.
Yes, it does, if I can offer myself as an example.
During my career, I've turned down several attractive opportunities to work in the United States. I could make a lot of money, I could live very comfortably, and I know that I'd enjoy having American colleagues and neighbors.
But I couldn't live with my conscience. I feel a responsibility to help sustain Canada as a humane and just society. Maybe I was brainwashed as a kid, or maybe I just figure that among the options I have that could possibly make a difference, this turns out to be the most promising one.
We get plenty of things wrong in this country, but they tend to be relatively benign things, and I think it's entirely possible to fix them with humility and progessive refinement. It also helps that we have no ambition to build a global empire. Not that we could, but who in their right mind would?
Of course, often you [the public] will only be paying for part of it. It is common for research to come out of a combination of `projects' funded from different sources.
Universities and similar public institutions are chartered and funded by public money in order to carry out public, not private, research. Outside of such institutions, a researcher of course can contract with anyone to perform any lawful work, ownership of which is established by the terms of the contract, provided that doing so is not in conflict with preexisting contractual obligations.
A researcher supported by public funding or using the facilities of a public institution receives a benefit thereby. The researcher is bound by whatever contracts are entered into as a condition of that funding. Usually this process starts early in a research career, though much depends on the individual situation.
Taking all of this together, any researcher may be subject to multiple contracts, and is individually responsible for assuring that they are not in conflict. Since public funding usually establishes a primary obligation to publish research results, we normally expect that organizations which contribute private funding are choosing to do so because they expect to receive an indirect benefit from those published results. However, such a benefit cannot generally be guaranteed, contractually or otherwise.
As a matter of principle, private institutions cannot expect that their partial contribution to a public research program will give them exclusive access to the research results, since those results are already contractually committed to another party. In practice it comes down to specific contract wording, and to some degree the sequence of events.
Oh, and you could still be right about PITAC being stacked. Not to impugn any of the participants, but there seems to be a remarkably odd representation of industry there.
In a committee setting, the effect tends to manifest in what is not said when reporting its consensus position. The PITAC report makes interesting reading with this in mind. It's an excellent introductory overview to information security, and I have no reason to fault any of its observations. For example:
In fact, many IT system designs continue to incorporate characteristics that make these systems vulnerable to attack. In some instances, system designs may be pushing the state of the art, so their vulnerabilities may not be understood until they are deployed. In other instances, vulnerabilities may be designed into systems because the developers lack technical knowledge or fail to execute best practices.
...
In the absence of significant demand for cyber security, IT vendors have mostly chosen to add new features for which customers are willing to pay.
(Ironically, the addition of new features and added complexity often leads to the introduction of more security vulnerabilities.)
The report basically identifies a need for significant improvement in information security, encourages more research, and asks for more money to be allocated to that end. Perhaps it's unfair to expect more of it than that, given its intended scope and audience. And in the passages I quoted above, the report goes a certain way toward identifying specific pain points.
But it does not suggest that there are immediate, practical steps that organizations can take to reduce security risk. It doesn't classify sources of security risk. It doesn't observe that some organizations are found to be much more secure than others, it doesn't inquire into why that might be, and it doesn't identify specific platforms or strategies that, if encouraged, would be expected to lead to a more secure information infrastructure.
In my view, these would have been useful and appropriate themes to cover in a report of this nature. I consider their absence a significant and remarkable shortcoming of the report. But from a committee perspective, asking for more research funding is so much safer. Then we don't get into the sorts of direct questions that might create discomfort for some of the industry members. A knowledgeable reader can make this inference, and so to that extent the report has maintained integrity. Unfortunately, the report was not intended for a knowledgeable audience.
I see that you've corrected the erroneous reference to Gene Spafford.
I share your concerns about so-called "Trusted Computing" and in general any form of DRM which leaves the owners of computing infrastructure at the mercy of the suppliers of its components. It's not particularly about computing. Such a situation would be intolerable in any industry.
However, I think for the record I'd like to point out that Spaf is consistently on the technically sound side of the debate here. I say this having grown up with him in the USENET days when it was a pretty small club and fools were not suffered gladly. His was always the voice of reason.
Take a look around and see for yourself. We want his point of view on the PITAC.
A physicist friend of mine named Lorne Whitehead started up a company about twenty years ago to manufacture light pipes based on the principle of prismatic reflection.
The startup phase has its usual challenges, I'm sure, especially finding markets, but the company has become very successful and very well known.
I'm not sure what specifically would have given you trouble, and you don't enlighten us with much detail. Perhaps the experience was a bit overwhelming.
Don't worry. I've been doing them for 20 years now, probably done a few thousand in that time on maybe twenty or thirty different hardware platforms. Never had a problem, and I tell you, it's all about having a system. That's what you have to do, figure out a system. And then never, never, depart from it, no matter what the voices say. Just be cool.
Sure, I admit that I'm tempted sometimes to just type random stuff, but I've been totally able to control myself, no problem, just answer the questions. Ever since they took me out of detox the last time. I didn't like it there. It's not just the smell, it's the people. They have such a bad attitude. They're not positive. I need positive energy.
I had to know a few things, like what language I spoke, what timezone I was in, did I want to install everything or just a basic workstation. It is all a bit irritating, I admit. You'd think the installation script would just know that stuff. After all, it's pretty pathetic. It's like you're stupid or something.
I wish it would ask me some hard questions when it did its localization, like whether there really were weapons of mass destruction in Iraq, whether my girlfriend would really like to be in a threesome or is she just saying that to see if I'm faithful, whether virus recognition merely NP-hard (as someone once tried to argue with me) or formally undecidable.
I don't think I'm a "certified Solaris Installation Engineer"; certainly I never had any training. Maybe there was some kind of coupon in the packaging that granted me that title automatically. Sorry if Sun didn't ship you one of those, because I don't see why you wouldn't be equally qualified to reason about the questions asked during system installation. I know I am. I'm cool. I've got the system. Figured it out. Figured it out.
But then, I don't usually eat the dessicant pack either. Though it does look kind of edible, doesn't it? Those sparkly little crystals and all... Could be good, and how can you know for sure if you don't try them? The label clearly states "DESSICANT -- DO NOT EAT" but that's probably just legalese. See if they can suck you in, right. They all try that. It's a power thing. Don't fall for it.
I have a lot of respect for Consumer Reports. We used to have a subscription to it when I was growing up, and I always found it objective, scientific, and informative.
Where CR doesn't distinguish itself is in technical evaluations, software in particular. I could wish for more rigor when it takes on projects like these.
Historically, the rolloff makes a fair amount of sense, as CR writes for a general rather than technical audience. And, as I often argue, you can't understand computing infrastructure as if it were a kind of appliance. Appliances are finite. Infrastructure exists for its potential.
But as our daily lives become increasingly involved with technology, I often wish that CR could use its leadership and methodology to inform the technology marketplace as well.
Slashdot Mirror
A lightsaber is evidently some kind of precisely contained energy field. It also glows, which is to say it dissipates an extremely tiny amount of its reportedly massive energy as visible light.
Depictions of lightsabers do not typically show them annihilating objects, melting them, or setting them on fire. No smoke appears to be produced when a lightsaber cuts through an object, and the cut produces no discernible kerf. Certainly the kerf is not as wide as the visibly glowing area of the device. The lightsaber does not appear to glow more brightly when cutting an object.
So based on the evidence -- and as we might dare to infer from its name -- a lightsaber normally operates purely by applying a cutting force along its length. In effect, it's a line segment formed out of energy.
The energy transferred to the object is thus very nearly exactly that required to physically separate it into two pieces. There is no reason to expect to see any fusing or cauterization on the cut surfaces. They would probably not even be measurably warmer as a result of being cut.
Oh, and I made this all up.
See parent.
The curvature of the surface is not relevant to the calculation, thus neither is the radius of the earth. To consider the extreme cases, the surface could be absolutely flat (radius infinite), or it could be a point (radius zero). Either way, your two cameras are still 620km away from that surface. The object is still at some other distance which we can measure purely by comparing the difference in parallax between the two.
Makes sense, though. According to the article, the orbit is at 620km. To obtain 1.0 degrees of stereo separation would require cameras placed 10.8km apart.
In many circumstances this can be an effective approach to document presentation. In many others, it's not, most importantly where documents must formally comply with established layout requirements. Most archival documents fall into this category, for example legal forms, theses, papers submitted to refereed journals, and so on. In some cases these formats are legislatively mandated, in others they follow a longstanding convention that may date back through decades or centuries of collected material. Such formats will not change quickly.
I'm sure that, at some future date, existing requirements will be converted from physical dimensions to something that can be expressed directly in a standard layout language. The OASIS effort is an extremely important step in that direction, because it establishes a working proof of concept. Then the world will be in a reasonable position to consider changing how it espresses its document standards, and ultimately how such documents are instantiated. This could take awhile, so don't hold your breath.
The answer to your question, "Why use documents anyway?" is because, in the way the world actually works, there is presently no alternative.
Binary distribution only. The accompanying license states, in part:
A consulting group with which I'm associated just completed a half-day product integration demo for one of our clients using Firefox, as this was the specified preference of the client. Of course, this is an elightened client, which is exactly the kind we prefer.
If you are deploying FF on your network, have you found a way to do it without going to every machine and setting it up manually?
One simple litmus test I have for software installation in a Unix environment is to target the installation onto a shared filesystem. This directly demonstrates two kinds of relocatability:
For practical reasons, this is not always the way software will be deployed in a production environment, but it is a canonical deployment which every site should consider using to define its repository of installed software. If installation works in this case, it's safe to infer that it will also work when distributed by any other means such as cfengine.
But something I've been thinking about lately is how it would take all of maybe 5 minutes for the US government to force a US company to open its IP if, say, national interests depended on it.
Food for thought. Yes, I can see that scenario too. It first strikes me as reassuringly feasible, but then on further thought seems extremely unlikely. With so many hands reaching into so many pockets, there is not one single "national interest" but instead an elaborate mesh of interests, dominated more often than not in proportion to the money involved, by industry, by political opportunity, and even by religious ideology. You've heard of the Golden Rule: he who has the gold makes the rules. Microsoft, having revenues in excess of most national economies, is not in the position of being marginalized here.
So I think you hit on it. It's a comforting illusion that the public interest in access to public data can be safely neglected because, after all, it would only take a brief flexing of government muscle to put everything back on track. The problems are first, that there's no credible scenario under which that would ever happen, and second, that such action would not substantially repair the damage already done.
We should remember that we're discussing a particularly American dilemma. It's always refreshing to look at how other governments are making progress at integrating open source with the public interest. That seems to be coming along very well, as long as there is no industrial hegemony getting in the way.
(Don't ask me what to do about classified data and hardware projects.)
There is no contradiction. Secure data encryption doesn't depend on obscuring the data format, it depends on good crypto. In practice, the most secure cryptosystems are the ones which have withstood the most exposure. Open data formats enhance data security.
Probably not, but that has no logical bearing on the discussion.
The problem with any software which attempts to interoperate with a proprietary data format is that the proprietary format is designed to exclude that interoperation. Don't blame the other software for that! The same is true whether the other software is free or encumbered.
You're right, it is about your tax dollars, and mine, and our children's. It's an egregiously bad idea for governments, operating with public funds in the public trust, to allow themselves to get locked into any proprietary data format. At best, that data, our data, becomes hostage to proprietary interest. And as you've clearly illustrated, the consequences can be severe.
Security improvements only restrict functionality which was insecure all along. That functionality should never have been delivered in the first place!
Okay, so while that's true in an ideal world, we realize that designs are not always perfect from the beginning. We can accept that sometimes design errors are not caught early, but instead have to be corrected after implementation and deployment, even though this is far and away the most expensive time to fix them.
But Microsoft is notorious for releasing designs that have fundamental security flaws. Executable content is just one example among many, a fundamentally insecure design capable of being exploited by children.
Did Microsoft "do the right thing" and forbear from introducing this obviously dangerous capability at the design stage, when it would have been least expensive for all concerned? Or did it deliberately ignore the security practices of the day for the sake of capturing market share?
It seems to me that the burden is on you to explain why an untested strategy of space colonization would be an effective alternative to solutions we substantially, if not completely, understand through long experience. You need to quantify the resources required to achieve and sustain such a program, the risks involved, and the benefits it would realistically yield in comparison with existing approaches based on sustainable resource management.
Since we have never completed a space colonization project, it would be difficult to claim that such projects are likely to be successful. I appreciate that any information you provide will be largely speculative. It would be more credible, therefore, for your estimates to be grounded in at least some generally accepted research.
Only if reasonable analysis shows that strategy is more likely to succeed than conservation alternatives.
Show me that analysis, and we can have a reasonable discussion about it.
I'm not saying that we won't get there eventually but what is the big rush all of a sudden? The vast majority of our problems here on earth do not arise from a sudden increase in solar flares, meteor bombardment, volcanic eruption, and so on. Those phenomena have been consistently with us throughout our history.
Our substantial and urgent problems are all caused by too many people trying to take too many resources. Are these problems too obvious to be interesting? An effective way to solve them would be to have fewer people using resources more modestly.
It's not clear that proposals to send a very few people into space at an enormous cost in resources would be effective for any practical purpose, let alone in comparison to the alternatives and specific purposes at hand. So my advice would be for us to grow up and get our priorities straight, or we'll all die a miserable death of resource exhaustion long before our species is ready to go to space.
By all means, let's work on the Space Elevator and other projects, but slowly, thoughtfully, and with due regard for our preeminent responsibility to this planet.
Correct.
If you are physically present at the inquiry, there is no question that you are getting a 100% accurate experience of being present at the inquiry.
If, however, you rely on reports of what took place at the inquiry, those reports are 0% guaranteed to be representative of what actually took place.
At points between this inquiry and subsequent judicial proceedings, the above difference can create a risk of bias, and thus be harmful to justice. That's an important consideration, though in Canada at least it tends to be weighed against other considerations as well.
As you suggest, some countries might solve the problem quite simply by holding a secret inquiry, making it illegal for anyone to say anything about it to anyone outside the courtroom. In Canada we tend not to take quite such a fundamentalist position as that. This isn't a police state. I think it would be correct to say that we expect our citizens to be able to handle the gray areas as well as the black and white ones. Our laws are written accordingly, and what may be most interesting of all, they are enforced accordingly.
Let me get this straight: If I attend the proceedings, I'm not allowed to tell anybody? Even a spouse? Or am I only allowed to tell people I meet in person?
I have not attended this inquiry, so I don't have firsthand knowledge of the instructions regarding publication, which would probably clear up most of your questions. But clearly they refer to publication, and clearly their purpose is to reduce the risk of bias which publication might be expected to induce. We know that ordinary conversation between individuals is not publication, and we can see that the risk is low. Flying a banner behind an aircraft all day over Toronto which reads "CHUCK GUITÉ FUNNELLED $20M TO CHRÉTIEN" would probably be considered publication, not to mention being in bad taste.
The whole thing seems to be based on the distinction between members of the press and non-publicators. This distinction is arbitrary and archaic.
Perhaps, though that conclusion doesn't follow from the commentary you've offered. More likely the situation is related to the exercise of common sense. I believe the test in law is that of a "person, acting reasonably".
In many industries, that social effect has had time to be worked out. A manager of an aircraft facility today probably thinks twice before overriding the decisions of its turbine engineers. But that wasn't always so. Steam boilers commonly used to explode, either because management ignored engineering in its effort to cut costs, or because the appropriate engineering just wasn't done. The eventual result was regulatory oversight, because the industry was not able to regulate itself. Until that happened, a regard for professional competence was not entirely rewarding to the industry.
Today the software industry is in the much same place. Software, despite its inherent complexity, could be much more reliable, more secure, and more standards compliant than what we accept today. It's remarkable how good open source software looks against commercial software, not because of a fundamentally different development methodology, but simply by having different development priorities.
To my way of thinking, that's a big reason why working in open source can be so rewarding, because it tends to put you in an environment where comprehension, and therefore professional respect, is the norm.
This only makes sense. An increasing proportion of people who use computers come from the general population. In relation to computing professionals, their position is increasingly that of consumers rather than colleagues. The traditional respect for a professional which is based on an informed recognition of ability is bound to suffer.
That's one main factor, as I see it. The other is that our culture is going through a characteristic phase of technology change in which adoption is followed by social disruption. The same process happened as agriculture transformed social structure, and again during the industrial revolution. This time around, we have other major forces of social disruption at play as well, including globalization, the inversion of market and social values, and the accumulation of ecological effects which began with the previous two revolutions.
Some of these forces are pretty abstract, even though their effects are not. But the force of technological change is manifest in an unprecedented flood of new artifacts into people's lives. As bearers of that change, we make a very visible target for frustration not only with the artifacts and their mysterious technology, but with disruptive forces in general. Our very competence can become a liability.
And guess which of the two classes of bridges are more prone to failure?
The differences between designs of physical systems and software systems are fundamental for three reasons:
-
Software systems are built out of abstractions. In other words, above the level of computation there is nothing analogous to laws of physics that would constrain the solution and establish a common body of knowledge.
-
Software operates in the discrete domain whereas most of our assumptions about the world are based on continuous properties.
-
The configuration space of a software system is many orders of magnitude higher than for a physical system. And as Fred Brooks pointed out, whereas a large physical system is essentially a smaller system scaled up and built with larger numbers of identical components, a software system is not measured by physical but by conceptual size.
Software systems only appear simple through a great deal of human effort. That illusion of simplicity vanishes as soon as something goes wrong. You don't get a bridge whose truss length suddenly doubles because a bit has been flipped somewhere in the system.None of this goes against your point that formal methods are valuable. However, it's worth remembering that such methods don't transform the fundamental properties of a software system into something analogous to a physical system. And even the design of physical systems using our best science and engineering methodologies can produce imperfect implementations.
I always wonder what motivates people to spin the disadvantage of being locked into a single source of supplyas if it were some kind of positive advantage. It's not tolerated in any other industry, so what makes people treat the software industry as an exception?
A heroin addict might equally claim that the cost of straightening out is too great to bear, and from their perspective I suppose it makes the same limited kind of sense. If you're only looking as far as your next fix, everything gets converted to that end. But it's no way to live.
During my career, I've turned down several attractive opportunities to work in the United States. I could make a lot of money, I could live very comfortably, and I know that I'd enjoy having American colleagues and neighbors.
But I couldn't live with my conscience. I feel a responsibility to help sustain Canada as a humane and just society. Maybe I was brainwashed as a kid, or maybe I just figure that among the options I have that could possibly make a difference, this turns out to be the most promising one.
We get plenty of things wrong in this country, but they tend to be relatively benign things, and I think it's entirely possible to fix them with humility and progessive refinement. It also helps that we have no ambition to build a global empire. Not that we could, but who in their right mind would?
Universities and similar public institutions are chartered and funded by public money in order to carry out public, not private, research. Outside of such institutions, a researcher of course can contract with anyone to perform any lawful work, ownership of which is established by the terms of the contract, provided that doing so is not in conflict with preexisting contractual obligations.
A researcher supported by public funding or using the facilities of a public institution receives a benefit thereby. The researcher is bound by whatever contracts are entered into as a condition of that funding. Usually this process starts early in a research career, though much depends on the individual situation.
Taking all of this together, any researcher may be subject to multiple contracts, and is individually responsible for assuring that they are not in conflict. Since public funding usually establishes a primary obligation to publish research results, we normally expect that organizations which contribute private funding are choosing to do so because they expect to receive an indirect benefit from those published results. However, such a benefit cannot generally be guaranteed, contractually or otherwise.
As a matter of principle, private institutions cannot expect that their partial contribution to a public research program will give them exclusive access to the research results, since those results are already contractually committed to another party. In practice it comes down to specific contract wording, and to some degree the sequence of events.
Home page at Purdue: http://www.cerias.purdue.edu/homes/spaf/.
Oh, and you could still be right about PITAC being stacked. Not to impugn any of the participants, but there seems to be a remarkably odd representation of industry there.
In a committee setting, the effect tends to manifest in what is not said when reporting its consensus position. The PITAC report makes interesting reading with this in mind. It's an excellent introductory overview to information security, and I have no reason to fault any of its observations. For example:
But it does not suggest that there are immediate, practical steps that organizations can take to reduce security risk. It doesn't classify sources of security risk. It doesn't observe that some organizations are found to be much more secure than others, it doesn't inquire into why that might be, and it doesn't identify specific platforms or strategies that, if encouraged, would be expected to lead to a more secure information infrastructure.
In my view, these would have been useful and appropriate themes to cover in a report of this nature. I consider their absence a significant and remarkable shortcoming of the report. But from a committee perspective, asking for more research funding is so much safer. Then we don't get into the sorts of direct questions that might create discomfort for some of the industry members. A knowledgeable reader can make this inference, and so to that extent the report has maintained integrity. Unfortunately, the report was not intended for a knowledgeable audience.
I share your concerns about so-called "Trusted Computing" and in general any form of DRM which leaves the owners of computing infrastructure at the mercy of the suppliers of its components. It's not particularly about computing. Such a situation would be intolerable in any industry.
However, I think for the record I'd like to point out that Spaf is consistently on the technically sound side of the debate here. I say this having grown up with him in the USENET days when it was a pretty small club and fools were not suffered gladly. His was always the voice of reason.
Take a look around and see for yourself. We want his point of view on the PITAC.
The startup phase has its usual challenges, I'm sure, especially finding markets, but the company has become very successful and very well known.
It's called TIR Systems .
(Unfortunately I can't comment on the cited article as it's already slashdotted.)
Don't worry. I've been doing them for 20 years now, probably done a few thousand in that time on maybe twenty or thirty different hardware platforms. Never had a problem, and I tell you, it's all about having a system. That's what you have to do, figure out a system. And then never, never, depart from it, no matter what the voices say. Just be cool.
Sure, I admit that I'm tempted sometimes to just type random stuff, but I've been totally able to control myself, no problem, just answer the questions. Ever since they took me out of detox the last time. I didn't like it there. It's not just the smell, it's the people. They have such a bad attitude. They're not positive. I need positive energy.
I had to know a few things, like what language I spoke, what timezone I was in, did I want to install everything or just a basic workstation. It is all a bit irritating, I admit. You'd think the installation script would just know that stuff. After all, it's pretty pathetic. It's like you're stupid or something.
I wish it would ask me some hard questions when it did its localization, like whether there really were weapons of mass destruction in Iraq, whether my girlfriend would really like to be in a threesome or is she just saying that to see if I'm faithful, whether virus recognition merely NP-hard (as someone once tried to argue with me) or formally undecidable.
I don't think I'm a "certified Solaris Installation Engineer"; certainly I never had any training. Maybe there was some kind of coupon in the packaging that granted me that title automatically. Sorry if Sun didn't ship you one of those, because I don't see why you wouldn't be equally qualified to reason about the questions asked during system installation. I know I am. I'm cool. I've got the system. Figured it out. Figured it out.
But then, I don't usually eat the dessicant pack either. Though it does look kind of edible, doesn't it? Those sparkly little crystals and all... Could be good, and how can you know for sure if you don't try them? The label clearly states "DESSICANT -- DO NOT EAT" but that's probably just legalese. See if they can suck you in, right. They all try that. It's a power thing. Don't fall for it.
Where CR doesn't distinguish itself is in technical evaluations, software in particular. I could wish for more rigor when it takes on projects like these.
Historically, the rolloff makes a fair amount of sense, as CR writes for a general rather than technical audience. And, as I often argue, you can't understand computing infrastructure as if it were a kind of appliance. Appliances are finite. Infrastructure exists for its potential.
But as our daily lives become increasingly involved with technology, I often wish that CR could use its leadership and methodology to inform the technology marketplace as well.