A Real Man who wants to visit websites will load each site in a separate browser instance with a unique agent string and a different browser vendor and build each time with all cookies and scripts (1st, 2nd, 3rd, 87th party, etc.) hard-blocked, and only from within a series of totally unique VM environments of no less than Windows XP (Home and Pro), Vista (all 4,556 varieties), Win 7 (all varieties) and no less than 1,396 versions and flavors of Linux or Unix derived operating systems, [...]
I know you are joking. But I just checked myself on panopticlick. Looks like if you you know either my plugins or my fonts this is enough to uniquely identify my computer and hence its sole user. Unfortunateley my browsers transmit this information even in anonymous mode. And the list is nearly the same between different browsers. So cleaning the cookies won't help, TOR won't help, NoScript won't help and using different browsers' won't help to hide me from user tracking on the internet. The funny thing is that a fingerprint based on that information will work well between different internet sites.
How sure are you, that you have really tracked doen the correct person? Can you quantify your confidence or are you solely relying on your "gut feeling"? Because if you are relying on your gut feeling, you are usually wrng, because your guts are not very good at statistics.
There might be someone with the same name of your applicant located in the same city or perhaps even in the same street. They even might happen to be at a similar age. This don't happens very often, but it happens often enough.
You should give your apllicant the benefit of the doubt, especially when you even can't quatify how sure you are about your "gut feeling".
I have to go with the GP on this one. It's not that vim is inherently bad, it's just that it's *unnecessary*. [...]
I currently had to learn vi. Not vim, but the original vi. I had to do some work on some Solaris and AIX machines. vi was the only tool that was available on all of them. Most of them dad vim, some even emacs. But only vi was on all of them.
So I would say the reason to deal with vi instead of the better/newer editors is not so much that the other editors are not necessary. But the other editors might be unavailable.
I now try to use always vi, to practice its usage. The next time when no other editor is available, I will be prepared.
When you want to (selectively) reenable autorun, you can use USBDLM. This program runs as a Windows service and manages changeable media. It can assign fixed drive letters, enable write caching, open a file manager when a medium is inserted or run a file on the medium (atorun). These actions can depend on configurable criterions, e.g. the USB ID, a certain string in the autorun.inf (shared secret) or the existance of a certain file on the medium.
[Settings]
AutorunInfRestricted=1
This checks for "MySecretKey" in the autorun.ini file. If the key is found, it waits 2 seconds and then executes the autorun.ini file, but with reduced privileges.
If I said that to my teacher when caught cheating, I doubt it would have had much sway.
Bad analogy. This isn't a test.
From a more philosophic point of view it actually is a test. The task is: "Build a machine that answers my questions." The people are evaluating the results given by Google, Bing, Duckduckgo, etc. The one giving the best reults is getting the points in form of klicks, eyeballs and ultimately money. The other ones have to improve their results in that steadily running test. In a capitalistic system this drives innovation.
Copying the reults of others cheats the system and harms innovation. And more directly: It removes points from the other praticipants of that test by catching klicks, eyeballs and ultimately taking some of the money that the real winner would deserve.
So the one copying the results is cheating us by decrease the rate of innovation and he is cheating his competitors by getting some of the money they deserve.
So in my opinion the analogy by the GP post was quite correct. It is a perpetual test (just like evolution).
The article is a little light on details, but am I right in thinking that people's session cookies were being sidejacked? AFAIK, despite FB not sending everything over https, the password is sent over https. So I don't see how a keylogger like approach would work to intercept the pw, unless the Tunisian government was smart enough to run something like Moxie Marlinspike's sslstrip where they did a MITM attack and sent unencrypted http traffic to the user and then stole their password.
The Tunesian government has its own certificate authority whose root certificate is accepted at least by Internet Explorer and Google Chrome. So they could run their MIM attack over HTTPS with a real certificate accepted by the client. This root certificate was pushed by a Windows Update (KB931125).
they don't seem smart enough
They seem to be smarter than you thought: They lobbied Microsoft to enable a hard to detect MIM attack. Against this kind of attack SSL is nearly defenseless. Even when facebook would switch completely to SSL and all users would check for this, the Tunesian government could succesfully run a MIM attack.
Will people please stop citing an x264 developer's rant as an "expert opinion" on the video quality or patent risks of WebM?
Could we please stay on the arguments and not argue about the person presenting them? The article The first in-depth technical analysis of VP8 presents several arguments why WebM could be affected by patents held by MPEGLA. Personally I don't care if these arguments were made by an x264 developer, the pope or Jeffrey Dahmer. I am only interested in the facts.
You are free to disagree with the arguments presented in that article. Even better when you can present some reasonabel doubts or even some qualified counter arguments. But please don't argue ad hominem.
One very old scheme is to embed a checksum of the code segment inside the binary itself and then check it at runtime. It's not foolproof but it will identify most pirated copies with zero chance of false positives.
Be carefull with your statement about false positives. Checking the code segment is not as easy as you think: There are shared libraries (e.g. DLLs) loaded in the code segment at runtime. You would have to check them too. Some of these libraries are always provided by the OS and are regularily updated.
Then there are also some completely legit reasons to change the code opf the game: Some AV software embedds itself into programs by changing their bnary code. Some virtualization software changes the code in the VM at runtime. The OS might change some parts of the code to prevent security leaks.
It is not easy to distinguish these actions from hacking the game. But if you don't, legit customers might get hit, after an update of their OS or their AV software.
My wife locks me out every time she accesses our bank account. Our credit union has implemented a new "security" feature where the account number and password remembers the cadence that you enter the information. If the cadence doesn't match, it rejects it. I type a lot faster then she does, so my cadence is never even close to what her's is.
Possible solution: Type the password in Notepad and then copy and paste it in the password field.
Look, I'm going to be honest here, I didn't read the whole summary; it's long. But I did read the main part of it, at the beginning, and what it's suggesting is keeping open an HTTP connection so "real-time polling" (which is sort of an oxymoron to begin with) can occur.
It is even harder than that. You have to deal with proxy servers, connection limits and the missing "flush" support in http.
Use only one connection for the event notification. Multiplex all events on this single connection. (Reason: Usually limit for 3 connections to the same server).
Close the connection after each event. (Reason: No flush in http).
About each 50 seconds close the connection and create a new one (Reason: Timeouts in proxy servers).
While the event based approach (usually based on select) was state of the art for a while, recent research shows that the 1:1 approach can have advanteges for high-concurrency servers.
The reasons for this are mainly improvements in the thread handling in modern operation systems. With the event based approach you must handle the states for multiple sessions all for your self. Usually the space for state handling is stored on the heap. Communication between the sessions must be impelemnted by hand. And when you are not carefully when implementing how the sessions output data, you might add artificailly latency.
With the 1:1 approach (one thread for one session) the state for each session is stored on the stack, the synchronisation can be done by the operating system, and each thread can write its output as soon as it is ready. You only have problems when managing threads is quite expensive, especially when you have thousands of them. And this is where operation systems have improved in the last few years, e.g. Linux with the O(1) scheduler.
They can do tiers the same way that (most - at least in the US) ISP's do - you base tiers on bandwidth (which inherently caps data usage). If you want the $15 a month data plan, you get say 75 KB/s, $25 a month will get you 150 KB/s, $35 gets you 300 KB/s, etc. [...]
Here in Germany we usually have a mixed model. You pay for the amount of data you have at full speed (3 Mbit/s or 7 Mbit/s depending on provider). When you you have reached that limit you get the rest of the data for free, but your speed is capped (usually 64 kbit/s, sometimes at 300 kbit/s).
For example with Vodafone you get a complete mobile flat with 200 MB per month full speed (7 Mbit/s) and the rest capped at 64 kbit/s for 5,55€ (including 100 telephon minutes, source, English translation.
With O2 you pay 5,58€ for 5GB per month at maximum speed (3 Mbit/s) and the rest capped at 64 kbit/s (only data, no speech, for use with notebooks etc., tethering and VoIP especially allowed, source, English translation).
Are your providers wholly independent of the government and not subsidized?
Here in Germany the providers are regulated by the government but not subsidized. The providers have to pay the government for the permit to use frequencies for the mobile transmissions. For the UMTS frequencies to providers had to pay over 16 billion Euros each for the permit (source in German, English translation).
The regulation has the nice effect that you can easily transfer your phone number from one provider to the other and that costs for roaming have an upper limit. Both helps to keep prices down. These rules are currently unified for the whole EU.
In short: The state doesn't pay the providers but the providers have to pay the state.
Really? How big do you think the team that created Stuxnet is then? Or do you really think that one guy found 4 new zero days, wrote a P2P control mechanism, a custom kernel mode rootkit, a bunch of PLC code in an obscure form of assembly language and a shim DLL to hide the PLC infection from the operator?
Don't forget the fake kernel drivers signed with a stolen certificate. Stealing or breaking the digital certificate used by JMicron to sign Windows kernel drivers should be out of range for even a skilled single hacker.
Oh and apparently there was a second certificate stolen/broken, this time from Realtek.
This thing is really scary. Even when you follow best practice for security in every detail, you would have no protection against something like Stuxnet.
Look for a comment that references the real source of information or has a link to a mirror of the slashdotted article (The article linked in the summary is usually either a summary split on multiple pages with lots of adds or readworthy but slashdotted)
Read the fine article
Go back to slashdot, read the comments and try to add some value
PS: Sorry for the meta discussion. I still have to read the article for this story.
Encrypted files have maximum entropy, just like absolutely random files. [...]
Sorry, that is not correct. An encryptred file has the entropy of the unencrypted file plus the entropy of the encryption program plus the entropy of the encryption key.
Of course this is the theoretical entropy. In praxis you will not be able to measure it correctly without decrypting the file.
[...] But, as http://en.wikipedia.org/wiki/Sucrose#Metabolism_of_sucrose will tell you, sucrose is split into glucose and fructose (i.e. HFCS) very efficiently in the stomach. This means that when the sucrose enters the intestine, where it will be absorbed, there is no chemical difference between (the main content of) HFCS and sucrose. [...]
That's not completely true. The stomach digests proteins and to some degree fat. Sugar is processed in the mouth and in the small intestine. And there lies the problem: Your body can control how fast it has to absorb the sugar by regulating the flow from stomach to intestine. And in the intestine it can contol the speed of digestion through the pancreas. But this control only works with disaccharides (table sugar) but not with monosacharides (fructose).
So while the metabolism is the same in theory, in praxis there is a big difference in the timing. It is much easier to flood your organism with fructose than with table sugar. And flooding the organism with sugar will affect the processes running in the organism.
The morale? Don't flood your organism with sugar. Drink pure water. Even the water from your tap will usually be much healthier than any sugar drink. And it is usually cheaper.
Replace the written test with oral examination. Or use "mixed" exams: A written test with all students together, followed by an individual oral test, where each student must describe her solution.
You can't win an arms race in cheating using technology. But you can change the problem space.
Whether or not it's "natural" depends entirely on your definition of the word.
Are we going to start calling citric acid artificial because a lemon tree made it? Or call honey artificial, because a bunch of bees made it?
I think it's not so much about how it was made but how it will be "decomposed". If something can be easily composted, I would call it natural.
Of course how it was made is also important. If something needs an industrial process to be made with lots of unwanted byproducts, I will call it "artificial". When there a natural organism can produce the exactly same substance, I still will call the substance made by man "artificial". This is not because of the substance itself but because of the byproducts produced when it was made.
So in my point of view "artificial" or "natural" is not so much about the substance itself, but about the processes to create and dispose that substance. The wording is not perfect, but I think the concept is clear to most people.
Ruby, Java and Scala are pretty much a POS, but the kiddies haven't quite figured that out yet.
Java is quite popular for enterprises, I think because you can get Java programmers cheapes than C++ programmers. Mainly because Java abstracts away a lot of the hard stuff. Hence more people manage Java and the higher supply of poeple drives down the prices.
Ruby is even easier than Java, but in my opinion it's often too limited (yet). It doesn't have all the enterprise tools and frameworks that Java has. But with a little more time Ruby might catch up.
Scala has access too all the Java goodies but it doesn't come with the supply of cheap, exchangeabel programmers. Having lots of cool concepts from te functional world it is quite hard too manage.
So in theory your point is valid. But Java got a good mix of powerful language and frameworks with being easy enough to master to create a cheap supply of programmers. Technically Java is usually not the best choice. But when you consider the total costs it is hard to find anything cheaper..NET comes close to Java, but you are limited to Microsoft products for development and hosting. Especially for the hosting part this can get quite expensive.
Learning is much easiser when you have some early success. This can be easily reached doing system integration of pre-exisitng components.
An expesinve possibilty would be something like building a robot with Lego Mindstorms. If you are on a budget, let them integrate some web services, using Yahoo Pipes. You can even spilt them into different groups. An advanced group can add a custom stream to the pipe using Google App Engine.
By just piping existing components together, they can quickly build an useful web application. With a web application they can cooperate and even show their creation to others. When the application is really useful for them, they will be motivated to tweak it and extend it. Thus they might even be motivated to dive deeper into IT.
I think the hardest part is converting them from computer and internet consumers to producers.
Better yet: The Brittish military created an urban legend, still famous today. They spread the word that eating carrots would improve vision and this would help them to spot submarines more easily. Although this was not done to cover that they broke Enigma, but to hide the fact that they invented radard. (Source)
But the fact remains: To hide an invetion they used misinformation. And they did it so well, that it is still effective today.
Use plain text files. They can be easily managed: Version control and comparing is easy. The best thing: Text files and can be read by nearly every application.
File corruption is unlikely with text files. If you should have corrupted files, you have a chance to recover them with text files. With binary files, databases etc. this becomes much harder.
To find your files later, tag them properly. Something like OpenMeta might help you.
Slashdot Mirror
A Real Man who wants to visit websites will load each site in a separate browser instance with a unique agent string and a different browser vendor and build each time with all cookies and scripts (1st, 2nd, 3rd, 87th party, etc.) hard-blocked, and only from within a series of totally unique VM environments of no less than Windows XP (Home and Pro), Vista (all 4,556 varieties), Win 7 (all varieties) and no less than 1,396 versions and flavors of Linux or Unix derived operating systems, [...]
I know you are joking. But I just checked myself on panopticlick. Looks like if you you know either my plugins or my fonts this is enough to uniquely identify my computer and hence its sole user. Unfortunateley my browsers transmit this information even in anonymous mode. And the list is nearly the same between different browsers. So cleaning the cookies won't help, TOR won't help, NoScript won't help and using different browsers' won't help to hide me from user tracking on the internet. The funny thing is that a fingerprint based on that information will work well between different internet sites.
How sure are you, that you have really tracked doen the correct person? Can you quantify your confidence or are you solely relying on your "gut feeling"? Because if you are relying on your gut feeling, you are usually wrng, because your guts are not very good at statistics.
There might be someone with the same name of your applicant located in the same city or perhaps even in the same street. They even might happen to be at a similar age. This don't happens very often, but it happens often enough.
You should give your apllicant the benefit of the doubt, especially when you even can't quatify how sure you are about your "gut feeling".
I have to go with the GP on this one. It's not that vim is inherently bad, it's just that it's *unnecessary*. [...]
I currently had to learn vi. Not vim, but the original vi. I had to do some work on some Solaris and AIX machines. vi was the only tool that was available on all of them. Most of them dad vim, some even emacs. But only vi was on all of them.
So I would say the reason to deal with vi instead of the better/newer editors is not so much that the other editors are not necessary. But the other editors might be unavailable.
I now try to use always vi, to practice its usage. The next time when no other editor is available, I will be prepared.
Details can be found in the documentation
Example:
[Settings]
AutoRunInf=1
AutoRunKey=MySecretKey
delay=2000
[Settings]
AutorunInfRestricted=1
This checks for "MySecretKey" in the autorun.ini file. If the key is found, it waits 2 seconds and then executes the autorun.ini file, but with reduced privileges.
If I said that to my teacher when caught cheating, I doubt it would have had much sway.
Bad analogy. This isn't a test.
From a more philosophic point of view it actually is a test. The task is: "Build a machine that answers my questions." The people are evaluating the results given by Google, Bing, Duckduckgo, etc. The one giving the best reults is getting the points in form of klicks, eyeballs and ultimately money. The other ones have to improve their results in that steadily running test. In a capitalistic system this drives innovation.
Copying the reults of others cheats the system and harms innovation. And more directly: It removes points from the other praticipants of that test by catching klicks, eyeballs and ultimately taking some of the money that the real winner would deserve.
So the one copying the results is cheating us by decrease the rate of innovation and he is cheating his competitors by getting some of the money they deserve.
So in my opinion the analogy by the GP post was quite correct. It is a perpetual test (just like evolution).
The article is a little light on details, but am I right in thinking that people's session cookies were being sidejacked? AFAIK, despite FB not sending everything over https, the password is sent over https. So I don't see how a keylogger like approach would work to intercept the pw, unless the Tunisian government was smart enough to run something like Moxie Marlinspike's sslstrip where they did a MITM attack and sent unencrypted http traffic to the user and then stole their password.
The Tunesian government has its own certificate authority whose root certificate is accepted at least by Internet Explorer and Google Chrome. So they could run their MIM attack over HTTPS with a real certificate accepted by the client. This root certificate was pushed by a Windows Update (KB931125).
they don't seem smart enough
They seem to be smarter than you thought: They lobbied Microsoft to enable a hard to detect MIM attack. Against this kind of attack SSL is nearly defenseless. Even when facebook would switch completely to SSL and all users would check for this, the Tunesian government could succesfully run a MIM attack.
Will people please stop citing an x264 developer's rant as an "expert opinion" on the video quality or patent risks of WebM?
Could we please stay on the arguments and not argue about the person presenting them? The article The first in-depth technical analysis of VP8 presents several arguments why WebM could be affected by patents held by MPEGLA. Personally I don't care if these arguments were made by an x264 developer, the pope or Jeffrey Dahmer. I am only interested in the facts.
You are free to disagree with the arguments presented in that article. Even better when you can present some reasonabel doubts or even some qualified counter arguments. But please don't argue ad hominem.
One very old scheme is to embed a checksum of the code segment inside the binary itself and then check it at runtime. It's not foolproof but it will identify most pirated copies with zero chance of false positives.
Be carefull with your statement about false positives. Checking the code segment is not as easy as you think: There are shared libraries (e.g. DLLs) loaded in the code segment at runtime. You would have to check them too. Some of these libraries are always provided by the OS and are regularily updated.
Then there are also some completely legit reasons to change the code opf the game: Some AV software embedds itself into programs by changing their bnary code. Some virtualization software changes the code in the VM at runtime. The OS might change some parts of the code to prevent security leaks.
It is not easy to distinguish these actions from hacking the game. But if you don't, legit customers might get hit, after an update of their OS or their AV software.
I agree. Which is why I would assume that your company manages the following infrastructure internally:
And in a completely unrelated story, Google builds a city for its employees
My wife locks me out every time she accesses our bank account. Our credit union has implemented a new "security" feature where the account number and password remembers the cadence that you enter the information. If the cadence doesn't match, it rejects it. I type a lot faster then she does, so my cadence is never even close to what her's is.
Possible solution: Type the password in Notepad and then copy and paste it in the password field.
Look, I'm going to be honest here, I didn't read the whole summary; it's long. But I did read the main part of it, at the beginning, and what it's suggesting is keeping open an HTTP connection so "real-time polling" (which is sort of an oxymoron to begin with) can occur.
It is even harder than that. You have to deal with proxy servers, connection limits and the missing "flush" support in http.
You can find a good summary of the problems in the GWT Server Push FAQ.
Summary:
The reasons for this are mainly improvements in the thread handling in modern operation systems. With the event based approach you must handle the states for multiple sessions all for your self. Usually the space for state handling is stored on the heap. Communication between the sessions must be impelemnted by hand. And when you are not carefully when implementing how the sessions output data, you might add artificailly latency.
With the 1:1 approach (one thread for one session) the state for each session is stored on the stack, the synchronisation can be done by the operating system, and each thread can write its output as soon as it is ready. You only have problems when managing threads is quite expensive, especially when you have thousands of them. And this is where operation systems have improved in the last few years, e.g. Linux with the O(1) scheduler.
A good analysis of this subject together with some numbers can be found in the paper Why events are a bad idea for high performance servers from Microsoft research.
They can do tiers the same way that (most - at least in the US) ISP's do - you base tiers on bandwidth (which inherently caps data usage). If you want the $15 a month data plan, you get say 75 KB/s, $25 a month will get you 150 KB/s, $35 gets you 300 KB/s, etc. [...]
Here in Germany we usually have a mixed model. You pay for the amount of data you have at full speed (3 Mbit/s or 7 Mbit/s depending on provider). When you you have reached that limit you get the rest of the data for free, but your speed is capped (usually 64 kbit/s, sometimes at 300 kbit/s).
For example with Vodafone you get a complete mobile flat with 200 MB per month full speed (7 Mbit/s) and the rest capped at 64 kbit/s for 5,55€ (including 100 telephon minutes, source, English translation.
With O2 you pay 5,58€ for 5GB per month at maximum speed (3 Mbit/s) and the rest capped at 64 kbit/s (only data, no speech, for use with notebooks etc., tethering and VoIP especially allowed, source, English translation).
Are your providers wholly independent of the government and not subsidized?
Here in Germany the providers are regulated by the government but not subsidized. The providers have to pay the government for the permit to use frequencies for the mobile transmissions. For the UMTS frequencies to providers had to pay over 16 billion Euros each for the permit (source in German, English translation).
The regulation has the nice effect that you can easily transfer your phone number from one provider to the other and that costs for roaming have an upper limit. Both helps to keep prices down. These rules are currently unified for the whole EU.
In short: The state doesn't pay the providers but the providers have to pay the state.
Really? How big do you think the team that created Stuxnet is then? Or do you really think that one guy found 4 new zero days, wrote a P2P control mechanism, a custom kernel mode rootkit, a bunch of PLC code in an obscure form of assembly language and a shim DLL to hide the PLC infection from the operator?
Don't forget the fake kernel drivers signed with a stolen certificate. Stealing or breaking the digital certificate used by JMicron to sign Windows kernel drivers should be out of range for even a skilled single hacker.
Oh and apparently there was a second certificate stolen/broken, this time from Realtek.
This thing is really scary. Even when you follow best practice for security in every detail, you would have no protection against something like Stuxnet.
Why does the summary not link the actual blog post at canonical.com instead of some ad-encumbered summary?
Thanks a lot.
My slashdot "workflow":
PS: Sorry for the meta discussion. I still have to read the article for this story.
Encrypted files have maximum entropy, just like absolutely random files. [...]
Sorry, that is not correct. An encryptred file has the entropy of the unencrypted file plus the entropy of the encryption program plus the entropy of the encryption key.
Of course this is the theoretical entropy. In praxis you will not be able to measure it correctly without decrypting the file.
The definition of entropy: Entropy effectively bounds the performance of the strongest lossless (or nearly lossless) compression possible. In this case this theoretical compression would have to break the encryption. But this is a pure implementation detail.
[...] But, as http://en.wikipedia.org/wiki/Sucrose#Metabolism_of_sucrose will tell you, sucrose is split into glucose and fructose (i.e. HFCS) very efficiently in the stomach. This means that when the sucrose enters the intestine, where it will be absorbed, there is no chemical difference between (the main content of) HFCS and sucrose. [...]
That's not completely true. The stomach digests proteins and to some degree fat. Sugar is processed in the mouth and in the small intestine. And there lies the problem: Your body can control how fast it has to absorb the sugar by regulating the flow from stomach to intestine. And in the intestine it can contol the speed of digestion through the pancreas. But this control only works with disaccharides (table sugar) but not with monosacharides (fructose).
So while the metabolism is the same in theory, in praxis there is a big difference in the timing. It is much easier to flood your organism with fructose than with table sugar. And flooding the organism with sugar will affect the processes running in the organism.
The morale? Don't flood your organism with sugar. Drink pure water. Even the water from your tap will usually be much healthier than any sugar drink. And it is usually cheaper.
You can't win an arms race in cheating using technology. But you can change the problem space.
Whether or not it's "natural" depends entirely on your definition of the word.
Are we going to start calling citric acid artificial because a lemon tree made it? Or call honey artificial, because a bunch of bees made it?
I think it's not so much about how it was made but how it will be "decomposed". If something can be easily composted, I would call it natural.
Of course how it was made is also important. If something needs an industrial process to be made with lots of unwanted byproducts, I will call it "artificial". When there a natural organism can produce the exactly same substance, I still will call the substance made by man "artificial". This is not because of the substance itself but because of the byproducts produced when it was made.
So in my point of view "artificial" or "natural" is not so much about the substance itself, but about the processes to create and dispose that substance. The wording is not perfect, but I think the concept is clear to most people.
Ruby, Java and Scala are pretty much a POS, but the kiddies haven't quite figured that out yet.
Java is quite popular for enterprises, I think because you can get Java programmers cheapes than C++ programmers. Mainly because Java abstracts away a lot of the hard stuff. Hence more people manage Java and the higher supply of poeple drives down the prices.
Ruby is even easier than Java, but in my opinion it's often too limited (yet). It doesn't have all the enterprise tools and frameworks that Java has. But with a little more time Ruby might catch up.
Scala has access too all the Java goodies but it doesn't come with the supply of cheap, exchangeabel programmers. Having lots of cool concepts from te functional world it is quite hard too manage.
So in theory your point is valid. But Java got a good mix of powerful language and frameworks with being easy enough to master to create a cheap supply of programmers. Technically Java is usually not the best choice. But when you consider the total costs it is hard to find anything cheaper. .NET comes close to Java, but you are limited to Microsoft products for development and hosting. Especially for the hosting part this can get quite expensive.
An expesinve possibilty would be something like building a robot with Lego Mindstorms. If you are on a budget, let them integrate some web services, using Yahoo Pipes. You can even spilt them into different groups. An advanced group can add a custom stream to the pipe using Google App Engine.
By just piping existing components together, they can quickly build an useful web application. With a web application they can cooperate and even show their creation to others. When the application is really useful for them, they will be motivated to tweak it and extend it. Thus they might even be motivated to dive deeper into IT.
I think the hardest part is converting them from computer and internet consumers to producers.
But the fact remains: To hide an invetion they used misinformation. And they did it so well, that it is still effective today.
File corruption is unlikely with text files. If you should have corrupted files, you have a chance to recover them with text files. With binary files, databases etc. this becomes much harder.
To find your files later, tag them properly. Something like OpenMeta might help you.
If you use your television's equalizer you will filter too much sound which in effect kills the atmospehre.
Getting the right sound in while letting the annoying Vuvuzela out is some seriuous job in sound enigneering. But hey, everything one doesn't understand must be easy to do, right?