If this can be improved, perhaps the site will gain a better reputation in the eyes of professors.
No, it won't gain a better reputation in the eyes of professors (at least decent professors) for two reasons:
1) It's an inherently flawed algorithm and easily gameable. It's useful as a very vague unreliable data-point, and not much else.
2) Wikipedia is not a source for academic research, and never will be. If it's anything to academics, it's a place to go to get some clues on how to proceed with their real research - for example finding links to reliable sources, or related terms and concepts. It's like Google: a great tool for research, not a source.
Wikipedia is not and has never claimed to be an authoritative source on anything, and until people stop referring to it as though it is (or could be, or claims to be) - we'll never get over this wanking about "Don't trust wikipedia, it's not reliable - anyone can change it, omg!"
Unions have served an important place in our history. I just believe they should be temporary, not perpetual entities. They should rise when they are needed and then fade away unless they are needed again. Unions have become self-perpetuating enterprises...
It's interesting, because while I think you're right, you could substitute "corporations" with "unions" and you'd also be right.
Unions are the advocates of their workers. A union is like a lawyer - it doesn't care if you're right or wrong, it will always take your side. Which is why we sometimes see cases where the union allows workers to get away with laziness or incompetence. Because they can become powerful establishments, unions may place the interests of their institution above the interests of their members, which is why we sometimes see unions with corruption scandals or insane bureaucracies.
Corporations are the advocates of their shareholders. A corporation is also like a lawyer - it doesn't care if they're right or wrong, it will always take the shareholder's side. Which is why we see cases where corporations pursue blatantly unethical, exploitive, and even illegal methods for gaining profit. Because they become powerful establishments, corporations may place the interests of their board members and executives above the interests of their shareholders, which is why we sometimes see corporations with corruption scandals or insane bureaucracies.
These institutions are two sides of the same coin - unions arose out of a need to counter the exploitive tendencies of company owners and corporate structures, and companies have conversely adopted more and more aggressive means of exploiting their workers and preventing unionization (see Wal-Mart). Both have their flaws, and generally the flaws increase with the amount of power the institution gains (which is why corporations are the more high profile bad-guys today). But to me, criticizing unions specifically - as though they're the only power structure to ever screw things up - is dishonest, because it carries with it the implication that workers would be better off without a union - just little old them vs. the entire organization of shareholders.
Yes, unions can be fucked up, and it'd be nice if we could get rid of them, or have them be temporary, spontaneously organizing bodies. But it's missing the point to talk about getting rid of institutionalized unions without also talking about getting rid of the institutionalized business structures which made them necessary in the first place.
But what claim does the government have to your accumulated wealth, even the very wealthy?
The obvious counter-question is: What claim does a child born to a fabulously wealthy father have to his accumulated wealth? Nobody but the father has any real claim to that wealth, because nobody but the father actually put forth the effort to earn it (assuming for the sake of argument that he didn't get it unfairly himself). If anyone has a claim to the accumulated wealth of the father once he's no longer capable of owning it, it's the broader society that supported and assisted him throughout his life, because at least that body played some kind of role in making it possible for him to accumulate the wealth in the first place.
Yes, let's. Two people are engaged in a debate on Slashdot. One of them points out reasons why we should withdraw from Iraq, but the other one disagrees and finds those facts unfavorable to his/her argument. So instead of legitimately countering the argument, he/she makes up a different story in which the facts solidly support continuing to fight. "See, since it would be bad to stop fighting in this case I made up, therefore it's bad to stop fighting in the completely different case of the Iraq War!".
Using metaphors to argue a complicated and nuanced issue is like using metaphors to argue a complicated and nuanced issue.
I don't want 50,000 social networking sites to know my address...
Social networking is about voluntary information sharing. If you don't want the whole world to know your address and phone number, don't put those things on your MySpace page. If you do, it doesn't really matter which other social networking sites have that information, because it's already public on the internet.
This isn't about scraping and publicizing information that you want to keep private, it's about giving you the freedom to synchronize the information you do want to share between multiple sites.
You already have the ability on most social networking sites to control privacy - making some information public and other bits private, and there's no reason that meta-network tools wouldn't allow you the same control. In fact, they could give you finer control. Perhaps you could restrict a particular journal post to only your friends on Flickr and Facebook, or only show your contact information to people who are your friends on 3 or more networks...
The point is that these are tools to give you more control over your information, not less, so try to not freak out about privacy.
The thing is though that this is the 21st Century, and a typical teenage girl probably uses up more resources in an evening's download of MP3s that it would take to publish this data. Hell, it's probably already on a networked computer; all it would probably need is a symbolic link and possibly a new entry in a routing table. I don't think "urgency" is a concept that really applies here.
That's a very good point. Making the data available on the internet is simple enough that it's reasonable to expect them to do it. And if they're refusing to do that, it's reasonable to accuse them of actively trying to prevent sharing and review of their data.
All right - now you sound elitist. It's a bit like saying there's no need to publish computer source code all you need to do is know where the universities are; and to have access to programs written by qualified programmers.
I'm not saying there's no need, just that there's less need. And in that sense I agree with what you said: It's much more important to teach average people how to understand and program computers than to just throw some source code at them and say "Don't trust those pompous programmer assholes, figure out for yourself if this has bugs in it." The reason an average person can't fix their software is not because they don't have the source, it's because they don't know the first thing about programming. So therefore it should be a higher priority to help them learn that than get them access to source code.
But you're right in that it doesn't necessarily have to be a tradeoff - obviously making source data available can be done with essentially no effort, so why not do it? I'm mostly just reminding that it's also important to give people the tools and skills they need to work with the source data.
I hear what you're saying, that science shouldn't be restricted to a special class of scientists who everyone else has to trust. And I agree. But I do think that science should be restricted to people who know what the hell they're doing, just like any other field. In fact, I think that should be the only restriction on being a scientist. Okay, maybe you also have to agree not to build an army of world-dominating superbots...
Seriously, as someone who doesn't understand climate science, you have two choices: Either accept the conclusions of people who you trust to know what they're talking about, or reject those conclusions and learn for yourself all the things you need to know to be a good climate scientist and reach your own conclusions. The important thing is to make sure that it's possible for any interested person to learn what they need to in order to make their own evaluation on the facts, because otherwise peer review is meaningless - but that doesn't just mean access to the raw data, it means access to the skills needed to evaluate the data. However, realistically most people are going to prefer to trust someone else to make the analysis for them, so it is important to put an emphasis on widely publicizing and broadcasting their findings as opposed to the raw data.
the only way we're ever going to be able to settle debates like this one is if the data can be subjected to widespread peer review.
Not to be elitist, but do you really think you could effectively review the data? I sure as hell couldn't. Which is not to say it should be kept secret, simply that it may not be that urgent to make the raw data hyper-available to every guy on the street. As long as interested scientists - regardless of their previous conclusions or political leanings - can get the raw data when they want to review it, I think the process should work fine.
Because so many people lack the highly specialized knowledge to make sense of the raw data, there are two types of information that are far more important to make widely available: 1) Education on how to be a climate scientist and 2) The conclusions that qualified climate scientists have reached.
most companies can't immediately implement work-arounds on the day of a 0-day publication
There's always an easy, immediate work around. Sometimes it's as trivial as adding a firewall or IDS rule, sometimes it's as extreme as physically unplugging the affected machines until the issue is patched.
If you're an institution with servers containing a lot of highly sensitive information, you'll probably be willing to do extreme things to protect your data if it's really, truly necessary. The problem is, you're probably not going to unplug your important server (or be able to convince your boss to do so) unless there's very clearly enumerated, preferably reproducible proof that the threat exists. People love to cry wolf about security threats, so the only way to be actionably sure there's danger is to see a proof-of-concept. And the sooner you see that proof-of-concept, the less time you'll spend open to attack.
disclosure---even delayed full disclosure---preserves that negative cost. Immediate full disclosure amplifies that cost to dangerous proportions.
In a way, you're right. Full disclosure makes the cost to the company significant enough that it's a danger to the company's interests. This is as it should be - there's no reason to make selling insecure code less dangerous.
Everyone makes mistakes, including you.
Damn right, and when I make a mistake, I have to face the consequences. When I mess up, I don't get to secretly go back and fix everything up like I never made a mistake - I get called out on it and have to explain myself, and demonstrate why I won't make that mistake again. And to be honest, I'm a lot more likely to be careful in the future if I have to suffer through that ordeal than if I was able to correct it before anyone important noticed.
Using that as a way to shame the company is no different than taking pictures of someone committing an affair and posting them on the Internet to shame a politician
Yeah, and running with that idea, "responsible disclosure" is like continuing to lie to the politician's wife about what he's doing on those business trips so that he can have a chance to maybe change his ways. That's the "less messy" way of handling it, since she doesn't find out until after the problem has been corrected, but the damage is now twofold, because the damage was still done, and you're now complicit in the affair by deceiving her about it.
black hats who probably would not have discovered that vulnerability yet
Probably? What's the probability here? Probably doesn't apply in security design. A system is not secure because there's only a 2% chance that someone knows the secret to breaking in, a system is secure because there is no secret to breaking in. I don't want to play odds with my security, and other people playing those odds for me without my knowledge is unethical.
It's no different than taking out bolts in the landing gear of every airplane at a major airport to teach the airlines that frequent inspections are important.
Actually, it's more like finding out that it's possible to routinely gain access to planes and remove the bolts from their landing gear, and then letting the public know that they are in danger because of this. And I sure fucking hope that if someone found that out they'd tell me right away, because I'd far prefer to know about it and just take the train than obliviously keep flying, my life depending on the odds that no malicious individuals have found out about the problem before the bureaucratic security apparatus can figure out some way to address it.
With responsible disclosure everyone wins except black hats.
Black hats win too. You ask 4cId_K1LL3R whether he'd like you to "fully" or "responsibly" disclose the 0day buffer overflow that he discovered a week ago and has been using to break into systems. I'm sure he'd far prefer that you keep the public in the dark about the issue for a month or so while the company leisurely gets around to patching it.
Black hats win, but software companies win most of all - which, after all is why software companies invented and promoted "responsible disclosure" in the first place. "Responsible" disclosure allows a company to improve their reputation and their software at little to no cost, thanks to volunteers who fix their security problems without telling the public. This, in turn, enables them to continue using the same irresponsible software engineering practices as they always have, with no impact on their bottom line.
but full disclosure after giving the software company warning
It's debatable whether that's considered true, good-faith full disclosure. If you discover a security vulnerability, you are suddenly burdened with a moral imperative. You know that many people are in danger, but the people don't. Every day that you delay telling them is another day they're in danger, and quite possibly being exploited. It's important to remember that by denying people the knowledge of the insecurities in their systems, you are effectively protecting the interests of the attackers, regardless of your intentions.
Furthermore, there's the question of whether the company deserves a free pass for designing insecure software. If they're given special advance knowledge of the problem, they're able to create a fix that they otherwise wouldn't have. Then, when the vulnerability is publicized, they can have the issue already patched, and claim credit for being a responsible company when in fact it took a third-party volunteer to fix their shit for them, and they only acted on it because they knew it would become public.
Telling companies in advance about security vulnerabilities ironically creates an incentive for them to design even less secure code. After all, if an army of volunteers will spot and confidentially help them fix any errors that are discovered later at no cost to the company reputation or payroll, why would they do it themselves? There always needs to be a negative cost to the company associated with having insecure code, and full disclosure preserves this.
It's unfortunately not that hard to imagine that your sarcastic remark was serious - we constantly hear the same sentiment echoed very seriously in relation to computer security, electronic voting machines, even terrorism and criticism of the Iraq War.
Sadly, we live in a world where most people in power actually believe that anyone who points out problems is just as bad as someone who causes and exploits problems.
Where should I go to find the music that is new and relevant?
Internet radio. I like the Shoutcast feature built into winamp, because a huge number of stations are all accessible through one interface. It gives you just the right amount of choice for discovering new stuff - you get to choose the station, and they get to choose the music. Listen to a station - and not some generic crap like "Hits of the 80s" - something with some unique character or genre. Give it a chance, for like 15 minutes or a half hour. If it's intolerable find something else. If you like it, check the track list - write down some of the artist names and investigate further. You can go on and on, finding new stations pretty much forever.
The "red cross" as a symbol existed long before there was an International Red Cross organization. It has been a way for battlefield medics to identify themselves for a long time. The IRC may have contributed to its current popularity, but they did not create the association between a red cross and medical help. Given that the symbol is so old and universal, it's pretty much the only way to quickly and clearly identify oneself as a) A non-combatant and B) Available to provide emergency medical care.
The question you raise is essentially: "is it okay for an individual to identify themselves as a provider of emergency medical care without the explicit approval of the American Red Cross?"
I think it is, despite the possible "dilution" of the Red Cross brand, simply because otherwise any medic, anywhere, could only work subject to the approval of this one arbitrary organization which happens to hold the necessary symbol as a trademark. I don't think medical work should be universally regulated by one organization, and street medics are a good example of why: the ARC won't provide medical support at political demonstrations where police violence is highly likely, but street medics are willing to step in and do so. If the ARC is so worried about having their symbol look bad, maybe they should provide help themselves so that other groups don't have to take matters into their own hands.
It is important to ensure that people offering first aid are qualified, but trademark law is not the appropriate tool to do so.
It is entirely possible that their own brand will suffer because a licensee of the Red Cross will sell a substandard product.
No, that's entirely impossible, because when pretty much anyone sees a red cross they don't think "Oh, that's a Johnson and Johnson brand product!", they think "Oh, that's a first aid product!". Neither the ARC nor Johnson and Johnson should have any exclusive claim to such a ubiquitous and important symbol, especially considering its value in medical and emergency situations.
It's like...I don't know, like claiming a trademark on the "EXIT" sign design you see in buildings, and preventing other groups from using it. Some things, like evacuating people from buildings or identifying medical aid, are more important than intellectual property rights.
I know that street medic organizations have gotten repeated shit from the Red Cross for putting red crosses on their uniforms. Not the Red Cross logo, mind you, just crosses that are red - a symbol that's pretty universally understood to mean "medical aid here", and an important help in a confusing emergency situation.
They claim that they don't want people to think that activist medics are representing the Red Cross, but somehow I don't think anyone would confuse those folks in the WP photo for Red Cross employees...
I will not vote for my 2nd worse enemy over my ally
That's good, you shouldn't. Read over what I've written in this thread and you may notice that this is exactly what I've been advocating:)
If you are a third party supporter and you vote for the lessor of the evil major parties you have a one in a billion chance of altering the election
I agree that third party supporters (and everyone else, for that matter), should vote for non-major parties. But I think the reason you're advancing is bad. The probability of affecting an election is not a good basis for deciding anything about how you cast your vote, because if you use this metric it quickly becomes apparent that no way that you vote is very influential. Like you say, one vote is pretty microscopically influential, and casting it one way or another doesn't change how influential it is, just in which direction it influences things.
Unless you are going to spend your time and money on a campaign you are not working with anyone, you are casting a single vote.
Working together doesn't mean we all have to know what each other are doing and help each other, it just means a whole lot of people need to take some actions together, because the more people who do that thing, the more effective it is - each participant adds to the weight and power of each other participant's action. It's like signing a petition, or attending a protest - your individual participation isn't vital to the action, nor do you have any direct control over whether others participate, but that doesn't mean it's not working together.
I'm not sure you really read my post, but you get a reply anyway:)
major parties do not care about libertarian issues, and why should a libertarian care for theirs or vote in support of a major candidate?
You shouldn't. And you shouldn't.
whether I stay home and not vote or vote at random, it will not change the election because I am only one vote.
This is known as nihilism, and the same logic can be applied to pretty much everything you do. You are a relatively tiny element in a comparatively vast system - pretty much nothing you do, ever, has that much of an impact on the system overall. Very few people actually subscribe to this world-view in its entirety, but very many people drag it out whenever they want a sophisticated sounding excuse to not care about something that's actually important.
Yes, you personally won't single-handedly change the world. Get over it and work together with the rest of humanity to create collective change.
And that is what is wrong with your two-party system. How can you make people interested in politics if the coices they make and the people they vote for do not matter at all?
Right, exactly. And to be frank, I think that ultimately in the long run we're going to need a pretty serious (hopefully non-violent) political revolution in the US before our current governing structure can be truly democratized.
However, in the short term it's really difficult to convince people to vote for a third party candidate when they're obviously not going to win. I mean anyone - even rabid third party supporters - can see that the poor shmuck is doomed to lose. What I was trying to explain is that there is an actual benefit and real political effect to voting for someone who will lose. In many ways, withholding your vote from major candidates has a more powerful influence on them than giving it.
The latest example is the Republicans, since they lost, you'd think they'd be all about finding out why and changing their behavior, but that's certainly not happening.
It is happening, but unfortunately the reason the Republicans lost wasn't because they lacked the Libertarian vote, therefore as Machiavellian power-junkies they have no motivation to court Libertarian issues. Instead, they (correctly) perceive the religious right and anti-terrorist patriots as the strongest constituencies right now, so they seek to appeal even more to their concerns.
As you pointed out, it's not enough that the major party lose. They have to lose for the right reason, and that reason has to be that enough people have formed a libertarian (or green, my preference) voting bloc to deprive the major parties of votes.
Sadly, it seems to be a race for the bottom, with the American people losing in the end.
And yes, I am bitter and am trying to stop caring.
I think you're right, and being bitter is understandable - I am myself, sometimes. But not caring, or trying not to care is flat out unethical - and openly acknowledging it doesn't soften the damage. Perhaps politics is just something we see on CNN and argue about with our peers, but for many, many people the same political battles are a matter of life and death. To throw up our hands and say "This is too frustrating, it makes me sad so forget it!" is to place our own comfort above the very lives of people here and around the world. It seems hyperbolic but it's not, it's the literal truth that we all try to forget.
If I vote Libertarian, what odds will you give me that my vote will throw the election to the Democrats?
If your vote contributes to throwing the election to Democrats, that's the only way it'll be effective.
Think about it. The Libertarian candidate isn't going to win no matter what, but the Republicans might. If the Republicans can still win and gain power without your vote, then why should they care about Libertarian issues, or your opinions?
If you vote Libertarian and the Republicans lose because people like you didn't vote for them, it forces them to take notice. They lost the election because certain people were so disaffected by the party that they deliberately withheld their votes by supporting the Libertarians instead.
In short, the only way you can get mainstream parties to listen to you isn't by helping them win, it's by making them lose, and doing so in a way that clearly demonstrates the direction you want them to take.
Slashdot Mirror
If this can be improved, perhaps the site will gain a better reputation in the eyes of professors.
No, it won't gain a better reputation in the eyes of professors (at least decent professors) for two reasons:
1) It's an inherently flawed algorithm and easily gameable. It's useful as a very vague unreliable data-point, and not much else.
2) Wikipedia is not a source for academic research, and never will be. If it's anything to academics, it's a place to go to get some clues on how to proceed with their real research - for example finding links to reliable sources, or related terms and concepts. It's like Google: a great tool for research, not a source.
Wikipedia is not and has never claimed to be an authoritative source on anything, and until people stop referring to it as though it is (or could be, or claims to be) - we'll never get over this wanking about "Don't trust wikipedia, it's not reliable - anyone can change it, omg!"
Unions have served an important place in our history. I just believe they should be temporary, not perpetual entities. They should rise when they are needed and then fade away unless they are needed again. Unions have become self-perpetuating enterprises...
It's interesting, because while I think you're right, you could substitute "corporations" with "unions" and you'd also be right.
Unions are the advocates of their workers. A union is like a lawyer - it doesn't care if you're right or wrong, it will always take your side. Which is why we sometimes see cases where the union allows workers to get away with laziness or incompetence. Because they can become powerful establishments, unions may place the interests of their institution above the interests of their members, which is why we sometimes see unions with corruption scandals or insane bureaucracies.
Corporations are the advocates of their shareholders. A corporation is also like a lawyer - it doesn't care if they're right or wrong, it will always take the shareholder's side. Which is why we see cases where corporations pursue blatantly unethical, exploitive, and even illegal methods for gaining profit. Because they become powerful establishments, corporations may place the interests of their board members and executives above the interests of their shareholders, which is why we sometimes see corporations with corruption scandals or insane bureaucracies.
These institutions are two sides of the same coin - unions arose out of a need to counter the exploitive tendencies of company owners and corporate structures, and companies have conversely adopted more and more aggressive means of exploiting their workers and preventing unionization (see Wal-Mart). Both have their flaws, and generally the flaws increase with the amount of power the institution gains (which is why corporations are the more high profile bad-guys today). But to me, criticizing unions specifically - as though they're the only power structure to ever screw things up - is dishonest, because it carries with it the implication that workers would be better off without a union - just little old them vs. the entire organization of shareholders.
Yes, unions can be fucked up, and it'd be nice if we could get rid of them, or have them be temporary, spontaneously organizing bodies. But it's missing the point to talk about getting rid of institutionalized unions without also talking about getting rid of the institutionalized business structures which made them necessary in the first place.
But what claim does the government have to your accumulated wealth, even the very wealthy?
The obvious counter-question is: What claim does a child born to a fabulously wealthy father have to his accumulated wealth? Nobody but the father has any real claim to that wealth, because nobody but the father actually put forth the effort to earn it (assuming for the sake of argument that he didn't get it unfairly himself). If anyone has a claim to the accumulated wealth of the father once he's no longer capable of owning it, it's the broader society that supported and assisted him throughout his life, because at least that body played some kind of role in making it possible for him to accumulate the wealth in the first place.
Let's put this in perspective:
Yes, let's. Two people are engaged in a debate on Slashdot. One of them points out reasons why we should withdraw from Iraq, but the other one disagrees and finds those facts unfavorable to his/her argument. So instead of legitimately countering the argument, he/she makes up a different story in which the facts solidly support continuing to fight. "See, since it would be bad to stop fighting in this case I made up, therefore it's bad to stop fighting in the completely different case of the Iraq War!".
Using metaphors to argue a complicated and nuanced issue is like using metaphors to argue a complicated and nuanced issue.
When the president does it, it's not illegal.
I don't want 50,000 social networking sites to know my address...
Social networking is about voluntary information sharing. If you don't want the whole world to know your address and phone number, don't put those things on your MySpace page. If you do, it doesn't really matter which other social networking sites have that information, because it's already public on the internet.
This isn't about scraping and publicizing information that you want to keep private, it's about giving you the freedom to synchronize the information you do want to share between multiple sites.
You already have the ability on most social networking sites to control privacy - making some information public and other bits private, and there's no reason that meta-network tools wouldn't allow you the same control. In fact, they could give you finer control. Perhaps you could restrict a particular journal post to only your friends on Flickr and Facebook, or only show your contact information to people who are your friends on 3 or more networks...
The point is that these are tools to give you more control over your information, not less, so try to not freak out about privacy.
The Matrix is fiction
Look, just because you took the blue pill...
The thing is though that this is the 21st Century, and a typical teenage girl probably uses up more resources in an evening's download of MP3s that it would take to publish this data. Hell, it's probably already on a networked computer; all it would probably need is a symbolic link and possibly a new entry in a routing table. I don't think "urgency" is a concept that really applies here.
That's a very good point. Making the data available on the internet is simple enough that it's reasonable to expect them to do it. And if they're refusing to do that, it's reasonable to accuse them of actively trying to prevent sharing and review of their data.
All right - now you sound elitist. It's a bit like saying there's no need to publish computer source code all you need to do is know where the universities are; and to have access to programs written by qualified programmers.
I'm not saying there's no need, just that there's less need. And in that sense I agree with what you said: It's much more important to teach average people how to understand and program computers than to just throw some source code at them and say "Don't trust those pompous programmer assholes, figure out for yourself if this has bugs in it." The reason an average person can't fix their software is not because they don't have the source, it's because they don't know the first thing about programming. So therefore it should be a higher priority to help them learn that than get them access to source code.
But you're right in that it doesn't necessarily have to be a tradeoff - obviously making source data available can be done with essentially no effort, so why not do it? I'm mostly just reminding that it's also important to give people the tools and skills they need to work with the source data.
I hear what you're saying, that science shouldn't be restricted to a special class of scientists who everyone else has to trust. And I agree. But I do think that science should be restricted to people who know what the hell they're doing, just like any other field. In fact, I think that should be the only restriction on being a scientist. Okay, maybe you also have to agree not to build an army of world-dominating superbots...
Seriously, as someone who doesn't understand climate science, you have two choices: Either accept the conclusions of people who you trust to know what they're talking about, or reject those conclusions and learn for yourself all the things you need to know to be a good climate scientist and reach your own conclusions. The important thing is to make sure that it's possible for any interested person to learn what they need to in order to make their own evaluation on the facts, because otherwise peer review is meaningless - but that doesn't just mean access to the raw data, it means access to the skills needed to evaluate the data. However, realistically most people are going to prefer to trust someone else to make the analysis for them, so it is important to put an emphasis on widely publicizing and broadcasting their findings as opposed to the raw data.
the only way we're ever going to be able to settle debates like this one is if the data can be subjected to widespread peer review.
Not to be elitist, but do you really think you could effectively review the data? I sure as hell couldn't. Which is not to say it should be kept secret, simply that it may not be that urgent to make the raw data hyper-available to every guy on the street. As long as interested scientists - regardless of their previous conclusions or political leanings - can get the raw data when they want to review it, I think the process should work fine.
Because so many people lack the highly specialized knowledge to make sense of the raw data, there are two types of information that are far more important to make widely available: 1) Education on how to be a climate scientist and 2) The conclusions that qualified climate scientists have reached.
most companies can't immediately implement work-arounds on the day of a 0-day publication
There's always an easy, immediate work around. Sometimes it's as trivial as adding a firewall or IDS rule, sometimes it's as extreme as physically unplugging the affected machines until the issue is patched.
If you're an institution with servers containing a lot of highly sensitive information, you'll probably be willing to do extreme things to protect your data if it's really, truly necessary. The problem is, you're probably not going to unplug your important server (or be able to convince your boss to do so) unless there's very clearly enumerated, preferably reproducible proof that the threat exists. People love to cry wolf about security threats, so the only way to be actionably sure there's danger is to see a proof-of-concept. And the sooner you see that proof-of-concept, the less time you'll spend open to attack.
disclosure---even delayed full disclosure---preserves that negative cost. Immediate full disclosure amplifies that cost to dangerous proportions.
In a way, you're right. Full disclosure makes the cost to the company significant enough that it's a danger to the company's interests. This is as it should be - there's no reason to make selling insecure code less dangerous.
Everyone makes mistakes, including you.
Damn right, and when I make a mistake, I have to face the consequences. When I mess up, I don't get to secretly go back and fix everything up like I never made a mistake - I get called out on it and have to explain myself, and demonstrate why I won't make that mistake again. And to be honest, I'm a lot more likely to be careful in the future if I have to suffer through that ordeal than if I was able to correct it before anyone important noticed.
Using that as a way to shame the company is no different than taking pictures of someone committing an affair and posting them on the Internet to shame a politician
Yeah, and running with that idea, "responsible disclosure" is like continuing to lie to the politician's wife about what he's doing on those business trips so that he can have a chance to maybe change his ways. That's the "less messy" way of handling it, since she doesn't find out until after the problem has been corrected, but the damage is now twofold, because the damage was still done, and you're now complicit in the affair by deceiving her about it.
black hats who probably would not have discovered that vulnerability yet
Probably? What's the probability here? Probably doesn't apply in security design. A system is not secure because there's only a 2% chance that someone knows the secret to breaking in, a system is secure because there is no secret to breaking in. I don't want to play odds with my security, and other people playing those odds for me without my knowledge is unethical.
It's no different than taking out bolts in the landing gear of every airplane at a major airport to teach the airlines that frequent inspections are important.
Actually, it's more like finding out that it's possible to routinely gain access to planes and remove the bolts from their landing gear, and then letting the public know that they are in danger because of this. And I sure fucking hope that if someone found that out they'd tell me right away, because I'd far prefer to know about it and just take the train than obliviously keep flying, my life depending on the odds that no malicious individuals have found out about the problem before the bureaucratic security apparatus can figure out some way to address it.
With responsible disclosure everyone wins except black hats.
Black hats win too. You ask 4cId_K1LL3R whether he'd like you to "fully" or "responsibly" disclose the 0day buffer overflow that he discovered a week ago and has been using to break into systems. I'm sure he'd far prefer that you keep the public in the dark about the issue for a month or so while the company leisurely gets around to patching it.
Black hats win, but software companies win most of all - which, after all is why software companies invented and promoted "responsible disclosure" in the first place. "Responsible" disclosure allows a company to improve their reputation and their software at little to no cost, thanks to volunteers who fix their security problems without telling the public. This, in turn, enables them to continue using the same irresponsible software engineering practices as they always have, with no impact on their bottom line.
but full disclosure after giving the software company warning
It's debatable whether that's considered true, good-faith full disclosure. If you discover a security vulnerability, you are suddenly burdened with a moral imperative. You know that many people are in danger, but the people don't. Every day that you delay telling them is another day they're in danger, and quite possibly being exploited. It's important to remember that by denying people the knowledge of the insecurities in their systems, you are effectively protecting the interests of the attackers, regardless of your intentions.
Furthermore, there's the question of whether the company deserves a free pass for designing insecure software. If they're given special advance knowledge of the problem, they're able to create a fix that they otherwise wouldn't have. Then, when the vulnerability is publicized, they can have the issue already patched, and claim credit for being a responsible company when in fact it took a third-party volunteer to fix their shit for them, and they only acted on it because they knew it would become public.
Telling companies in advance about security vulnerabilities ironically creates an incentive for them to design even less secure code. After all, if an army of volunteers will spot and confidentially help them fix any errors that are discovered later at no cost to the company reputation or payroll, why would they do it themselves? There always needs to be a negative cost to the company associated with having insecure code, and full disclosure preserves this.
It's unfortunately not that hard to imagine that your sarcastic remark was serious - we constantly hear the same sentiment echoed very seriously in relation to computer security, electronic voting machines, even terrorism and criticism of the Iraq War.
Sadly, we live in a world where most people in power actually believe that anyone who points out problems is just as bad as someone who causes and exploits problems.
Where should I go to find the music that is new and relevant?
Internet radio. I like the Shoutcast feature built into winamp, because a huge number of stations are all accessible through one interface. It gives you just the right amount of choice for discovering new stuff - you get to choose the station, and they get to choose the music. Listen to a station - and not some generic crap like "Hits of the 80s" - something with some unique character or genre. Give it a chance, for like 15 minutes or a half hour. If it's intolerable find something else. If you like it, check the track list - write down some of the artist names and investigate further. You can go on and on, finding new stations pretty much forever.
Your criticism of the artistic-industrial complex and the manufactured nature of celebrities is accurate.
Your quaint insistence that this is a new trend, that it "didn't used to be this way" is laughable.
The "red cross" as a symbol existed long before there was an International Red Cross organization. It has been a way for battlefield medics to identify themselves for a long time. The IRC may have contributed to its current popularity, but they did not create the association between a red cross and medical help. Given that the symbol is so old and universal, it's pretty much the only way to quickly and clearly identify oneself as a) A non-combatant and B) Available to provide emergency medical care.
The question you raise is essentially: "is it okay for an individual to identify themselves as a provider of emergency medical care without the explicit approval of the American Red Cross?"
I think it is, despite the possible "dilution" of the Red Cross brand, simply because otherwise any medic, anywhere, could only work subject to the approval of this one arbitrary organization which happens to hold the necessary symbol as a trademark. I don't think medical work should be universally regulated by one organization, and street medics are a good example of why: the ARC won't provide medical support at political demonstrations where police violence is highly likely, but street medics are willing to step in and do so. If the ARC is so worried about having their symbol look bad, maybe they should provide help themselves so that other groups don't have to take matters into their own hands.
It is important to ensure that people offering first aid are qualified, but trademark law is not the appropriate tool to do so.
It is entirely possible that their own brand will suffer because a licensee of the Red Cross will sell a substandard product.
No, that's entirely impossible, because when pretty much anyone sees a red cross they don't think "Oh, that's a Johnson and Johnson brand product!", they think "Oh, that's a first aid product!". Neither the ARC nor Johnson and Johnson should have any exclusive claim to such a ubiquitous and important symbol, especially considering its value in medical and emergency situations.
It's like...I don't know, like claiming a trademark on the "EXIT" sign design you see in buildings, and preventing other groups from using it. Some things, like evacuating people from buildings or identifying medical aid, are more important than intellectual property rights.
I know that street medic organizations have gotten repeated shit from the Red Cross for putting red crosses on their uniforms. Not the Red Cross logo, mind you, just crosses that are red - a symbol that's pretty universally understood to mean "medical aid here", and an important help in a confusing emergency situation.
They claim that they don't want people to think that activist medics are representing the Red Cross, but somehow I don't think anyone would confuse those folks in the WP photo for Red Cross employees...
I will not vote for my 2nd worse enemy over my ally
:)
That's good, you shouldn't. Read over what I've written in this thread and you may notice that this is exactly what I've been advocating
If you are a third party supporter and you vote for the lessor of the evil major parties you have a one in a billion chance of altering the election
I agree that third party supporters (and everyone else, for that matter), should vote for non-major parties. But I think the reason you're advancing is bad. The probability of affecting an election is not a good basis for deciding anything about how you cast your vote, because if you use this metric it quickly becomes apparent that no way that you vote is very influential. Like you say, one vote is pretty microscopically influential, and casting it one way or another doesn't change how influential it is, just in which direction it influences things.
Unless you are going to spend your time and money on a campaign you are not working with anyone, you are casting a single vote.
Working together doesn't mean we all have to know what each other are doing and help each other, it just means a whole lot of people need to take some actions together, because the more people who do that thing, the more effective it is - each participant adds to the weight and power of each other participant's action. It's like signing a petition, or attending a protest - your individual participation isn't vital to the action, nor do you have any direct control over whether others participate, but that doesn't mean it's not working together.
I'm not sure you really read my post, but you get a reply anyway :)
major parties do not care about libertarian issues, and why should a libertarian care for theirs or vote in support of a major candidate?
You shouldn't. And you shouldn't.
whether I stay home and not vote or vote at random, it will not change the election because I am only one vote.
This is known as nihilism, and the same logic can be applied to pretty much everything you do. You are a relatively tiny element in a comparatively vast system - pretty much nothing you do, ever, has that much of an impact on the system overall. Very few people actually subscribe to this world-view in its entirety, but very many people drag it out whenever they want a sophisticated sounding excuse to not care about something that's actually important.
Yes, you personally won't single-handedly change the world. Get over it and work together with the rest of humanity to create collective change.
And that is what is wrong with your two-party system. How can you make people interested in politics if the coices they make and the people they vote for do not matter at all?
Right, exactly. And to be frank, I think that ultimately in the long run we're going to need a pretty serious (hopefully non-violent) political revolution in the US before our current governing structure can be truly democratized.
However, in the short term it's really difficult to convince people to vote for a third party candidate when they're obviously not going to win. I mean anyone - even rabid third party supporters - can see that the poor shmuck is doomed to lose. What I was trying to explain is that there is an actual benefit and real political effect to voting for someone who will lose. In many ways, withholding your vote from major candidates has a more powerful influence on them than giving it.
The latest example is the Republicans, since they lost, you'd think they'd be all about finding out why and changing their behavior, but that's certainly not happening.
It is happening, but unfortunately the reason the Republicans lost wasn't because they lacked the Libertarian vote, therefore as Machiavellian power-junkies they have no motivation to court Libertarian issues. Instead, they (correctly) perceive the religious right and anti-terrorist patriots as the strongest constituencies right now, so they seek to appeal even more to their concerns.
As you pointed out, it's not enough that the major party lose. They have to lose for the right reason, and that reason has to be that enough people have formed a libertarian (or green, my preference) voting bloc to deprive the major parties of votes.
Sadly, it seems to be a race for the bottom, with the American people losing in the end.
And yes, I am bitter and am trying to stop caring.
I think you're right, and being bitter is understandable - I am myself, sometimes. But not caring, or trying not to care is flat out unethical - and openly acknowledging it doesn't soften the damage. Perhaps politics is just something we see on CNN and argue about with our peers, but for many, many people the same political battles are a matter of life and death. To throw up our hands and say "This is too frustrating, it makes me sad so forget it!" is to place our own comfort above the very lives of people here and around the world. It seems hyperbolic but it's not, it's the literal truth that we all try to forget.
If I vote Libertarian, what odds will you give me that my vote will throw the election to the Democrats?
If your vote contributes to throwing the election to Democrats, that's the only way it'll be effective.
Think about it. The Libertarian candidate isn't going to win no matter what, but the Republicans might. If the Republicans can still win and gain power without your vote, then why should they care about Libertarian issues, or your opinions?
If you vote Libertarian and the Republicans lose because people like you didn't vote for them, it forces them to take notice. They lost the election because certain people were so disaffected by the party that they deliberately withheld their votes by supporting the Libertarians instead.
In short, the only way you can get mainstream parties to listen to you isn't by helping them win, it's by making them lose, and doing so in a way that clearly demonstrates the direction you want them to take.