have you left any constructive comments in the Slashdot "blog" threads? That appears to be the official avenue by which they claim to want feedback, so duplicate your efforts over there.
I too am a classic user, and I don't much care for the beta interface. I left comments indicating what I wanted the UI to do that it wasn't currently doing, and why I still use the classic mode.
I'm something of an anarcho-capitalist, and so I am also more anti-regulation than anyone currently sitting in congress.
The problem is that, as you and others have noted, we don't have a free market for last-mile competition. I don't get to argue that "if the market is free, competition fixes all problems" because the market isn't free.
I just recently left a jurisdiction where there was one Telco provider and one cable provider. At least in the cable-co situation, they were given a local monopoly.
The phone co was an ILEC and under ILEC rules. The cable company was not. But even though the Telco was operating under ILEC rules, their DSLAMS were what they were. There was fiber in the ground they owned, copper to my house, etc, but there was no CLEC that could come in and somehow push more bits down that wire to me faster. Sure, I didn't have to put up with the Telco's rules as far as open ports or whatever if I used a different transit provider, but nobody could come and make that connection faster for me -- only the ILEC.
I've been in the situation before where my wire was provisioned by the local Telco and my IP transit was through somebody else. And to be honest, it sucked. The two companies perpetually blamed each other anytime I couldn't access the interwebs.
Anyway, local (and national) regulation has created a huge barrier for new market entrants that want to tackle the last mile problem. And that means anyone in the last mile business should expect to get regulated good and hard. They've been given a state-protected monopoly, they should enjoy some state-mandated ass-reaming.
Regarding the FCC -- I'm really happy the FCC lost in court. If there are going to be new laws, they need to be made by the legislature.
I think having this go through the congress is the right approach. I'm in favor of having ISPs that don't throttle the content I want or charge me / providers more for certain type of content, but I'm against Net Neutrality laws/regs as I understand them. I don't think injecting govt into this problem space, at this time, is a net win. I think it lets certain organizations get their claws into things that are generally working well enough, and we're going to bitterly regret it if we let them do that right now.
The bottom line, I guess, is this practical consideration: Who do you think works for the federal government that has any business telling Comcast how it should do traffic shaping?
My preferred outcome would be for more last mile competition, with mixes of public and private action according to the tastes of different communities.
I'll have an incentive to not be honest about the speed that my car broadcasts to your car.
If the system doesn't broadcast speed directly, but broadcasts position in such a way that speed can be inferred, I'll have an incentive to not be honest about that either.
Since I'm talking about older cars that will need retrofit units, what stops me from making a unit that is selectively dishonest about what it's doing ?
Why do you think it will be easy to locate someone that is jamming a signal? RF is hard, and, this claim seems to conflict with the claim you make that it will not be possible to use this technology to identify other vehicles.
I don't actually like MMT, but it is an accurate depiction of reality.
The implications of MMT are very unsettling if you've grown up with a classical view of economics.
Keynesians are discredited and irrelevant. They have no basis for their objections because they were never coherent to begin with. Keynesians have consistently failed to predict economic events or why their policies don't have the intended effects.
MMT isn't something you can understand in a few minutes. You can hear the basic arguments in a few minutes, but it takes a while to internalize and re-orient your thinking.
The US hasn't raised enough money via taxes to fund its annual operating expenses in a very long time.
Yet a US government check has never bounced.
It is 100% clear that, no matter what politicians say and what our household models of economics say, the Feds do not need your tax revenue to pay for anything.
The key difference between the post-1971 dollar and previous macroeconomic situatinos is that the US dollar is no longer redeemable in anything else. It is now entirely a fiat currency. It is a currency that can buy anything in the US economy because of two reasons
1) Legal tender laws -- the Feds force anyone in the US to accept USD for any debt, public or private
2) Taxes. The feds require most of us to pay taxes, and those taxes must be paid in USD. That means we need to do things in the real economy in order to get USD, so that we can give the govt a portion of that USD.
That's it. That's the whole game.
Why tax us at all? To force everyone to trade in dollars -- and critically -- to reduce private sector spending power when newly injected government money is chasing after the same economic output. If public and private dollars are chasing the same items, price appreciation will happen, and thats politically a loser. And, as you point out, it can become hyperinflation.
But really, after Nixon closed the gold window, our money is entirely artificial. If you brought in a sack of $20k in cash for your federal income taxes to some IRS office, they wouldn't say, "finally, we can go pay our debts!" or "finally! we can go buy that highway we need"
They'd update a number in a database and drop the sack of cash in a shredder. Nobody wants to move around all that physical cash.
Please read the writings of Warren Mosler, and on the topic of Modern Monetary Theory.
You are correct about one thing -- reckless currency debasement can become hyperinflation.
I recommend reading the Christopher Alexander Books: "The Timeless Way of Building", "A Pattern Language", etc.
These are the books that the Gang of Four read that inspired the software design patterns movement. So there's that tie in.
But the other reason to read them is to encounter an entirely different philosophy about why and how to build things.
So while the geek in me reacts to this headline with, "cool! Moving walls that reconfigure themselves! How efficient", the part of me that has read Alexander asks some questions:
How will this make users of the building feel? Is ease of reconfiguration the most important design quality in a space? How will it impact people when the space they live and work in changes overnight?
Also, don't read the Alexander books if you've just changed house. You'll walk around your new place frustrated at all of the faults you didn't know were faults:)
I had developed on MySQL, Sybase, and Oracle professionally before I was exposed to MS SQL server.
SQL server is no joke. It gives you most of the enterprise features and power of Oracle, with none of the obtuse awful crap of Oracle. Even installing Oracle is a disaster.
The tools for SQL server are miles ahead of anything else, and incomparably better than what you can easily find for MySQL.
SQL server hits the sweet spot of being easy to use, easy to install, full featured, and very powerful. It's also free to develop against. You pay when you go into production.
If you're not going to buy a commercial DB software, Postgres is the most like a "real" DBMS. The problem is that so many FOSS packages really expect you to use MySQL, but if you're used to working with "real" DBMS software MySQL just feels so different.
IMO, MySQL has survived because of the price, and because many people don't have especially interesting database needs.
One thing that windows has that Linux lacks is credible ODBC type functionality. In an ideal world, a Linux package that needed a SQL database underneath could swap out MySQL,postgres, or whatever with just changing a runtime configuration string, and perhaps optionally re-running a schema-gen and data-loading script.
In practice, making a package or library that was written for MySQL work against anything else is just pure suffering.
ok, if the US government had _any_ credibility that they weren't just going to off this guy the second they could...and there was ANY credibility in the courts..
heres what SHOULD happen
He should get charged with whatever crimes he is alleged to have committed.
In the course of his trial, he should name all of the official channels he tried to use to "whistleblow" the "right" way. His superior? His superioer-superior?
Each person he names should charges brought against them, and subsequently be put on trial.
Snowden should have a full trial, and the people he implicates in that trial should all be followed up on for prosecution.
The methods he used to do what he did should be revealed in court and handed back to appropriate govt agencies, who should improve their internal security.
The people and practices that prevented him from whistleblowing in the "right" way should be removed from service.
Ultimately, snowden will probably be convicted of something or other via this trial. And then immediately after the conviction, he should be pardoned by the president, owing to the fact that the greater good he did for the American people by exposing the systematic law breaking by its own government greatly exceeds any legal wrong he might have done.
He should have his voting/firearm rights restored in the event that the charges against him were felony charges; the net result is that not felony should appear on his record.
None of this will happen because our government is shit.
One of the things discussed here was that Hamilton and Madison, architects of the new national government, were acutely familiar with the history of self-governance experiments elsewhere in Europe, from ancient Greece onward.
They sought to avoid the inevitable decline of all previous attempts of such societies. Madison, especially, observed that factionalism led to the decline of all such pluralistic, democratic societies. Once one faction gained sufficient power, it marginalized opposing factions and consolidated power.
Rather than trying to eliminate factionalism, Madison's basic idea was to depend on it. He proposed a national government whereby differing factions would always be at each others necks, with no faction really having the possibility of gaining enough power to completely suppress all the others. Factionalism can be broken down along a variety of axis (wealth, education, aristocracy, etc), and Madison tried to work that into the construction of the government as well. This also helped balance the VERY different perspectives of Jefferson, the rural populist, and Hamilton, who would be happy if everyone still wore powdered wigs.
So, we can certainly debate how well Madison's plans have worked out in practice (e.g. do we really have multiple competing factions? Or just the illusion of controversy, ala the WWF wrestlers...), but in principle, the two major parties arguing against policies and practices chiefly when used by their opponents if part of the plan. According to Madison, the system _needs_ opposing factions in order to outlast the previous European attempts at self-governance.
It would be interesting to do an analysis of legislation that was swept through the federal government with broad support, and tabulate how often that legislation was ultimately found to be harmful/undesirable...
The F35 was a political creature from nearly the beginning.
The article is a bit misleading, saying the F-35 program started in 2001. Well, before that, it was called the JSF program, and it was quite far along back in 1999 when I worked at Boeing AMS for a summer. That summer the JSF front fuselage and mid fuselage were "mated" for the first time. Boeing was building one part and IIRC LMCO was building the other.
It seems as though one of the goals of the JSF/F-35 program was to try and get part of it built by everybody from every congressional district, thereby making it politically invincible.
Of course, there's an understandable reason to do this. The reason I worked at "Boeing" but most of my co-workers were McDonnel Douglas lifers was because Boeing absorbed McDonnel after the feds cancelled the A12 program, which McDonnel was balls deep into. McDonnel was left in terrible shape and the sharks rolled in.
McDonnel sold its IT infrastructure to IBM and then leased it back. That arrangement later became IBM Global Services. And Boeing swooped in to "merge" with McDonnel and purchase an admittance ticket to the lucrative (but risky) Military Contracts party, which they hadn't been invited to previously.
The problem with making something politically invincible by giving everyone a stake in the outcome means that -- gasp -- everyone has a stake in the thing. So the F-35 is a plane that doesn't do anything especially well, but that everyone can look at and say "I helped" or "they listened to my feedback"
To be fair, a huge focus on the F-35 that hasn't been as successful in the past was life-time cost effectiveness and reducing the cost and recovery time per mission.
In the cold war era, the engineering mantra was "as good as possible, at any price, because the future of our country is on the line, and if we don't win the money we saved won't matter"
Now we have a different emphasis: "good enough, and operationally cheap over a long service life"
I'll be sad to see the A-10 go. I was sad to see the F-14 go. The F-35 may well be the last manned atmospheric assault aircraft the US develops. I wish it were more inspiring.
You make some good points about the historical subsidization of automobiles via the road infrastructure. People should really internalize this basic truth -- that government spending always subsidizes something at the expense of something else, and therefore reinforces some behaviors at the expense of some other behaviors.
The rest of your post is stupid.
I worked at Microsoft in Seattle for a while. MS had a policy of giving free bus passes to any employee. I took the bus on many occasions, especially if my car was broken.
Taking the bus took longer than driving. That's when everything worked perfectly. The bus route I needed came past my house once per hour. If I missed the bus (my fault), I was losing an hour of work day.
I also needed to take a transfer to actually get the rest of the way to work. The transfer overlap in the schedule was close, it was different on different days/times of the year, and if the bus came past my house too late, I missed my transfer, and I sat at a bus stop for 30-60 minutes. More wasted time.
Getting home in the evening was even worse. Sometimes the busses just didn't show up at all. More wasted time -- both mine and the people who I needed to work with to get alternate arrangements to get me home. And wasted time for the people who needed me to leave by a particular time to get where I was going by a particular time.
I gave up on the Metro King County bus system because it wasn't ON TIME and it wasn't RELIABLE. I had better options, so I used them.
People of Google caliber need transportation that is ON TIME and RELIABLE. Their time is worth a lot of money, to Google and to the larger economy. Not to mention themselves.
I've always assumed that people put up with bad transit because they are stupid or because they cannot afford better options. People who put up with bad transit for some weird notion of "public good" or "higher purpose" baffle me. I hope nobody actually does that.
You're given a very short time on this planet to do all of the good things you can possibly do for yourself, your friends, your family, and society.
Wasting time dealing with inefficient transit isn't a good use of your life.
Google caliber people realize that. Certainly, the people behind the Google bus program realize that.
Finally, there are some other positive impacts that come from having a private commuter service. In addition to being more time efficient for google and google employees, employees on a private bus can get more work done better because
- wifi - they can collaborate with other employees on the bus - they can assume some level of company privacy - they -- critically -- are not dealing with shitheads.
Another problem with subsidized public transit isn't the elite looking down on the regular, as you posit, but the shitheads that ruin public transit for regular and elite alike.
I have a _very_ low opinion of people who think they have a God-given right to harass me. If at all possible, I don't use public transit in American cities unless I'm carrying a gun.
"Regular" people aren't and have never been a problem for nerds. Obnoxious people are a problem for everybody, and the "elite" have options to avoid them. They'd be foolish to not take advantage of those options.
Busses will never be as efficient as cars for getting a _specific_ person from A to B, unless you add significant time costs for retrieving/storing the car at A, B, or both. Busses that share the road network with cars will always lose to cars, ignoring parking time costs. Efficient mass transit is disjoint from road networks (e.g. subways)
However, if you can optimize your bus route to closely match the employees you want to move, and you can make the bus experience as productive as possible for them, the productive time they gain back using the bus can offset the time delta they lose vs. a car. (And again, storing/retrieving a car in the bay area is a real consideration)
I'm going to guess that in rural Iowa, you don't have any peers or peering agreements.
You are buying upstream from a provider.
And it is going to be expensive.
Do you disagree?
The ISP in question is mentioned, right? So it should be possible to figure out who they are buying links from and if they have any other ways in/out of their AS(es), right?
Apparently to lay fiber, you trench when you can, but bore to go under roads. I was told $10-15k per mile to trench/bore. The costs to actually put in the fiber and light it up are on top of that.
I think there may be some fiber about 3 miles from me. So if I paid about $50,000, there's a chance I could get some pulled to me. Of course, finding an ISP to provision a circuit on top of that is extra.
There's one other person that might plausibly on the route from wherever fiber is to my house that would be interested in sharing costs. But there are like 350 humans in my entire 36 square mile township.
Do you really think all of us are going to get FTTH for $3000? I'll tell you want -- I'll pay you 10x that amount to pull 1gb to my house, and I'll pay you $300/mo after for a 1GB CIR.
You game?
I actually talked to one fiber provider in my area and they weren't interested.
So you're telling me I can get a 100mbit upstream link with resale rights for $45/mo?
That's astounding, since as near as I can tell, getting any kind of dedicated circuit at all is over $400/mo, and any CIR is ontop of that.
I worked in the ISP industry a long time ago. We had a frac DS-3 to UUNet. Our bill was either 4 or 5 digits, per month.
It was provisioned over Metro SONET, iirc, so it's not like we were paying off some huge trench fee.
We were selling 56k Frame Relays for more than $45/mo. Think 10x that cost.
Speeds have certainly gone up since then -- a lot. But prices haven't come down. If you want a carrier grade connection, you pay.
As an aside, I recently moved to a rural location where there is no broadband provider. I called a nearby ISP that serves the closest town. They said $10-15k per mile to trench and bore for fiber, plus the costs of actually laying fiber.
There's no CATV here. There's no possibility of DSL here. HughesNet says its oversubscribed in my area and either sells only their slowest tier or nothing at all, depending on who you believe.
So I'm using a Verizon LTE box. Metered internet really sucks, and its very expensive. It changes your usage habits entirely. We cancelled our Netflix streaming and went back to discs. I never watch stupid youtube movies any more because they're not worth the bandwidth charges I'd rack up watching them.
I've been looking for tower space in a nearby town that I can lease, so I can put up some UBNT gear and do a point-to-point shot from their tower to a tower on my property, and backhaul unmetered internet from a place that has it to my farm.
I've spoken to a few neighbors; all of them who have internet service use cellular data. I think I could build out a pretty slick rural wifi and cover my costs with it -- but that's entirely dependent on being able get some kind of uplink out here.
Doing internet service in a rural area is hard and expensive.
Have you been involved in the hiring process for GOOG, MSFT, Facebook, or AAPL?
I have.
We (Microsoft) throw a LOT of money at people we're trying to bring on board. I have to assume our competitors are doing the same -- because we lose (and gain) talent from GOOG all the time as people move back and forth between companies.
If you make it through my interview loops, you won't have to worry about your starting salary being high enough. I think you'll be pleasantly surprised when you see your offer package. I know I was.
H1B isn't a wage suppression mechanism at Microsoft. It's a way to try and increase the size of the talent pool that we get to look at. I talk to a lot of people who are qualified on paper but who don't meet the hiring bar for various reasons. It costs us a ton of time (e.g. money) to interview people who we end up not being able to hire.
We need more qualified people and the US isn't producing them fast enough domestically.
Being good -- truly good -- at STEM has always paid well. There are other things that pay better (Wallstreet is a tough competitor), but if you are exceptional, the big players will open the checkbook.
I wish the recent Oracle story hadn't happened -- because it really undermines the credibility of the whole industry.
Fwiw, I (and Microsoft more broadly) am trying to play a role in improving American STEM educational outcomes. I volunteer to teach highschool computer science at the crack of dawn before heading into the office. Check out the TEALS program at http://tealsk12.org./ If you're passionate about improving the American labor force's competitiveness, see if there's a way that you can get yourself or your school district to participate.
This isn't an "either-or" situation. We can import top level talent from around the world to improve the American labor force, and we can also try to make the native-born labor force more competitive. But the latter is a long-lead effort, and the talent shortage is real _right now_.
And, if we're going to be nationalistic about things; here's my bit of nationalism: I want every foreign born great engineer possible working on harmless software in the US, instead of working on the nuclear or space programs of whatever places they come from.
I'm not sure you are in a position to make this claim.
I've been interviewing candidates for software engineering jobs since I was in college. I constantly talk to people I cannot hire because of raw smarts issues.
My current employer is paying obscene amounts of money to hires of all ages, but especially entry level positions.
The base comp package at my company has grown significantly during my career, often in response to market pressures. Furthermore, there are legally required flyers that post job titles and salary ranges in each kicthenette that are there to help prevent abuse of h1-b workers by making sure nobody is in the dark about prevailing salaries for a given job.
The bottom line is that in my 15 plus years in interviewing and hiring, finding good people is hard, even if you're throwing around big money.
While I am broadly sympathetic with curtailing government spending and privatizing what is possible, I would like to make the following points
1) I'm going to guess that your assessment of ISS accomplishments is incorrect.
I'm going to channel Louis CK here a little but, basically, we have a _hotel in space_. People can live there and not die. That is _amazing_.
Instead of constantly pissing in their pants because there is no gravity, because cosmic and solar radiation are trying really hard to kill them, and because there is no native air, food, or water for over 100 miles, and your body has to explode and be burnt into nothingness if you want to go in that direction to get them -- these guys are up there laughing, doing flips and shit, and still getting work done.
That's awesome. How cynical are you, that we've got a floating laboratory orbiting the earth at one hojillion miles per hour, and you're like "meh. Not impressed".
What kind of awesome james bond shit is going on your life? Can you even hang drywall?
2) Ok. Lets say you're right. They're not doing anything new or awesome up there.
You overlook the value of what they are doing.
2a) the ISS allows the US to have meaningful scientific cooperation with Russia and the rest of Europe, both symbolically and pragmatically. This is a lot better than a hot war between these factions. What price do you put on symbolically maintaining good will?
2b) Even if you're right, and there is no new science nor engineering being done on the ISS, the current and future missions are still valuable.
It turns out, Space is Hard. The way you get good at it is with practice, and the way you stay good at it is with practice. You may have read, from time to time, claims that it would be difficult or impossible to recreate the Apollo program now because so much of the expertise and operational excellence of that era is now gone.
It is very easy to stop going to space. It is very hard to get back once you've stopped going.
I would characterize the spending level required for a manned space program something like the maintained dosage level vs. drug effect for many medications. Specifically, it takes much more of a drug to _start_ observing the desired effect (e.g. reduction in felt pain) than it does to maintain that effect once it has been achieved.
We're going to want to do manned space flight again some day. If we take what we know and stop doing it for 10 years, when we need to go back its going to cost more and take longer. We may not have that luxury.
2c) this relates to item 2b, but despite Kennedy's demand for the non-militarization of space, space is a military consideration.
If there must be a nation (and currently, we've got one), and it is going to do things it decides are in the public interest (like strategic defense, public education, or having a deep pipeline of basic research available royalty free) , it should seek to get a good return on investment from those activities.
We've established that manned space flight has both operational and technology advantages that are relevant for national defense, and the private economy at large. I think we get a good return on our $3B/year.
But lets cast a wider net.
Perhaps you've heard of the Halo Effect. GM builds a $100k car. Most GM customers don't buy the Corvette ZR1. But the ZR1 is a hell of a car; it is a masterpiece of engineering, styling, etc. It shows the world what GM is capable of. The thinking goes, Halo cars are effective products as a form of brand management, marketing, and advertising. It inspires people about what GM can do; it gets them thinking about GMs other products. Etc etc.
Is it possible that manned space programs have the same impact? And if so, on what group of people?
Perhaps manned space flight has an impact on kids?
The federal department of education budget is $32 billion a year.
Everyone agrees that there aren't enough Americans going into STE
I'll tell you what will make Occulus Rift a ton of money.
It needs an additional peripheral. Specifically, something that slides over the male genitalia and has programmable motors, maintains a certain amount of heat, and can be cleaned and lubricated.
Call it a milking machine with a USB port:)
With that peripheral and a VR headset, you have the possibility to make highly immersive pornography.
We've established that porn is the killer app for new technology.
VR porn may be what pushes the development and adoption of consumer VR.
Frankly, I'm shocked that the "milking machine" isn't already a real thing....
Please read my other response, which points out that there were some interesting comments on the original article. In short, it appears that only a portion of the WER upload is unencrypted.
(That said, I am not on the WER team, and I have no idea if they will take action as a result of this paper or not. We'll see)
Regarding the other point -- in my opinion, having SSL turned on isn't really relevant if you're trying to hide information from the NSA/FBI.
The Lavabit legal documents that were made available a while back are illustrative here. If the FBI wants information about someone, they get a copy of the SSL certificate's private key for the entire website. The Lavabit guys made many attempts to try and negotiate a constrained delegation of wiretap powers for the FBI, but the FBI would settle for nothing less than the ability to eavesdrop on ALL SSL traffic to the entire site. This held up in court.
So if the FBI were wanting to use WER uploads to help them in an investigation, presumably they'd just force Microsoft to disclose any SSL certs used anywhere in the WER system.
The NSA situation may be different -- based on the Snowden disclosures, they tend to operate outside of the law/judicial system. They wouldn't necessarily use the court system to force handover of certs. Perhaps turning on SSL would defeat or slow them down, but I don't think so.
If you view moxie's talk about Certificate Authorities, he points out that most national governments -- even ones less trustworthy than the US -- can just (ab)use the CA/PKI system to intercept any traffic they like, and unless you're paying very close attention, you'd never know the difference. Government entity Foo replaces the certs on sites of interest with new ones that they hold the keys to, and the CA/PKI infrastructure makes such changes transparent to you because the certs are signed by a CA.
So I guess my thought is that if the opponent is a government entity, CA-issued SSL certificates are probably security theater instead of an actual impediment.
Sadly, I cannot tell you why the decision was made (or even if it was an intentional decision as opposed to an oversight). I'm not on the WER team and I haven't spoken to them. I chimed in because I'm one of many product engineers that looks at WER data after it has been collected, processed, and assigned to the right team/product for follow-up.
That said, I can speculate, and point out publicaly available information, just like any other slashdotter:)
- regarding the clear text -- one of the comments on the original article was quite helpful. It pointed out that the WER system makes multiple requests to perform a complete incident response. The first request ("stage 1") is indeed sent in the clear, and there are a bunch of query string variables that give some information (faulting app, version, etc).
However, subsequent HTTP requests for a given WER upload, e.g. the actual file payloads, memory dumps, and so on, ARE sent via SSL. I suspect the article omits this details because the author is attempting to generate buzz for his paper and company, ahead of a security conference where more details will be published.
So, as far as what is actually being sent in cleartext over the wire -- it is NOT the memory dumps or file contents. It is, to use a lately popular word, "metadata".
On the issue of USB device insertion:
Again, I am speculating here, but part of what we use WER for is to gather customer evidence -- what are our customers actually doing. When I argue that we need to fix bug foo, if I can point at specific customers that are being impacted by it, or if I can give counts about the number of unspecific customers that are being impacted, my argument has a lot more weight.
Imagine you are on the windows team. You have a finite amount of budget to test hardware compatibility. You can put a finite number of drivers "in the box" (as opposed to making people get them from somewhere). You are constantly under pressure to downgrade support for certain hardware (from inbox to download, from download to unsupported, etc) because every device you say you support costs you real time and money...
So what's the best way to decide which hardware should be supported how much? Well, knowing how many people are still trying to use that piece of hardware seems like a good piece of data to have if you are trying to make that decision.
Rereading what I wrote, I should clarify this part
WER data also tells us WHO is hitting a problem
WER data doesn't tell us your personally identifiable information (name, email address, etc)
What I meant by that is that it bucketizes crash reports according to different dimensions. User's language/locale, operating system revision, product binary version, etc.
This is more valuable than you might think. It turns out that certain crashes only happen on certain languages, or that crashes happened shortly after release but stopped happening within a few weeks, or that no builds past revision xxx of a file matched the crash, etc.
Any MS engineer that wants to access WER data has to deal with some legalese around customer PII, and the WER upload bundles are pre-processed before we ever get to see them.
Slashdot Mirror
have you left any constructive comments in the Slashdot "blog" threads? That appears to be the official avenue by which they claim to want feedback, so duplicate your efforts over there.
I too am a classic user, and I don't much care for the beta interface. I left comments indicating what I wanted the UI to do that it wasn't currently doing, and why I still use the classic mode.
Thanks for your non-hyperbolic response.
I'm something of an anarcho-capitalist, and so I am also more anti-regulation than anyone currently sitting in congress.
The problem is that, as you and others have noted, we don't have a free market for last-mile competition. I don't get to argue that "if the market is free, competition fixes all problems" because the market isn't free.
I just recently left a jurisdiction where there was one Telco provider and one cable provider. At least in the cable-co situation, they were given a local monopoly.
The phone co was an ILEC and under ILEC rules. The cable company was not. But even though the Telco was operating under ILEC rules, their DSLAMS were what they were. There was fiber in the ground they owned, copper to my house, etc, but there was no CLEC that could come in and somehow push more bits down that wire to me faster. Sure, I didn't have to put up with the Telco's rules as far as open ports or whatever if I used a different transit provider, but nobody could come and make that connection faster for me -- only the ILEC.
I've been in the situation before where my wire was provisioned by the local Telco and my IP transit was through somebody else. And to be honest, it sucked. The two companies perpetually blamed each other anytime I couldn't access the interwebs.
Anyway, local (and national) regulation has created a huge barrier for new market entrants that want to tackle the last mile problem. And that means anyone in the last mile business should expect to get regulated good and hard. They've been given a state-protected monopoly, they should enjoy some state-mandated ass-reaming.
Regarding the FCC -- I'm really happy the FCC lost in court. If there are going to be new laws, they need to be made by the legislature.
I think having this go through the congress is the right approach. I'm in favor of having ISPs that don't throttle the content I want or charge me / providers more for certain type of content, but I'm against Net Neutrality laws/regs as I understand them. I don't think injecting govt into this problem space, at this time, is a net win. I think it lets certain organizations get their claws into things that are generally working well enough, and we're going to bitterly regret it if we let them do that right now.
The bottom line, I guess, is this practical consideration: Who do you think works for the federal government that has any business telling Comcast how it should do traffic shaping?
My preferred outcome would be for more last mile competition, with mixes of public and private action according to the tastes of different communities.
I'll have an incentive to not be honest about the speed that my car broadcasts to your car.
If the system doesn't broadcast speed directly, but broadcasts position in such a way that speed can be inferred, I'll have an incentive to not be honest about that either.
Since I'm talking about older cars that will need retrofit units, what stops me from making a unit that is selectively dishonest about what it's doing ?
Why do you think it will be easy to locate someone that is jamming a signal? RF is hard, and, this claim seems to conflict with the claim you make that it will not be possible to use this technology to identify other vehicles.
I don't actually like MMT, but it is an accurate depiction of reality.
The implications of MMT are very unsettling if you've grown up with a classical view of economics.
Keynesians are discredited and irrelevant. They have no basis for their objections because they were never coherent to begin with. Keynesians have consistently failed to predict economic events or why their policies don't have the intended effects.
MMT isn't something you can understand in a few minutes. You can hear the basic arguments in a few minutes, but it takes a while to internalize and re-orient your thinking.
There may not be currently.
In effect, from 1933 to the 1970s, there was a law specifically saying what you could no longer accept as payment
http://en.wikipedia.org/wiki/G...
This was done explicitly to let the Feds control the dollar and to not give the people a viable alternative.
This isn't true.
The US hasn't raised enough money via taxes to fund its annual operating expenses in a very long time.
Yet a US government check has never bounced.
It is 100% clear that, no matter what politicians say and what our household models of economics say, the Feds do not need your tax revenue to pay for anything.
The key difference between the post-1971 dollar and previous macroeconomic situatinos is that the US dollar is no longer redeemable in anything else. It is now entirely a fiat currency. It is a currency that can buy anything in the US economy because of two reasons
1) Legal tender laws -- the Feds force anyone in the US to accept USD for any debt, public or private
2) Taxes. The feds require most of us to pay taxes, and those taxes must be paid in USD. That means we need to do things in the real economy in order to get USD, so that we can give the govt a portion of that USD.
That's it. That's the whole game.
Why tax us at all? To force everyone to trade in dollars -- and critically -- to reduce private sector spending power when newly injected government money is chasing after the same economic output. If public and private dollars are chasing the same items, price appreciation will happen, and thats politically a loser. And, as you point out, it can become hyperinflation.
But really, after Nixon closed the gold window, our money is entirely artificial. If you brought in a sack of $20k in cash for your federal income taxes to some IRS office, they wouldn't say, "finally, we can go pay our debts!" or "finally! we can go buy that highway we need"
They'd update a number in a database and drop the sack of cash in a shredder. Nobody wants to move around all that physical cash.
Please read the writings of Warren Mosler, and on the topic of Modern Monetary Theory.
You are correct about one thing -- reckless currency debasement can become hyperinflation.
It's actually exactly right.
It's historically divergent because for most of history, nations didn't use fiat currencies.
Now they do.
That has some implications. Implications that most people haven't gotten, and the ones who do get it are quiet about it.
I recommend you to the writings of Warren Mosler; the topic is "Modern Monetary Theory".
You can find his works online. Try "Seven Deadly Economic Frauds".
I recommend reading the Christopher Alexander Books: "The Timeless Way of Building", "A Pattern Language", etc.
These are the books that the Gang of Four read that inspired the software design patterns movement. So there's that tie in.
But the other reason to read them is to encounter an entirely different philosophy about why and how to build things.
So while the geek in me reacts to this headline with, "cool! Moving walls that reconfigure themselves! How efficient", the part of me that has read Alexander asks some questions:
How will this make users of the building feel?
Is ease of reconfiguration the most important design quality in a space?
How will it impact people when the space they live and work in changes overnight?
Also, don't read the Alexander books if you've just changed house. You'll walk around your new place frustrated at all of the faults you didn't know were faults :)
Bingo.
I had developed on MySQL, Sybase, and Oracle professionally before I was exposed to MS SQL server.
SQL server is no joke. It gives you most of the enterprise features and power of Oracle, with none of the obtuse awful crap of Oracle. Even installing Oracle is a disaster.
The tools for SQL server are miles ahead of anything else, and incomparably better than what you can easily find for MySQL.
SQL server hits the sweet spot of being easy to use, easy to install, full featured, and very powerful. It's also free to develop against. You pay when you go into production.
If you're not going to buy a commercial DB software, Postgres is the most like a "real" DBMS. The problem is that so many FOSS packages really expect you to use MySQL, but if you're used to working with "real" DBMS software MySQL just feels so different.
IMO, MySQL has survived because of the price, and because many people don't have especially interesting database needs.
One thing that windows has that Linux lacks is credible ODBC type functionality. In an ideal world, a Linux package that needed a SQL database underneath could swap out MySQL,postgres, or whatever with just changing a runtime configuration string, and perhaps optionally re-running a schema-gen and data-loading script.
In practice, making a package or library that was written for MySQL work against anything else is just pure suffering.
hahahahahahahahahaahah
I am the last person on this planet that would vote for the recent crop of Democrat candidates.
I'm an voluntarist, if labels are important to you.
Slavery used to be the law.
Ignoring the law -- or in this case, the laws that protect government when government breaks the laws at the expense of the innocent -- seems prudent.
ok, if the US government had _any_ credibility that they weren't just going to off this guy the second they could...and there was ANY credibility in the courts..
heres what SHOULD happen
He should get charged with whatever crimes he is alleged to have committed.
In the course of his trial, he should name all of the official channels he tried to use to "whistleblow" the "right" way. His superior? His superioer-superior?
Each person he names should charges brought against them, and subsequently be put on trial.
Snowden should have a full trial, and the people he implicates in that trial should all be followed up on for prosecution.
The methods he used to do what he did should be revealed in court and handed back to appropriate govt agencies, who should improve their internal security.
The people and practices that prevented him from whistleblowing in the "right" way should be removed from service.
Ultimately, snowden will probably be convicted of something or other via this trial. And then immediately after the conviction, he should be pardoned by the president, owing to the fact that the greater good he did for the American people by exposing the systematic law breaking by its own government greatly exceeds any legal wrong he might have done.
He should have his voting/firearm rights restored in the event that the charges against him were felony charges; the net result is that not felony should appear on his record.
None of this will happen because our government is shit.
Firstly, I really recommend people watch this video series. It's brilliant:
http://www.thegreatcourses.com...
One of the things discussed here was that Hamilton and Madison, architects of the new national government, were acutely familiar with the history of self-governance experiments elsewhere in Europe, from ancient Greece onward.
They sought to avoid the inevitable decline of all previous attempts of such societies. Madison, especially, observed that factionalism led to the decline of all such pluralistic, democratic societies. Once one faction gained sufficient power, it marginalized opposing factions and consolidated power.
Rather than trying to eliminate factionalism, Madison's basic idea was to depend on it. He proposed a national government whereby differing factions would always be at each others necks, with no faction really having the possibility of gaining enough power to completely suppress all the others. Factionalism can be broken down along a variety of axis (wealth, education, aristocracy, etc), and Madison tried to work that into the construction of the government as well. This also helped balance the VERY different perspectives of Jefferson, the rural populist, and Hamilton, who would be happy if everyone still wore powdered wigs.
So, we can certainly debate how well Madison's plans have worked out in practice (e.g. do we really have multiple competing factions? Or just the illusion of controversy, ala the WWF wrestlers...), but in principle, the two major parties arguing against policies and practices chiefly when used by their opponents if part of the plan. According to Madison, the system _needs_ opposing factions in order to outlast the previous European attempts at self-governance.
It would be interesting to do an analysis of legislation that was swept through the federal government with broad support, and tabulate how often that legislation was ultimately found to be harmful/undesirable...
The F35 was a political creature from nearly the beginning.
The article is a bit misleading, saying the F-35 program started in 2001. Well, before that, it was called the JSF program, and it was quite far along back in 1999 when I worked at Boeing AMS for a summer. That summer the JSF front fuselage and mid fuselage were "mated" for the first time. Boeing was building one part and IIRC LMCO was building the other.
It seems as though one of the goals of the JSF/F-35 program was to try and get part of it built by everybody from every congressional district, thereby making it politically invincible.
Of course, there's an understandable reason to do this. The reason I worked at "Boeing" but most of my co-workers were McDonnel Douglas lifers was because Boeing absorbed McDonnel after the feds cancelled the A12 program, which McDonnel was balls deep into. McDonnel was left in terrible shape and the sharks rolled in.
McDonnel sold its IT infrastructure to IBM and then leased it back. That arrangement later became IBM Global Services. And Boeing swooped in to "merge" with McDonnel and purchase an admittance ticket to the lucrative (but risky) Military Contracts party, which they hadn't been invited to previously.
The problem with making something politically invincible by giving everyone a stake in the outcome means that -- gasp -- everyone has a stake in the thing. So the F-35 is a plane that doesn't do anything especially well, but that everyone can look at and say "I helped" or "they listened to my feedback"
To be fair, a huge focus on the F-35 that hasn't been as successful in the past was life-time cost effectiveness and reducing the cost and recovery time per mission.
In the cold war era, the engineering mantra was "as good as possible, at any price, because the future of our country is on the line, and if we don't win the money we saved won't matter"
Now we have a different emphasis: "good enough, and operationally cheap over a long service life"
I'll be sad to see the A-10 go. I was sad to see the F-14 go. The F-35 may well be the last manned atmospheric assault aircraft the US develops. I wish it were more inspiring.
You make some good points about the historical subsidization of automobiles via the road infrastructure. People should really internalize this basic truth -- that government spending always subsidizes something at the expense of something else, and therefore reinforces some behaviors at the expense of some other behaviors.
The rest of your post is stupid.
I worked at Microsoft in Seattle for a while. MS had a policy of giving free bus passes to any employee. I took the bus on many occasions, especially if my car was broken.
Taking the bus took longer than driving. That's when everything worked perfectly. The bus route I needed came past my house once per hour. If I missed the bus (my fault), I was losing an hour of work day.
I also needed to take a transfer to actually get the rest of the way to work. The transfer overlap in the schedule was close, it was different on different days/times of the year, and if the bus came past my house too late, I missed my transfer, and I sat at a bus stop for 30-60 minutes. More wasted time.
Getting home in the evening was even worse. Sometimes the busses just didn't show up at all. More wasted time -- both mine and the people who I needed to work with to get alternate arrangements to get me home. And wasted time for the people who needed me to leave by a particular time to get where I was going by a particular time.
I gave up on the Metro King County bus system because it wasn't ON TIME and it wasn't RELIABLE. I had better options, so I used them.
People of Google caliber need transportation that is ON TIME and RELIABLE. Their time is worth a lot of money, to Google and to the larger economy. Not to mention themselves.
I've always assumed that people put up with bad transit because they are stupid or because they cannot afford better options. People who put up with bad transit for some weird notion of "public good" or "higher purpose" baffle me. I hope nobody actually does that.
You're given a very short time on this planet to do all of the good things you can possibly do for yourself, your friends, your family, and society.
Wasting time dealing with inefficient transit isn't a good use of your life.
Google caliber people realize that. Certainly, the people behind the Google bus program realize that.
Finally, there are some other positive impacts that come from having a private commuter service. In addition to being more time efficient for google and google employees, employees on a private bus can get more work done better because
- wifi
- they can collaborate with other employees on the bus
- they can assume some level of company privacy
- they -- critically -- are not dealing with shitheads.
Another problem with subsidized public transit isn't the elite looking down on the regular, as you posit, but the shitheads that ruin public transit for regular and elite alike.
I have a _very_ low opinion of people who think they have a God-given right to harass me. If at all possible, I don't use public transit in American cities unless I'm carrying a gun.
"Regular" people aren't and have never been a problem for nerds. Obnoxious people are a problem for everybody, and the "elite" have options to avoid them. They'd be foolish to not take advantage of those options.
Busses will never be as efficient as cars for getting a _specific_ person from A to B, unless you add significant time costs for retrieving/storing the car at A, B, or both. Busses that share the road network with cars will always lose to cars, ignoring parking time costs. Efficient mass transit is disjoint from road networks (e.g. subways)
However, if you can optimize your bus route to closely match the employees you want to move, and you can make the bus experience as productive as possible for them, the productive time they gain back using the bus can offset the time delta they lose vs. a car. (And again, storing/retrieving a car in the bay area is a real consideration)
I've ridden
In fact, I've been planning on exactly this. I'm looking for tower partners in a nearby town.
I'm going to guess that in rural Iowa, you don't have any peers or peering agreements.
You are buying upstream from a provider.
And it is going to be expensive.
Do you disagree?
The ISP in question is mentioned, right? So it should be possible to figure out who they are buying links from and if they have any other ways in/out of their AS(es), right?
Want to give it a shot?
My closest neighbor is 3/4mile away.
Apparently to lay fiber, you trench when you can, but bore to go under roads. I was told $10-15k per mile to trench/bore. The costs to actually put in the fiber and light it up are on top of that.
I think there may be some fiber about 3 miles from me. So if I paid about $50,000, there's a chance I could get some pulled to me. Of course, finding an ISP to provision a circuit on top of that is extra.
There's one other person that might plausibly on the route from wherever fiber is to my house that would be interested in sharing costs. But there are like 350 humans in my entire 36 square mile township.
Do you really think all of us are going to get FTTH for $3000? I'll tell you want -- I'll pay you 10x that amount to pull 1gb to my house, and I'll pay you $300/mo after for a 1GB CIR.
You game?
I actually talked to one fiber provider in my area and they weren't interested.
So you're telling me I can get a 100mbit upstream link with resale rights for $45/mo?
That's astounding, since as near as I can tell, getting any kind of dedicated circuit at all is over $400/mo, and any CIR is ontop of that.
I worked in the ISP industry a long time ago. We had a frac DS-3 to UUNet. Our bill was either 4 or 5 digits, per month.
It was provisioned over Metro SONET, iirc, so it's not like we were paying off some huge trench fee.
We were selling 56k Frame Relays for more than $45/mo. Think 10x that cost.
Speeds have certainly gone up since then -- a lot. But prices haven't come down. If you want a carrier grade connection, you pay.
As an aside, I recently moved to a rural location where there is no broadband provider. I called a nearby ISP that serves the closest town. They said $10-15k per mile to trench and bore for fiber, plus the costs of actually laying fiber.
There's no CATV here. There's no possibility of DSL here. HughesNet says its oversubscribed in my area and either sells only their slowest tier or nothing at all, depending on who you believe.
So I'm using a Verizon LTE box. Metered internet really sucks, and its very expensive. It changes your usage habits entirely. We cancelled our Netflix streaming and went back to discs. I never watch stupid youtube movies any more because they're not worth the bandwidth charges I'd rack up watching them.
I've been looking for tower space in a nearby town that I can lease, so I can put up some UBNT gear and do a point-to-point shot from their tower to a tower on my property, and backhaul unmetered internet from a place that has it to my farm.
I've spoken to a few neighbors; all of them who have internet service use cellular data. I think I could build out a pretty slick rural wifi and cover my costs with it -- but that's entirely dependent on being able get some kind of uplink out here.
Doing internet service in a rural area is hard and expensive.
Have you been involved in the hiring process for GOOG, MSFT, Facebook, or AAPL?
I have.
We (Microsoft) throw a LOT of money at people we're trying to bring on board. I have to assume our competitors are doing the same -- because we lose (and gain) talent from GOOG all the time as people move back and forth between companies.
If you make it through my interview loops, you won't have to worry about your starting salary being high enough. I think you'll be pleasantly surprised when you see your offer package. I know I was.
H1B isn't a wage suppression mechanism at Microsoft. It's a way to try and increase the size of the talent pool that we get to look at. I talk to a lot of people who are qualified on paper but who don't meet the hiring bar for various reasons. It costs us a ton of time (e.g. money) to interview people who we end up not being able to hire.
We need more qualified people and the US isn't producing them fast enough domestically.
Being good -- truly good -- at STEM has always paid well. There are other things that pay better (Wallstreet is a tough competitor), but if you are exceptional, the big players will open the checkbook.
I wish the recent Oracle story hadn't happened -- because it really undermines the credibility of the whole industry.
Fwiw, I (and Microsoft more broadly) am trying to play a role in improving American STEM educational outcomes. I volunteer to teach highschool computer science at the crack of dawn before heading into the office. Check out the TEALS program at http://tealsk12.org./ If you're passionate about improving the American labor force's competitiveness, see if there's a way that you can get yourself or your school district to participate.
This isn't an "either-or" situation. We can import top level talent from around the world to improve the American labor force, and we can also try to make the native-born labor force more competitive. But the latter is a long-lead effort, and the talent shortage is real _right now_.
And, if we're going to be nationalistic about things; here's my bit of nationalism: I want every foreign born great engineer possible working on harmless software in the US, instead of working on the nuclear or space programs of whatever places they come from.
I'm not sure you are in a position to make this claim.
I've been interviewing candidates for software engineering jobs since I was in college. I constantly talk to people I cannot hire because of raw smarts issues.
My current employer is paying obscene amounts of money to hires of all ages, but especially entry level positions.
The base comp package at my company has grown significantly during my career, often in response to market pressures. Furthermore, there are legally required flyers that post job titles and salary ranges in each kicthenette that are there to help prevent abuse of h1-b workers by making sure nobody is in the dark about prevailing salaries for a given job.
The bottom line is that in my 15 plus years in interviewing and hiring, finding good people is hard, even if you're throwing around big money.
While I am broadly sympathetic with curtailing government spending and privatizing what is possible, I would like to make the following points
1) I'm going to guess that your assessment of ISS accomplishments is incorrect.
I'm going to channel Louis CK here a little but, basically, we have a _hotel in space_. People can live there and not die. That is _amazing_.
Instead of constantly pissing in their pants because there is no gravity, because cosmic and solar radiation are trying really hard to kill them, and because there is no native air, food, or water for over 100 miles, and your body has to explode and be burnt into nothingness if you want to go in that direction to get them -- these guys are up there laughing, doing flips and shit, and still getting work done.
That's awesome. How cynical are you, that we've got a floating laboratory orbiting the earth at one hojillion miles per hour, and you're like "meh. Not impressed".
What kind of awesome james bond shit is going on your life? Can you even hang drywall?
2) Ok. Lets say you're right. They're not doing anything new or awesome up there.
You overlook the value of what they are doing.
2a) the ISS allows the US to have meaningful scientific cooperation with Russia and the rest of Europe, both symbolically and pragmatically. This is a lot better than a hot war between these factions. What price do you put on symbolically maintaining good will?
2b) Even if you're right, and there is no new science nor engineering being done on the ISS, the current and future missions are still valuable.
It turns out, Space is Hard. The way you get good at it is with practice, and the way you stay good at it is with practice. You may have read, from time to time, claims that it would be difficult or impossible to recreate the Apollo program now because so much of the expertise and operational excellence of that era is now gone.
It is very easy to stop going to space. It is very hard to get back once you've stopped going.
I would characterize the spending level required for a manned space program something like the maintained dosage level vs. drug effect for many medications. Specifically, it takes much more of a drug to _start_ observing the desired effect (e.g. reduction in felt pain) than it does to maintain that effect once it has been achieved.
We're going to want to do manned space flight again some day. If we take what we know and stop doing it for 10 years, when we need to go back its going to cost more and take longer. We may not have that luxury.
2c) this relates to item 2b, but despite Kennedy's demand for the non-militarization of space, space is a military consideration.
If there must be a nation (and currently, we've got one), and it is going to do things it decides are in the public interest (like strategic defense, public education, or having a deep pipeline of basic research available royalty free) , it should seek to get a good return on investment from those activities.
We've established that manned space flight has both operational and technology advantages that are relevant for national defense, and the private economy at large. I think we get a good return on our $3B/year.
But lets cast a wider net.
Perhaps you've heard of the Halo Effect. GM builds a $100k car. Most GM customers don't buy the Corvette ZR1. But the ZR1 is a hell of a car; it is a masterpiece of engineering, styling, etc. It shows the world what GM is capable of. The thinking goes, Halo cars are effective products as a form of brand management, marketing, and advertising. It inspires people about what GM can do; it gets them thinking about GMs other products. Etc etc.
Is it possible that manned space programs have the same impact? And if so, on what group of people?
Perhaps manned space flight has an impact on kids?
The federal department of education budget is $32 billion a year.
Everyone agrees that there aren't enough Americans going into STE
I'll tell you what will make Occulus Rift a ton of money.
It needs an additional peripheral. Specifically, something that slides over the male genitalia and has programmable motors, maintains a certain amount of heat, and can be cleaned and lubricated.
Call it a milking machine with a USB port :)
With that peripheral and a VR headset, you have the possibility to make highly immersive pornography.
We've established that porn is the killer app for new technology.
VR porn may be what pushes the development and adoption of consumer VR.
Frankly, I'm shocked that the "milking machine" isn't already a real thing....
Please read my other response, which points out that there were some interesting comments on the original article. In short, it appears that only a portion of the WER upload is unencrypted.
(That said, I am not on the WER team, and I have no idea if they will take action as a result of this paper or not. We'll see)
Regarding the other point -- in my opinion, having SSL turned on isn't really relevant if you're trying to hide information from the NSA/FBI.
The Lavabit legal documents that were made available a while back are illustrative here. If the FBI wants information about someone, they get a copy of the SSL certificate's private key for the entire website. The Lavabit guys made many attempts to try and negotiate a constrained delegation of wiretap powers for the FBI, but the FBI would settle for nothing less than the ability to eavesdrop on ALL SSL traffic to the entire site. This held up in court.
So if the FBI were wanting to use WER uploads to help them in an investigation, presumably they'd just force Microsoft to disclose any SSL certs used anywhere in the WER system.
The NSA situation may be different -- based on the Snowden disclosures, they tend to operate outside of the law/judicial system. They wouldn't necessarily use the court system to force handover of certs. Perhaps turning on SSL would defeat or slow them down, but I don't think so.
If you view moxie's talk about Certificate Authorities, he points out that most national governments -- even ones less trustworthy than the US -- can just (ab)use the CA/PKI system to intercept any traffic they like, and unless you're paying very close attention, you'd never know the difference. Government entity Foo replaces the certs on sites of interest with new ones that they hold the keys to, and the CA/PKI infrastructure makes such changes transparent to you because the certs are signed by a CA.
So I guess my thought is that if the opponent is a government entity, CA-issued SSL certificates are probably security theater instead of an actual impediment.
Sadly, I cannot tell you why the decision was made (or even if it was an intentional decision as opposed to an oversight). I'm not on the WER team and I haven't spoken to them. I chimed in because I'm one of many product engineers that looks at WER data after it has been collected, processed, and assigned to the right team/product for follow-up.
That said, I can speculate, and point out publicaly available information, just like any other slashdotter :)
- regarding the clear text -- one of the comments on the original article was quite helpful. It pointed out that the WER system makes multiple requests to perform a complete incident response. The first request ("stage 1") is indeed sent in the clear, and there are a bunch of query string variables that give some information (faulting app, version, etc).
However, subsequent HTTP requests for a given WER upload, e.g. the actual file payloads, memory dumps, and so on, ARE sent via SSL. I suspect the article omits this details because the author is attempting to generate buzz for his paper and company, ahead of a security conference where more details will be published.
So, as far as what is actually being sent in cleartext over the wire -- it is NOT the memory dumps or file contents. It is, to use a lately popular word, "metadata".
On the issue of USB device insertion:
Again, I am speculating here, but part of what we use WER for is to gather customer evidence -- what are our customers actually doing. When I argue that we need to fix bug foo, if I can point at specific customers that are being impacted by it, or if I can give counts about the number of unspecific customers that are being impacted, my argument has a lot more weight.
Imagine you are on the windows team. You have a finite amount of budget to test hardware compatibility. You can put a finite number of drivers "in the box" (as opposed to making people get them from somewhere). You are constantly under pressure to downgrade support for certain hardware (from inbox to download, from download to unsupported, etc) because every device you say you support costs you real time and money...
So what's the best way to decide which hardware should be supported how much? Well, knowing how many people are still trying to use that piece of hardware seems like a good piece of data to have if you are trying to make that decision.
Rereading what I wrote, I should clarify this part
WER data doesn't tell us your personally identifiable information (name, email address, etc)
What I meant by that is that it bucketizes crash reports according to different dimensions. User's language/locale, operating system revision, product binary version, etc.
This is more valuable than you might think. It turns out that certain crashes only happen on certain languages, or that crashes happened shortly after release but stopped happening within a few weeks, or that no builds past revision xxx of a file matched the crash, etc.
Any MS engineer that wants to access WER data has to deal with some legalese around customer PII, and the WER upload bundles are pre-processed before we ever get to see them.
Resume panic :)