lostnet's comments

> Download it now, whether or not you need it, because it adds noise.

Why would I download a security specific image?

If you want to be as secure as possible, download the smallest possible system that can bootstrap the compiler then build out from source, retaining all source and looking for variances when you recompile.

Personally, I don't much care. I am not looking for a technical solution. I am looking for a social upheavel in the form of citizens visibly exercising rights: http://www.aeinstein.org/ to finally end the cold war mentality in the US government.

Hmm, I use perks as a significant way to judge a company, but more isn't necessarily better. You must always ask what? why?

Do the perks fit with the industry and intentions of the company? Are the perks well thought out and canceled when they are a detriment to the company and/or employees?

I've always worked for companies with unlimited coffee and some group outings. I would be largely for companies with unlimited fruit juices, functional athletics centers, well thought out awarded perks, etc.

Yet, I am very skeptical of companies with free soda. For example, Netscape was very short sighted and ended up with similar (and perhaps newly diabetic) employees. I love some of their results, but as a company I am glad they went and I wish they went earlier, certainly before their server products were considered an asset..

Similarly, I am not swayed by lots of stock options (is there a reason they are so frivolous with them? Is this place so miserable that vesting periods are all that can keep me here?) But I expect some together with a heartfelt apology for not giving me more from a manager who seriously tried.

Perks should be the food for conversation on the topic of compensation. (Or some such HR fueled poetic nonsense.)

The default installs of shells and window managers are likely to reveal whether the command has either ever or recently been run.. Disabling the defaults is also "suspicious".

I don't think you can fix a social problem with a technical fix. Innocent until proven guilty (of a crime with a victim please!) has to apply to employment law and clearances. Otherwise we are building a group of criminals who can honestly be believed when they say they are willing to violate the constitution to protect executive branch interests.

The trouble with the Snowden case is that the NSA now has more power to filter its employees/contracts in order to further violate the terms of the agreement.

Even drastic action would not fix it. Impeach the entire chain up the executive branch and the next one will be more secretive and let Hoover shine as the simple misunderstood Prom Queen he wanted to be.

I just hope Obama's actions will ruin him and this nonsense about replacing the President with an outsider. If that suddenly gets you an honest system instead of a cynical President, then kissing the frog must work too.

That is how the legal system works, so do you seriously plan to arrest the NSA?

But the topic here is about maintaining a secure system. You must prove beyond a reasonable doubt that every element is either secure or allowed to be owned by your antagonist. Technically no one should have ever trusted something that can not be observed (and it sounds like the people responsible didn't.)

If you chose to trust intel for no good reason, then you must now untrust them given that there is a reason. As a company they would be idiots to introduce such a thing. But if every US company can clearly be threatened with even worse outcomes into going against its own market interests then such an argument does not apply.

As a side note, I do think there was already plenty of evidence that the US was actively forcing companies to do the NSA's bidding. The encryption export laws were largely designed to keep everyone who makes encryption products perpetually afraid of losing all their right to export anything mostly by "governmental discretion" on handling the companies inevitable 'incidents' of support talking to the wrong person about how RSA worked.

Perhaps Germany could create a program of secret renditions to fetch them...

If people believe that your state is actively using whatever data it can obtain for economic reasons (for example to give foreign trade secrets to local companies,) then clearly no foreign company should hire anyone from your country, use your country as a web platform or use any operating system or software developed by your nationals.

If everyone moves to local services and infrastructure, that could be beneficial to the export/import situation of many medium size countries. But the US would not benefit. It is heavily invested in exporting these products.

Interesting to think about, but the publicly searchable web seems like the only meaningful number to me.

Ok, there may be a whole bunch of social media in some language each accessible to small groups of facebook users. Does that help the average speaker of that language find a manual, recipe, learn a programming language, etc?

Groups brokering exploits is definitely scary stuff. But the non-privatized government researchers have existed long before them and are better at keeping silent and therefore largely perpetual exploits.

Under it all, the current model remains a by obscurity model, where anyone with orders of more magnitude of resources can certainly do enough reverse engineering to find the weak links and break in without planting backdoors.

Vendors reaching the point where they can offer bounties without contemplating bankruptcy implies considerably more resources are going into secure by design software and will continue to flow if they plan to remain solvent and unembarrassed (equally emabarassed?)

I've been playing with a chromebook and I am delighted to see frivolous and even fairly significant features were dropped to develop a secure boot model with a reasonable opt out. I'm sure it will still be broken, but 5-10 years ago it would have been trivially breakable to meet some last minute corporate request for tftp booting, marketing demo, or what have you..

Similar to the drug market, you can not drop the open market and expect everything to stop. Instead you must capture as many resources as you can and direct them to the right goal. I would hope that goal is secure kernels that expand out towards today's features, since the opposite clearly does not work with the resources at hand.

> Why should employers be responsible for the transit habits of their employees?

Because an employer is responsible for the transit habits of an employee which determines the capacity and cost of major arteries.

We have payed for these roads at the federal level first for the defense and now to allow the DOT to bully everyone. Transparent, eh?

The US town I last worked in was not at all happy about the traffic externalities of office space. Their attempt to remedy it were complex and entailed a lot of overhead for everyone. Surveys, building restrictions, reimbursement plans, etc.

A tax system could simply charge employers based on the commutes of all employees and offer free to board public transit. Then it could stop allowing commute expense to be deducted in the covered areas..

I find tolls to be a little backward since virtually everyone traveling during the max capacity times can deduct them, while leasure travelers can not.

Xing is still very popular among German speakers, though linked in has been making quick progress.

A professional looking portrait photo is essential here in Switzerland, and age based discrimination is legal? and the norm, so not disclosing your age may waste everyone's time.

Here they also send around a cover letter and a bunch of documents from past employers, but they don't seem to expect that from foreigners.

I enjoy both javascript and scala.

For work and anything I would want to put on a web site it is more practical to write javascript and when I've had time for my own projects I've enjoyed scala.

For me this is a great direction. The idea that I'd suddenly replace my javascript is silly. But being able to pull in things I'm familiar with from both into the same prototype (and at the same layer) of something and debug it all in the debugger I'm most familiar with (and with correct code line references!) is awesome.

Similarly, for someone who is learning scala and doesn't have/want java+IDE experience, this could lead to learning scala as a language with much less overhead and/or while learning a more useful combination of debugger and editor.

I think the overly negative comments come from those who view javascript as the "problem" that every new way to integrate languages with it must have been designed to tackle. Since every language has trade-offs, there is always ample criticism available from that vantage point...

> Stuxnet?

Probably not, once a vendor is aware the bug has a relatively short life and using it increases the possibility of detecting your attacks. To avoid constant maintenance, one must review code for new exploits and then not inform the vendor.

More likely they watched for indications that their bugs were independently detected to keep ahead once they were operational.

> Reinhart-roghoff was not submitted to a peer reviewed journal.

Yet among 400+ other citations, it was self-cited in a paper to the American Economic Review (see google scholar,) which is peer reviewed and appears to have a code submission policy since 2004 (see wikipedia.)

Perhaps if they submitted the paper directly it would have been turned down? That would make it an even better example of how to game citation count like SEO/PageRank.

If you are able to get at the entire physical media then a certain combination of high and low bit writing is necessary or one can read some previous bits with specialized hardware. There is a DoD standard for writing enough combinations.

But with modern drives you are not getting at the physical layout. The drive may detect an error and remap surrounding data for you. Consequently, some data surrounding some badblock(s) in the past will potentially never be overwritten by your process. Someone with separate hardware or an alternate firmware could always retrieve it.

Please forgive my total insensitivity..

3%+ of total population sounds like enough people to pressure at least one video card vendor to offer equivalent remapping. So why is this a web design problem?

The next step would be an ipython notebook verses showing the student the debugger console with prepopulated state in Javascript.. In fact, later lessons as modules to interact with in a notebook would be kind of cool.

I really don't buy the "you have to own a car to drive one arguments" and the whole point of modern software engineering is to pull you away from the assumption of full system control and the ability to make problems go away with shell skills.

But, I would like more immediate source code management integration. That is the essential reality I always see lacking..

A non-programmer that understood git basics would be more helpful to me as a colleague than a competent programmer that doesn't.

> it may be that they had a good notion using length-of-commit as a measure for expressiveness.

Replace "expressiveness" with "author's anticipation of reviewer difficulty based on prevailing cultural biases" and you have a different conclusion for how authors size groups of changes that also matches the order graphed.

If you want literal expression-per-line why not just look at compressed_size/line_count for the available body of work in each language?

I have been taking MOOCs continuously since the Stanford ones started (and took some non-video online classes years back at my University) and I am rather concerned about the affect directly giving credit for MOOCs could have on them.

If physical University classes were free and easy to join I do not think I would participate much, and I think the bad taste I get stems from the people who are there just for the credit. Similarly, I wonder about the quality of peer reviews in MOOCs where most people are there for an external incentive.

Personally, I would rather see independent test centers replace the accreditation process for everyone, removing that pressure from the teaching system all around.

Also, I would love to hear thoughts from an Actuary on how the independent test system affects their profession and their expectations when meeting a new colleague.

> He does describe interesting models/theories, but I don't > actually think they're relevant.

I have to agree. Google is very efficient at profiting from casual users unwilling to pay, but clearly they just didn't exist.