I very much expected that the vast majority of Slashdot commenters would take Uber's side, just because their marketing shtick is anti-establishment making them the darlings of the Slashdot crowd. I'm glad to see, and slightly impressed, to see that the Uber fans here are apparently capable of seeing when the Uber execs are being dicks.

At least ten patents so obvious they got kicked by USPTO already? If Uber is turning into a patent trolling company there might be some seriously conflicted people here on Slashdot.

An airliner isn't going to depressurize from something like a bullet hole either. Now if a large bomb blows a 3 meter hole in the fuselage, that'll depressurize and people's ears will pop painfully. The pressurization air is the same compressed air that provides 85% of the forward thrust of provided by it's two 54,000 lb thrust engines.

Here's how much air is available:
http://code7700.com/videos/top...

If the airliner is at maximum altitude when the large chunk of fuselage is removed and the cabin loses pressure, the pilot should descend to 8,000 feet or below because the passengers will get dizzy after a few minutes and may pass out.

That's interesting information, and useful for anyone serving hundreds of thousands of requests per second.

For the 99.9% of sites that serve single to hundreds of requests per second, it might pay to keep in mind that your sedan is not designed to run on jet fuel. What someone going a thousand times as fast does isn't necessarily relevant.

> The cop knowingly signed the document. Isn't this more important than the beliefs of the thief?

The defendant is on trial, not the cop. So what matters is whether the defendant knowingly committed the crime. (Some crimes have a standard such as "recklessly" rather than "knowingly"). When determining whether Joe is guilty, courts look at Joe's actions and Joe's intent.

If the cop violated Constitutional rights to get evidence, one penalty for the cop is that they can't use the evidence. There happens to be a side benefit to the defendant in some cases, but the goal is to discourage the cops from performing unlawful searches. In the scenario at hand, I don't see any Constitutional right being violated, so a motion to suppress would be without grounds. Unless you can articulate some _Constitutional_ grounds to suppress that I'm not thinking of.

I'll try explaining it the other way around, with a real-life case. There have been several cases that fit this pattern.

A cop wants to bust a bad guy. That cop gets his wife, a teacher, to pretend to be the DA and tell the bad guy he's authorized to do $crime. Cop busts the bad guy.

In court, bad guy says "the DA said I could ... at least, I thought she was the DA. The real DA replies "I never said a word to the guy. Some teacher said it was authorized, but she has no authority to authorize anything."

In such case, the courts have consistently held that the defendant is not guilty, because they THOUGHT that their actions were authorized and therefore lawful.*

So you see it doesn't matter if the person "authorizing" it is really a cop, a teacher, or a DA. What matters is what the defendant BELIEVES - whether they are trying to commit an act that is criminal or they are trying to aid law enforcement. The legal term is "mens rea", which means "guilty mind",'also known as "criminal intent ".

You are free to think that the courts should have done the opposite and found the person guilty when the "DA" actually isn't a DA. You can think it's wrong or right, but what actually sends people to prison or not in such cases is their actual belief - did they believe their act was authorized or not. The actual identity of the authorizing party does not matter under law.

* This mention of mistaken belief reminds some people of the phrase "ignorance of the law is no excuse". Ignorance of the LAW generally isn't an excuse, but mistake of FACT IS an excuse. "I didn't know poisoning my husband counts as murder" is no good. "The bottle said 'blueberry syrup', so I thought it really was blueberry syrup that I put on his food" is a valid defense. Here we're talking about mistake of fact - the defendant thought the person was (or was not) a proper authority.

What matters is whether the defendant has a "reasonable belief " that their conduct is authorized and lawful. The question isn't whether or not the statement is TRUE, not for the sham "cops" or the real cop. The defendant doesn't THINK that it's true in either case. They think they're perpetrating a burgalry, not executing a search warrant. Since they don't know of any actual search warrant, they've committed burgalry- even if there actually was a cop, and a search warrant. The warrant they didn't know about, didn't think existed, is not an excuse to commit burgalry.

Another example - officers are allowed to possess certain substances for law enforcement purposes. A drug dealer signs agreements with their associated dealers claiming that they are all cops, and all busting each other. They do not believe that. They are actually possessing them for the purpose of drug dealing, not for law enforcement purposes (intent to distribute) . It turns out that one guy is actually a cop, and he photographs the drug dealing possessing drugs with the intent to distribute. What matters is the actual possession with actual intent to distribute. Making marks on paper claiming that you're trying to bust each other doesn't matter a whit. The crime is a) possessing drugs with b) intent to distribute. If you actually possess the drugs and actually intend to distribute , you're actually guilty and actually going to actual prison.

While in prison, you can write a letter saying that you're not really a prisoner, you're an undercover agent spying on the prisoners.

Just in case you actually believe that, here's a little information about what was actually going on, with an example.

In 2014, I did some work for the state of Texas and the state promised that they'd pay for that work 30-50 years from now, when I'm retired. Just as all public corporations are legally required too, Texas follows Generally Accepted Accounting Principles (GAAP) , and therefore recognized that expense in 2014. They got the benefit in 2014, so they needed to pay the cost in 2014. That's why Texas has set aside $130 billion dollars, managed by disinterested third parties, to cover the future retirement costs it has already incurred by having us work for them. See http://www.trs.state.tx.us/inf... for details. The key point is that the state already got the benefit of my work, so they already paid it's cost, the retirement they promised I'll get later.

That's called the "matching principle " and is a basic part of GAAP. When corporations fail to follow GAAP, the executives can go to prison. You might wonder why. That's because they've acquired my services by promising that I'll get paid later; if they make no preparations to ensure that I'll actually get paid later that's fraud. Fraud in the billions is felony fraud and sends suits to prison.

What USPS was doing was having people work now, and promising to pay them 30-50 years later, but making no provision to make it possible to actually pay them. They were having employees work in 2000 and HOPING that in 2040 they'd have revenue to pay the promised retirement pay and benefits. Of course USPS might not be making any significant revenue in 2040, so there might not be any way to pay retirement in 2040 for workers who worked in 2000. The workers would be shit of luck, screwed out of the retirement they were promised. That's often considered felony fraud, but it's how the USPS was operating.

Congress figured that felony fraud on the postal workers'was a bad idea, and ordered USPS to do two things. First, they had to start setting aside _some_ money to pay the retirement benefits they had already promised to people who had already done the work. Second, they had to WRITE DOWN A PLAN for the fund to become sound within ~50 years.

    They didn't have to follow generally accepted accounting principles yet, but they had to have a plan on how they'd get their shit together within the next 50 years. That's where the "not even born yet" silliness comes from - the idea that USPS has to at least come up with a written plan as to how they won't still be committing the same fraud on their employees 50 years from now, if the USPS still exists in 50 years.

I know it it's fun to pretend that stuff. Just like some people enjoy pretending that Obama was born in Kenya. It kind of makes you look silly, though.

When a private corporation, or any state agency in any of the 50 states hires you to work THIS YEAR, while promising you'll get paid retirement from 2035-2055, they pay out that money to a 401k or other retirement fund THIS YEAR. Work done in 2014 gets paid for in 2014, with revenues generated in 2014.
Failing to set that money aside , normally in the care of a disinterested third party, is fraud and can send you to prison. That's a significant chunk of the white collar guys in prison- they didn't actually set aside funds in the appropriate accounts for various things, they only pretended to.

The matching principle is a fundamental principle of accounting that you learn in the first few weeks of Accounting 101. You have to match expenses (employee pay) with the revenues they generate (postage collected) . You don't get to collect the benefit now and just say "we'll pay the expenses in 30 or 40 years, long after the current board is gone". You have to recognize the expense in the same period as the revenue it generates. Again, disregarding Generally Accepted Accounting Principles is how suits end up in _prison_.

The US Postal Service is actually very unusual in that they had workers working in 2010, but promised to pay for that work in 2030-2050, using revenue they HOPED to generate in 2030-2050. The problem here is obvious - USPS might not be generating any significant revenue in 2040, so how are they going to pay all of those retired workers they promised to pay? With no money set aside, they won't get paid. That's fraud, and that's why private company officers who try that crap can end up in prison.

So you're basically advocating that USPS should commit felony fraud upon it's workers, by promising to pay them a handsome retirement but making no arrangements to see that they are actually paid.

That's an interesting thought. It occurs to me that there are only a few acts which would normally be criminal, but have exceptions for law enforcement purposes. As one obvious example, a cop can't authorize murder, and everyone pretty much knows that. A cop can't authorize robbery.

For those things a court can authorize via a warrant, such as a search that would otherwise be trespassing, the defendant would need to have a "reasonable belief " that the conduct was in fact lawful. Having your buddy sign a document saying he's a cop doesn't get you anywhere since you don't actually believe he's a cop. Having a habit of asking all of your criminal buddies to sign such a statement, and signing it yourself claiming that you are a cop, would tend to show that you know it's a sham. You know that you're not actually a cop, so you probably realize that the other guys aren't cops either. Without a reasonable belief that it's true, the statement is worthless.

I see you forgot to read the title , much less the summary or article. This is about how the MEDIA portrays people in debates over POLITICAL proposals. Most such "science" simply isn't science.

Unfortunately, politics is process of apportioning money and power, so the department head of Climate Science at UC Berkeley, whose job is to maintain their funding, is essentially a POLITICAL position. When the continued existence of your department is contingent on you acquiring a $20 million federal grant paid by taxpayers, that's a political job, not a scientific one, regardless of what the title "tenured professor " might imply.

You're comparing 1990s Apache to 2013 IIS. If you care to know what your talking about, you may wish to have another look to too what has changed in the last 10-20 years. Here's one example that's not only way out of date, but also wrong even for that time period :

> why is Apache still spawning processes for every request that comes in... don't they realize the overhead of that??).

Prior to the release'of Apache 2.0 in 2000 (fourteen years ago), Apache pre-spawned a group of processes and each process would handle one request AT A TIME. It never spawned a process for each request, it had a pool of processes that were reused. Pretty much just like how modern browsers now run separate tabs in separate processes. The #1 reason for that was to allow Apache to use libraries (like GD) that weren't thread safe. If Apache were multi-thread rather than multi-process, you couldn't use those libraries.

Note also that Apache was designed for SERVER operating systems like Unix, Linux, and BSD, not for a desktop OS. On a server OS, forking a few processes at startup isn't that resource intensive- far less intensive that preloading IE and Office at startup.

Of course like everything in Apache, the multiprocessing is done by a module, so you can still use processes rather than threads if you want to. You can do that and by choosing sane settings for the number of spare processes you won't fork new ones more than a few per hour.

> A lot of the performance reasons that are behind people switching from Apache to Nginx

I tested this very thoroughly. 90% of the performance difference of Nginx, which only occurs on some systems, is that it essentially forced noatime, regardless of the administrator's selection of mount options. Back when noatime wasn't the default, less-knowledgeable admins who didn't know to use noatime would see a significant performance benefit from Nginx vs Apache. Knowledgeable admins would mount with noatime, and find that Apache and Nginx performance was almost identical. Knowledgeable admins would also comment out the 90% of available modules they don't use, like mod_speling, and set MaxClients etc appropriately. With a reasonable configuration, Apache can give better performance than Nginx, depending on which benchmark you choose. In all cases, Apache provides more PREDICTABLE performance because it actually works as documented, while Nginx has documentation copy-pasted from elsewhere, but their code isn't actually the same as server they copy-pasted documentation from.

> If I want to include an RCMP officer in full dress uniform in a stage play even in the country where they come from then I have to get permission from Disney to use the image.

That was almost true for a few years, from 1995-2000. The RCMP had a merchandising contract wherein Disney Canada would manage whatever rights RCMP had to the mountie image. They figured Disney is pretty good at managing the branding of a character, so they contracted with Disney to manage the Mountie character.

Does the RCMP have the right to control whether or not you have an RCMP officer in a play? Probably not. The image wasn't a registered trademark, and you're allowed to use other people's trademarks in certain ways. Therefore, they couldn't have Disney manage that right for them.

To the extent they did have Disney managing their licensing for merchandising, that deal ended fourteen years ago.

Thereatpost.com is a good source to stay on top of the latest news and threats. There is new stuff posted several times per week, so staying on top of it takes at least a couple of hours per week.

You can get pretty darn good security at a very reasonable cost, but I can't fit much useful info in a Slashdot post. I read a 586 page book just on securing Apache - there's a ton of information to know and concepts to understand. For a business, especially a web-based business, it probably makes the most sense to hire in the right professional to spend a few hours with you, going over your processes and systems. I've been doing web security for 17 years; before that I did physical security and I'm still learning, so there's just a lot to know.

Maybe the most important principle is to get rid of what isn't needed. Turn off unneeded services on computers, don't store credit card numbers if you don't absolutely have to, don't have multiple copies of sensitive data on different systems. I can't hack what isn't there.

If you consult with a professional, be prepared to alter some of your processes to alternatives that are approximately just as easy to use, but different. Sftp is as easy to use as ftp, so don't let "we've always done it this way" be an excuse to not improve your processes. A FEW changes may be much less convenient, but necessary. That is to say, your professional may say once or twice "yes, this way is more time consuming, but it really is necessary for security ". Be prepared for that, but also expect your professional to work with you to find ways to make security relatively painless most of the time. It'll likely follow strict, but painless, rules if done properly.

Security is mostly about process, not products, and much of the best security software is open source, so the right professional won't be selling you stuff, just spending some time to find what you need and get it set up for you, then help your IT understand a bit and know where to find documentation.

      The right professional will also be able to explain the purpose of any recommendations in a way that you can fully understand. "Because security " is not a valid answer and is most frequently used by people who don't understand the "security" measures they are improperly applying, often in a way that weakens your system rather than strengthens it. It might seem strange to emphasize this, but I've seen a LOT of sysadmins severely damage system security by trying to strengthen it but not really understanding what they're doing. In almost all cases, the people doing crap "security" couldn't explain in detail why they did what they did, and became annoyed when asked to explain in detail. It's a good way to distinguish the few who know their stuff from the vast majority, who don't actually know what they're doing.

I've worked in the field of IT security, so I too will be looking forward to learning details. The story of the TJX incident was quite interesting- not just the technical details, but also the conversations between the perpetrators, the fact they knew they were getting greedy and should have gotten out of Dodge, etc.

I'm not so sure it needs to be either really crappy security or a great cracker. Generally, breaking things is easier than making things, so an average bad guy can defeat average security. I've never encountered security I couldn't bypass, either in IT or physical security. (I'm trained in locksmithing). I'm not the world's greatest cracker, but I only need ONE way in. The defender has to secure EVERY possible weakness. That's a huge advantage.

It's like a football game where one side wins the game if they score just once.

That was a useful system. There are two simple ways to get approximately the same amount of security, in exchange for the same or less amount of hassle.

> tell it that the next time I swipe my credit card, make it generate a one-time number only good for $50?
> I go to Target or Staples or wherever, spend $25, the number is never valid again and I have nothing to worry about.

For $25-$50, that's called cash. No need to pay the credit card company $1 on a $25 transaction, and you are paying them, indirectly. No need to create hackable and trackable records of every little purchase you make daily, either.

The other thing you can do is get a card with a $200 limit, or a debit card and tell them not to allow overdrafts. Set up an automatic payment to the card for $100 twice per month or whatever. That way the bad guy can't hit you for more than $200, or whatever amount you put on the debit card. You can have the bank will email you if your available balance gets low and add another $100 or whatever you're comfortable with. Crapital One makes this very simple and quick, but they are evil so I'd rather use a debit card that has the same options for automating things.