A good point indeed. I'd be more worried about somebody in top physical condition and well-trained in any offensive martial art than about the average person with a box cutter. Yes, technically the blade can do more damage, but the trained fighter is still going to be a lot harder to stop.

Similarly, I'd be more worried about somebody with a short-barreled semi-automatic pistol than somebody with an AK-47 or a .50 sniper rifle. The rifles have way more firepower and probably more magazine capacity, sure, but they're also unwieldy as hell in the confines of an airplane, and the whole "walk very close behind somebody with your weapon muzzle just behind their heart, telling them what to do" deception is really hard to pull off when your weapon is three feet long.

Of course, the TSA is not, and never has been, focused on what an intelligent person would be worried about. It's merely the natural symbiote of the fearmongering politicians: make the populace terrified, and then show yourself to be doing something about it! The fact that it lets you divert lots of tax dollars to your buddies who make fancy scanning machines is the cherry on top...

Not only does it let you lock the gun, but there is no way in hell any airport or airline is going to let themselves be "the one who lost a passenger's gun", because that means some criminal somewhere just got their hands on a firearm that they were responsible for transporting safely. If you want your luggage to arrive safely, a starter pistol or flare gun or similar are probably among the best insurance options you can buy.

Just because .NET APIs call down to Win32 APIs, which call down to NT APIs, doesn't mean that they aren't all different APIs. Same for the POSIX APIs (which, like Win32, chain to native NT APIs). The POSIX ones always specify OBJ_CASE_INSENSITIVE, the Win32 ones do if you specify FILE_FLAG_POSIX_SEMANTICS, and I don't even know if .NET supports enforcing case-sensitivity... but they are still separate APIs. Nobody in their right mind writes user-mode software against the native NT API unless they absolutely have to, and not only because it's prone to occasionally changing in non-backward-compatible ways.

So does Windows, though you may confuse the Win32 API if you use it. NTFS is case-preserving and the native APIs are case-sensitive. Win32 functions can use FILE_FLAG_POSIX_SEMANTICS to require case-sensitivity, and Interix (Microsoft's POSIX-on-NT environment that runs in the Subsystem for Unix Applications or SUA) does so by default. I don't know of any way to make Win32 case-sensitive by default without doing some kind of crazy hooking of the relevant APIs or installing a filter driver to enforce it.

Actually, Microsoft themselves has an API for accessing NTFS drives in a case-sensitive manner, and I'm not talking about the native NT API or even the FILE_FLAG_POSIX_SEMANTICS Win32 file API flag. All versions of NT from 3.1 (the first) to 6.2 (Win8; it was removed from 8.1) have support for a POSIX operating environment - basically a full Unix-like OS running atop the NT kernel - and for proper Unix-like-ness it is case sensitive.

Mind you, Win32 programs do tend to get confused by it all. For example, CMD's "dir" command will list both "test.txt" and "TEST.TXT" in the same directory, and even correctly note if they have different sizes or datestamps. However, the "type" command (print file contents) on *either* name (or some other-cased version of the name) will instead print the contents of one of the files - doesn't matter what you type, the OS will pick - and it will print it twice (once for each copy of the file with that name).

I've been using the Interix (name of the Unix-like operating environment that runs in the NT POSIX subsystem, as reported by the uname command) build of git for years now. I should probably stop - the repo my package manager used has died, and I haven't bothered to set up a different package manager yet so my packages are outdated - but I am, humorously enough, not vulnerable to this particular attack even with that outdated version.

I was just about to say... this is a preview. I wouldn't expect pre-release versions of the new feature to be rolled out across all platforms. We can hope that it will happen once the feature leaves beta, though.

And no navy and airforce large enough to protect it as they make their way across the pacific.

I'm imagining an attack sub commander shooting his tubes empty blowing away converted fishing boats loaded down with soldiers and then wondering what the hell to do about the rest of them. On the other hand, we have torp bombers as well, and those can just go back to bas to re-arm. As you say, it's not like North Korea has the air force or navy to protect them against a carrier group.

But yeah, South Korea is in a shitty situation. Strong economy, high-tech society, powerful allies... and within bombardment range of enough heavy artillery to basically reduce their capitol city if NK decides to let all their crazy out.

Well said. More info, for the curious: http://en.wikipedia.org/wiki/C...

A lot of people don't even realize that web browsers have the ability to generate key-pairs of which only the public portion is ever sent to a CA or anybody else. It's actually a fairly sane system. If you need to export the private key (for example, to copy it from your PC to your phone, or to back it up) then you have to do so through the web browser or through whatever keystore it uses (Windows, for example, has a built in one you can access through certmgr.msc, though Mozilla products use their own store instead of the system-wide one).

Preflight is only required for non-standard verbs or non-standard headers. If you're just requesting data (rather than trying to take some action on the server), preflight is not used.

Similarly, the highly-infectious diseases that the current generation of American parents grew up with - chicken pox, the flu, etc. - tend to have minor effects. Some people die of them every year, but the number is miniscule and most people show no sign of having ever been sick a week after the infection runs its course. Compare with things like Polio (used to kill people by paralyzing their chest so they couldn't breathe and suffocate where they lay, though more often it simply left you with misshapen and crippled limbs for life), Smallpox (scars covering your body even if you made an otherwise-full recovery), and so on. I'll bet a lot of the anti-vaccination crowd, whether they know it or not, think that even if they get infected it'll basically mean they have to stay home from school/work for a few days, maybe take some medicine. They don't ever think about things like being confined to iron lungs (not that we use those anymore, but hospitals used to have entire wards full of them)...

Slippery slope fallacy ahoy! Just because one decision is made for a sound and logical reason of communal good does *NOT* mean that other (unjustified) decisions will be made even if they are promoted on the basis of communal good. Each choice needs to be evaluated on its own merits. Just because some idiots or fraudsters will try to claim that something unwise should be "done for the greater good" doesn't mean doing things for the greater good is invalid as a reason to do things, and the reverse is also true.

Incidentally, did you know that the government is already empowered to arrest you for spreading infectious diseases. If you knowingly infect other people, or if there's an outbreak and you attempt to violate it, you can be prosecuted as a criminal.

Mind you, if you want to withdraw from society and go live in your own little 21st-century equivalent of a leper colony with all the other plague vectors, be my guest. You won't get many visitors - nobody can be 10% sure a vaccine will protect them, so we are all potentially dependent on herd immunity - but you are sure as hell not welcome to freeload on our herd immunity without a valid medical reason!

Your driver's license (or other ID card) seems like one option. If you get found with the "unvaccinated" sticker on your card (sort of like the "organ donor" sticker, but for people who want to endanger others rather than save them) in a public place and aren't masked or whatever, it's a fine. Or maybe you just get thrown out of the establishment. Have fun going to bars (or buying alcohol at a store), or doing much of anything else that requires ID.

This *sounds* awful - a government-mandated mark of belonging to an unpopular minority - but it's a self-selected minority that puts all the rest of us at risk. I see no reason that people intentionally acting as potential plague carriers should be able to hide among the general populace. Maybe if they had to show their true colors they could get through their thick skulls just how horrible what they're doing is...

Boosting the signal, for those who don't read ACs:

CORS (Cross-Origin Resource Sharing) is explicitly intended to support things like CDNs. It lets you make cross-domain XHRs (and access the responses), so the JavaScript-based decoder will work perfectly. It adds minimal additional bandwidth requirement over a standard cross-domain GET (one short extra header on request, a couple on response), is supported on all mainstream browsers, and is much more secure that stupid hacks like JSON-P (though that would work here too, if for some reason you wanted to live in last decade's terrible work-arounds for same-origin policy).

http://en.wikipedia.org/wiki/C...

I realize that this is Slashdot and we have a great tradition of not RTFA, but given that this is about an image format you could at least go LATFP (Look At The Fucking Pictures). It's also an impressive display of how well image deciding using JavaScript works (but then, this is the guy who wrote an entire x86 emulator capable of running Linux using JS, and even made it work on IE; I have no doubt as to the man's skill in that realm).

Link for image format and quality comparisons: http://xooyoozoo.github.io/yol...
Link for info about the image format and links to more comparisons: http://bellard.org/bpg/

Well, you can pre-pin a cert (Google does this with their own properties, for example, and as of Firefox 32, Firefox does it for Mozilla stuff and I think some Google stuff). You can also always manually check a certificate's fingerprint before you send any data over it. That leaves the question of what you check it against, of course, but that's the whole key distribution problem; at some level you have to have a trusted source of key identity.

I really do wish there was more support for TOFU (Trust On First Use) in browsers today, though. For example, I *can* explicitly trust a self-signed certificate for example.com. However, if I later get a different cert for example.com, my browser will simply evaluate it the way it would evaluate any cert (for example, if it's signed by a Chinese government-controlled CA, the browser will trust it unless I've removed trust for that CA). None of the major browsers will stop and say "Hey, that is *NOT* the cert I expect for this site!" the way SSH (or Remote Desktop, for that matter, which also uses TOFU) will. This greatly irks me. Certificates don't change that often, and most of the time it's just an update to the expiration date or adding a new subdomain or something else innocuous like that. Even a change to the public key isn't that big a concern, especially if the old key is revoked; people rotate keys sometimes as a matter of good practice. But a change to the CA, or a change to a pinned leaf node (where I basically said "this shouldn't change"), ought to raise warning flags.