You'd think Kremen would just have the guy kidnapped and torture the info out of him.

6 months probation for committing an armed robbery? That's nuts.

From the victim's perspective, he thought his life was in danger because it likely looked like a real gun. From the perpetrator's perspective it was a bluff, but the victim didn't know that. In most states the victim could have used deadly force to defend himself and easily gotten away with it. Even the best police department wouldn't have even blinked if an officer shot him with it. And it's not like it's impossible to seriously hurt someone with a BB gun.

Further, the perpetrator showed the willingness to use violence and the implied threat of death to accomplish a robbery. It's reasonable to assume this person is dangerous and a threat to society -- maybe next time he has a real gun, and the time after that he's willing to pull the trigger.

The fact that he stole pot doesn't matter. If this same guy had robbed your grandma's purse with a BB gun would it still seem like a 6 months of probation crime?

I am unable to explain how dis-appetizing this ending choice of phrasing was.

This may be the first textual diet suppressor.

We buy certs for corporate resources.

Purchased certs are too expensive to buy for every possible thing you might want to encrypt without a certificate error. There's all manner of internally facing services that don't need public certificate verification and a perfectly useful method of distributing trust for those certificates.

I would grant you, though, that there should be some kind of security setting that makes adding a root CA much more difficult for non-domain members. But don't make it impossible, that could set an ugly precedent for taking away the ability to require only third party trust.

Well, western voters haven't been sufficiently motivated to get behind the kind of violence the grandparent alluded to. If a significant population center was hit by a suitcase nuke, I have complete faith that the American populace would demand nothing short of total victory. It wouldn't be labeled genocide and even white middle aged professors who said otherwise would probably be risking a lynching.

The U.S. would just apply maximal, scorched earth total warfare which would probably be on Dresden scales of brutality. We've done it before and half of it targeted white people. Add in a difference in race and how sympathetic do you think the American public will be about a bunch of Arabs getting their village burned and shot in the street? And how hard do you think it will be to find legions of Appalachian crackers willing to do it?

The good news is that you wouldn't actually have to commit active genocide. Once you've destroyed a couple of cities and their populstions and bombarded the rest you really can break their will to fight and get the population to submit. This has been demonstrated since before the Classical period. This is EXACTLY how you defeat an enemy and conquer him.

It sounds reasonable, but I don't find it compelling. One of the biggest trends anymore is the "home grown" terrorist, the one who who commits act of violence in his home country.

I'm still puzzled why so many apparently soft targets haven't been hit, at least once.

It could just be that the "threat" is greatly overstated.

From the halls of Montezuma to the shores of Tripoli.

I wonder why it hasn't happened already. Despite the panopticon and run of the mill police misbehavior, America still seems like a place where you can move around pretty freely without many obstacles.

Obtaining weapons isn't hard and I doubt there is a terror group out there worth their jihad who wouldn't also know how to convert a semi-automatic-only assault rifle into full auto capable fire, either via either illegal trigger group replacement or modification.

Crowd events are frequent and places like malls are often crowded, providing ample targets for assaults on civilians. Many significant industrial sites like oil refineries or power plants aren't well guarded (nuclear plants may be an exception) and even if a handful of key infrastructures like bridges and tunnels are well guarded, many aren't.

It just doesn't seem like there would be many barriers, require that much skill or planning to do what they have threatened. In terms of terror, the payoff seems immense.

So why hasn't it happened? Is the panopticon that good? Are they just burying all the stories of thwarted attempts?

I'm not asking the question whether armed civilians thwart crime generally; that's a different debate with evidence posited on both sides.

I'm wondering if the people who might plan an attack similar to the one at the Kenyan mall or the hotel in India and consider such an assault in the US take into consideration any risks associated with armed Americans, either carry permit holders or even those who carry illegally.

There's the risk of the assault being cut short or otherwise failing because the attackers themselves come under fire from armed civilians as well as the potential publicity failure of "armed citizens kill terrorists, stop attack" type headlines which would potentially demonstrate that against American citizens, terrorists are weaker than Americans.

I would suspect that such risks would be downplayed -- a terrorist event could be considered a "success" just from emptying an AK magazine into a crowd at a mall, even if the attacker(s) were killed immediately after opening fire. Plus there may be the belief that at best they would be up against unskilled persons who were outgunned (handguns versus rifles).

What's the Volt like for interior comfort? I'd guess that its better than most small cars simply because you don't have to listen to a lawnmower engine scream for mercy, but what about seats, climate controls, ride, noise, etc?

I'm pretty spoiled now, my current car is pretty much the opposite side of the automotive equation -- a Volvo S80 V8. Mileage is awful by any standard, about 18-20 for my typical driving (pure long-haul highway is about 25).

But about 2/3rds of the time my daily driving is 60 miles or more and it sure is nice to spend it in a quiet, comfortable car with good climate controls.

It's de rigueur, and honest funding sources expect you to credit them.

In my field it's usually a paragraph right before the references cited. Sometimes there is also a Conflict of Interest statement, which I think is required by certain journals.

It makes brains so big it takes two stories to cover them.

And only a month after the first public posting of the vulnerability, in their own forums.

Some guy accurately describes the vulnerability, complete with screenshots showing a Superfish-signed online banking page, and posts it to the public Lenovo Security-Malware support forum, and they take no public action for 29 days; yet around the same time, they stopped installing the software on new machines. Only when it's a scandal do they first make statements that are designed "to defuse the situation", which, in this case means trying to convince their owners that their dangerously compromised and possibly already-exploited machines are safe, and then (perhaps when someone points out that such statements are only going to increase the price tag from the inevitable class-action suit) do they start behaving properly.

So, no, that's not a speedy response. As a company selling a product, they are ultimately responsible for everything that product contains. They have a duty of care to make sure that the goods they are supplied do not place their customers at risk. If one of their trusted partners wants to load a Root CA onto their machine, it better have a good security case for it. "Used by major commerce sites", for example, is a good reason; "allows us to break SSL" is a bad one. Ignorance is not an excuse. If Lenovo is not loading up their machines with all the crap they put on it and auditing their installed certificates, they are not doing their duty to the customer.

If Lenovo tells people their machines are secure, when it has known for a month at least that they weren't, it is making things worse for itself. Saying they don't read their own public support forums, or that the information didn't get to the right person doesn't amount to an excuse so much as an admission of guilt. Claiming that PR flaks are there to give these kinds of messages slanders the job of spokespeople: specific people are assigned precise messages to communicate to the people exactly to avoid statements that would open them up to litigation.

Right now, we don't know of any security compromises that occurred via Superfish. We may never hear of them, but that doesn't mean that they never occurred.

Right now, Lenovo seems to have their best PR approach underway: release the uninstallation tool, contact every anti-virus provider on the planet, contact everyone who registered a product with them, and then shut up and start saving pennies for the settlement.

Obviously there will be a political response we'd kind of expect, restrictions of various sorts to limit materials, printers, exchange of designs someone owns the IP to, etc.

I'm more curious what the organic market response will be.

For items that could conceivably be 3D printed, will manufacturers sell 3D plans? Make a better product that can't be 3D printed with the same quality or materials?

The Leaf's sales numbers are probably all about price -- at $35k, it's much more in the range of the typical middle class income. I think the Tesla gets the most focus because of cool factor and also because it seems to have the fewest compromises -- long range and it's pretty big.

I think a lot of people look at it from a perspective of having it "just work" with their lifestyle. Enough range for pretty much any metro area driving and enough size that it would be comfortable.

The Volt would work for me since there's no specific range limit, although the size I find kind of limiting. I work as a consultant so I don't have a defined commute pattern, but 50 miles isn't uncommon and I'd like a vehicle that could do that on all electric which the Volt couldn't do.

IMHO, Chevy is kind of missing the boat on this. I think they get the generator part right but the all electric range seems to come up short. It'd be interesting to know how many additional kWh of battery they would have to add to get the range up to 100 miles. It may just be that the additional weight of battery would be just so power-sapping that it wouldn't work.

It's also surprising the engine has a cast-iron block. I would think that an all-aluminum block would be a valuable weight savings, allowing for more battery "for free".