It takes a lot of light--A LOT of light--to grow big, healthy plants.

LEDs are great for growing seedlings, and also lettuces and strawberries and other "low" crops. But when it comes to corn or tomatoes or other things that get tall, you need 4x-6x the lights in order to cover the mature plant. It's a big investment.

Cmd-Shift-Delete on a Mac.

Nice shortcut, thanks!

Yep. Bingo.

Safest solution is to write your own "browser" in PHP or something and keep the request headers limited to just GET and Host:, and don't download any linked stylesheets, scripts, images, favicons, objects, or embeds. Have fun with that!

It *would* be nice if there was a paranoid mode in Firefox or Chrome that prevented cross-domain resources from being loaded. But that would break a bunch of sites, too, where some yokels bought the argument that speed is everything and spread their frontends over a bunch of different subdomains and third-party CDNs.

1) Let's say you had a rootkit-like patch for a popular model of carrier-grade fiber optic switch. Now let's say that you control one or more key employees of an engineering company that installs carrier-grade networking equipment in various parts of the world. Gives it to universities for free. Operates popular chains of internet cafes.

2) Let's say you deploy large numbers of compromised TOR routers in all of your embassies and consulates. Or as a botnet.

3) Let's say you have a team of skilled malware writers that work on creating network sniffing botnets. Let's say the malware is also able to install a sniffer on several popular models of wi-fi access point, with known (and unknown) firmware issues, backdoors, or simply default passwords.

4) Let's say you have massive arrays of wi-fi and cellular antennas installed in all of your embassies and consulates, and 60 years of experience isolating and processing signals from distant enemy transmitters.

Those are four possible scenarios. I'm sure if you think about it you can come up with others.

We all know that the Internet is inherently insecure, and that software is exploitable. Given enough storage to capture everything in real time so they can apply map-reduce to it, the NSA (and presumably other spy agencies) have their work cut out for them.

+1 - unlike most states, California could actually pull secession off. Big population, lots of industry, geographically diverse and geographically isolated. Great trade connections. Plus most of the rest of the US wishes they'd fall off the edge of the continent already.

Good luck getting much water out of the Colorado river post secession, but that's been drying up anyway.

If California were to secede, I would move back in a heartbeat.

Some followup, via http://blog.foreignpolicy.com/posts/2013/07/09/can_the_us_create_a_national_park_on_the_moon:

The 1962 Declaration of Legal Principles Governing the Activities of States in the Exploration and Use of Outer Space prevents states from asserting claims over parts of outer space, including the Moon.
http://www.oosa.unvienna.org/oosa/SpaceLaw/gares/html/gares_18_1962.html

However, according to 18 USC 7, spacecraft in flight (that is, that haven't returned to Earth) are US Territories.
http://www.law.cornell.edu/uscode/text/18/7

So Congress could theoretically declare that the spacecraft we abandoned on the Moon are a National Park, but they have no jurisdiction over the areas around them that were explored by astronauts.

This isn't about who owns the Moon, because obviously no one does.

The more interesting question is, does the USA own the sites where our astronauts landed? And it seems to me that, absent any other legal precedent, we do. Or we would at least have a better claim to those sites than anyone else not currently inhabiting them.

I'm a little surprised that Congress, in 1969, didn't declare the Moon (or parts of the Moon) to be official U.S. territory, annexed by whatever means we used to annex a bunch of islands in the Pacific, and a big slice of Antarctica. Perhaps there is a residency requirement, but there are at least a few island territories that have no permanent inhabitants.

Anyway, I don't mean to troll -- we came in peace for all mankind, etc. But obviously there are analogous cases on Earth that could be used to define a protocol and legal framework for claiming non-contiguous, unoccupied land as a territory belonging to a nation-state. And if we didn't do it right during the Apollo missions, then that sounds like a damn fine reasons to haul our asses back there and stake a proper claim.

Quickest way around that: send out a few emails as the company CEO, and set the Reply-to address to a random colleague.

Loads of fun, and all you need is a command line on a server somewhere.

Don't blame me if you lose your job, blame RFC 822...

Yep. I'm a long-time web developer, and I do a lot of thinking about security and the sorry state of it on the Internets.

Any time you decide to include third-party code in your pages, you are asking for trouble. The list of hijinx that a third-party script can cause (even with strong cross-domain protection) is limited only by the imagination of the attacker. For instance, even if they can't get at your precious session cookie or local storage data, an attacker can modify the DOM, right? And show a big, window-filling DIV that looks exactly like your login screen, complete with your own assets. Good fun.

I cringe when I see big, commercial sites that ought to no better include trackers and other code from services they do not control -- in many cases poorly-funded startups that could fold or be bought out overnight. And if someone unscrupulous gets ahold of the company, or just the domain? Boom, code injection across your entire site.

Because that's exactly what we're talking about: remote code injection as a best practice. It's the most ridiculous head-in-the-sand way to deploy software ever invented. You would never stand for this kind of thing on your desktop (running an unsigned executable over http) but for some reason it's how things are done on web pages. Sure, your browser provides a sandbox, but everything inside that sandbox (your web app!) can still get arbitrarily hacked.

Web security is a huge freaking mess, and it's going to take us a generation to undo the standard procedures and move to a place where security and privacy are more than just buzzwords.

THIS. Does he weed out his own spam, too?

But also, deleting comments you don't like shows a critical failure of imagination. There are better ways to handle trolls, and better things to do with one's time.

Put a "flag for moderation" button on guest posts. Every time a trusted user clicks it, the post's font size becomes smaller.

It's not censorship if anyone can still read the posts that have been modded down.

Exactly - an exploit that has user level access can impersonate you until it is discovered and wiped out. An exploit that has admin access can patch your keyboard firmware and impersonate you (and everyone else who uses your computer) forever.

Unless your machine is used by multiple users, most of whom do not have admin rights. Think Windows Server, or a laptop that has been locked down for guests or kids to use. Or if you're one of those smart/paranoid people who doesn't give their day-to-day user account admin rights, in order to protect themselves.

Many of of assume that our machines are already compromised out of the box. The compromises just haven't been found or disclosed, yet.

Your passport number is a secret? No.

You do realize you have to write it on entry and exit forms, and hand it over for scanning at border crossings, right?

Sometimes, you're even required to surrender your passport to a foreign embassy for a few days so that they can wipe their noses with it before they return it to you with a visa affixed, and god knows what RFIDs or chemical tracers embedded.

Your passport number is essentially public. Get over it.

Finally, a reason to love the conservative vilification of Hollywood! (Brought to you by... Hollywood! but I digress.)

The business model for cable television relies on bundling, where a portion of your monthly cable bill goes to all those channels that you have access to but don't watch. If this bill passes (FAT CHANCE) it will utterly change what cable looks like.

Fictional example: The Dogfood Channel gets 1 cent per month for every subscriber. But because Dogfood's parent company Viacom requires any cable operator that carries MTV to also carry Dogfood, the 200 million cable subscribers with access to MTV mean a revenue stream of $2,000,000 *monthly* for Dogfood. Most of which is shared back to Viacom, which spends maybe $10,000,000 *annually* to produce the warmed-over reality advertorials on the channel. That's $14 million in profit for Viacom on just one channel.

The big TV producers have a huge incentive to invent new channels full of cheap fluff, and force cable operators to carry them.

Cable companies, by the way, will likely be in favor of this legislation, because if subscribers only pay for what they want, and the operators charge overhead on each selection, then they stand to make more money then they currently do. At any rate, a larger percentage of what subscribers pay will stay with the cable company, rather than going to access fees on all those channels they didn't want to carry in the first place because nobody watches them.

It will also make the local advertising that they sell worth more because there will be way less inventory, and the ads will reach a much more targeted demographic.

On the other hand, if I can get a la carte channel service via the cable company, why not just skip the middleman and order my channels directly from the producer, via internet streaming?

This bill will never pass, but only because it destroys the business model of a handful of big, powerful TV production companies. Consumers and cable companies would both benefit, at least in the short run.