What we need to do is simple: We need to define, in simple print, that corporate fictions are not in fact citizens, and as such, do not have political freedoms or civil rights as such.

It's good, and I think you are right that (by hook or by crook) it must happen or decline is inevitable. I think, though, that we must also define that compulsory speech is not free speech. That free speech is the freedom to express yourself, not the right to pay others on the condition that they express your views -- ie: advertising is not free speech.

Any scientists care to produce data on how much cooling that hunting the large numbers of truly enormous herds of buffalo that covered many square miles to near-extinction produced? The temperature records I've seen do not show any such corresponding result.

There are about twice as many bovines in the US now. Estimates of the population of bison in the 1500s are 30-60million. There are 90million cattle in the country now. The biomass of a bison was commonly 300-1000kg. The biomass of a beef cow at slaughter is about 600kg average: So I what you're seeing is a replacement of one bovine with another, with a increase in population and biomass.

So you're saying in effect that if the buffalo herds had grown to ~30% larger that it would have had a significant effect on global warming? That's quite a leap.

If global climate is so delicate we're all doomed no matter what we do.

I'm all for solidly-based, practical, cost-effective, common sense, and pragmatic efforts to protect the environment. This whole CO2 and climate-change alarmism is not any of that.

The Earth is in a warming cycle that will continue until it peaks and reverses back towards another ice age, no matter what we puny humans do. We can only make tiny-to-the-point-of-irrelevance changes in the rates of those changes.

Rather than attempt to put chains on the growth of civilization and the freedom of men, why not trust that humans will do what they've always done? Adapt, survive, overcome, and prosper. With the growth of civilization also comes a growth in our ability to adapt, overcome, and mitigate.

Also, with the growth of civilization will be a growth in our ability and desire to move problem-making industries like energy production and many other types of industrial operations. Once humans start moving such activities off-planet, there will be a chance for Earth's natural processes to abate and recover from the damage we may have done on our way to maturity. Humans can't advance as a civilization and live like they're afraid to walk on the grass.

You can't have humans totally proscribed from causing any potential damage to the environment or climate. It's going to happen no matter what, and no matter how many laws are passed or treaties that are signed. Not saying I favor a free-for-all. As I stated above, pragmatic and cost-effective rules that can reasonably be enforced, and that don't do more damage than they're intended to mitigate.

"The secret is to bang the two rocks together, kiddies!" - MC at The Restaurant At The End Of The Universe.

Strat

You are correct in that the Republicans in the USA are not actually free market capitalists, which is what USA is supposed to be - a free market capitalist Republic.

Republicans are not different from Democrats in that they have their own constituents and those are the people that are tightly connected to the government and the Federal reserve is sponsoring them.

Unfortunately for the USA (and really for the world in general) USA Republic has degenerated into a 'democracy', which really only means that the majority of people are kept in the dark of who is truly running the show, but that is the problem with the mob, the collective, you can't have a democracy that does not degenerate into oligarchy, because the people are stupid and will vote against their self interest, however when I say that I do NOT mean what the average /.er means. I do NOT mean that voting for free market capitalism is voting against your own self interest, quite the contrary. An average (not one of the top wealthiest people) person should always vote LIBERTARIAN (or more correctly - free market capitalist, whatever that is. It can be a libertarian or it can be an anarcho capitalist or an objectivist, doesn't really matter much which one of those).

However the mob votes for the short term satisfaction that is promised by any lizard politician and the end result is always the same: the politicians end up with all the power, the individuals end up stripped of their rights and of their property, basically of their right to pursue happiness on their own terms.

The politicians end up gatekeepers for the top most connected people, the government is a mafia that uses threat of violence to destroy individual freedoms and sell them to the top bidders.

Free market capitalist republic (or even a benevolent dictatorship, like Singapore) works to improve the conditions for all people by allowing the true private property rights and self determination, people work to improve their own situation and as a result they increase the overall wealth in the system. The top wealthiest people do NOT need free market capitalism, they are just fine within a system that is corrupt, they can afford to purchase the gate keepers.

It is the middle class and the POOREST of the people that benefit from free market capitalism, they get the lowest prices and the biggest selection of all products and services that the system builds.

19th century USA was a very good example of what free market capitalist system does to improve the standard of living for all people, not for the richest people, but for everybody. The standard of living was rising faster than at any other time in history because of the freedom, private property rights, the rule of law (rule of law means applying laws equally to everybody regardless of their personal circumstance, that is true justice and morality, not what the mob thinks morality and justice are).

Today that example is found in Singapore, Hong Kong, Switzerland, China, but actually the Scandinavian countries have been on the correct path for the last 20 years, since the time they started moving in the right direction 20 years ago, when they finally destroyed their economies with socialism. Today they are much more capitalistic and responsible (have little to no debt) than the so called 'capitalist' nations like the USA.

Of-course currently the ECONOMIC STUPIDITY is reaching some insane local maximum, with the vast majority of the population believing in nonsense, Keynesianism, socialism, welfare state, other such equally destructive patterns of behaviour, so for example in Switzerland there will be a referendum to attempt and introduce a minimum wage and a welfare system, those are huge mistakes and the only reason the Swiss can even talk about it is the fact that they grew their economy so much in an actual free market capitalist system, so now they just may be ready to start destroying it with the socialist nonsense.

In any case, as I said, people are very very stupid, the majority have no clue about the economics and how it works and what is in fact in their best interest. The special socialist groups that benefit from the dependency state and from poverty (they thrive on the poverty votes and movements) are using so much propaganda on the general population, that at this point average economic intelligence is probably the lowest in history of human kind. The cavemen understood economics much better than the current population, at least the cavemen didn't buy into demand side nonsense, they knew that they had to produce stuff to enjoy higher standard of living.

I don't have any illusions about the people around me, they are stupid, economically illiterate, they act against their long term self interest and they will fight to keep that nonsense going, so from my perspective right now it makes complete sense to try and live outside of any established system of nations and states, to structure affairs in a way that would minimise the damage by the political systems established in the vast majority of the world today. Be smart, don't ground yourself, ensure that your assets are global, not local, ensure that your business is never tied to the place where you are supposed to pay taxes, pay attention to how it is done by the people that know what they are doing, etc. etc.

Deveops types aren't the kind of people to be crawling around under desks or helping directly to push for a release milestone.

They're the go-betweeners, sort of a cross between senior sysadmin and development project management assistant. They are the internal toolsmiths, depending on the blacksmiths to produce effective metal so they can hone the tools for the carpenters' needs. They are broadly skilled and know how to at least muddle along in both a developer and a sysadmin job, but prefer the big picture of orchestration. They're the ones who figure out where the shortcomings are, and are broadly skilled enough to jump in and provide possible avenues and solutions, seeing where one side can't fix a problem, and the other may have a solution.

Exactly.

This "there is no role for devops in a mature company" attitude cries back to the age of isolated business units with isolated departmental goals, often where sales sells products that don't exist and engineering produces products nobody wants. The money to run the company will come from somewhere!

In short, developers don't want to dogfood, because that's hard. It's much easier to not challenge yourself with divergent ideas from what you and your brainfund coworkers cook up: after all, developers made it, so it must be good.

And yes, devops is an integral part of dogfooding. It makes sure the left hand is talking to the right, Support is able to effectively move issues laterally, operations can effectively provision IT infrastructure budgets, and Engineering can focus on the real issues that impact the product. It's called teamwork. If you can't get this part done right - at the very least, making sure your product works in an operational capacity internally - how can you expect it to be a commercially viable option out of house?

Fixed within, 24 hours on 187 servers running open source openssl libraries, f and earlier versions.

I still do not have fixes for about 5 proprietary customer products, and there has been no word from 3 of them if they intend to fix them.

I have informed my customers that they should consider moving from the proprietary products IF they have the cash to do so.

I really do not see your point in asking the question.

You cannot design and build secure software to begin with.

You need to have the source code for the forseeable future now because of the world we live in.

Very very bad people are coming out of the pit and they want your infrastructure, your data and your intellectual property.

But above all, they want control of you.

Open Source can prevent a world like that from taking hold, but it cannot save a fool from his foolishness.

... ask yourself a question, why is it that everything in USA was done "up until the 1970s" and then all of a sudden there was a gigantic decline (from building, to meaningful manufacturing jobs, to wage disparity, to ability to afford anything, etc.etc.etc.)?

So what is it that happened in the 70s that changed the USA economy so much? 1971 - Nixon defaults on the gold US dollar. The reason? Inflation that was caused by the Fed, all the massive government that could never be paid for with any amount of taxes (never mind the insane tax rates before that time).

It's the government, my dear, USA government has destroyed USA economy.

The reality is that it doesn't matter WHAT the law says. If they obtain the data, they can and will do anything they want with it. I knew this long before the whole NSA "expose`".

I am not saying we shouldn't make laws about it, or even try to enforce them, but I am saying that laws and enforcement are not enough. To some degree, the government (and businesses) simply should not have access to certain data in the first place because it is the ONLY way to prevent it from being used in an abusive way.

Not sure what the big news is.... like we didn't already know this? They probably already have access to every state's DMV records, which include photographs for every person who has a driver's license or ID card. I would estimate that is maybe 90% of every adult citizen, alone.

And yes, it upsets me.... far less than fingerprinting or DNA, however. The only privacy-friendly biometrics are those that we don't "leave" all over the place, and can't be collected or taken without our knowledge. That leaves things like retinal scans and deep vein pattern recognition.

Just like a malicious client can suck data out of a vulnerable server, the same can work in reverse, though clients tend not to keep an SSL connection open any longer than they need to (unless, it's IMAPS or FTPS or chat or some other application with persistent connections).

If you suck the private key out of a bank webserver's RAM, then perform a MITM attack on the bank users using the bank's own certificate, not only can you get their bank credentials (by them filling in the form and sending it to you), depending on the browser you may or may not be able to suck up other accounts from them (eg user logs into a credit card company site to see their bill, then logs into your fake bank to see if they can pay it).

Closed source is hazardous in many ways. Along with being more frequently targeted, the NSA revelations showed that Microsoft worked with the NSA when deciding how quickly to close some holes. Another hazard is the threat of being attacked and/or sued by companies whose products were found to have problems.

No question the heartbleed thing is a huge and embarassing problem. But you know? It's actually kind of hard to count the number of high-profile vulnerabilities in F/OSS software as not a whole lot come to mind. On the other hand, the list is enormous for closed source from large companies... also hard to count but for another reason.

It does highlight one important thing about F/OSS, though. Just because a project has enjoyed a long, stable and wide deployment, code auditing and other security practices are pretty important and just because it's a very mature project doesn't mean something hasn't been there a long time and had simply gone unnoticed for a long, long time. People need wakeup calls from time to time and F/OSS developers can be among the worst when it comes to their attitudes about their territories and kingdoms. (I can't ever pass up the opportunity to complain about GIMP and GNOME... jackasses, the lot of them.)

Closed source is not inherently safer. Raymond's proposition is theoretically sound, however in actual practice, the NSA has "many eyes"...

What if this was not 'OpenSSL' but instead it was some form of 'ClosedSSL' library that had this problem in it?

NSA would still have access to THAT code, you can bet your ass they would, they wouldn't leave a project like that alone. However nobody else would know (unless stumbling upon it by chance or being able to access the source OR if some insider SOLD that information to somebody on the outside and now you'd have a vulnerability that is exploited by the gov't and by shadiest of the organisations/people out there).

This does not change the discussion in terms of open source code being safer, this changes the discussion around certain practices of development / testing and also this may attract more attention of people towards the SECURITY of our information on the Internet and hopefully we'll move in the direction of working out the details of actually much more SECURE methods of communications.

I certainly have a few ideas of my own that I would like to implement now, but never mind that. The point is that this is good stuff, it finally shed a light on this topic, that should have had much more light on it for a much longer period of time in the first place.

We need better methods around building security within our systems and I think this raises the bar.

by "whining" are you implying that I do not vote in firehose? Is that your professional opinion, I mean, are you paid to believe that or is this just a result of being an ass, your statement here?