I don't know that much about how these projects are actually organized. I could be wrong, but it sounds to me like basically a PHB at Oracle decrees that a certain feature should be added to java, even though it's ill-advised from a security-design point of view; then code monkeys at Oracle implement it; then people out in the OSS world (the project that used to be GNU classpath? IcedTea? OpenJDK?) import the code into their own implementation, which is really the same code-base with just a few IP-encumbered parts replaced with open-source work-alikes. AFAIK the present security hole was present in every implementation of java 1.7 for the last 6 months, not just windows implementations or implementations downloaded directly from oracle.

If anyone has deeper insight into how all this is organized, it would be great to hear from them.

Not true. Postscript is a Turing-complete language. PDF is basically a redesign of postscript that, among other changes, makes it into a Turing-incomplete language. This makes PDF inherently more secure than Postscript.

The security flaws that keep popping up in Adobe Reader are not holes in PDF itself, they're holes in other features that were added on later, such as the ability of recent versions of PDF to embed javascript. By default, AR will execute javascript that's embedded in pdf files. This is both a privacy (people can track readers) and a security issue (more than one stack overflow bug has been discovered that's related to js). To disable js, go to Edit, Preferences, JavaScript, and uncheck "Enable Acrobat JavaScript".

Better yet, simply don't use AR as your PDF plugin in your browser. On linux, Evince is pretty good.

The situation with PDF is actually closely analogous to the one with java applets. Both technologies were designed with security in mind, and are inherently possible to implement straightforwardly in a secure way. Both are open specs that are freely implementable without paying patent royalties. In both cases, the evolution of the spec is currently being guided by an evil corporation that doesn't care about security. The main difference is that in the case of PDF, the relevant read/write functionality exists in multiple completely independent implementations, whereas for java, there is no full reimplementation by anyone besides sun/oracle, only implementations that use almost all of oracle's code and replace portions that weren't freely available.

To paraphrase a well known saying, I think it's time for the internet to start seeing oracle as damage and route around it.

One really simple thing that seems needed, and that should be extremely simple to do, would be a whitelist/blacklist plugin for java applets in firefox. The vast majority of java applet users are probably people who work in a bank, a law practice, or a medical office and only ever need to use a single applet. They need an option where they can blacklist all java applets by default, but allow applets from medicalrecords.com or whatever. These folks can't just disable the java plugin completely. Setting plugins.click_to_play to true is also a solution, but it breaks sites that use flash, and it doesn't protect the business against an office worker who clicks on stuff without thinking. (I tried setting this flag on my desktop box at home, and was too much of a nuisance. This is what I have flashblock for, and flashblock does the job better.)

Another helpful step would be to make it easier for people to find out which versions of java they have on their computers and easier for them to avoid unsafe versions. On my ubuntu box, managing this is a total mess. If I do "java -version", it tells me I'm running java 1.6, which would be immune to this vulnerability. But if I check inside the directory /usr/lib/jvm , it turns out I actually have 1.5, 1.6, and 1.7 all installed. Well, which one is firefox using? I get zero results from dpkg --get-selections icedtea . In firefox, doing tools:add-ons:plugins tells me I have IcedTea-Web 1.2, which tells me nothing about the java version. Typing about:plugins in the url bar shows me literally two dozen version numbers. Googling turns up somebody's test app at http://javatester.org/version.html , but (a) how do I know this guy isn't a black hat, and (b) even if that showed I was currently running 1.6, what happens if a future apt-get upgrade bumps me into 1.7?

The final thing that should really happen IMO is that the OSS community should get off the java upgrade treadmill. The IcedTea project should designate some version such as 1.6 as a high-security, stable version and focus some real effort on making that version secure. Distros should stop packaging 1.7+ until the dust settles -- and if that take a couple of years, who the heck cares? Hell, I wouldn't care if it took a decade, or forever.

I see a lot of posts saying, "I don't need java applets. None of the web sites I visit use java applets. We should use this an an opportunity to let java applets die. Die, applets, die die!"

There are a lot of problems with this simplistic response.

One problem is that a lot of people are using java applets to do things that are important to them. Applets are widely used in the medical industry. I teach physics for a living, and there are several educational applets, written by other people, that I use to demonstrate ideas about thermodynamics. (Warning, car analogy coming up.) Just because you don't drive a Honda Fit, that doesn't mean it's OK to tell every owner of a Honda Fit that they aren't allowed to drive it anymore.

The other problem is that you have to consider the alternatives.

Javascript is in many ways a nice little language. However, it's a disaster because of the lack of a standardized DOM, and it simply doesn't have the necessary facilities to do all the things that a java applet can do.

Flash is essentially proprietary, has been designed in a chaotic way, and is a frequent vector for malware, comparable to java applets and adobe reader.

Silverlight is only viable on Windows.

Java applets, warts and all, have some important advantages because of the design of java. Java was designed to be extremely portable. Java (unlike flash and javascript) was intended from the start to be a good general-purpose programming language. Java and java applets were vastly overhyped back in the 90's, but java applets are in fact an important and useful web technology that some people need and want. The problem seems to be that an important and useful web technology has fallen under the control of a corporation that is irresponsible about security.

Thanks for the suggestion, but I tried OSRM, and it seemed just as bad as yournavigation.org, if not worse. (I wanted to do a side-by-side comparison, but yournavigation apparently isn't working right now due to hosting problems.) As with yournavigation, OSRM breaks the route down into a large number of microscopic parts. Also, when I asked it for directions to 4926 W. Rosecrans Avenue, Hawthorne, CA, it inexplicably changed my request to a request for directions to South Tajauta Avenue, Los Angeles, CA, which is a completely different place. The blue route is also invisible overlaid on top of blue freeways.

I'm a college professor.

The clickers, which are expensive for students, were never needed in the first place. The people who pioneered this teaching technique started by having students raise hands to vote. They observed that some students were reluctant to be embarrassed in front of their peers by raising their hands for a choice that might be wrong, so they handed out large cardboard cards with letters ABCD on them. Students held up the card so only the professor could see. Worked great. The clickers are a waste of money for students, and the extra functionality they make possible is extremely minimal in proportion to the cost.

The idea of only supporting students' tablets is silly. It may be true at the University of Spoiled Children that basically everyone owns a laptop or tablet and brings it to school, but I assure you that that's not true at the community college where I teach. My students are generall extremely cheap and extremely broke. The projector works great. It's up at the front of the room where everyone can see it. If I need to point to it, I can pick up a meter stick and point. If I depend on students to have tablets, then at any given time some big percentage of them will be off task for a variety of reasons: don't own one, didn't bring it to school, dead batteries, using it to play games, doesn't have the right browser plugin, doesn't have enough resolution, wifi isn't working, ...

I like OSM and have spent a bunch of time adding edits to it. It's great for things like hiking trails and urban running trails, which usually aren't in google maps. There are some very nice web-based interfaces for making contour maps (example from closedcontour.com). What's really missing is decent driving directions. Yournavigation.org sucks.

Hallelujah!

(a) High school is already enough of a dehumanizing experience.

(b) I have two teenage kids. Their generation is growing up thinking that it's some kind of crime to walk home from school and kick pinecones instead of getting driven straight to soccer practice and then SAT prep.

(c) http://en.wikipedia.org/wiki/Slippery_slope

It's been normal English-language usage since before English was a written language. "And therfore at the kynges court my brother Ech man for hymself." - Chaucer. "And there were in the same country shepherds abiding in the field, keeping watch over their flock by night." -- King James Bible, Luke 2:8

Generic "they" is also not a modern innovation. Generic "they" and generic "he" have coexisted ever since Old English's grammatical gender evolved into Middle English's natural gender. Generic "they" was used by Shakespeare and Austen.

Unless you're using GPS, which wouldn't work at all without incorporating general relativity.

Well...kinda sorta maybe, but not really, not always.

What's bang on about your post (the portion I didn't quote) is its recognition that there is not just one but many different types of jobs in academia.

I'm senior tenured faculty at a community college in California. I belong to CTA/NEA, which is often referred to as the fourth branch of the California state government. I work about 40 hours a week during the fall and spring semesters, which add up to 32 out of the 52 weeks of the year. During winter and summer breaks, I have work to do, but the amount I'm *forced* to do is not very much. I don't consider my job very stressful at all. I've got it dialed in. If I work extra hard on something, it's because I find it fulfilling. I'm in LA, and most Saturdays I'm in the mountains hiking or playing in the snow. On Tuesdays my schedule is set so I can go for a long run before I have to go to work. Last June I went to East Africa for three weeks.

If I didn't care about doing a good job, I could work about 25-30 hours a week. I would not assign any written work that required hand grading, not volunteer for any committee work, etc.

As you point out, the story is completely different for contingent faculty.

As you point out in the portion of your post that I've quoted, the story is completely different for faculty at highfalutin' research universities.

Ths slashdot summary doesn't seem to be based closely on the linked articles:

The linked articles don't discuss a "cold turkey" government-mandated switch to metric (which was never a realistic possibility given the nature of American culture and politics). They discuss incremental government-mandated measures. Some of these measures have already been carried out: requiring food labeling to be in both US and metric. Some have been stalled legislatively: eliminating the US units from food labeling.

It would be great if we could get road signs to be switched over to dual units. E.g., congress could pass a law saying that on the interstate system, any time an old sign is replaced with a new one, it has to have dual units.

These incremental measures would be incredibly easy, and would require no new taxes or increase in government regulation (just changes to existing regulations). That's why it's so pathetic that the pace of implementing these measures has been so slow.

I teach physics at a community college. My students are a bell curve, extending from folks who are very bright and will transfer to elite four-year schools, all the way down to people who really shouldn't be in college. The bottom half of this bell curve is probably pretty representative of the population of the US.

Some characteristics of people in this range: (1) They tend not to understand at the conceptual level what the operations of multiplication and division are about. (2) They tend not to have any habit of checking whether their answers make sense in order of magnitude. (3) When they learn some new mathematical concept, they memorize it as a rote procedure, and therefore when they don't use it for a month, they forget it completely.

My students are mostly science majors, so they end up developing some facility with the metric system, but it's an uphill climb. For most people, what happens is that they learn the metric system in grade school, and then they never use it in everyday life, so they forget it completely and utterly.

In the U.S., the existence of organized crime has historically been largely due to the government trying to dictate to people what substances they could put in their bodies (as well as prohibitions on other victimless crimes, such as prostitution). The government created Al Capone by prohibiting alcohol, so I don't really think we should be falling over ourselves to thank the government for catching him and putting him in jail. And it wasn't the FBI that caught Capone, it was the IRS and the Bureau of Prohibition, which was a separate organization at the time.

The end of Prohibition could have put organized crime out of business, but luckily there was another illegal substance, heroin, that people wanted, and ca. 1950 the Sicilian mafia started profiting heavily from that. I don't know how accurate it is to say that the FBI brought down the Sicilian mafia. Joseph Bonanno disappeared. Carmine Galante was originally caught by the NYPD, and was in and out of jail for parole violations; the New Jersey State Police brought him in at one point. But even if the FBI did play some role, it's just another case of the government creating organized crime with drug prohibition.

Today we have various other drug gangs, such as the Crips and Bloods and whatever. Drug gangs will continue to exist for as long as the government decides to continue the War on Drugs. The day they give up and start looking at drugs as a public health issue, the drug gangs will evaporate. Until then, it'll just be more of the same.

The US has the world's highest incarceration rate. (South Africa used to hold the title, but now we're the champions. Go, USA!) Determinate sentencing has started to make jury trials a thing of the past. In some federal jurisdictions, as few as one out of 200 criminal defendants goes to trial. Defendants are so afraid of going to jail for life that they will plead guilty to virtually anything. Defendants are manipulated into giving evidence against other people in return for not going to jail. Those other people may or may not be guilty -- if A can avoid life in prison by accusing B, that's an awfully strong incentive for A, even if B is innocent. We've had the right to trial by jury since the era of the Magna Carta; now we're losing it because of an obsession over the victimless crime of drug use.

You do not have to be paranoid to be extremely mistrustful of the FBI. In fact, "paranoid" would be a word that would be more accurately applied to the FBI itself.

Read up on COINTELPRO. The FBI actively worked against the civil rights movement, targeting individuals and organizations such as Martin Luther King and the Southern Christian Leadership Conference. They built up an 1800-page file on Albert Einstein, who was involved with "communist front" organizations such as the American Crusade Against Lynching. They tracked his phone calls and went through his trash. The FBI has a long history of anti-union activity, starting from the era of the Palmer Raids, continuing through the McCarthy era, and on to the present day, with, e.g., arrests in 2010 of peace and labor activists of the Twin Cities Anti-War Committee.

No way would I ever cooperate with the FBI in any way. They're a threat to democracy. Always have been.

Your explanation of their surveillance and infiltration of Occupy is awfully naive. Trying to open a bank account on behalf of a group of people isn't the kind of thing that merits the creation of a "network of coordinated DHS, FBI, police, regional fusion center, and private-sector activity."

There are all kinds of possibilities. Your #1 actually doesn't seem to fit, since they observed that the time-sequencing of the events worked both ways. Having psychotic symptoms at one time was correlated with smoking dope at a later age, but smoking dope was also correlated with psychotic symptoms later.

Some other possibilities:

3) Some genetic or environmental factor tends to cause both marijuana use and psychotic symptoms. (The summary explicitly mentions the genetic possibility.)

4) Smoking marijuana is correlated with methamphetamine use. WP says, "Methamphetamine induces a psychosis in 26-46 percent of heavy users." Marijuana is used by about 5% of people in the Netherlands. Rates of psychotic symptoms seem to be about 4% in most populations. I.e., both of these things are fairly uncommon. Since psychotic symptoms are so uncommon, and methamphetamine causes psychotic symptoms so strongly, it would only take a very, very small correlation between grass and metamphetamine to cause a huge excess of psychotic symptoms among marijuana users.

5) The standard definition of psychosis includes "hallucinations and delusions and impaired insight " (same WP article). Well, what's the reason people get stoned? It makes them feel a certain way. To people who are not stoned, they often seem peaceful, silly, and stupid. Stupidity is not all that different from "impaired insight." Marijuana is also a drug that is hard to classify, but in some ways it acts like a hallucinogen. And I can think of one person I know who smokes a lot of marijuana, and he often gets unrealistic ideas while he's stoned -- could they be considered delusions? Maybe. There seems to be a lot of overlap between the criteria a psychiatrist would use for diagnosing psychosis and the desired effects of marijuana. Are psychiatrists able to distinguish between the desired, temporary effects of the drug and permanent set of psychotic symptoms? What kind of questions are they asking their patients? I doubt that they ask them, "are you hallucinating right now?" I bet they ask them things like, "do you ever hallucinate?," or "within the last month, have you hallucinated?"