In the interests of discussing facts rather than emotional reactions, does anyone know:

(a) whether the CPS worker was actually authorised to act in that way (i.e., following official procedures and lawfully permitted)

(b) what legal weight the parents signing such an agreement in that situation would have had, and

(c) whether the CPS worker, or someone they immediately contacted, would have had the legal authority to immediately remove the children forcibly in that situation if the parents had refused to sign?

Indeed. Apparently these children will be learning very young about the risks of allowing anyone to have special powers over someone else under the law and the importance of restricting those powers to people competent to wield them.

Chrome is using the wrong parts of that model for what it does.

I agree that giving it the ability to opt out is an error from a system security point of view, but not opting in anyway is on Google.

Why do you think all the browsers will be able to implement sandboxed APIs for these kinds of functionality successfully, when no major plug-in in history has been able to do so?

If there were a browser that was written using truly robust coding practices, the kind of thing you'd use if you really were writing safety-critical software, then maybe I'd buy that. But they aren't. Like most commercial software, browsers prioritise speed of development and to some extent run-time performance over quality. And they are large applications, with complicated code bases, written in languages like C++. I see no reason to believe that they won't be subject to the same kinds of attacks, sometimes successfully, as everyone else developing software that way.

Chrome is the most used browser by some way among private individuals. If anyone cracked its auto-update mechanism, every one of those users could be subject to having their private data uploaded without even knowing it, resulting in the usual problems like fraud and identity theft, and/or encrypted and held for ransom, or just deleted.

The actual cost would depend on how fast Google identified the problem and recovered. Obviously if they found it within a few minutes and shut down the system that would reduce the damage considerably from what it could be. Still, keep in mind that recovering from any breach in this particular software would surely mean at least a major and ongoing PR campaign, as anyone who cracked the auto-update mechanism would disable such channels the moment their malware was installed. It seems possible that the resultant damage not just to the economy from direct fraud but to individual quality of life, consumer confidence, and so on could take a long time to recover, not to mention severely damaging or even bringing down Google as a business.

And all because they didn't want users to get a simple message saying an update was available and inviting them to download it with the usual security precautions, as Firefox or IE would?

Of course having timely security updates is better, but as Firefox and IE demonstrate, you don't need to play games that circumvent basic security practices to achieve this.

I wasn't advocating not updating, only not updating without any confirmation and bypassing normal security checks, so this is a straw man.

Moreover, if I asked 100 randomly chosen Chrome users how to do this, I imagine fewer than 10 of them would even realise it was possible, so it's not even a good straw man...

There were explicit prompts for permission before accessing those peripherals with a default answer of "no", which is hardly spying.

In any case, how would you have suggested that someone implement a videoconferencing tool five years ago, without using any of these plug-ins you hate so much because you claim they don't do anything useful and just create security problems?

There are literally billions of people on the Internet. The fact that you don't find Flash or Java applets useful for anything -- given your own personal lifestyle, interests, location, businesses and governments you deal with, other technologies available, and so on -- does not mean that no-one else in the world does. Although the number of users is steadily trending downwards and alternative/replacement technologies are getting more capable, as a matter of fact there are still millions and millions of people using these plug-ins today and no-one offering them a better option for some of the things they need to do.

Do you realise that many of the criticisms you're directing toward Flash -- about rapid updates, numerous security fixes including some that were found by others, auto-updating, and so on -- could also be directly aimed at Chrome?

Chrome is an application that actively circumvents the main Windows security model so that it can update executable code on the user's machine without the administrative privileges usually required to install and modify applications. The day someone breaks into Google's update mechanism for even a short time, whether technically or from within the organisation, the damage will be astronomical.

We could discuss related issues with Microsoft's recommended security models and how much of that update mechanism is actually suggested by Microsoft itself rather than Google, but the facts of what Chrome is doing and the potential danger associated with it are still the same regardless of whose idea it was.

Exactly. It's all very well hating on Flash for whatever reason, but until the newer technologies can do the same jobs, and do them at least as well as the older technologies they are replacing, this is an apples to oranges comparison.

Why does anyone think the browsers themselves don't have similar security problems, and won't have more when they offer the same kinds of functionality as the insecure plug-ins we've used in the past?

GC tuning can do a lot, but yes, huge heaps where the GC cannot keep up with the rate of garbage requires a full stop the world collection. However, if your application is really keeping a 15 gigabyte working set, I suspect you'd hit problems with fragmentation and memory leaks using something like Rust long before scaling to such sizes.

I'm preaching to the 4-digit choir here, I know. Let me issue the disclaimer that I am not a teacher but a bunch of my friends are, and my job does depend on staying up to date.

I am not sure what my ability to remember the login information for an account I created in 1997 has anything to do w/the discussion; however, EVERYONE's job depends on them staying up-to-date, it's just that most people choose not to and fall behind.

Technology funding in school districts (in my area these are tax levies) is already insanely high; mostly because we're pushing for tablet devices in schools driven, behind the scenes, by extremely lucrative vendor deals.

Without adequate training, the related curricula are severely limited and thus the added benefits when compared to related cost are low, if at all positive.

Now, this research, as well as the districts, are rightly saying the teachers need more training in order to leverage the technology effectively; however, what really needs to be understood is just how much training is really necessary and whether the tech gap between teachers and their students can really be mitigated.

It is my unfounded opinion that it will never be mitigated enough as teachers are not usually well enough equipped at their own subject matter, let alone keeping up with the taxing knowledge demands of technology.

What we need to do is take a step back and ensure that these additional tax investments in technology are actually doing anything to further student development and because they aren't, think about what we can do to actually concentrate on doing that instead of buying the new and shiny and letting it, effectively, collect dust in the corner while levy after levy is passed to support it.

Why don't you watch the talk and find out?

Actually I'll just summarise it for you. If you run a lot of Tor nodes you will eventually get picked to host a hidden service directory. Then you can measure lookups for the entries of hidden services to measure their popularity, and crawl them to find out what's on them.

[Java took a very different approach to the problem of "how to we get rid of segfaults and memory corruption". Java basically banned all interesting use of the stack, forcing everything onto the heap, and barred developers from using RAII. Nowadays, with more advanced compilers able to do advanced lifetime analysis, we can reconsider languages - such as Rust - that take a less draconian approach.]

I think it's rather misleading to state that more advanced compilers have obviated the need for Java's approach.

Firstly, Rust doesn't solve automatic memory management like garbage collection does. Their solution appears to be basically smart pointers with move semantics + reference counting for the cases where data doesn't have a lifetime cleanly tied to scope. Well, great. It's back to the 1990's and COM. Reference counting notoriously cannot handle cycles, which are very common in real programs. Any tree structure where you want to be able to navigate both up and down, for example.

In addition to the difficulty of breaking reference cycles and preventing memory leaks in complex programs, refcounting also has poor performance especially if you want threads involved. Garbage collection has now been optimised (in good implementations like HotSpot) to the point where it's faster than refcounting.

If we start seeing teams of non-expert programmers writing large programs in Rust, you will see programs with memory leaks all over the place.

Additionally, you realise that Java compilers have got smarter over the years too, right? HotSpot can stack allocate objects in a bunch of different circumstances, when analysis reveals that it'd be safe.

Basic Income is welfare, not something that sounds like it. The difference between it and normal welfare is, everyone gets a basic income whether they want it or not. It's meant to be enough to live off.

The idea of a BI is a very old one. It has nothing to do with cryptocurrency, and I'm not sure what relevance cryptocurrency has (and I say that as a Bitcoin developer, so I'm a fan of CC in general). In theory a society rich enough to afford it would have moved to the oft-fictionalised post work utopia that you sometimes see in things like Star Trek. Because everyone gets it whether they want it or not, unconditionally, the basic income would be supposedly stigma free. Thus if you want to pursue things that are not very profitable but are beneficial to society nonetheless (production of art, charity, etc) then you could do that and not have to worry about being seen as a welfare sponger.

I love the concept in theory, but a society rich enough to afford one is pretty unimaginable in today's world. Western societies are clearly incapable of even providing the current levels of welfare let alone a vastly larger level. I see a BI as a useful goal to inspire people about the future rather than something practical for today.