It becomes censorship when the moderation authority continues: "You can't talk about over there, it is evil!"

I know, it would probably be better to set up a cron job.... but I actually know very little about cron...think I've used it once or twice.

No, because then you risk simultaneous uploads stalling each other and eating potentially unlimited amount of resources until the machine crashes.

And this is acceptable because...?

Because the idea of domination - of the strong enslaving the weak - still lies at the heart of even modern society. Harassment is simply a crude way of establishing these roles. It's tolerated because someone engaging in it is expressing their acceptance of and adherence to this idea. They simply lack the sophistication to bully others in ways society has sanctioned as right and natural - mainly wealth, in ours.

That depends on what you think keeps other companies from going into business.

Software isn't "infinitely malleable" when it exposes interfaces to anything else. This could be APIs to other software or user interfaces. You have to build on the old interface compatibly, and when you do make a clean break, you need to keep supporting the old interface until others have had a reasonable time to migrate.

APIs need at least as much consistency as UIs. In fact, I'd argue that APIs need even more consistency because human users are slightly better at adapting to a UI through reflection, that is, figuring out a UI by inspection.

Then take this guide as something to consider when determining when you have enough negative tests, or tests that are expected to succeed by failing.

If you're using a CAPTCHA as part of a process to authenticate a user, how do you perform automated testing on that?

For example, some organizations will claim a real business need to store intellectual property or other sensitive material on the client. The first consideration is to confirm that sensitive material really does need to be stored on the client.

Video game publishers might take this as an excuse to shift to OnLive-style remote video gaming, where the game runs entirely on the server, and the client just sends keypresses and mouse movements and receives video and audio.

watermark IP

I'm not sure how binary code and assets for a proprietary computer program could be watermarked without needing to separately digitally sign each copy.

Authentication via a cookie stored on a browser client may be sufficient for some resources; stronger forms of authentication (e.g., a two-factor method) should be used for more sensitive functions, such as resetting a password.

For small web sites that don't store financial or health information, I don't see how this can be made affordable. Two-factor typically incurs a cost to ship the client device to clients. Even if you as a developer can assume that the end user already has a mobile phone and pays for service, there's still a cost for you to send text messages and a cost for your users to receive them, especially in the United States market where not all plans include unlimited incoming texts.

a system that has an authentication mechanism, but allows a user to access the service by navigating directly to an “obscure” URL (such as a URL that is not directly linked to in a user interface, or that is simply otherwise “unknown” because a developer has not widely published it) within the service without also requiring an authentication credential, is vulnerable to authentication bypass.

How is disclosure of such a URL any different from disclosure of a password? One could achieve the same objective by changing the URL periodically.

For example, memory access permissions can be used to mark memory that contains only data as non-executable and to mark memory where code is stored as executable, but immutable, at runtime.

This is W^X. But to what extent is it advisable to take this principle as far as iOS takes it, where an application can never flip a page from writable to executable? This policy blocks applications from implementing any sort of JIT compilation, which can limit the runtime performance of a domain-specific language.

Key management mistakes are common, and include hard-coding keys into software (often observed in embedded devices and application software)

What's the practical alternative to hard-coding a key without needing to separately digitally sign each copy of a program?

Default configurations that are “open” (that is, default configurations that allow access to the system or data while the system is being configured or on the first run) assume that the first user is sophisticated enough to understand that other protections must be in place while the system is configured. Assumptions about the sophistication or security knowledge of users are bound to be incorrect some percentage of the time.

If the owner of a machine isn't sophisticated enough to administer it, who is? The owner of a computing platform might use this as an excuse to implement a walled garden.

On the other hand, it might be preferable not to give the user a choice at all; or example if a default secure choice does not have any material disadvantage over any other; if the choice is in a domain that the user is unlikely to be able to reason about;

A "material disadvantage" from the point of view of a platform's publisher may differ from that from the point of view of the platform's users. Another potential walled garden excuse.

Designers must also consider the implications of user fatigue (for example, the implications of having a user click “OK” every time an application needs a specific permission) and try to design a system that avoids user fatigue while also providing the desired level of security and privacy to the user.

Google tried this with Android by listing all of an application's permissions up front at application installation time. The result was that some end users ended up with no acceptable applications because all applications in a class requested unacceptable permissions.

A more complex example of these inherent tensions would be the need to make security simple enough for typical users while also giving sophisticated or administrative users the control that they require.

That or an application or platform publisher might just punt on serving sophisticated users.

Validate the provenance and integrity of the external component by means of cryptographically trusted hashes and signatures, code signing artifacts, and verification of the downloaded source.

This too could be misinterpreted as a walled garden excuse when a platform owner treats applications as "external components" in this manner.

If an employer allows proper rest breaks, they do it on their own dime. If the employer doesn't allow proper rest breaks, it's still on their dime only in a way beancounters have more trouble counting.

In this case, there's also the question of where to nap -- not too many employers would like to replace office/factory space with a bed. I suspect only "live at the office" tech companies will do this, both as they already have so many perks and because they will benefit more from better employee concentration.

That's a pretty scary abuse of power. By Canada. Diverting the plane to Canada was okay, because the U.S. has jurisdiction over what air traffic may enter its airspace. However, the Canadian government had no legitimate legal right to arrest any person so diverted, because as a passenger on an international flight, he did not legally enter Canada, and a landing forced by the inability to reach your destination due to circumstances beyond the pilot's control constitutes an emergency landing, which is subject to various legal protections in all civilized countries.

Unfortunately, I've read that the Canadian government did a lot of that sort of thing for international passengers diverted on 9/11, too. Apparently Canada has little respect for international law regarding air travel—specifically, Articles 5 and 25 of the Chicago Convention (of which Canada was originally a signatory, but later withdrew from).

What the U.S. did was rather bizarre, but legal. What Canada did was unconscionable. Want to ensure that this never happens again? Write your MPs and demand that Canada re-sign the International Air Services Transit Agreement (IASTA).

Your mistake is assuming monolithic intent. Even a single judge has intentions that vary from minute to minute...just as yours do. When you factor in a large number of judges you get a large variation in intent. Sometimes they are even worse than you are currently imagining. Sometimes they are focused on the rule of law. Sometimes they are of some idealistic bent or other.

So the kind of result that you are expecting is possible, but not inevitable, even with a judge that usually bends to the wind. And some judges rarely do that.

Even so, I figure that the trend toward centralized authoritarianism is designed into they sysstem, given the greatly improved speed of communication and transportation. And, of course, the closing of the frontier. There's now nowhere to go to escape them. This makes designs that were only a bit authoritarian at the start ("I smell a rat. It squints towards monarchy."--Patrick Henry on the US Constitution) much more authoritarian now. The British system, with all its faults, is a lot better, but then it *evolved* under tyranny. (Unfortunately, they've been disabling their safeguards over the recent decades. Now Lords can be members of the House of Commons, IIUC, and that's totally insecure. The change they *should* have made would be to continue the separation, but so automatically promote into the aristocracy anyone who is sufficiently rich and powerful. Possibly also a provision to demote from the aristocracy the heirs of anyone who loses their wealth and power...but with a time lag to allow them to recover without loss of "status".)

There really *is* a difference. It rarely translates into action, but it infuses the rhetoric used. The Democrats want more people to like them, and the Republicans want more powerful people to like them. So they say the things they think will cause that to happe, while acting as self-serving greedy immoral power-seeking proto-despots (who are trying to lose the "proto-").

I take it you haven't known many. I'll agree that many of them believe that "all rights belong to the proprietor", and many of them don't stop to think that the title to the property is given by the state.

Or maybe the people I knew were just anarchists who called themselves libertarians.

You're neglecting the time element. After Obama is out of office expect shocking revelations...about something.

Depends on your metric, and not everyone uses the same one.

Example: Do you count Snowden's revelations as a part of Obama's transparency? Some do. Some don't. You can argue either way. Arguments over "sound bite" ideas aren't worth much. And quantity isn't as important as quality, but how do you measure quality?

FWIW, I could Bush's Iranian missles as a strong and important example of lack of transparency. (Most people couldn't see through it...even years later many people still believed it.) It's hard to think of anything quite as "qualitatively important" that Obama has hidden...though we may find out one in a few years, or decades.

Including promotion? Even if its illustrators and editors work on an hourly or fee for service basis, how would a startup publisher establish a reputation of sorting worthwhile books from not-so-worthwhile ones? Otherwise, it could be seen as more of what some people might call a "vanity press".