they see no additional benefit to do a costly upgrade, no reason to change a running system .. So what is the best way to secure this remaining Windows XP systems?

Don't. Don't secure it. Just let the chips fall where they may. Failure is an option, and you've presented things such that it's the best option.

Before you reply with "that's crazy" (or "that's lazy") let me remind you, that you there's "no .. benefit" to being more secure, and "no reason" to worry about the consequences. The submission has already stated that solving the security problem has zero value. So why are you working on it? Just let it go. Security is a don't-care condition. Every hour spent on it, is an hour wasted for no benefit.

If you change your mind about it being a don't-care condition, then you open the door to upgrading to a maintainable OS. But you can't do that, until you decide that upgrading does have benefits, and there is reason to change a running system.

So .. have you changed your mind? Are you still sure there's no benefit to an upgrade and no reason to change a running system? Or have you realized that's TOTALLY FUCKING ABSURD yet? Because I think once you realize that it's TOTALLY FUCKING ABSURD then you're going to see some options appear.

People should switch to metric religion. The sabbaths are every ten days, there are ten super-holy days per year (each with one special rite and ten minor cultural flavorings) which are always guaranteed to never also land on a sabbath so you get an extra day off from work, there are ten gods, the tenth son of a tenth son gets a magic power (among a choice of ten possibe powers, and balanced by one of ten disadvantages), each priest gets immunity from prosecution for one of ten different crimes (yes, rape is one of the choices, but they don't all have to choose rape!), the holy book that you're expected to be familiar with is only a hundred pages long and contains ten myths, and the kilochurches (there are no "megachurches") are only allowed to have one thousand members apiece before they're required to fission into hectochurches, so there's plenty of parking and they don't antagonize their surrounding community so much, thereby limiting the amount that you're hated and loathed in residential areas.

In most cases it is a distinction without a difference.

If you're neither of them, then the distinction is as minor and irrelevant as the difference between the Judean People's Front and the People's Front of Judea.

If you're one of them, the difference is as critically important as the difference between the Judean People's Front and the People's Front of Judea.

If someone changing a map can "drive you into a lake" then YOU have already been hacked, and it doesn't matter how [in]secure your car is. You (not one of your computers) have been owned. You don't exist anymore, because your body (which had previously been a person) has become an unconscious fully-trusting map-executing machine.

That's cause for concern, but I wouldn't worry about their computers' security problems.

I would not be surprised if Target's credit card purchasing process mandates that all disputes must be arbitrated.

That sounds like something Target's customers might have agreed(*) to. But the banks? If they didn't sign(*) the agreement, then I don't know how they'd be bound to it.

(*) I am trying to use technical jargon versions of "agreed" and "sign," not the layman's, and I might not be up-to-date on the jargon definitions. Yet if it looks like I'm saying the exact opposite of what I appear to be saying, then I think that means I used the words correctly(**) so I hope that's the case.

(**) Oh no, not again. I'd explain what I meant by "correctly" but whenever I try, I get some kind of error message about a stack. What, a stack of credit cards? I don't understand.

Purchasing a $2 cup of coffee with Bitcoins bought for $1 would trigger $1 in capital gains for the coffee drinker and $2 of gross income for the coffee shop.

That seems very common-sensy, but it just raises questions/flames about what you're contrasting it to. Right away, you ought to be thinking, "If I did the same thing with Euros or Pesos, how would that differ?"

If Bitcoin were treated as a foreign currency, ordinary -- not capital gains -- tax rates would apply. Losses would be easier to deduct, however.

Oh.

I don't really know which (if either) of these policies is good (it's all so arbitrary) but I know at least one of them is stupid.

theres a VERY good chance you'll (as a techie) be in a group that pays a fuckton more than others since you aren't going to be the standard generic type of user who helps share the cost of the services they use.

Hard to say. It's possible but I wouldn't be so sure; I see nontechies do amazingly volumnous things that make me cringe, but you might be right that some of my habits more than balance that out. If I do happen to use twice as much bandwidth as my neighbor, though, then I'm ok with paying about twice as much; I'm not asking for a subsidy. Similarly, if I use half as much, I'd love to pay half as much. What I don't want, is my neighbor using twice as much bandwidth on the same medium as me, but because half of it is "Brand X bytes" that are exempt (yet no less costly for the infrastructure), that our bills are about the same and I essentially subsidize the sunday night congestion, or I that I'm paying for a portion of the overall possible bandwidth to be reserved for special use (e.g. bandwidth that could be freed to IP, stays reserved for proprietary protocols) that won't be available for me. The more directly we're charged in proportion to our actual impact, the better.

When you pay you internet provider, do you not feel that your agreement with them is for a pipe to the Internet and that ALL traffic over it is created equal?

Yes! We're not in disagreement on that point. I think there might be a little confusion here..

Why do you seem to think you should not only pay for the bandwidth ... but then pay extra because you use someone specific?

.. I have not argued that I should "pay extra because I used someone specific"; indeed I'm arguing directly against that. I want us all charged either by the [tera]byte (or by some other fair objective measure of cost, though I think it's hard to beat the byte). I don't want my impact to cost differently than someone else's, though. And I think "Chevrolet made a deal with the toll road owner," is a horrible reason to charge me a different rate for the road, whether that happens to appear to be discount or an extra charge: because we all know that it's really an extra charge, for everyone, even the Chevrolet owners. (It's not like anyone's grocery expenses really went down when we all start using those damn track-my-purchases-for-a-"discount" cards.)

Live tv and on-demand video, going through the tv cable provider's standard routes for said services. Both the article and summary acknowledge this.

Ars quotes WSJ and appears to directly contradict what you just asserted:

"Under the plan Apple proposed to Comcast, Apple's video streams would be treated as a 'managed service' traveling in Internet protocol format—similar to cable video-on-demand or phone service," the Journal wrote. "Those services travel on a special portion of the cable pipe that is separate from the more congested portion reserved for public Internet access."

The nonstandard portion. Neither ClearQAM nor IP. That part that you cannot access or interoperate with, unless you make a special deal with Comcast.

And it makes sense. If it were the provider's standard routes, then Apple wouldn't have to negotiate. They would slide a piece of paper across the table, and the Comcast negotiator would pick it up and look at the "0" and tears would form in his eyes. The Comcast negotiator would sniffle, turn to his tech, and plead through his tears, "can't we do anything?" The tech would sadly shake his head, "No, they're building on top of the standards, like Netflix, or the old non-cablecard Tivos before them. We're going to have to be satisfied with collecting money from our customers in exchange for a service, like all the other industries do." And then the Comcast negotiator's sniffles would turn into a horrible wail.

INDIRECT toll roads, where charges vary by car manufacturer or the brand of fuel inside them, or some other nonsense. If it were only toll roads, paid by all the users as they use it, it really wouldn't be a problem at all. (IMHO that would be downright good news for everyone, and we can only hope we're able to get to such a situation.) It's the bundling and attempts change at what point a person makes a decision about when to pay for bandwidth, to obscure costs and control who can cost-effectively particate, that is so ugly here.

Bill me, not the people who made my HTPC (Apple, in this story's case). Charge me the road's toll, not Chevy or Chevron. We need the numbers foremost, not obscured (and almost certainly inflated as a result of being freed of market forces).

If there's a cap, no party's traffic should ever be exempt from it. No party's traffic should be billed at a different rate. (If there are different rates, it ought to be based on stuff like QoS, time-of-day, and so on -- actual cost/congestion factors.)

If your local power utility sold appliances that were exempt from KWH charges (or made deals with certain manufacturers so that their appliances were exempt), nobody would be fooled by such obvious bullshit or think the appliances in question were "great deals." Everyone would be demanding that the government either stop enforcing the monopoly, or else prohibit such behavior.

This is blatantly corrupt, and at a minimum, needs to become a violation of franchise terms.

If this was about standard TV then there wouldn't be any negotiations with Apple at all. People could just plug the cable into their HDHomeRun or Apple-brand ClearQAM decoder, and Comcast wouldn't have any say in the matter.

Being nonstandard is how Comcast leverages and gets a seat at the table and prevents all the usual market forces from taking effect.

they'd follow the order. But what makes you think a person taking part in the WoT would refuse a court order where a CA would roll over?

The WoT lets you resist this scenario. If you have multiple paths, then you can force your adversary to point guns at multiple people. Those people might not all be as easy to find or intimidate as one person (they might not all be in the same jurisdiction) and also, each one of them can more safely spill-the-beans without getting blamed. "I'm not the one who leaked that you're MitMing my friend; it was one of the other signers!"

Let's say the US federal government signed Joe's key. You don't fully trust the US government (I'm putting that mildly; laugh it up, post-2013 mainstream) , so you're not sure that key is really Joe's. Let's say the Chinese government also signed Joe's key. You don't trust them either. Yet I bet you're fairly sure you have Joe's key, because it's difficult to imagine an adversary who is coercing both of those signers. And you trust it even more if your wife also signed that key, too.

You should meet Jennifer. (Side-effect: both Josh and Joe will be grateful.) Until then, 43% may be worse than flipping a coin but it's still a whole lot better than zero, and it's the best thing we have.

People have been trying to think of something better. And it always comes back to you meeting Jennifer, or for some group of people (or entities) to step up and start meeting a whole lot more people (perhaps state governments or even .. (my idea here) banks should be prolific signers), and for Joe to teach his non-geek friends to get in on all this.

As to what can be done about it, switching from PGP to X.509 code signing would be an obvious candidate.

The "obviously stupid" candidate, maybe. Surely that idea doesn't stay on the table for more than a second or two before everyone starts laughing.

Whatever it is that you do, in order to be able to trust an X.509 CA, you can do the same exact thing to trust a PGP CA. Go meet them.

The difference is that if you're not quite able to do that (as is the case for many many people; i.e. nearly everyone; I have never heard anyone say they actually "met" the Verisign signer), then with PGP (huh.. except I have met signers here) you have a backup plan B: partially trust a few people, and require a conspiracy in order for you to lose. With X.509 that plan isn't on the table: if you don't trust the sole signer, then either you live with that increased risk, or else you are denied ability to communicate.

Ok, but aside from the n% increase over the n% increase over the n% increase over the n% increase, what has Intel done for us?

Intel makes the 2 fast core processor right now, today, and it'll cost you a staggering $120 to $150. It's called the Haswell Core i3 and each of its cores is faster than any of the cores in your $5000 machine from 2007. It will run Dwarf Fortress faster than anyone would have imagined back then.

Of course there's no limit to what you'd like, but if you have a problem with the amazing shit you can buy today, the problem is with you, not the amazing shit.

Tests have already been done on countless millions of people. None of them complained about being dead, said they'd rather be doing something else, or petitioned to be made no-longer dead. Zero.

Our common sense (and some very strong instincts) tell us it's an extremely bad thing, but thousands of years of observations suggest that once it happens, nobody really cares anymore.