So the best option is Lotus Notes, blocking Facebook and Gmail, as well as not allowing for Skype and Live Messenger installs?

I turned down a job with a big IT consulting company exactly because of that line of thought. I'm under-25, I had a very good first contract with them, but there was no way I was going to dick around losing ages each day because the company's IT system was so locked-down nobody really used it. 20Mb e-mail storage on server? My job involved collaborating on client presentations and analysis... receiving 4-5 10Mb reports in a day wasn't something rare, so I had to check pretty much constantly that I had transferred all my e-mails to local storage. Rather than enhancing my productivity, Lotus Notes completely threw my habits (I usually use Gmail, so tags, extensions and search are how I usually keep track of things) and I realised very quickly that few people in the company used anything else than the e-mail client -- I tried the integrated instant communication tool Sametime, there were not even 20 people in the entire company online, out of over 8000. Conference calls had to be placed through the company's Cisco system, which was good, except when something went wrong, and then nobody (not even the IT people) knew how to trouble-shoot it. "Just send an e-mail to Cisco explaining your problem, and in the meanwhile, use a colleague's ident to log in".

The IT department certainly had very good reasons for limiting access to some tools and resources (SOX, etc.), but it reached a point where combined with a corporate culture that generally rejected "not developed here" solutions, it meant that the tools we were using required various passwords -- no two tools could use the same login-pw combo, and each one had to be changed every two weeks, and couldn't be the same as any of the last 4 pws; so naturally either people were writing down their passwords, or they were forgetting them every few weeks and going through IT to get them re-set -- didn't really do anything, and worst of all, weren't used. Working with 5 other people on a customer document didn't involve having a central place to "dump" related documents, have a visible chat with other team members about the project, and keep the latest version of the document. On the contrary, it involved massive 6-way e-mail chains, where you had to dig through the entire archive you stored locally to find the related documents that had been sent, and the client document always had 3 or 4 "current" versions, as at one point or another, several people were working on local copies based on the version in different e-mails.

I didn't mind too much that I couldn't use my phone. I can get over that. But when the main tool I'm supposed to be using is crippled, it doesn't make me want to come to work each morning, no matter how interesting the job is in itself.

P.S. Before the job in question, I interned in a Chinese company where the "official" internal communications program was QQ. Main advantage? Everyone was always on it.

"Better yet, rather than testing the student with the question and just getting a boolean pass/fail - the teacher should ask the pupil around their thought processes when they look at the problem - "talk me through it". "

This is actually -partly- how it is done in France. During mandatory education, there are no standardized tests with multiple choice answers, and calculators were (I don't know if it's still the case) generally not allowed. Most tests consisted of 10 to 20 questions, of which a quarter or a third were obvious direct applications of what had been learnt "(47*75)/25=?", then most of the remaining part of the test involved putting these numbers in situation "Jane has 47 cows..." where the student had to determine what signs to use, as well as what information provided was relevant to solving the question. The last part of the test would be slightly more complex, asking students to build upon what they know and show understanding of more general rules "Jane wishes to know how many cows she should sell in order to make the most money...".

Each questions is not to be answered merely by a number, but the method of solving should be provided to the corrector/teacher. This can involve writing what the student is doing in mathematical notation or in plain writing. Part of the "credit" is for showing understanding of the method, although this is often only the case for the intermediary and advanced questions, whilst the basic questions are boolean right/wrong. This means that the teacher can point out where in the reasoning the student made a mistake, and judge if it was inattention or a mistake in understanding the question rather than in the actual mathematical process (i.e. a student who at one point mis-copies a 8 as a 9 can still be awarded full credit if the method used is correct, and had the copying error not occured, the correct answer provided).

However, I don't know if this has increased mathematical literacy in French youth compared to other countries.

For the first example, I did it in a similar manner : 47 is close to 50, and 75 is 3/4 of 100. 50 times 100 is 5000, three quarters of 5000 is 3750 (trivial because 4*1000+4*250 = 4000+1000), and since your dividing by more than 4, it can't be anything but the smallest answer. It's not as elegant, but if I'd re-written it in proper notation (with the divisor underneath), I'd have done it like you did. Again, how a question is written changes how you answer it.

I'm still flummoxed at how the person in the article has a friend who has two Master's degrees, is going towards a doctorate, and can't do basic maths like this... with a calculator.

There's an app for that!

Pretty sure the Groupon sales rep didn't, and even discouraged her from taking up that option saying that if the deal was limited to too few customers they wouldn't run it.

Sadly, Groupon doesn't care about the businesses that run the deals. As they continue to burn through their goodwill, promising "exposure" to a "new audience" that never translates into long-term sales increases, they'll eventually find it harder to con businesses into stupid deals. About that time, their stock will tank and they'll go bankrupt, exposing them for the Ponzi scheme they are.

Sadly, I believe he'd have probably have been turned in, since Sulzberger Jr. doesn't pack it like daddy did.

I wonder if all the people that call for Manning to wallow in prison believe that systematic and massive overclassification is conducive to proper democratic process in this country, and if they therefore believe that Ellsberg should share his shackles.

Isn't that why the Genius Bar was invented in the first place?

Cue "organic" and "wholesome" varieties of in-vitro meat that were cultured in "fair trade" nutrient mediums.

I was thinking about things more insidiously... Open the inlets to maximum, get the generator running as fast as it'll go, and then tell the transform equipment to shut down, stuff like that. Chances are, you could break the turbine and/or start a fire in the powerhouse. If the turbine breaks and blocks the water flow below the inlet, water will push the generator "out" into the powerhouse, changing the pressures the dam has to support. You could probably exacerbate problems by pushing other internal systems to their limits or stopping them (ventilation, repeated opening and closing of discharge valves...). If the reservoirs are already nearly full, then it might be "sufficient" to break small upstream dams in order to overflow major dams slightly downstream, despite their emergency spillways*.

Thank God things like dams are designed to be passively safe, but sadly, that doesn't mean they'll be safe if someone gains control over them, even if this control is only computerized.

*For instance : The Green River is dammed just south of La Barge, Wyoming by the Fontenelle Dam, which is an earth-filled dam built between '61 and '64. The Fontenelle Reservoir can hold up to a little over 0.4 cubic km of water. Downstream on the Green River is the Flaming Gorge Dam, with a reservoir that can hold also a little over 4,5 cubic km. Downstream, the Green River joins the Colorado River, which is dammed by the Hoover Dam. Lake Mead's capacity is just over 35 cubic km, 12 of which are in permanent use as inactive storage. Say all the reservoirs are above 85% full (not counting inactive storage). Fontenelle Dam suffers catastrophic failure (for whatever reason). That's about 0,35 cubic km that are going to hit the Flaming Gorge Reservoir and make it overflow much faster than the 820 cubic metre/second spillway will cope with. Chances are, the Flaming Gorge Dam will also suffer catastrophic failure. So now you've got roughly 4,5 cubic km heading the way of Lake Mead, collecting debris along the way. As the water enters the lake, it's going to put high pressure on the Hoover Dam, which could cause structural integrity to be compromised. If the Hoover Dam holds strong as Lake Mead fills up at an outrageous pace, it's still got to put 4,5 cubic km in where it already has at least 31,5 cubic km in it... That's going to put it above maximum capacity, and even with 11,000 cubic metre/second spillways it's unlikely the dam won't overflow massively, possibly causing huge erosion at the base of the dam and... You guessed it. I'm not a hydrological engineer, nor a specialist of dams, so it's very possible someone who knows more about the specifics will be able to point out elements I have missed that would stop a "cascade" event like this even without co-ordination on behalf of downstream dams. Thing is, I just can't shrug the idea that there is - something - hostile people with enough knowledge to take control of a large number of dams in a remote manner would be able to do with that control that could cause massive damage.

Whilst it wouldn't inform everyone, in the first two cases the emergency message could be sufficiently precise to give precise indications as to the procedure to follow. Even for the cases where information needs to vary depending on the local information, it would still be useful.

For instance, in the case of massive loss of control over dams there would be an immediate need to start electricity rationing. On a nation-wide basis. Hydro electricity represents 10% of total US electricity production, and it's not sure that the capacity is there to produce enough electricity for peak demand without hydro. Even if the emergency alert system only reaches 40% of all people, and only 60% of them reduce their current demand by 30% (people turning off the A/C, stopping dishwashers/washing machines, turning off stand-by electric appliances...), that's probably enough for immediate demand to be managed with the loss of hydro, without causing too many blackouts. The emergency message could likely also be used to mobilize people to help with evacuation and flooding, by reaching massive numbers of IRR and US National Guard members, even those for whom contact information was erroneous, and asking them to report to their base for active duty. For communities that know they are susceptible to flooding or those that live a short distance downstream from a large dam the emergency message alone wouldn't have information regarding evacuation, but it could encourage people who are dependant or don't have means of transportation to prepare for evacuation (assemble medicine, one 20lb bag of clothes, etc. and make your presence as well as your condition known to evacuation teams).

Of course, the initial nation-wide emergency alert would need to be followed by state-wide emergency alerts within seconds, so as to provide more detailed information on how the evacuation will proceed, and even then, it'd need to be completed by a method of county or even city/town-wide evacuation warnings so each town can be given precise information about how to prepare and evacuate, how to contact the authorities without overwhelming them, and so forth.

But I do think that the nation-wide alert system does have a use. To use the same example again, if at 1200h it's observed that all control over a large number of dams in the USA has been lost, the information about reducing electricity consumption, risk of widespread flooding and evacuation is "available" at 1203h. How long will it be until the specifics for which branch of the military will assist in evacuating which area, evacuating to where, how water will be distributed, food rationing and so forth are laid out? I'm pretty sure just to compile the several thousand evacuation plans that exist (supposing every at-risk town has a realistic and up-to-date evacuation plan) and assigning responsibility for overseeing each one will take at the very least until 1230h. So what to do in the mean time? Get each state to launch a plea to limit electricity consumption? Get the phones working at National Guard of the US call centre? If the president takes 5 minutes to lay down the specifics of the situation from 1210h to 1215h, those minutes each increase the chance of electricity consumption being managed and avoiding massive network failure that would worsen the situation, by slowing down information spread. They also make pretty much every member of the federal military reserve aware of the problem before 1230h, since it would be major news and chances are overwhelming either a family member, a co-worker or another member in the reserves would be in touch with reservists that didn't hear/see the nationwide emergency alert. By the times the states get their alerts going with evacuation plans it could be 1245h, and as late as 1300h by the time the last area/town/county has necessary evacuation information. That's a whole hour. In a situation where there is impending catastrophic failure, that's a long time. If the states also had to give information about rationing, reserve call-up was slower, and information wasn't distributed as widely regarding the nature of the problem, that could mean facing more deaths, widespread blackouts in states where hydro consumption is above average (more dams = more plans to find & review & co-ordinate = longer before the warning = greater chance of network failure), and fewer trained people (military reserve, policemen, firemen...) to help manage the situation.

All in all, the national emergency alert alone wouldn't bring all the information. But the sheer volume of information is such that most states wouldn't be able to issue alerts with the information when they learnt of the problem at hand. The national alert is useful because it can take the "national" aspects of the crisis, even if that means it lacks other information.

Sure of that?

Let's say that for X reason, all control over pumping and emptying mechanisms had been lost for 6,000 of the 8,100 "major dams" in the USA, with as a result the real risk of flooding due to catastrophic failure on all 6,000 concerned dams.

Instantly, people around the country would experience electricity problems, and electric rationing would likely need to be established. Second, flooding would be a major risk to more than just a few thousand people across the country. Towns like New Orleans would need to be prepared for immediate evacuation, and others like Havasu Lake City would need to be evacuated immediately, meaning the number of evacuees could be in the millions or tens of millions. Third, water supply and irrigation would be put on a very short countdown until water rationing would be necessary, as well as food rationing with the prospect of huge crop losses. If flooding happened, it could flood parts of the great plains and cause shortages in basic foodstuffs like wheat and corn, as well as massively increasing the risk of diseases spreading in their wake, with decaying wildlife and putrefying flora.

I'm sure there are other consequences I am unaware of or simply didn't consider, but I do think that the risk of imminent catastrophic failure to a large number of major dams would be an emergency that would effect the entire country.

Hmm... Let's see...

  - Terrorists have managed to place a highly toxic substance (cyanide, sarin gas, anthrax...) in common household goods that have been distributed across the country.
  - Hackers have gained control of the entire network of computers that control prison facilities/judiciary records, and as a result an immense number of prisoners have escaped.
  - Widespread failure of dam control systems that risk flooding large parts of the country.

I'm pretty sure there are other cases, but hell, if I can think of three in a few minutes, I'm sure people who spend their waking hours dreaming of destroying the USA and all it stands for can think of emergencies that would effect the entire country.

He told Apple about the flaw on the 14th of October, please dis-engage reality distortion field.

To prove his point, he wrote & submitted an application to the App Store that was approved.

Why should he tell Apple his app is abusing this flaw? Shouldn't Apple be creating a tool/procedure to block the flaw or detect it during the vetting process (to which all apps will have to retroactively be submitted)?

Voluntarily pulling his app from the App Store wouldn't have done any good. The risk exists, and it's not by telling people to not look that it'll go away. He wrote InstaStock AFTER the 14th of October, when he had already detailed a proof-of-concept and sent it to Apple. Chances are just as good that he wasn't the first person to think of this flaw, and that there are already apps out there that abuse this vulnerability.

The onus is on people like Charlie Miller to -prove- the flaws they say exist in IT software or configurations. To do that they need to show there is a real risk to customers/users, and share the information with the company that produces the IT solution first, and later if the company does not resolve the issue, with the wider population of users so they can be aware of the risk and take whatever measures they deem necessary to counter the threat. Otherwise, what accountability does a company have to solve flaws that have been disclosed to them? Oh yes, none. Nobody will know, nobody will tell, so it doesn't exist might work in your world, but that's not the real world.

Apple should have/be scrambling to find a way to identify this vulnerability in apps that have already been approved, and be able to remove them from the App Store and remotely delete them from users' iPhones & iPads. Being able to identify InstaStock as rogue would have shown progress in that regard. Another solution would have been to close the exception on how code is signed, and thus render InstaStock & other rogue applications' use of this vulnerability null.

Apple only knew about InstaStock because Charlie Miller showed it to Forbes as part of an interview regarding this vulnerability. Telling him to remove it now that the app's name is widely known means they believe he is a security risk to iPhone/iPad users out there... But if he was, he wouldn't have told Apple about the vulnerability in the first place, would he? Banning him from the App Dev Program increases the chance that future vulnerabilities will be discovered/exploited by people who will not disclose them to Apple, and thus directly increases the security and privacy risk taken by all App Store customers/users.

Apple might be well within their rights to remove him and his app from their view. But that's only as good as a restaurant chain refusing entry to a customer because he identified a health risk (contaminated goods) and highlighted it by selling them food that has been laced with food colouring, then giving an interview showing the coloured food being served. Sure, banning the guy from entering the stores/talking to people in the company means he's not going to sell them coloured food again. But it also means there's one whistle-blower less looking out for that company's clients' health, and increases the risk that the next "problem" isn't just food colouring, but anthrax, salmonella or streptococcus.

This is an interesting proposition.

For 3. you could add a "TradeRank" : Each person* on the market receives "points" for each trade they make for successive 24 hours of trading. When the trades are listed, they are broken up into "groups" that represent 10% on both the buying and selling side. Added to the ranking by price (and time if there are "joint" bits) you'll have an order in which the buys and sells are chosen. The "lowest" 10% of the buyers go first, each in order securing the lowest price from all sellers. Then the "lowest" 10% of the sellers go, and secure in order the highest price from all remaining buyers. And so forth. Once there are no more buyers or sellers, all other trades remain uncompleted, and the person does not receive any "points" for it.

Quick example : 20 buyers (A to T) and 10 sellers (0 to 9). Buyers E, F, N, O and P have 70 "points", whilst sellers 2, 5 and 6 have 80 "points". All other buyers and sellers have 100 "points". Since bids were received in alphabetical/numerical order, E and F are the "lowest 10%" buyers, followed by N and O in the second group of buyers, with P being in the third group with B, in the same way, 2 and 5 are the "lowest 10%" sellers, etc.

E goes first, and bid 2.30$. So he "makes" the buy from 1 who was selling for 1.80$. E is debited 1.80$+fees, 1 receives 1.80$. Then F who bid 2.50$ buys from 6 who was selling for 1.83$. Since the "lowest 10%" of buyers has finished, the "lowest 10%" of sellers are next. 2 bid 1.97$, and "secures" the sale from A (2.76$), whilst 5 (1.85$) sells to T (2.66$)... And so forth.

This system gives the advantage to people who make limited moves, and means that "low-frequency" traders will get higher sales/lower buying prices for their shares than "high-frequency" traders.

*I'm not entirely clear with myself what a "person" on the market is... An individual trader? An account/company? Another definition? IDK.

Sorry, but that's patently ridiculous.

First, he -did- notify Apple on Oct. 14th. He gave them all the technical details, the "proof" and so forth of the vulnerability. Now, whilst he's a famous white hat Apple hacker, it's still reasonable to believe that he is not the first person to identify or exploit this vulnerability (black hat hackers just don't talk about when they've got exploits).
He gave the interview on the 7th of November, with no technical information divulged as to how to exploit the vulnerability, but demonstrating its existance to the greater public.
On the 8th he's BANNED from the App Store.

Now, how long should he have held his tongue? Apparently, 3 weeks isn't enough. Given that the technical side would only be shown on the 14th of November, probably 1 month isn't enough. How about 2 months? 3 months? 6 months? However long it takes Apple to solve the problem? What if Apple never solve it? Should he just "take one for the team" and shut up?

It's completely illogical to believe that only Charlie Miller can and will ever find this vulnerability. There could be hundreds of apps by a rogue developer out there that do the same thing. Except they don't talk about it, so they're OK? The onus cannot be on security researchers to stay quiet until the company solves the vulnerability. Sure, it's bad form for the researcher to divulge information to the public before the company has the information, but divulging the information is CMiller's bargaining chip. If he's going to shut up forever unless Apple solve it, what incentive do Apple have to close the vuln? Chances are if someone else finds out about it, they'll just use it to make rogue apps & sell the information gleaned. Much more fiscally rewarding than an interview with Forbes/WSJ/???

Booting Charlie Miller out of the game is also a completely retarded move. Making it harder for him to find vulnerabilities doesn't mean they'll dissappear. It just increases the chance that they'll be found by someone else, and that means greater risk of the "discoverer" being a black hat who won't tell Apple about it, and just abuse it.