This is the most childish post I've seen on this story yet.

Objection your honor, asserts facts not in evidence! No one said there was anything wrong with you or that you should be feared. The whole point is women can't know a-priori who the good guys are and the penalty is being raped or killed. If only 1-2% of the guys are the bad apples (probably a bit low), then in a conference of 5000 men there are 50-100 who would do her harm. Do you honestly even give a second thought to someone punching you in the face or stabbing you at a conference? Didn't think so.

Seriously? You mashed the keyboard and clicked post to share this bit of drivel with the world?

Get the chip off your shoulder man.

Know what all the nice girls are doing? Quietly trying to navigate the hurdles of life and getting by. Same as the real nice guys (not the fakes who pretend not to be interested in a woman so they can ingratiate themselves).

DaveV1.0, you are part of the problem.

From one male nerd to another: not acceptable.

What planet do you live on? This is a very common thing among nerdy guys, though slightly less so with the younger generation thankfully.

Why does every single discussion about women in tech immediately result in a bunch of denials, followed by pats on the back (upvotes) as dudes congratulate other dudes on how much of a not-problem there is?

From one white male nerd to the rest of the community: Come on, you can't be serious? Women are treated equally to men in tech? Really? Really?

The evidence is all over. You can see it on twitter, in forum posts, or just by asking any of the female geeks you may know.

To claim otherwise is to endorse a lie. If you've helped clean up your little corner of the world, excellent and good on you! But please don't pretend geek/nerd culture has no issues with women.

* As to what happens in other communities, who gives a shit? That is irrelevant. I'm concerned about our community. We should have better standards, especially those of us who were bullied as kids before the dotcom boom when being geeky started to be seen as at least not completely aberrant behavior.

Except you are taking this off-topic because right now, at this moment, we are discussing women in geek/nerd circles. Specifically a guy who seemed at least a bit nerdy and blamed women for not seeing what a nice guy he was (translated: faker who pretends not to be interested in them romantically). While the vast majority of nerdy guys certainly wouldn't do anything violent, there are many, many thousands of them who share the same attitude: women just won't see what a nice guy he is and it's all their fault for being bitches and whaaaaaaaaaa.

Every single time someone tries to start a discussion about how women are treated in nerd/geek circles, a bunch of my fellow guys jump in and change the conversation to be about something else. Why? Because geek/nerd culture is dominated by white men so we have the largest number of voices.

Just for once, can we have a discussion about women in tech without trying to change the subject? Please? White male geek asking nicely here.

I came in expecting a bunch of hand-waving denials, cries of "WHAT ABOUT MEN'S RIGHTS?!?!", and other such nonsense and I was not disappointed!

Women in tech/nerd circles generally face a lot more BS than a man would in the identical situation. That continues to go on because some of us seem to think this is an attack or indictment and refuse to acknowledge it.

Here's a pro tip: the guys who grab women's breasts, stand immediately in front of a woman when they're the only two in the elevator (blocking her exit), start asking sexually-charged questions, follow her around after a meeting, or even just the ones who automatically dismiss anything a female developer says.... They don't generally act like jerks in plain view. When they do, those of us who do care sit by silently; when the manager pats a female developer on the head and tells her not to worry about it, a lot of guys just laugh or ignore it.

You may think it doesn't happen but ask the women in your group how many times people have treated them like children, dismissed them, or behaved in a really creepy way even after being asked to stop **. Ask any reasonably well-known geek girl to show you her "death & rape threat" tweet or email folder and you'll see hundreds or thousands of them.

** I've personally seen it many times; once I even witnessed a guy ask a female geek how many guys she had slept with, then get righteously offended and angry when she said that was an inappropriate question. (To my own younger self's shame I did not step in and call him out at the time - something I regret). Women often feel they can't speak up about anything that happens to them because they are loudly shouted down as liars, whores, or met with complete denial. Even asking someone politely to stop being a creep can elicit angry self-righteous replies.

I think the refusal to see the issue and complete denial stems from fear - the fear that this will spiral into some out-of-control political correctness where we can't tell a joke, give a compliment, or even chat up women anymore. As far as I can tell that's just a manufactured fear with no basis in reality. The creepy angle also comes from guys who feel they are unable to approach women, but prominent and famous women are "known" to them, a sort of false relationship we all can tend to feel we have with the public figures in our lives. In that situation they act far more familiar than they otherwise would.

So here's a simple thing you can do: make your tech meetups friendly toward women. If you see another guy acting creepy, call him out on it. If you find yourself objecting to a technical point raised by a female developer, just take a half a second to think "would I object if it were Bob asking instead of Alice?". Stop letting the bad apples spoil the whole bunch, and worse - teach the young men and women in tech that this behavior is acceptable. Most of all, stop denying there's a problem.

I bet if even 5% of the male developers spoke out against the negative behavior and actively supported women in tech, we could completely eliminate this issue almost overnight.

Yeah but if you get mad and start throwing things you can end all of existence. Some say the universe would collapse and reboot but sounds like hocus-pocus to me!

Car makers cried and pitched an absolute shit-fit about seat belts, air bags, and fuel efficiency standards.

In theory, the free market should produce incentives for solving for safety and efficiency. In reality, it just optimizes the local maxima, since no one wants to be the first to "blink" by making these new technologies standard (thus greatly lowering the cost), ensuring they stay high-priced luxuries.

If we leave it to the free market, we'll be stuck on gasoline engines for another century at least, with all the negative impacts that will have on our economy as the increasing cost of oil and various shocks hit. That's not even dealing with the environmental or global climate change issues.

Government regulations can jump-start the industry and so far it appears to be working for electric vehicles. We are still in the early-adopter stages; they'll get better and cheaper as long as we keep at it.

Fun fact: government almost always leads the way into uncharted territory. It wasn't private industry that built trans-continental railroads (which makes Atlas Shrugged hilarious). It was the US government. The government gave the rights of way, passed a series of massive funding bills to give the railroads free money and tax breaks, sent in the army to protect the rails from Native Americans, robbers, etc. Without federal government involvement, the US rail network would not exist in the form it does today.

For that matter, neither would the interstate highway system.

Nor would computing: it was massive US federal government spending that paid Grace Hopper to invent the first compiler! And it was government spending that created the Internet, both TCP/IP via ARPA and the WWW via CERN.

Let me quote from one of the best-tested and most widely used projects out there, SQLite, from http://www.sqlite.org/testing....

The bolded part has been my experience unfortunately. Static analysis is nearly useless.

An appropriate test for something like an SSL stack is a separate test harness that "fuzzes" the stack by exploring large random combinations of values, some with known good certificates and others with randomly generated (and thus broken) ones. These days one can spin up thousands of VMs, run a massive suite of billions of test cases in parallel over a few hours, then spin them down and spend a relatively small sum of money.

And yes, the test harness for something like this is probably going to exceed the # of lines of code of the actual implementation by an order of magnitude. For really important security-critical stuff like cryptography, SSL/TLS, keychain management, etc it is well worth the effort.

IIRC this is actually an issue with the sending devices not being aware that the target contact no longer has iMessage enabled.

It's trickier than it seems because iMessage will route to your Mac, iPad, and iPhone. It doesn't know if you just haven't signed in recently or if you're gone forever. If I read a message on my Mac, it is a successful delivery, even if I tossed my iPhone in a lake and swore off cell phones forever.

Apple should add a portal to manage this on icloud.com so you can see all your devices and enable/disable them from iMessage. Then the iMessage servers should reply when a device certificate is used that is disabled or deleted, causing the sending device to update its records.

Remember - Apple acts as a key exchange system but the actual private keys only exist on individual devices; the sending device re-encrypts the message for each recipient.

Some people may mod this as Funny, but I take it as completely serious.

Even if it isn't the NSA, do you really think other state actors won't try to exert their influence?

Expect lot of FUD around security issues by direct paid shills, or just "grass-roots" opposition indirectly fomented by various state security agencies.

Hey, let's link to the actual document in question! What a novel concept!

http://www.apple.com/legal/mor...

Good news:

- Apple cannot track a phone via GPS, nor forcibly enable Find My Friends/Find my iPhone

- Apple cannot monitor FaceTime or iMessage conversations since they are end-to-end encrypted

- Apple cannot provide third-party app data that is encrypted since the files are encrypted with the user's passcode.

- It appears if the user does a remote wipe before law enforcement can get a warrant and ship the phone to Apple (or fly it there), then there is nothing that can be done. I wonder if they power up the device in an anechoic chamber so it can't receive the remote wipe signal? I would guess no because most people aren't smart enough to do an immediate wipe.

- We already knew the only trick they have as far as encrypted files goes is a custom firmware that bypasses the max attempt auto-erase and rate limit feature, so it can attempt to brute-force passcodes quickly. However it requires the attempt be made on-device, since the keys are stored in the secure storage with no facility to get them off-device. So even a moderately complex passcode is effectively unbreakable, let alone a good strong password.

Questionable:

- user generated active files (this is what SMS/call logs/photos/etc are listed under). Normally if a device is powered off and rebooted, I was under the impression that these things were not available because the files are encrypted. It seems that iMessage is at least encrypted here, but I would be curious to find out what the situation is. Everything except photos, videos, and recordings is a moot point because you can get stuff like SMS history and call logs from the carrier anyway so those are the only ones I'd be concerned about.

There are some definite good points here - Apple has chosen not to build themselves backdoors or workarounds, presumably because they can't be ordered to disclose information they don't have access to... same reason they built iMessage the way they did. A court would have to order them to refactor their software before it could order them to intercept messages, and at least in the US there is no precedent or law that can compel them to do so.

However I would expect the âoeuser generated active filesâ to be encrypted after a device reboot until the passcode is entered. If that is not the case, Apple should fix it pronto.

I would also expect Apple to refactor the storage of those things to be segmented, given the NSA revelations and increasingly authoritarian behavior of law enforcement; for example, photos pending background upload could be kept unencrypted, but once uploaded they should be rewritten as encrypted so they require the passcode to access. They already have the ephemeral key tech and per-file key support so you can generate a key for the unencrypted file while the device is unlocked, then toss the passcode key when the device locks and only hold onto the file key until the upload is finished, then toss it. Thus no risk to the main key but you can still encrypt the file in the background.

I won't bother discussing Android phones - they are almost all trivial to break and access all the user's data, when people like Samsung aren't coding back doors directly into the firmware.

This is a huge misconception about functional programming, one that I used to have myself.

With a functional programming language, you can have side effects, you are just forced to be explicit about those side effects with specific language features in specific places.

Basically functional programming requires you to "opt-in" to side effects only where necessary.

Traditional imperative programming requires you to "opt-out" by taking huge steps to enforce immutability, generating mountains of code to accomplish any task because the compiler doesn't help you.

Apple handles the billing, customer service, credit card merchant fees, runs gift card programs, provides a CDN to deliver both the app and downloadable content, and provides access to a captive market.

Paypal or merchant account require you to handle the charging, refunds, paperwork, etc. You also need to find your own addressable market. And run your own gift cards if you want bank-less people or kids to be able to purchase. And setup your own CDN. Depending on the situation you may need to pay commissions to sales people too. You'll be on the hook for currency conversions and setting up with the various banks, government entities, filing the paperwork, etc to make sure you comply with all local business laws in over 100 countries.

Apple is providing a service and 30% is a steal compared to most publishing agreements in the history of the world. They also don't cut side deals with large developers for a lower cut, meaning you and I are on the same level as Amazon and Microsoft. If you think large retailers pay the same merchant fees as the small guys you are badly mistaken. The big guys also have lawyers on staff to deal with filing paperwork and tax forms.

They cover that in the paper and videos. At 40,000 ft equivalent atmospheric pressure, water begins to cavitate or boil inside the siphon, but the momentum of the water pulls the bubbles past the apex before they can stop the flow, resulting in a "waterfall" inside the tube. Slightly lower pressure decreases this effect, slightly higher increases it.

At some point around 41,000 ft equivalent pressure the bubbles form too quickly and touch all sides of the tube at or slightly before the apex, resulting in the flow stopping. However if you then increase the pressure again at a certain point (around 30,000 ft IIRC) the flow resumes. They discuss attempting the experiment in the future with an ionic liquid that won't vaporize.

If you think about it, this is the same phenomenon as the ball chain flowing out of a container (https://www.youtube.com/watch?v=_dQJBBklpQQ). Gravity pulls on the first ball, which pulls on the next, which pulls on the next. As soon as that pull is strong enough to lift the chain from the surface to the apex, a siphon effect begins that will empty the entire container.

IANAP, but it appears that water siphons work the same way. Once enough water flows over the apex sufficient that the force of gravity on that water exceeds the weight of the water prior to the apex the siphon will flow. The big tell-tale sign that any explanation involving the air pushing down on the surface of the liquid is wrong is the flow rate - it is almost completely independent of atmospheric pressure.

The one question I still have is why the flow stops at 41,000 ft. I would have expected a kind of spring effect, followed by the lower portion of the siphon slowly descending as water vaporizes off the pre-apex portion, allowing the water in the lower part to descend while maintaining the same vapor pressure. I'm sure it is my failure to understand, so if anyone can offer a better explanation please do so!

Translation of GitHub's weasel words: "Our lawyers told us not to admit to anything or we could be liable in a lawsuit. The company we hired to tell us we aren't liable in a lawsuit told us we aren't liable in a lawsuit."

Maybe Horvath isn't entirely in the right here but it is clear that the co-founder must have intimidated her as she claimed and/or let his wife (a non-employee) run amok. GitHub even admitted as much when the original story broke and re-banned his wife from the building. GitHub's legaleze non-statement doesn't address this at all.

The anonymous medium post is being given far more credence than it deserves because it fits the narrative people want to have about the story. Just be honest... You want the truth to be that Horvath somehow did wrong and brought this on herself because the alternative is that a fun cool company that has good technology also did a bad thing.

Let us not forget that Horvath did not bring any of this up in the first place - she simply quit. It was an anonymous person (that was suspected of being the founder's wife at the time) who posted about it, thus eliciting a reply from Horvath.

Again, according to Horvath, the supposed "investigators" never bothered to contact her until a day or two before wrapping up the "investigation". It seems very clear GitHub hired them to obtain a foregone conclusion.

I don't see how any of this is shocking. It is 100% believable (and by Occam's razor probably true) that the founder's wife was allowed to run around like she owned the place, got into a conflict with Horvath, then when it blew up Preston-Werner jumped to his wife's defense (understandable) without thinking about the implications of allowing your non-employee relative to even put you in that kind of situation to begin with; he certainly didn't consider what it would be like for an employee to be cornered by a co-founder over it. Then when it became public, they called the lawyers, circled the wagons, etc. I also would be shocked if some of the anonymous stories are by GitHubbers who are just repeating internal rumors and rising to defend the company they like, without any actual direct knowledge of what happened.

While you are technically correct, the reality is that the most serious security vulnerabilities are almost all directly related to buffer overruns (on read or write), allowing an attacker to read or write arbitrary memory. Everything else is a second-class citizen by comparison; denying service by causing Apache to repeatedly crash is far lower priority than compromising all traffic and stealing credentials.

So when we look at that class of serious problems, we find that managed memory languages completely eliminate them.

Relying on people to "just drive better" is an automatic failure. We design everything from signs/road markings to cars themselves around the idea that relying on humans to be perfect is pure idiocy, so we need to create affordances that lower cognitive load, along with automatic systems that attempt to avoid collisions and mitigate their consequences when they occur.

Similarly, just relying on programmers to never make mistakes is guaranteed to lead to more exploits like Heartbleed. It's pure stupidity.

If OpenSSL were written in Rust or C#, it wouldn't be quite as fast, but we wouldn't be looking at years of government spies completely negating SSL, forcing all webservers on the *entire* internet to replace their SSL keys, instantly obsoleting hardware that can't be upgraded, exposing user's data (including login credentials) to attackers thus requiring EVERY FUCKING USER ON THE INTERNET TO CHANGE THEIR PASSWORDS.

Was the tiny performance benefit worth what we have now paid for it?

Of course we're going to continue using C and getting burned over and over and over. Who needs air bags? Just drive better.