Yeah, this triggered a WTF flag in my head, too. Most of the web servers I've worked with do just the opposite of this: If a web file is non-executable, anyone can download a copy of it. But if it's made executable, attempting to download it causes the server to run it and send you its output. So executable files are the ones that can't be downloaded by anyone.

I wonder how they have their servers configured. Maybe they've figured a way to reverse the meaning of the "x" bits, so that only non-executable files are run, while executables are sent as-is to the client. Ya think?

(Actually, I do have some directories with a .htaccess file that declare nothing there to be executable. I sometimes used that to provide an easy way for clients to download the source code rather than execute it and get its output, as happens in the main directories. But somehow, I don't think this is what that idiot was talking about. I suspect he's clueless about web servers and their capabilities, and was just making stuff up that he thought might mean something to someone. ;-)

But note that the question wasn't about understand mathematics or computer systems design; it was about diplomas or certificates in programming. It's fairly well understood that those are orthogonal quantities. ;-)

Well, a few years ago, I'd have said the same. But then I got involved with several of the latest "smart" phones and tablets. As a result, I now think "Undo Send" sounds like a fine idea.

The reason, of course, is all the times I've been typing a message, when suddenly it blinks out in mid-word, and I find that the partial message has apparently been sent. My muttered "WTF!?" has no effect. I've generally had no idea what I may have done (if anything) that caused the software to act that way. This happened once today on my Android (HTC ONE) phone, and I've seen it on several iPads and Android tablets. My wife reports the same behavior on her iPhone.

Of course, this wasn't a case of me clicking Send, so perhaps your "never regretted clicking send" does apply. But it'll be useful if a Send triggered by the software itself when I didn't want it to send anything will suffice as grounds for wanting an Unsend capability.

The only problem is the 30-second window. The email (and IM) interfaces are getting progressively more baroque, and that may often not be enough time to understand what has gone wrong inside the goofy software. What we really need is a way to tell it "Don't ever send anything unless I explicitly hit the Send button." But the clever software "designers" also seem to be eliminating things as mundane as buttons with words on them, replacing them with idiosyncratic icons (different in every email/message app) whose behaviour can be hard to remember if you routinely work on several different machines, as many of us do.

(Just today, I tried to back out of a messaging app by using what looked a lot like the usual left-pointing "Return to previous screen" button. It sent the message, though I'm not sure who it went to, and I hadn't even intentionally been trying to make a reply. Things really are getting this messed up. ;-)

One of the most popular cafes in this town is successful in great part because of their lack of background music. It's not a fancy place at all, just a deli-style counter with fairly good sandwich and salad makings, lots of good pastries, and a variety of (non-alcoholic) drinkables. I've lost track of the number of times I've seen groups decide to go there explicitly because conversation is possible.

Of course, I can see other restaurant owners deciding to go with the music because it interferes with conversation, so people will just eat and then free up the table for the next customers. Groups that are talking tend to stay around too long for a truly "commercial" establishment. This may well be the main reasons that eateries pay for licenses to play music. They want you to eat and get out in as short at time as possible, not sit around and talk.

The local cafe mentioned above is frequented by the local political crowd, and by the leaders of many local organizations. My wife is involved in organizing an upcoming music & art & food festival, and most of the organization's meetings have been held in that cafe. The cafe's owners presumably like serving this local function (and they also cater events in your home if you prefer). Maybe there's only enough of that sort of business to support one such eatery locally, or there's nobody else that wants to get into that niche.

Right; they're called Mathematical Physicists. ;-)

Joking aside, this isn't necessarily bad science. It could be viewed as a mere division of labor. Actual science needs experimentation, observations, etc. to verify good hypotheses or reject bad hypotheses. But there's no real reason this all needs be done by the same person. One could easily argue that, if you have a good theoretician (textbook example: Einstein), it might be to everyone's benefit if they sit off in some ivory tower churning out their equations, while others with good knowledge of current technology work out the testing protocols, and yet others who are good in labs do the actual hands-on work. This might work better than trying to have one person do it all.

Of course, I'm really just suggesting that we continue with what we've been doing for a few centuries. Theoreticians have always turned out lots of ideas that were wrong, while occasionally being right. Sometimes they do some of the experimental/observational verification, but most of that has always been done by others.

The main problem is with educating the media and general public about it all. History says we haven't done a very good job of that. But again, one might argue that that's a part of the scientific enterprise that's best handed over to specialists in such communication. This is also not a very new idea. (Textbook examples: Sagan, Tyson.) We mostly just need more people who are good at that task.

It's been long understood that scientific conjectures and hypotheses must be tested independently by people other than the ones that developed the ideas. Thus, Einstein didn't really much bother with experimental confirmation; that was the job of all the other physicists who (quite properly) didn't accept his ideas and were trying to disprove them. Real science does require verification, of course, but there's no reason to insist that it be done by the people who do the theoretical work. Also, there are known problems with people trying to experimentally verify their own hypotheses, which is why we so often read calls for independent testing.

So what's new about all this today? It sounds like Science As Usual to me. A lot of the hypotheses will never be tested, but that just means that they'll never graduate to the class of "theory".

A parallel that I've found instructive: In the publishing industry, it's well understood that proofreading must be done (if it's done at all ;-) by someone other than the author. It's difficult to proofread your own stuff, because you tend to read what you know should be there, not what actually is. I've seen this myself, with people pointing out typos in things I've put online that I know I proofread. I generally just fix the error, and send them a "Thanks" message, then go about what I was doing. Similar comments probably apply any time you're trying to actually get something right in any subject area.

One might be tempted to make the extreme suggestion that people shouldn't bother checking their own work. Just send it to an independent checker, perhaps someone who is willing to send you their work for checking. Send it to several such checkers, who have an understanding that you'll do the same for them. This way, people can concentrate on producing stuff that they're good at, and pay for it by spending time similarly checking other people's work that might not be so close and familiar.

I've seen evidence that this has sorta happened in a few fields. The idea is that you keep all the stuff you're working on online, in a semi-hidden place that your colleagues know how to access, but which isn't really "public". You might send email out occasionally asking them to read through a new document that you're putting together. This sort of setup happens a lot in software development, typically as online repositories clearly labelled as "development" to warn away non-technical "users". A mailing list or blog helps get people together who are willing to download and test new versions and send in bug reports. When you get enough colleages saying it seems to be working, you announce a new public release. This is not really very different from the old scientific concept of independent verification.

Well, yeah, I've done that when I can find the setting. But I need to do a lot of web testing, and have lots of browsers installed on my various test machines. With most of them, I can't find any such setting anywhere. This doesn't mean they don't have such controls, of course; it could just mean that I don't recognize whatever they call it. Terms like "click to play" don't seem to exist on any of them, and for the few that I know how to do it, they all use different terminology.

So does someone have a list of where to find the click-to-play setting on lots of browsers? Googling finds a few very short lists, but doesn't seem to have any info on the hundreds of others that are out now. Thus, I just installed Vivaldi on this Macbook Pro, its settings seems to have nothing at all to control active content, and google seems to just find questions about it, not answers. Again, this might just be because I don't know what Vivaldi calls their click-to-play setting.

So if you think that everyone should have click-to-play set by default, you presumably know how to do this on every browser, or you know where there's a list of explanations. Can you give us a link to this list?

(Curious web testers want to know ... ;-)

There's really just one major reason they haven't succeeded yet: The world's financial system, including your bank and/or credit union, now uses the internet for most of their communications. If encryption is outlawed, all your account information will be going over the wires unencrypted, for anyone along the route to intercept and store for later usage.

This is probably the main reason that encryption is still legal nearly everywhere (and used without prosecution in many places where it isn't legal). True, it doesn't matter to our rulers whether our account info is flying around unencrypted. But they understand quite well that encryption is what keeps their own large bank accounts safe from raiding by all the world's con men and identity thieves, not to mention their political opponents. Outlawing encryption for The Masses' account info while keeping it legal for anyone with economic or political power is pretty much an unsolved (and probably unsolvable) problem, so in most countries encryption remains legal.

Of course, they can put pressure on the suppliers of the software, and persuade them to supply encryption that's decodable by their own spy organizations. But this is subject to all the usual gotchas, since decryption keys and code are easily accessible via the usual bribes to the right low-paid admin flunkies in the appropriate organizations. This is something that all our politicians inherently understand, and to protect their own information, they easily decide that their own communications (and their funders') have to remain encrypted.

We can be fairly sure that our banks and other financial institutions will continue to educate our government leaders about all this, as they have done in the past.

(Actually, I keep reading that in much of the world, cell phones are now a major tool for handling financial transactions. I'd guess that this requires effective encryption to prevent interception by the crooks, including those inside the phone companies and government agencies. I haven't read good technical articles about how this actually works, especially dealing with local encryption laws. I wonder where the best docs on the topic might be. Perhaps someone here on /. might know .... ;-)

And here we have another "troll" mod to this comment, from a reader without a sense of humor.

(Actually, the Koch brothers might not be predictable in this case, since it'd depend on how much they had invested in the companies that manufactured the old, damaging refrigerants. And they might be aware of how easily society reversed that atmospheric problem with relatively little economic effect, so they might want to be careful about getting people comparing it with the effects of our CO2 output. ;-)

"Vote for me."

Except that's rapidly becoming non-viable, since over the past few decades, they've succeeding in capturing most of the money that exists and sequestering it so it's out of reach of the other 99% of us. Soon they'll have to find another approach if they want to continue capturing the money supply as they have been doing.

She's just upping her game, trying to become the worst American president in history. But she'll find that there's a lot of fierce competition for that title. Can she make it? Stay tuned ...

I see that the "Comment:" edit widget for this message does have the Hanzi and marked 'u' and 'o' characters missing. So the damage is done after you hit the Submit button. There's no excuse for this. None of those characters have any special meaning to the code, and text containing them can't do any damage to anything. If damage happens, it's the fault of the crappy software handling the text, not the fault of the creator of the text. The right thing to do is to correct the crappy software. Damaging the text is simply idiotic, and interferes with the main reason (communication between literate people) that Unicode was invented.

(And we might note that a significant fraction of the users of the Internet now consists of people who communicate via Hanzi text, or Arabic or any of the hundreds of other character sets that humanity uses to communicate. Damaging those folks' texts to avoid fixing your crappy software is a good way to tell them that you don't want them communicating with other people. This is rapidly becoming a commercially untenable position for people trying to "attract eyes" on the Net. ;-)

Hmmm ... That tempts me to try a test using a couple of file names on this machine that are two of the names for a Mandarin-English dictionary: .html and Ptnghuà.html (and also Pu3Tong1Hua4.html for systems that can only accept ASCII ;-). Those names aren't in any sense obscure or tricky; they're strings you'd expect to see in online discussions of text handling in various languages. If you can't handle at least these trivial Chinese strings, you've failed pretty badly. Of course, they look findin this Comment: panel, and will likely survive the Preview button.

Let's see how /. handles them ...

Nope; the 3 Hanzi characters didn't show at all, and only the à showed correctly in the second name. But both everything looks correct in this second editing widget. This proves that /. hasn't damaged the actual text in the Preview. Let's see what happens when I try to post it ...

So they're saying that they have such monitoring/protection, but members who aren't explicitly paying extra for such monitoring/protection aren't being protected from identity theft in any way?

Somehow, I don't find this surprising. But I'm a bit surprised that they'd admit it so blatantly and openly.

(Actually, I'm a bit dubious about their implicit claim to have such monitoring/protection already. But it's fairly common for companies to make such claims for PR purposes, without bothering to actually implement what they're claiming to supply until something like this hits them. Maybe they had another similar incident happen sometime in the past, and are finally getting around to doing something about it?)

(And what exactly does "identity threat protection" mean? Google doesn't seem to have any matches for that phrase, and automatically replaces it with "identity theft protection", which doesn't sound like the same thing at all. ;-)