THE RADIUM WATER IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Back in the U.S. robber-baron era (1870-1905) it used to be the case that it was your own fault if you put it in your mouth. It didn't matter if the seller marketed it as edible despite knowing or suspecting that the product was poisonous (such as radium water or formaldehyde-preserved milk). As the buyer you were supposed to know better, as summarized by the legal doctrine caveat emptor ("let the buyer beware"). It was only later that caveat emptor was _partially_ overturned by the invention of the "implied warranty", as federally formalized in the Uniform Commercial Code of 1952 (though the concept was kicking around decades earlier than that on a state-by-state basis). In the absence of a warranty (explicit or otherwise), the seller had made no promise to the buyer about the product sold, and with no promise to break there was therefore no fraud on the seller's part. No fraud, therefore no wrong and no restitution: no wrongful death damages, no medical bill expenses, not even a "satisfaction or your money back" refund guarantee.

To this day, there's still quite a bit of caveat emptor in the law. For example, cigarette smoke is poisonous at the intended dosage, full stop. Habitual smoking of cigarettes is known to inactivate hemoglobin by way of carbon monoxide, to reduce lung capacity by accumulation of scar tissue, to damage the cardiovascular system by hardening the arterial walls, and to dramatically increase the risk of lung and other cancers. But despite their documented toxicity, to this day tobacco companies are not held liable for selling them. They have been sued several times, but generally for their advertising, and many of the advertising suits have been for ads that played up false benefits or downplayed real drawbacks -- i.e. they made a promise (implied warranty of fitness) that was then broken (fraud). But so long as the buyer is duly warned (no false advertising, the Surgeon General's Warning is present), the situation reverts to caveat emptor and it's again the buyer's own fault if they put poison in their mouth.

NaCl (in its standard, non-Portable flavor) is essentially a bytecode that happens to be directly executable as machine code (either x86-64 or ARM). The bytecode can be statically verified to mathematically prove that the instructions obey certain rules (e.g. exactly one interpretation for any bytecode, execution only leaves the verified bytecode by calling trusted functions, can only read/write memory in the sandbox, cannot write to bytecode, etc.). As I understand it, PNaCl is similar to classic x86/ARM NaCl but trades fake bytecode for real bytecode (LLVM's intermediate representation, last I heard) and statically compiles it to native machine code after the bytecode verification step. Basically, in this scheme the verified C code can run at near-native speed, but it can only communicate with the world outside the sandbox by calling trusted functions that the enclosing app chooses to expose.

Theoretically, Java ought to be just as strongly sandboxed as NaCl: Java code in a JVM sandbox can only call trusted functions that the JVM chooses to expose, too. But in practice the Java standard library exposes a ridiculously broad attack surface, giving sandboxed apps plenty of chances to exploit bugs and escape the sandbox. (For instance, java.lang.String is a final class today because folks discovered that you could subclass it to make it mutable, pass a sandbox-approved value to e.g. a file I/O function, then modify the value to a sandbox-forbidden value after the security check but before the OS system call.) Basically, Java's attack surface is broad and leaky because Java was designed for running embedded devices and servers, not for sandboxed applets downloaded from hostile sites on the Internet. Applets were a distant afterthought compared to Java's "let's write an OS for set-top cable boxes" origin.

In contrast with Java, Chrome's implementation of [P]NaCl only exposes the Pepper API, and the Pepper API was designed from the ground up to be called by sandboxed code fetched from a malicious website. Looking at the Pepper C API site, the attack surface seems... bigger... than I would have expected. But most of the functionality I see there is also exposed to JavaScript, where the code is every bit as hostile. Almost any "attack surface, WTF" argument would also argue against JavaScript and all modern web design. And if they're smart, one API is hopefully built on top of the other (plus a thunk layer made of machine-generated code), so that there's only one pool of security bugs to fix.

A repost of a Google+ post I wrote a year and some change ago:

---

From today forward, all federal government expenditures will be priced in "Iraq War Days" (IWD) or "Iraq War Years" (IWY). For quick reference:

• - MSL mission w/ Curiosity rover: 3.5 IWD
• - Cost of giving $10 to all 312M US citizens: 4.33 IWD
• - 2012 "General Science, Space and Technology" budget: 43.04 IWD
• - Cost of giving $100 to all 312M US citizens: 43.3 IWD
• - 2012 Welfare budget: 210.3 IWD (0.6 IWY)
  • ~ Computed as 26% of the 2012 "Income Security" budget
  • ~ Includes TANF (22%) welfare, SNAP (70%) and WIC (8%) food stamps
  • ~ All ratios from 3rd party analysis of 2010 data; see "How much do we REALLY spend on Welfare?"
• - 2012 "Medicare" budget: 672.9 IWD (1.8 IWY)
• - Cost of giving $2250 to all 312M US citizens: 975 IWD (2.7 IWY)
• - 2012 "National Defense" budget: 994.9 IWD (2.7 IWY)
• - 2012 "Social Security" budget: 1081 IWD (3.0 IWY)
• - 2012 Total budget: 4986 IWD (13 IWY)

Source: "United States Federal budget, 2012" and "Mars Science Laboratory" pages on Wikipedia for budgets, google.com/publicdata for US population, National Priorities Project via "Cost of War" Wikipedia page for IWD exchange rate.

---

Something I didn't note in my original post that's probably worth mentioning in passing: Social Security is huge, "bigger than the National Defense budget" huge, but it's basically self-funding because it's a retirement investment paid for by payroll taxes (modulo population bumps, e.g. the post-WW2 "baby boom"). Person A pays in, person A cashes out, theoretical net cost to taxpayers $0.

Short version, no. There are no nuclear fuels with the right balance of properties to achieve that. Long version: go Wikipedia nuclear fission, fissile, and critical mass.

This doesn't work. There's no viable substitute for helium, not even hydrogen. The reason helium is so useful is that it boils at 4 K (by far the coldest boiling point of any substance), remains liquid all the way down to absolute zero at standard pressure, and becomes superfluid at 2 K (the only bulk superfluid achievable on Earth).

The boiling point is important because that's how cryogenic cooling works: when you use a circulating liquid coolant, the temperature of the (coolant plus apparatus) system cannot exceed the boiling point of the coolant until the coolant has entirely boiled away, so you get a very consistent and predictable temperature (right up until the coolant is gone). 4 K is below the critical temperature of the most common materials for superconducting electromagnets: niobium-titanium (10 K, relatively cheap) and niobium-tin (18 K, highest known T_c for a traditional superconductor). Hydrogen is not a substitute, because it boils at 20 K; that's noticeably too warm for any traditional superconductor, and even if it weren't, superconductors can handle stronger magnetic fields the colder you chill them, so they'd be less useful in an MRI machine. And you can't chill hydrogen much colder than its boiling point before you hit its melting point, 14 K, at which point it stops circulating and becomes much less useful as a coolant.

The superfluidity is not quite as useful day to day, but it's used to study the behavior of other quantum mechanical systems, such as neutron star interiors, that we can't recreate in a lab. It also forms a rigorous analogy with superconductivity, especially in the case of fermionic He-3, so it gives us a chance to play with a bulk fluid that propagates fluid currents in the same way that superconductors propagate electrical currents. Nothing else can replace it for this purpose.

(Side note: helium is not a truly expendable resource. Of the helium present on Earth, not a single gram is left over from the formation of the solar system; Earth doesn't have the mass to retain helium in its atmosphere. All our helium comes from the alpha particle decay of heavier radioactive elements, like radon. When the alpha particles relax and become neutral helium gas, the gas is trapped by the same gas-impermeable rock formations that trap natural gas. However, the natural recharge rate from radioactive decay is much slower than the rate that we're extracting it and venting it, so if we don't curtail our waste we're going to run out regardless.)

But the DC announcement was not in the past light cone for the Chicago trade. Therefore the information had not yet reached the Chicago public. That is the criterion being judged, not simultaneity. Insider trading, case closed.

(And even if we take the classical limit of c approaches infinity, are we really to believe that a trade conducted within single-digit milliseconds of the announcement was based on consideration of the contents of the announcement? There exist fully automated flash trading systems hooked up to news wire services, but AFAIK even those don't react quickly enough to explain the speed of this trade. Shakier conclusion, but still insider trading.)

Package your ruleset.xml into DeploymentRuleSet.jar

Packaging your ruleset allows the desktop administrator to apply cryptographic signatures [emphasis mine] and prevent users from overriding your policy. This requires usage of a trusted signing certificate. The easiest route to get a signature is to buy one from a certificate authority like Symantec/Verisign, Comodo, GoDaddy, or any other; [...]. The default certificate authority list contains about 80 authorities from which you may purchase a signing certificate [emphasis mine].

-- Introducing Deployment Rule Sets, Java Platform Group blog

Why in the name of the everliving fuck would anyone think this step was a good idea? The file is already located in a directory that can only be written by root (or Administrator, as OS appropriate). Why require a signature? This adds zero security. If you have root on the machine, you can add a self-signed CA to the trusted CA list anyway. Do they have a kickback arrangement with Verisign or something?

As other people pointed out, disk seeks are most assuredly something to avoid on spinning media. But even when seeks are free, as they are on SSD, fragmentation still sucks and you should avoid it like you owe it money. For one, some filesystems use run-length encoding for the list of blocks in a file. Basically, instead of recording "1, 2, 3, 4, 5, 8, 14", they notice the pattern and record "1-5, 8, 14" like you just did in your post. (The ext[234] family doesn't do this, but IIRC some of the post-ext2 up-and-comers use it.) RLE lets you inline more metadata directly in the inode without resorting to indirect blocks, which basically means you get your data with fewer round trips to the disk. (It might save you from needing to read a meta-meta-block to find the meta-blocks that tell you where the blocks are. Instead you can fit all the blocks in one meta-block and skip a round trip.) For two, even filesystems on SSD that don't do RLE still suffer under fragmentation. Unfragmented files make it easy for the kernel I/O scheduler to coalesce those sequential block reads into big, happy multi-block SATA reads when you're streaming through the file. As before that means fragmentation = more round trips to the disk, but it also means fragmentation = spamming the SATA controller with more commands and spamming the CPU with more interrupt handlers for the command completions. (In other words, copying a big fragmented file slows down everything else on the computer, moreso than copying a big un-fragmented file.)

Disclaimer: I am not a filesystem designer, I just play one on Slashdot.

It's a lot less mathematically tractable than the "homogeneous population" model, so you can't just throw calculus at it. AFAIK there haven't been any good empirical studies, but I don't follow the literature so I could be off-base. I would naïvely expect that someone's tried Monte Carlo or other computer simulation methods? Again, not familiar with the literature so I'm unqualified to comment further.

Yes. The measles herd immunity threshold for the MMR vaccine is 92-94%. If more than 6% of the idiots around you go unvaccinated, measles becomes likely to spread among people who have already taken the vaccine or otherwise acquired immunity.

The reason is simple: the immune system is random. The B cells in each vaccinated individual produce different antibodies in response to the same antigen. Since an antibody's response to antigen X1 doesn't correlate much with its response to antigen X2, and different lines of a disease have different antigens, no vaccine can be 100% effective. Any one person might have total immunity to some given line of the disease (called a "quasispecies"), yet be totally vulnerable to some other quasispecies whose antigens are invisible to the existing antibodies. Different people are vulnerable to different quasispecies, and there are thousands of quasispecies (grouped into 21 strains in the case of measles), so we usually just throw our hands up in the air and pretend that infection vulnerability is a wholly non-deterministic thing.

Herd immunity is the threshold where each infection produces, on average, one new infection. If the vaccination rate is above herd immunity, each infection produces less than one new infection (exponential decay). The outbreak reaches its peak quickly, then vanishes as the existing victims fight off the disease (or die). If the vaccination rate is below herd immunity, then each infection leads to more than one new infection (exponential growth). The outbreak then grows rapidly until so many people are already carrying the disease that the disease runs out of new hosts, reaching a new steady-state of one new infection per infection... at which point we say it has transformed from epidemic (an outbreak) to endemic (never going away on its own).

If vaccines were 100% effective, falling below the herd immunity threshold wouldn't be so worrisome for people who are vaccinated. True, among vaccine-refusing populations (and those who can't benefit from vaccines, e.g. babies, the very elderly, AIDS patients, and organ transplant recipients) the disease would perpetually rage, as there would be enough contact between vulnerable islands that the disease never quite burns out. But in reality (a) each person who is immunized has a small-but-nonzero chance of catching the infection (and passing it on), so everyone is potential virus-habitat regardless of vaccination status, and (b) more victims means larger viral population means more viral reproduction means creation of more quasispecies. More quasispecies means that, if there is some way that the antigens can change that will give the disease access to new victims without compromising the disease's ability to spread, evolution will find and exploit it sooner rather than later, so the virus can get its grubby little capsid proteins on fresh meat that other strains can't touch (i.e. you).

What we're seeing in Texas is an outbreak in an overall US population where vaccination rates are falling, but still above the herd immunity threshold... for now. If rates continue to fall, we can expect these outbreaks to become larger and more frequent, until they eventually reach criticality and the end of one outbreak always overlaps the beginning of the next, i.e. the disease becomes endemic again.

(Pertussis is also stupid contagious and thus has a high threshold for herd immunity, but pertussis is about 10 times more likely to kill a baby than measles is. Like measles, pertussis is also seeing big ugly outbreaks these days: the Denver metro area, Northern California around Marin, Washington state, i.e. basically the places where the cultish and vaccine-refusing Waldorf School has a notable presence. Annoyingly enough, the DPT and TDaP vaccines was never even implicated in the original Wakefield autism-vaccine nonsense, yet the vaccination rates have been falling about as dramatically as those of MMR, probably because Wakefield's "MMR is bad (and here's a patented replacement vaccine, no payola I promise!)" got simplified into "vaccines are bad" in the US's celebrity-worshipping mass media echo chamber.)

Back when I was living in Wichita, Kansas, one of the few nice things about the area was the Cosmosphere, a shockingly out of place top-notch aerospace museum in nearby retirement town Hutchinson. It has a decommissioned SR-71 hanging from the ceiling in the lobby. I'm not by any means an aircraft geek, but even I have to stop and mumble "that is a gorgeous plane".

The LZW patents were the impetus for PNG, but PNG is superior in every possible way... except that PNG skipped animation, because animated GIFs didn't seem like an important use case to support. (As I recall, their primary use at the time was badly pixelated spinning red alarm lights on Geocities pages.)

FASCIA is actually a real word: the name for the thin sheets of connective tissue that bundle other tissues into tubes. It's not uncommon for someone with arch support problems to pull or tear a muscle fascia in their foot. More ominously, fasciae have previously made it into the news by way of "flesh-eating disease" (necrotizing fasciitis), which is where a bacterial infection (esp. strep or staph) breaches the superficial fascia and uses it to spread quickly under the skin, faster than the immune system can pin it down and mount a credible threat.

The Periodic Table isn't a model, or at least not a functional model. It's a chart - a way to represent data.

It's more than a chart. A table is not just a way to represent data; a simple list of all items in random order can represent the data just as well as a table can. A table is a way to organize data -- by spotting patterns, identifying which patterns are most important, then arranging the items to highlight those patterns. By choosing which patterns are important, you are implicitly constructing a model of what the items in the table are.

The Mendeleev-derived periodic table has done quite nicely for us: it predicted the properties of many elements long before we actually isolated them, and it was doing so well before we understood that the patterns highlighted by the table (the table's implicit model) were ultimately caused by the arrangement of electrons into quantum-mechanical energy-level shells by way of Pauli exclusion, with the arrangement of elements in each row directly dependent on the quantized degrees of freedom in each shell's energy level (hence the 2*[1], 2*[1+3], 2*[1+3+5], 2*[1+3+5+7] pattern in the table's row widths). Think of the table as a quick first-order approximation to the deeper equations needed to compute the true physics, such as the energy of a filled d-orbital in the third electron shell. A more complex table with an extra dimension or two of symmetry might be able to capture more patterns, giving us a more detailed model that produces better, more subtle approximations than the Mendeleev-derived model can yield; yet that new model would still bypass the tough work of calculating how electrons actually behave when packed around a single nucleus. (Or perhaps we could capture some symmetry affecting how an atom forms molecular bonds, or a nucleon symmetry that gives better predictions of stability and half-life or that better captures why the stable proton:neutron ratio isn't a perfectly smooth curve.)

... and, uh, "praise" is not the word to describe what my co-workers are saying about the movie.