there are probably many unnoticed security holes in just about every OS and commonly used library

Yeah that's the distinction. The point is that we noticed, and this *single* security hole has an enormous reach.

That it reacts fast is good. That the bug could be audited in the source, in public, is good.

We should remember that FLOSS reacted very quickly to the "revelation," but the bug itself has been sitting there for years, which isn't really supposed to happen.

It's nice we know how long it's been there, and can have all kinds of philosophical discussions about why the OpenSSL folks decided to write their own malloc.

Also OpenSSL was effectively a monoculture and just about every SSL-encrypted internet communication over the last two years has been compromised. OpenSSL has no competition at its core competency, so the team really has no motivation to deliver an iteratively better product, apart from their need to scratch an itch. FLOSS software projects tend not to operate in a competitive environment, where multiple OSS products are useful for the same thing and vie for placement. This is probably bad.

his point was that people need to see what they're giving to the government

People "see" it already, on their paystubs and on their 1040s.

What he wants is for tax collection -- not taxes themselves, just the way they're collected -- to be intentionally disruptive, so that people will attempt to lower rates and revenues not because they are high, per se, but just because the way they're collected causes economic harm.

No, you'd just have a bunch of big banks getting into tax financing, offering modest loans at reasonable interest rates(see fine print) to help people who didn't save for their bill.

The withholding system works because it causes the least economic distortion -- the more a tax "hurts," the more adverse an effect it has on day-to-day economic decisions, the more it's liable to cause people to make bad economic decisions, like saving huge lump sums in the bank instead of investing or consumption. A tax "hurting" might be good politics (for some people), but if it causes people to have irregular cash flow or makes it significantly harder for them to make planning decisions it will hurt economic growth.

If you want to talk overall economic health, taxation does not really impact it since all those tax dollars just go strait back into the economy anyway.

Ehhhhhhhh.. it's not that simple. The government can allocate wealth well or badly, it can waste a significant amount of money by overpaying, by giving a supplier more than the least they would be willing to accept -- classic economic rent. Suppliers win premium prices through lobbying.

It cuts both easy though, lobbying can cause the government to waste money, or cause the government to force everyone else to waste money, just as Intuit has basically carved out an entire industry for itself as the IRS's middleman, while if the IRS were to simply pre-fill people's returns itself most people would save a little bundle every year on tax prep.

Can't tell you how many times I've received the "well if they got this far, it's game over anyway" response, and it's been bullshit every single time. SSL isn't a magic cure-all; it's one of many, many different layers, each of which raise the bar of complexity and difficulty of successful, undetected penetration. Is SSL a super powerful security layer? No, but why take away something that's trivial for you to set up and maintain and which creates additional work for an attacker?

This idea that we should simply give up at some point is absurd. It's the reason you find incidents like the Target breach happen so much (though typically not with that level of impact). It's because beyond a certain point, everyone just throws their hands up and assumes that if somebody got that far, they won. Meanwhile, 20 other countermeasures which would cost nearly nothing to implement are left by the wayside and any one of them just might have been the straw that broke the attackers' back. This mentality needs to stop if we're ever to make progress preventing attacks and limiting the damage done.

Of course SSL isn't anywhere close to bulletproof. Just like a firewall isn't bulletproof. Anti-malware/anti-rootkit applications aren't bulletproof. NIDS/IPS and HIDS aren't bulletproof. All those things together, however, raises the bar for an attacker to successfully locate and exploit a vulnerability and remain undetected. The less of those kinds of things you have in place (and appropriately configured/monitored/alarming/etc), the lower that bar.

My response said nothing of SSL being a magic cure-all. It was a response to the idea that security behind the firewall is unnecessary because firewall.

The 1980s called and would like their "my firewall stops ALLLL the hackerz!" approach to security back.

On the server providing updates to all your Windows systems? Thank goodness you have no authority over my network. All the guys on my team get regular reminders about the importance of defense in depth.

Flying cars are technically possible.

Flying cars however are not desirable for everyday drivers: they have a hard enough time managing 2 dimensions, we don't need them to occupy a third. So unless they're fully automatic in flight mode (with manual control disabled), flying cars can only be flown by trained pilot.

The market for pilots who want a plane that turns into a car is very small. That's why flying cars won't happen - not enough money in it.

Blahblahblah.

I've studied the science and the "science" behind climate change for 20 years. I've reviewed the publicly available data. I've reviewed the models and their results. I've reviewed the common methodologies behind the statistical smoothing and proxy data collection. I've also studied the arguments raised by those who claim it's impossible or simply untrue.

What I've found is that both sides are filled to the brim with people who understand nothing of scientific rigor. They're filled with people who reached a conclusion as soon as they heard the initial one-liner argument from one side or the other. In the end, the real science underpinning this discussion is in its infancy. We're looking at an incredibly complex system with enormously influential inputs that come and go - some in cycles, some not - and which drastically alter the equation. We're still at the point where we don't know what we don't know. What we do know is that changes are happening and have been happening which have an enormous impact on human civilization and the entire ecosystem. We also know that we've been doing significant environmental damage to some areas.

What we most certainly do not know is how our activities have affected the world's climate. We just don't. We can't model any of it because we don't understand it. There's never been a model that's worked even reasonably well for more than about 3 years and not a one can do historical prediction without an enormous amount of fudging (i.e. "yeah no idea why that data is there, so rather than just ignoring it, we told the model that at this specific point there would be some new factor we called "X" that accounts for the change and then goes away at this other point, so now the model looks better". "Oh, our model just ignored that data and we marked it as bad data").

You see, the problem here isn't that I don't understand science. I do. It isn't that I haven't kept up with the field. I have. That's the problem: I've actually looked at it from both sides, and both sides are fairly full of shit.

It gets worse...

If you go back more than about 35 years, the data becomes so terrible that you have to use ridiculous amounts of statistical hand-waving to pretend you have any sort of precision (and to make the data move outside the error bars). When you go back past about 1920 (when the first fragments of standardized temperature measurement took hold), the data turns into a pile of garbage. Now you're on to looking at which flowers bloomed where and subjective accounts from human settlements (e.g. some guy's personal correspondence complaining about how cold it's been this year). If you want to go back further, to points where -as you said- you get geologically significant data, you're using even more terribly imprecise proxies like ice cores. They'll tell you within a couple of degrees what the average was over the course of a few hundred years.

None of this, outside of data gathered in the past ~35 years, even comes close to actually being able to diagnose the cause of a 1c shift over the course of 100 years. Not only can we not say what the actual cause is, we can't even say that it hasn't happened in half the one-century periods since the end of the last ice age. And that data gathered over the past ~35 years since satellites went into orbit? That data disagrees with itself. You ask the satellites, you get one set of data. You ask the ground stations, you get another set of data. You ask the proxies, you get yet another set of data. Some of that data agrees on general trends and some of it outright bucks everything else.

All of it gets hand-waved away with "we know what we're talking about!!!". This isn't science; certainly not the science I grew up with. In the science I grew up with, you didn't start with the conclusion, then develop the tests that get you there and ignore any and all data to the contrary.

"A study out of McGill University sought to examine historical temperature data going back 500 years..."

In other words, "We looked at the last 2 seconds of this 9 hour VHS quality movie and determined that the car featured in it is moving faster than it should be in last frame."