Except that the app isn't open source. If it was someone probably would have spotted this sooner. So if anything this highlights the danger of using closed source anything crypto related. Sure OSS stuff might have problems, very very clever people might be able to insert back doors and weaken algorithms in ways others might not see, and any software can have subtle bugs, but at least very basic FRAUD as in it does not even attempt to do what it claims would get spotted.

That and the authors probably never would have published the code because lets face it; in 2015 if you know what a bitwise operation is and how to use XOR you know while it might be useful in the act encrypting plain texts it does not itself provide encryption if you just use some static byte over and over again. Shame is a powerful tool, really all of society rests on shame and seeking to avoid it at some level.

The second lesson here is that the app store tramp stamp does not mean you are dealing with quality software, anymore than the old winlogo program ever did. At most it means some basic user interface level QA testing happened. Probably not much better than "we ran the app it appeared upon cursor inspection to have done something that could be similar to what is claimed, it did not crash, and did not display a goatse.cx page." They don't dig into the detail. If something says it encrypts documents, and they don't open when "encrypted" and do open when "decrypted" that is all it takes to pass this level of testing.

Just because you paid for it and got it from an app store does not make trust worthy.

I don't find it interesting that they want to read the rules in way that is most helpful to them whatever the situation is, most people want that.

What I find interesting is that the think they can get away with an inconsistent characterization of who/what they are.

You don't get those warnings if you have verified and installed and trusted the cert.

This argument that warning about self signed certs is stupid. Look the software has to do something to let you know the connection is insecure, you should assume http is insecure and you know that because the little lock icon is not present. You know http does not contain any other authenticity or integrity controls, you make your choice. https (SSL/TLS) normally is you authentication, integrity, and privacy control suite, you have to be told somehow those things can't be assured when https is in use but no trust relationship has been established.

  I suppose the little lock could simply not be displayed but than as use how do I know what the problem is? Is the site using plain text, is the cert expired, not trusted, etc, I have no information about what I might need to do to obtain a secure channel. So you can object to the warning all you want but somehome this information fundamentally must be displayed so a human can make a security decision and take some action.

Except that it won't cause much upheaval, which is really the only reason they can do it in the fist place.

Google is not the player in China that it is in the west, there is quite a bit of local competition for most Google services there, they really are not even a leader and that has a lot to do with Google actually being "not evil" and refusing to cooperate with the 'Party' on some things.

Chrome isn't Internet Explorer, the people using it across the world are far more likely to understand what a digital certificate is than the general population of Internet browser users. Which is not to say they all do but the fact is if you are using Chrome and to a somewhat lessor extent a Droid device you have somewhat self selected by picking your technology which makes it likely you know something about it. Now select for the users that are making use of Chinese sites, and the pool gets even smaller.

I may be cynical but I still don't believe if say Verisign, Thawte, or GeoTrust had got caught either negligently or willfully making bogus certificates available the result would be the same. I suspect they would be considered To Big to Fail. If you are Google you can't push an update that breaks 30% of the SSL sites westerns (your better paying advertising demographic) visit often. To many of them won't like it, even if in an abstract way a large portion of them do recognize you are looking out for there interests. They will go back to IE or worse put down the Droid phone and pickup their IPad because 'Amazon works with those' and they can 'Watch the Netflix'.

People like driving, some of the time would be the more accurate statement. Lots of folks enjoy a Sunday drive, or even a road trip, relatively few enjoy their morning commute. We like driving our cars when its on our own terms we don't have to be someplace and we have some ability to avoid aggravating situations like high traffic areas and needing to be someplace by 7:30 etc.

This is much the same way we like ridding horses when its not cold, or raining, or for such great distances we get saddle sore, etc. Its a fine hobby but not the ideal way to get to work or the grocery store when your other choice is an modern automobile.

Similarly driving and racing will be find hobbies for those who can afford it, but not the ideal choice to get work if the alternative is you can sit in your personal transportation pod and prepare your notes, eat your breakfast (safely), make phone calls, just relax if you are over tired not feeling well etc.

Ultimately people will drive for the sake of it, but the utility aspect of it will be given over to automation.

I think the parent has a point about the social impact though. More and more we do without interacting with one another. Driving puts many of us into life's beautiful random situations. The route you wanted to take is closed, you detour down a road you have never taken before spot a little restaurant that looks interesting, now you know its there, you can come back and try it some time. If the auto drive system is on and you never look up from your book that does not happen. Road trip same thing, you get tired or hungry you pull off the interstate into some little town, have dinner somewhere meet a few locals, read a historical marker and discover some aspect of history you never knew. Again auto drive system on you just sit there until you arrive at your planned destination. Why stop? just pack a sandwich etc.

Actually I can see this doing more harm to the domestic airline industry than anything. Flying these days SUCKS. By the time you get there an hour early and wait for your luggage on the otherside, quite a lot of the time you could get to your destination by car just as quickly and in greater comfort. Right now I figure you have to go at least 300 miles before a flight makes sense. Suppose you never had stop to sleep/rest/eat because you are not driving, but you have the freedom to ask the car to do it should you want to do so. You also save money not having to rent a car at your destination etc. Suddenly driving all night to get somewhere does not seem like to bad a deal or even all that inconvenient, you can just sleep the whole way like the plane. If its a business meeting you actually could spread some documents on the seats and dash, have room to open the laptop lid all the way, maybe do some work etc.

I have always enjoyed April fools on Slashdot. Many have complained but in past years at least some of the gags were plausible or at least clever, like the evil bit drafted up as an RFC etc.

Today its basically bad fanfic, which does not really qualify as an April fool's prank. Its like watching a bunch of 3rd graders who think they have mastered stand up comedy tell fart jokes.

I know this absolutely correct, the number of HR droids that reject any resume that does not list a degree is proof of that. I suspect though one of the reasons every once people who already have experience is that the old method using a degree as evidence a person can learn, following instructions, and see a complex project requiring some independent thought through to completion stopped working. The overhead of hiring is around 20% most places, you can't afford to bring people on who don't have a pretty high probability of "working out". As so many institutions shifted to being diploma mills, the degrees stopped meaning anything. The solution was just hire people who already have a track record of doing the job.

I don't see how you can avoid the same problems with STEM degrees. The plan is the same push people toward STEM the same way it was push everyone toward college before. The same perverse incentives will exist. I don't see how the result will be different.

Which they all did not because they had any real interest in furthering art, philosophy, or the advancement of culture and ideas but because a they were propagandized in thinking that university education makes sense for 'everyone'.

I am on what might be considered the leading edge of the millennials (I was born in the early 80s). I got out of school mostly before everyone started shouting "STEM STEM STEM" in my day the mantra was "college prep, college prep.." if you were a kid and even suggested to anyone anywhere you had thoughts about your future that did not include a 4 year degree, they immediately would launch into this diatribe about how you'd never get beyond sweeping the floors anywhere if you did not do so. Plenty of people worked your parents over pretty good too, encase they entertained any while notions about letting you find your own path.

So we ended up with a ton of people in colleges who really had not business being there. They got humanities degrees because those are largely subjective; you can award a degree and not worry about things reflecting poorly on your institution as much. I am sure some will disagree but the fact is that it at least at the undergrad level it is easier to walk out with degree in religious studies or ethics, than mathematics. Lets not forget college is expensive and thanks to the student loan bubble and the need to chase those dollars; I believe, can't prove, that many institutions felt a lot of pressure to issue degrees one way or anything so their graduations rates looked decent. So likely we have tons of humanities and business degree holders out there that were probably never good college candidates in the first place.

Its no surprise these degrees are not valued highly in the market place now. So the solution is to repeat the problem by pushing people into degree programs that are still considered valuable. The result will if anything will be to devalue these degrees.

I think this is different, or maybe i just see it that way being closer to it. Big industrial engines did not replace small barn built engines, the supplemented them. The farmer still needed a crude well pump and could not afford to have some 2 ton lump of iron shipped from back east. Similarly that barn mechanic could find a place servicing those big industrial engines in the field, they were not designed to lock him out.

Even today while the hobbyist isn't generally machining his own cylinder header any kid can still get started and make a buck learning to fix the neighborhood law mowers, at least that builds enough familiarity with the type and character of the work for someone can make a decision if they want to peruse the training to become a mechanic as a profession.

The same can be said with your other examples. What I think is somewhat unique in our digital world is that people can be pretty effectively designed against. Sure engine builders have done things like try to design in ways that require special tools, but usually that isn't terribly effective. The manufacture of my car would love for me to shell out for many of their 'factory' task specific tools they charge $100s for, or give up and head to the dealership; usually you can make something instead. Not so long ago I had to go purchase a 13mm socket to cut a notch in one side of, weld to length of re-bar onto the end of it, and weld a hex head bold to the end of that so I could turn it.

By contrast good luck defeating the locked boot loader on your smart phone or tablet. Yes sometimes someone gets lucky and finds a workable exploit. Unlike the engine situation though that isn't something a person of median intellect and a willingness to read and be persistent can count on success at. The ones who do succeed frequently have the benefit of some insider knowledge too.
 

Earth orbit: the not so final frontier
These are the classified voyages of the X-37B
Its two-year mission: to proxy for penis size, to consume massive wealth, and create bold new deficits, to quietly go where many have gone before.

I think you are correct but I hope you are wrong. The trouble with software not coming from the wild is it means there era of the hobbyist programmer is over. Which I think will in many ways also mean the end of innovation. Right now the app stores are full because there are enough people who already had the skills to create apps. They have those skills because they obtained them in a time where the barrier to entry was low. They had a PC and it was programmable and programmer friendly. So if folks that were interested got a chance to learn, its only a small leap to writing for another device.

If we end up in a world with programmer unfriendly devices and one where most don't have PCs because their tablet or Chromebook is 'good enough' than only the folks with direct exposure to programming via someone they know who does it to become interested. There won't be that PC sitting in their home to just tinker with, a person would have to go out and buy one just to see if its something they want to get into. I am not a fan of the teach everyone to code whether they care to or not movement but IOS and ChromeOS are barriers to entry could easily get in the way of people who do care. Part of the fun at the beginner level is being able to share your stuff with others that is harder to do when you have to get through some app store approval process and you are just starting out.

That said I think malware arms race is 'winable' the concept of least privilege is getting integrated into mostly single user desktop platforms, Windows, technology like ASLR, DEP, stack protection, and canaries, have virtually killed the buffer overflow as anything more than DOS vector in 64-bit software. Now most 'exploits' really depend on some sort of fundamental algorithmic or logic error; that or attacking some legacy 32-bit or 16-bit binary. People do now largely know better to run random executable from people they don't know, etc. Security in the PC world is 'getting there' hopefully that will stem the tide of the 'app store' paradigm.

I think Tim Cook misses the point. There is a world of difference between the government discriminating by not letting homosexual couples say file a joint tax return and Jane's Wedding Cake emporium refusing to put two groom cake toppers on their baked goods.

Civil rights laws that try and force a private business to serve all customers should be considered unconstitutional. We have the freedom of association under the first amendment that implies a freedom to disassociate from others or other groups in order to have any meaning at all, and if you won't accept that argument than refusing service or entry could also be viewed as kind of speech.

Personally I can't understand why any business would ever do this. To mean one person's dollars are as good as the nexts. I don't care what color, or gender passing them across the counter to me happens to be. I also don't really care about the religious ideas or sexual desires the mind governing that might hold, only that its willing to freely offer me dollars in exchange for whatever good or service I happen to be proffering. Same goes for hiring, I just want the person who will do the best job for lowest cost.

I don't think its right to deny someone based on race,color,creed, sexual orientation etc, but as strongly as I feel that is wrong, so do I feel about forcing someone to act against their will or conviction. So the baker who wont sell a wedding cake to the nice gay couple is a prick, he will loose their business and mine, because I'd prefer to do business which someone I think well of.

Ultimately the market prevails, you can the relative economic success of places across the world, and you find with a few exceptions that happen to be sitting on huge oil reserves, the wealthy places are the ones that don't have serious problems with race, or gender discrimination. I suspect that correlation is no accident.

Our economy is large enough that minority groups who face discrimination probably can find another employer or another shop who will treat them fairly. I don't think that is a problem, for one thing nobody can tell much about who or what you are behind a web form. I think we should err on the side of individual freedoms here.

Where we need to be careful though is all the places government is involved, if we don't make sure our tax policy, family law policies, education, civil services, law enforcement behavior, etc are equal for all citizens than we are failing as a free society. The 'system' should work for everyone.

That is is paralysis by analysis. Its trick the intellectually bankrupt resort to when they want to seem insightful or somehow smart.

Different people are going to tolerate levels of adverse consequences differently is obvious. That goes for the short term and the long term. In the end that fact is inconsequential what matters is what is acceptable for most people or what matters for the people in a position to affect outcomes.

That fact the 1.2 degrees might destroy the economy of some island group someplace when most of us think we will be okay at 2 degrees and the short term consequence of action is more acute. Means that tiny minority just does not matter. In the end they won't get their way, so I say they really are not worth thinking about.

Um there is no question for several reasons.

First if the situation is so immediate your only two options are hit a vehicle or hit a person its highly unlikely you have time to peer into the other vehicle and count its occupants.

Second most vehicles on the road today have lots of safety features; if they are being used, seat belts fastened airbags not disabled etc, most crashes are highly survivable; most pedestrian vehicle crashes far far less so for the pedestrian (excepting very low speed nudged someone in a parking lot cases).

Finally while your liability insurance should most likely be on the hook in any situation I can image you finding yourself faced with such a choice another driver is more likely to have supplemental coverage that will ensure they are taken if your insurer dicks out and tries to screw them.

I really can't image a situation, most things being held equal, ( I know you could contrive a situation where you will be nearly at a complete stop before you hit the pedestrian vs hitting the other vehicle at high speed ) where it would ever be appropriate to choose to hit the pedestrian.