You realize that there's more difference between your average man and your average woman than between your average NFL linebacker and your average man, right? (seriously, compare the stats some time - height, average bench strength, etc). You do realize how commonly women are raped and abused by men, and how they might happen to be more sensitive to the implicit or explicit threats of violence from someone that they're highly unlikely to be able to fight off?

I'm tall, 182 centimeters, and I still once had a guy literally pick me up and carry me back to his apartment when I tried to walk away from him.

There's a bit of a difference in that one in every four women actually will be raped in their life, and a sizeable percent of those getting those threats already have been.

Yes, men are raped too. About 91% of rape cases are male->female, 8% male->male, 0.8% female->female, and 0.2% female->male. Men are virtually always the perpetrator, but even when the victim is male (not nearly as common, but still way more common than we as a society should accept), the perpetrator is still overwhelmingly likely to be male.

(and if the excuse for the stats is "men aren't as likely to report being raped by a woman because of shame"... so is there no shame for a guy to report being sodomized against his will by a man?)

The basic point is: when you're threatening a violent crime against a person who may well have been a victim of such, and even if they haven't, very likely has friends who have and is more than aware of their vulnerability in this regard, that's taking it to a whole different level.

Nice being a straight cis white male when a venue is dominated by other straight cis white males, isn't it?

And just to make clear, the problem of insulting people isn't along the lines of "ching chong chow chee" or whatnot. The problem case is along the lines of:

Scenario 1:

Man: "What does that do? Sorry, I don't know perl."
Crowd: "You don't know perl? Geez, you're stupid."

Scenario 2:

Woman: "What does that do? Sorry, I don't know perl."
Crowd: "Geez, women are stupid."

Contary to popular belief, broomsticks can't fly and are not aerodynamic.

If 16th century India could do it... (why a person would believe that the warhead has to be the frontmost part of a rocket is beyond me, given that the interceptors themselves aren't built that way - yet the entire logic behind the interceptor's detonation system relies on that assumption)

In any case the missile will miss its intended target if it was hit by shrapnel.

Nope.

You give Qassam rockets too much credit. They're sugar rockets. Literally - their fuel is a mixture of sugar and fertilizer. There's no "vapors". It burns until there's nothing flammable left and then flames out.

1. A hit by a few pieces of shrapnel each weight no more than a few grams is not going to have a noticeable impact on something that's dozens of kilograms moving at roughly half their speed. It's simple physics.

2. The warhead is the whole point. A warhead-less rocket won't penetrate your roof. If you're out walking in the park and it lands on your head you might get seriously injured, but apart from that. no.

3. What are you talking about? The payload of the Tamir interceptors is is 11kg, that's no secret. And again, it's not designed to work by concussion, it's designed to work by shrapnel. The energy of the explosion is mostly spent in the process of creating high velocity shrapnel fragments.

Beyond that, the length of time of any exposure here to any explosive force is simply miniscule. The rockets pass each other at a rate of 1200 meters per second - nearly half the speed of the explosive shrapnel itself. Even if they passed directly past nearly grazing each other (which is grossly implausible), they'd only be within a meter of each other for less than two milliseconds. And even things that are right near explosions the whole time get surprisingly little push from blast shockwaves (Mythbusters did a full episode about this). Relevant push from explosions requires confinement of the gasses.

Israel's GDP is the equivalent of about US$250 billion. They can easily afford tens of thousands of intercept missiles if it keeps the population safe.

And Palestine's is 4B GDP. Yes, they're poor, but not *that* poor. They can afford to spot weld fins onto a piece of drainage pipe, drill holes into a bit of steel plate and spot weld it on, fill it with sugar and fertilizer, and attach onto the front end a hollow shell containing several kilos of smuggled or homemade explosives triggered by a bullet casing connected to a nail and a spring. That's literally all a Qassam rocket is.

You really think he would know if they actually took out the warhead? The warhead is going to land a dozen kilometers downrange. Of course there was an explosion in the sky - they're shooting a missile up at it, you're pretty much guaranteed an explosion. The question is whether it worked.

Iron Dome isn't designed to hit rockets in the boost phase; when it hits them, the motor is not in operation. You could turn 90% of the rocket into swiss cheese, if you don't hit the warhead it's still going to explode when it comes down, and it's going to come down right where it otherwise would have (the Iron Dome interceptors work by shrapnel, not by concussive force that could push a rocket onto a different trajectory)

Here's a Qassam rocket. When they're new they often paint them up all fancy, but you can see how simple they are without the paint. They're just a steel pipe with fins crudely welded to the side. The engine is a steel plate with nozzles drilled out. They use multiple nozzles because the rockets are so crudely made, they keep on going even if a couple fail. They're literally sugar rockets - the fuel is sugar and potassium nitrate fertilizer. The warhead is a steel shell which they stuff with whatever smuggled explosives they can get ahold of. The trigger is a bullet cartridge with a nail and a spring.

Teenagers competing in model rocket competitions build more advanced rockets than that.

Given how incredibly lame this missile's fuse is, you could literally defeat it by sticking a broomstick on the front end of your missile and rebalancing. That is, if the system even worked in the first place.

I had no idea that's how they triggered the Iron Dome warheads. Just a broken, angled light field triggering a central explosive a short time later on the premise that it'll be near the warhead at that point? That's so incredibly stupid. I don't know whether this guy's data about how effective the system is or not is accurate, but I can clearly see the glaring theoretical problems with such a system.

And this is ignoring the fact that they're using $50k missiles launched from $55 million systems to shoot down $800 rockets launched from pieces of drainage pipe. Even as poor as Palestinians are compared to Israelis, those are some pretty awful ratios. The Palestinians might as well save money and skip the warheads altogether, just shoot off as many empty rockets as they can to waste Israel's money.

Orders of magnitude are used for approximations of scale, not exact figures. And the Russian R-36 missile can take a 20MT warhead (although I think they've eliminated all of the R-36s in that configuration in favor of the MIRVed version, I'd have to check).

You're right, though, I think two orders of magnitude would be a more accurate figure.

I'm an atheist. But I am happy when terrorists die. I don't need to rationalize it.

Yeah, those damned terrorist children in their terrorist-loving hospital beds. Good riddance!

Oh, but Israel warned them, right? Yeah, great how that goes down!

Israel: Hey, just being nice and friendly and letting you know we're about to bomb!
Palestinains: Great, we're on our way!
Israel: Um, no... you can't come here.
Palestinians: So... you're going to open up the border crossing to Egypt?
Israel: Certainly not!
Palestinians: Okay... so I guess we're not leaving then.
Israel: Okay, your call, but don't say we didn't warn you!

Gaza has been since the beginning like a giant open-air prison camp. Where the heck are the impoverished people trying to flee the conflict supposed to go? And for that matter, for everyone criticizing Hamas for fighting and storing weapons in or near civilian areas... there is nowhere in Gaza not near a civilian area, certainly nowhere further than a stray tank shell can fly - it's one of the most densely populated places on Earth, over 5 times denser than Taiwan and 11.6 times denser than Japan. Israel forced as many people as possible into as little land as possible. And not accidentally. What little farmland there is can be overrun in a matter of minutes. Israel could fill the entirity of Gaza with tanks and artillery at a density of over 100 per square mile.

Self-assessment is the method used by the vast majority of small businesses, and they're often not even required to do even minimal work to get started. The acquiring bank will just set them up an account and start the ball rolling after Farmer Bob buys a cheap swipe terminal off eBay for the weekend Farmer's market and signs a couple papers. For those organizations that aren't self-assessing, they get to deal with the fact that QSAs often can't even agree on what some requirements mean in principle, let alone when applied to their specific circumstances. Show three different QSAs the same architecture and documentation, get three different reports. That ROC? That's good for toilet paper by the time the QSA pulls out of the parking lot. Don't believe me? Have a data breach and watch Visa roll in with auditors who won't leave until they find a reason to fail your compliance. That's just how the game is played.

All that said, people just declaring that they are PCI DSS compliant is actually exactly what happens. You tell the acquiring bank that you're PCI compliant (either via SAQ or QSA/ROC). If you've met certain levels of activity, the acquiring bank may pass along some paperwork regarding your audits to certain payment brands who require it. They then effectively state that your paperwork appears to be in order and begin processing your credit card transactions. At no point do they declare you PCI DSS compliant and they will most certainly toss your ass to the wolves the second there's a whiff of trouble. And even if they did say you were compliant at filing time, any QSA will tell you that any minor change, lapse, or mistake can completely alter the state of your compliance. From the PCI SSC website: "There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process."

In other words, yesterday you might have been compliant, and tomorrow you might be compliant, but today (always of course the day of the breach), you're non-compliant.

This depends entirely on the organization and their acquiring bank's requirements (ultimately the acquiring bank is the only one who matters, but most reasonably organizations develop their own process to ensure they're covered as much as possible). For many small businesses, they're often times just buying a cheap terminal and swiping away. The acquiring bank isn't pressing them for details of their security measures and they're often completely clueless about any requirements they're supposed to be meeting. They aren't bringing in a QSA. Even if they were, bring in three QSAs to any decently sized organization and get three different opinions about your scope and your compliance measures. Half the fun of PCI assessments is determining what the requirements mean, how they apply in your specific instance, and where scope ends. But the point is, there's no issuing authority to say that you're PCI compliant. There's no governing body certifying anyone. The only thing that's actually there are the contractual relationships between the merchant and the acquiring bank and the contractual relationships between the acquiring bank and the payment brands.

It's not a pointless semantic game because it's the unspoken risk for anyone accepting credit cards. Since there is no official PCI certification and since there is no agreement between QSAs on what the requirements mean in principle (let alone in practice in a specific organization's situation), the PCI SSC gets to stick the claim up on their website that no breach has ever occurred in a PCI-compliant vendor. Best of all, each individual payment brand actually gets to decide what requirements have to be met in which situation by which type of vendor doing what type of business at what scale and via which medium. The ambiguity and the leverage the payment brands hold allows them to arbitrarily decide who is and who isn't compliant at any given moment.

So you keep on doing your documentation and your testing processes (and you should, it's good practice), but if you think for a second your customers are somehow protected from Visa, Mastercard, etc in the event of a breach, you'd best think again. It's a shell game designed to ensure that whenever things go south, the payment brands are never the ones left holding the bag.