Armed infantry. or guerrillas, can destroy the fuel supplies, supply lines, and the personnel who reload and refuel the tanks. Tanks require far, far more fuel, maintenance, and much larger ammunition depots than ground troops. Basically, if you can engage in effective guerrilla warfare, you can defeat an artillery based army. Take a good look at the history of invasions of Russia and Afghanistan for particularly effective ground forces versus armor historical combats.

I'm afraid this is not true. An appellate court, presented with a singular case, can make a wrong decision. That means appealing to the Supreme Court, especially ofr issues of constitutional law or refinement of previous Supreme Court precedents which are being misapplied.

> IMO the "right" thing to do is either release the source or provide full API and file format specs.

Microsoft has a very poor history of providing API's. Examine the history of the "OOXML" API, which was broken from its publication and has never been actually followed by Microsoft Office products. Or look into the Samba and EU lawsuits against Microsoft, mentioned at http://www.linuxinsider.com/st.... The original specifications that Microsoft provided were _horrible_, and quite useless. And they're still patent burdened, which can block third party developers from being able to safely update such products.

Please go back and read what you wrote:

                          Why don't pipelines like that have passive shutoff valves every hundred feet or s

I answered your actual question. Now, you' seem to be mocking it, based on how my answer does not apply to a question you did not ask, mainly:

                            Because, we do put routers between network segments and firewalls at each end-point, and no more fine-grained points of (virtual) compromise really exist.

Yes, we do. But "every 100 feet" on a 10 inch pipe is not at every _endpoint_, it's at every _connection_. And that's a full pipeline cut-off valve. It has to be able to stop the full pressure behind a 10" pipe. Given a typical pipeline pressure of roughly 125 PSI according to notes in Wikileaks, that means that the cutoff has to maintain a good seal with 124 * 3.14 * 5 * 5, or about 9000 pounds. That is not a cheap valve.

> A fundamental law of physics is that information can NEVER be destroyed

This is.... not even wrong. There are interesting trade-offs between useful thermodynamic work and possible information storage, but information in that sense is "lost" with almost every physical and chemical interaction.

For the same reason we don't put firewalls after 100 feet of network cabling. It's expensive and likely to _create_ more failures than it prevents.

_This_ is why many people hate asking It for help. Rather than answer the questions as stated, the poster is being told to buy more hardware and learn to program it himself by fan boys of half a dozen different toolkits, many of them requiring new hardware, without a good guideline to compare them, and many of them that require quite a bit of learning to master. Many of the suggestions are completely unsuitable to many environments: carrying a spare router around to put in front of a laptop is impractical. And even with a commercial grade firewall router in _front_ of a local network, that provides no protection against internal attack by infected laptops or houseguests:. And let's be honest, many households do leave their home wireless networks open to visitors.

The built-in iptables in most Linux systems is not *bad*, and quite suitable for home use. I just took a look at the current release of webmin, and the interface to manage iptables is really quite good: just remember to not accidentally cut off the webmin interface while firewalling off other traffic.

Go back to the original spec. The poster wants a stable, sophisticated, flexible firewall. They also want it to be easy to configure. These are distinct, and to some extent contradictory requirements. And yes, for a new admin, the built-in "iptables" and most Linux firewall tools are confusing. Shorewall has a good reputation as robust and stable, and Webmin has an _excellent_ reputation as being a tool that makes system management much, much, easier.

In fact, testing webmin with just "Linux Firewalls" configuration tool built into it might be enough.

Like drawing to an inside flush, an "optimized" strategy is not necessarily what the opponent plays. There is no reason inherent in the description to make assumptions about the opponent's other play. They may also be constrained to play paper the other fifty percent of the time, and to play paper , then rock, then paper, then rock. In the real world, don't assume that the minimal description of the problem gives all the important data.

As it happened, he wasn't browsing at work. He was browsing at home, and since some employees are on call and need to respond quickly to service requests, he was off duty but using his work laptop for personal use. When he opened his laptop in the morning, it wasn't even in the active tab of his browser so wasn't apparent. But when he minimized the browser to show something else to a co-worker, oh my.

Separating personal use from workspace resources can be very awkward, especially with companies where "Bring Your Own Device" is supported, or where you're laptop is company purchased.

They're well behind the times. They're apparently aiming at things like this ransomware (http://privacy-pc.com/how-to/fbi-moneypak-virus-computer-locked-by-fbi.html) There are unfortunately a lot of ad tools out there right now that still try to lock your application to their web site. And I recently had to have a long talk with someone at work who browsed a porn site and had a dozen or so pop-ups _under_ his active screen, all showing webcam pornography. When he tried to close the web browser, the pop-unders were displayed, and it forced me to talk to him about keeping his workspace visitor safe.

The same critical thinking should be brought from the hard science classes, where it is so particularly effective, to history and "social studies". The awareness of how people are confused or deceived, and how to detect it, are invaluable in understanding what we often call the "soft" sciences, and to understanding human behavior in general.

What possibly makes you think that JSTOR is ossified? They've been very progressive with how they handle new document formats, with the overwhelming number of new specialty journals, and with the advances in the sheer size of the data in new and already cross referenced work. That work is ongoing, it's _not_ cheap, and they're working very hard every day to manage it.

They've been precisely what a non-profit should be, and I applaud their efforts.

They're looking for the "big fish", the "kingpins". The focus on catching the "kingpin" works equally badly for informants in drug cases.

> Judging from your Slashdot ID, both you, and I, then, have participated in many actions which you seem to consider DDoS attacks --- namely, Slashdottings. I wonder if you'd be OK, then, that you should be charged with felonies for each and every one of those actions? Oh, I forgot --- you don't have to worry --- you're not someone who has a public presence so that convicting you could be politically worthwhile.

That's an odd, but interesting question. The last time I "slashdotted" a company I also called and gave the web administrator a courtesy call, to let them know what they were in for. One factor that made Aaron Swartz's behavior so reprehensible was that he _kept doing it_, apparently at full capacity, despite the obvious consequences to JSTOR and to MIT. It was actively destructive to an honest company and to research by thousands of people.

JSTOR's provision of free access to the public domain papers is, indeed, interesting. But I do believe that was already planned when Aaron got caught. JSTOR is a library service, a non-profit. They'll do what they can _afford_ to do to make the information available.