The most wear sensitive part of a laser printer is the copy drum. If I recall correctly the old LaserJets had the drum integrated with the toner cartidge, so you replace to most quickly wearing part of the printer four or five thousand pages. It's no wonder they lasted so long. The mechanical parts that move the paper through the printer are pretty robust, so I wouldn't be surprised if the printers go until the capacitors in the electronics dry up, or the internal power connectors go bad.

That would be interesting, if it were true. Here's what TFA says:

"Del." I assume is short for "delegate". According to their website, the American Tradition Institute's tag line is "Free Market Environmentalism through *Litigation*" I assuming this means they aren't pals with Greenpeace, or even The Sierra Club, any more than the National Socialists in Germany were pals with the socialist Republicans in 1930s Spain.

Depends on what you consider "hiding the research". A fishing expedition through a scientist's personal correspondence is an invitation to judge his work on *political* grounds.

In science your personal beliefs, relationships, and biography are irrelevant. There are evangelical Christian climate scientists who believe climate won't change because that would contradict God's will as expressed in the Bible. These scientists may be regarded as religious crackpots by their peers, but that hasn't prevented them from publishing in the same peer-reviewed journals as everyone else. Since their papers invariably are climate-change skeptic, clearly they are publishing work which supports their religious beliefs. But their motivations don't matter. What matters is in their scientific publications.

In 1988, Gary Hart's presidential bid and political career were ruined when he was photographed cavorting on a yacht named "Monkey Business" with a woman that wasn't his wife. Now I didn't care how many bimbos he was boinking, but a lot of people *did*, which made it a political issue (albeit a stupid one in my opinion). Do we really want to use the coercive power of the state to dig through the private lives of controversial scientists?

It's a pretense that that would serve any scientific purpose. Maybe Mann is intent on overthrowing capitalism and creating a socialist utopia. That would be relevant if he were running for dogcatcher, but it's irrelevant to what's in his scientific papers. Scientists publish papers all the time with ulterior motives, not the least of which is that they're being paid to do research that makes corporate sponsors happy. As long as what's in the paper passes muster, it's still science.

It is not about not having disasters. It is about having them with acceptable low probability and acceptable amortized cost. The nuclear industry has failed spectacularly at that.

The stance "nothing bad must ever happen" is only advocated by people that failed "risk management 101", i.e. people that are really clueless.

Sorry, in many large organizations, the sysadmins are not allowed (or able) to change firewall configurations either. And sign-offs, even in emergencies like these, may take a few days.

What about acting? Or fiction? These are artificial experiences that evoke real emotional responses. Once the right buttons in your brain are pushed, most of your brain can't tell the difference between what is real and what is synthetic.

Granted, authenticity in human interactions is important, but it's overrated. Fake engagement often is a perfectly acceptable substitute. Situations where people put considerable effort into *seeming* pleasant usually *are* more pleasant than they would be if everyone felt free to paste their indifference to you right on their faces.

So this is a very interesting technology. What's disturbing about it isn't that people might be fooled into thinking the user is truly interested; it's that the user himself no longer puts any effort into creating that illusion. What if that effort is in itself something important? What if fake engagement is often the prelude to real engagement? Maybe you have to start with polite interest and work your way up to the real thing; I suspect the dumber parts of your brain can't tell the difference. If that's true, taking the user's brain out of the interaction means that interaction will automatically be trapped on a superficial level. This already happens in bureaucratic situations where employees are reduce to rules-following automatons. Take the brain out of the equation and indifference follows.

I suspect that the researchers are well aware of these issues; I believe that I discern a certain deadpan, ironic puckishness on their part. People who truly view engagement with other people as an unwelcome burden don't work on technologies that mediate between people.

In many large organizations, you have segregation of duties. This boils down to the sysadmins not being allowed to patch and recompile code. They are allowed to install a vendor patch though. And yes, segregation of duties is a good idea.

Indeed. There is however a certain type of wannabe "hacker" that needs to turn things into power-plays. These will disclose immediately and inflate their ego that way, no matter what damage this does.

I am not talking about giving the manufacturer a lot of time. But if the bug is already exploited in the wild, chances are it has been for a while, so a few more days matter little. However, quite often nothing can be done before a patch is available and then too early public disclosure does a lot more harm than good.

Apparently you have not heard about companies that collapse if they are offline for a day or so. But then, with the level of stupidity your answer displays, you would not have...

And to amplify it in the meantime. Well done.

Not really. Disabling the patch took changing the sources manually and rebuilding OpenSSL, something most sysadmins cannot do or cannot do fast.

I think the main problem with the flavor of responsible disclosure some part of the security community is raging against is that this flavor allows the developers to say how long they need, and that has been abused. But giving them zero time is just malicious.

Sorry, but that really is nonsense. All that immediate disclosure can cause is panic. It does not help at all. It increases attacks in the short-term, because most people are not able to do anything without patch.

Sure, you can argue for very short time given to the manufacturer, like a few days (they will not make that large a difference for the ones already using the weakness, most weaknesses exist for quite a while before they are discovered by the white-hats and analysis also takes some time), and some companies have been abusing responsible disclosure by delaying fixes for months and months, so I am all for that. The thing is that the manufacturer must not be the one to set the time they get to fix this. But giving them zero time is just intentionally destructive.

I don't.