It's an affront to common sense to put security as an afterthought on top of another protocol instead of making it an intrinsic part of the protocol. But that's what you get when you use ancient technology (and yes, TCP is ancient by computer standards) and simply refuse to accept that it is necessary to invest into it.

But security does not sell. Only now people finally start to slowly catch on and realize that there might be a reason for security. They still don't know jack about it. They only know they "kinda wanna be protected". And that's what HTTPS and OpenSSL offers. It looks secure, Joe Randomsurfer doesn't understand jack and the whole security community will certainly not stand up and admit that it's all ... well, we can't really say it's insecure but ... well, I wouldn't bet my job on it either.

The problem with the whole shit is that it is very, very hard to prove without a doubt that something is insecure when it's not blatantly so. And OpenSSL is not blatantly insecure. It doesn't have the gaping "dude, that's fucked up" holes. When you look through the past year, from heartbleet to POODLE, you'll notice that ... ok, heartbleet was a blunder and a half, but POODLE is by no means something you will instantly understand without quite a bit of understanding of the whole security process behind it and even then it may take a while to wrap your head around it.

We're heading into the area of chances and probabilities. And I do predict that we'll see a lot more of this, attacks where it's not clean cut and "easy" to end up with a way to break security, but we will find that systems we thought to need 10^DAMN_LOT tries to brute force only need 10^VERY_LITTLE, because of flaws in the implementation or even the algorithm itself, where it becomes known that most of the "possible" keys were in fact impossible.

That's what I'd expect from the next few years. And I kinda fear that we will find out more than we'd want to know.

Having been dredged into that market by no choice of my own, I can tell you this.: Picking a solution that works well in every browser is damn hard, even if you try. IE6 was the worst, but it did't look right in Safari either. I'm pretty sure Firefox and Opera was correct, but it doesn't really matter to th end user. You use an obscure client, it's your problem. It's only quite recently it's become their problem.

A site where I'm supposed to get the core of my security from? If this doesn't need some way to ensure that I really connect with it instead of an intercepting mitm that injects its own version, what does?

I have a 28" UHD monitor - the U28D590D if you want to be specific - and yes, you can tell the difference. That said, it was underwhelming to my eyes, I don't have the eyes to take full advantage of 4K. I think I could pick the 4K image in an A/B test, but not the 8K image. We're getting closer though, but I'm not sure it's meaningfully relevant. That is, would it matter if you got infinite resolution, infinite fps, infinite FPS? Or would it just be another failed atttempt.

Google doesn't do that. Rent, sell, donate, whatever. If you have some evidence to the contrary (e.g. public financial filings?), I'd be interested in seeing it. So would the FTC, actually, since AFAICT it would be a violation of Google's consent decree.

I'm not entirely sure what you mean here, unless perhaps you're talking about losing your opt-out cookie? If that's what you mean, Google provides browser extensions that ensure that never happens.

Yep, pretty much, that's it. Unless you're paying for Google services or buying Google hardware, online advertising is Google's revenue model. If you have some evidence to the contrary, I'd be interested in seeing it.

Again, I'm not sure what you mean here. Are you saying that if you stop opting out from targeted ads you start seeing targeted ads? That seems pretty obvious to me.

None of what are for my benefit? The ads? If that's what you mean, I beg to differ. Most ads are useless to me, I agree, but it does happen from time to time that I see one that's useful. Even more importantly, those ads are how the sites that I like get funded, so they benefit me very directly.

(In my particular case, Google ads also pay most of my salary. But I felt the same about all of this before I joined Google so I honestly don't think that affects my opinions much.)

If there's any indication that the craft is no longer under pilot control, then yes. Sorry if they might have reacted previously before 9/11, but at this point you'd better scramble and overpower the hijackers or be collateral. The dead people aren't exactly likely to give any testimony to the contrary, so the government's story that it was necessary will largely go unopposed. Except a few family members who "weren't there" and can't make a rational decision, of course.

First, I never asserted that Google doesn't know about the data that it collects. That would be to deny a tautology. Second, you seem to be asserting that Google sells the data, which isn't true, as I explained in more detail in my first post in this thread. Third, the advertiser may well know you by name, etc., but not because Google told them anything about you. The fact that your IP may be linked to your identity in various ways is true, but not Google's fault, and Google doesn't participate in spreading information about you.

If you don't want an advertiser to get your IP, I suppose you should avoid clicking on ads.

To the degree that it is cross-referenced, yes. And Google Analytics gives Google perhaps more of this sort of information than any other entity -- unless, of course, you opt out of analytics tracking, in which case Google doesn't track you.

Well, then, don't give your permission. I think that's the key; opt out of the services you find too intrusive. That doesn't completely solve the problem, because of the cross-referencing issue. I think we'll need to deal with that legislatively, to bar companies from cross-referencing the data they have about individuals, and to give individuals access to the information held about them, and the opportunity to request that it be deleted... with, of course, serious consequences for failing to comply with such requests.

You hit the nail on the head, somewhere in the early 90's, language vendors stopped claiming "Our language supports OO concepts" and started claiming "Our language is OO".

The first C++ compiler I used professionally was Wacom's (circa 1991). Back then the Watcom C++ extensions were not part of the language, they were implemented with a bunch of C macros pulled in with include files, the macros themselves were riddled with goto (another macro) statements. I still have nightmares....

The fact is any general purpose language can be used to implement an OO design because OO is not about language features, it's a design methodology, or at least that's what I was taught when studying for my CS degree in the late 80's. As my smalltalk lecturer pointed out at the time, most of the examples in K&R's "The C language" are also great examples of OO design that were written long before the term OO was invented.

Disclaimer: These days I spend much more time tying spaghetti balls with different flavoured source together than I do trying to untangle the individual gordian knots.

They have an excellent selection of 3-button mice at Circuit City. What, don't you have a time machine?

The g600 certainly looks programmable - is there no option to reassign the primary buttons? Hell, it seems like even the buttons on my normal Logitech office mouse can be reassigned, certainly the click-wheel can be. (on Linux at the moment, so I can't double check)

This can be beneficial, unless house prices are as inflated as they are now. We're at the point where you'd have to rent for over 30 years now to break even.

If the advertising said X was a feature, and that claim was a factor in me buying it for the asked-for price, then I paid for that feature. All else is irrelevant.