And when the first plane crashes due to a bug in the pilot software, we all start wondering again if removing the pilot was a wise decision.

This whole Germanwings plane crash shows, again, one important thing: people suck at dealing with risks. Several hundred thousands of flights went well. The last incident with a pilot causing a plane to crash was back in 1995. The Germanwings plane crash was an incident. We must learn to treat it that way, as an incident. No reason to panic and start changing policies, rules and procedures. With every change, new risks and new ways of things to go wrong will be introduced. When that happens and you again make changes, you end up in a loop of changing things. The result: the changes will cost a lot of time, energy and money while the risks are not reduced.

We need to start accepting that risks are part of our life. Unacceptable risks need to be dealt with, but more important: acceptable risks should be accepted, even when they occur!!!!

Why is privacy so important? Because you don't know what creepy things governments will do with it in the future. All the condition under which you gave away some of your personal information might not apply in the future. And getting your information back at that time will very likely be no option.

What if your face ends up with this new creepy technology. How can you even possibly defend your self against it? Some, for normal people, impossible to comprehent scientific research apoints you as a suspect. What can you do? This is creepy and scary and not something we should want.

As the author of an open source webserver, I must say that I'm not really happy with HTTP/2. It adds a lot of extra complexity to the server side of the protocol. And all sorts of ugly and nasty things in HTTP/1 (too much work to go into that right now) have not been fixed.

What I have experienced is that SPDY (and therefor also HTTP/2) will only offer more speed if you are Google or are like Google. Multiplexing doesn't offer that much speed increase as some people would like you to believe. Often, the content of a website is located on multiple systems (pictures, advertisements, etc), which still requires that the browser uses more than one connection, even with HTTP/2. Also, HTTP/1 already allows a browser to send multiple requests without waiting for the response of the previous request. This is called request pipelining, but is turned off by default in most browsers. What I also often see is that a browser makes a first request (often for a CGI script) and the following requests (for the images, JS, CSS, etc) are never made due to browser caching. So, to me HTTP/2 adds a lot of complexity with almost no benefits in return.

Then why do we have HTTP/2? Well, because it's good for Google. They have all the content for their websites on their own servers. Because IETF failed to come up with a HTTP/2 proposal, a commercial company (Google in this case) used that to take control. HTTP/2 is in fact a protocol by Google, for Google.

In my experience, you are far better off with smart caching. With that, you will be able to get far better speed-increase results than HTTP/2 will ever offer. Specially if you use a framework that communicates directly with the webserver about this (like I did with my PHP framework). You will be able to get hundreds to thousands requests per second for a CGI script instead of a few tens of requests. This is a speed increase that HTTP/2 will never offer.

I think this is a failed change to do it right. HTTP is just like SMTP and FTP one of those ancient protocols. In the last 20 years, a lot has changed. HTTP/1 worked fine for those years. But for where the internet is headed, we need something new. Something completely new and not a HTTP/1 patch.

I've done some statistics analysis on the output of PolarSSL's random generator. Looks good to me. Some while ago, they improved the random generator (now using AES). How long ago did you have problems with PolarSSL's random generator? If it was a long time ago, perhaps look at its current generator. Maybe your issue has been solved.

Can you tell me more about that random number problem?

Why start with something bad to make something good. If you want a good SSL library, try PolarSSL. It's a quite unknown, but great library. Unlike OpenSSL, this one has good documentation. The Hiawatha webserver uses it and it easily gives me an A+ score at SSL labs.

And that's how politicians work. Doing everything to avoid being held responsible when a terrorist strikes. And apparently, judges work the same way. Someone I know works very closely with several Dutch ministers and he confirms that decisions are often based on emotion, not on logic and common sense. It is exactly THIS what makes terrorist strikes so dangerous.

Symfony, Drupal, Wordpress, nah. They all forgot to include the most important thing in the base: security. Specially Wordpress, look at its spaghetti code and than look at the Banshee PHP framework. If you understand what that framework does for security, you'll never dare to run Wordpress or the other junk frameworks again.

SPDY is a protocol by Google, for Google. Unless you are doing more or less the same as Google does, SPDY is not very relevant for you. Having multiple HTTP requests via a single connection via multiplexing is only relevant if all website content is located at one and the same server. This is not the case for many websites on the internet. Images, specially for advertisements, are often located at a different webserver. I've read about real live scenario's where SPDY only gave up to 4% speed increase. And for rich websites we already got something called websockets. I've done a lot of experimenting with smart caching, both static and CGI content. Specially with caching CGI output, you can reach a speed increase that no new protocol can ever achieve.

IETF only took SPDY as a base for HTTP/2.0 because they failed to do the job themselves. I personally don't have much faith in HTTP/2.0. Not that I think it will cripple the internet, but it will not bring an improvement to the internet that will be worth all the effort of implementing this new protocol.

America always wants to force democracy to the rest of the world, so it should not complain about the downsides.

responsible for "obligations owed to the American people"

If that's his charge, I say let the American people speak out a verdict instead of a jury or judge.

Tell me how. You say it's easy, but I say it's only easy if we allow it. Yes, you can give me a 911 kind of story, but those are easy to prevent (close the cockpit door in thise case).

Bingo! Image you were a terrorist, angry and filled with hate. What would you do? Hijack an airplane, place a bomb in a crowded train station or empty a gun in a supermarket? I'm sure it won't be the airplane hijacking, because that's just too much trouble. To see what threat level a country really has, don't look at the typical place the government is focusing on. Be creative, think like a terrorist and look for the weak spots. You'll find that from a technical point of few, it's very easy to commit a terrorist attack.

What makes it hard to do: find an idiot willing to sacrifice their own life for it. Yes, the middle east seems to be full of them. But you should know most people in terrorist organisations only joined them because them wanted to belong somewhere. No one wants to be alone. When family members joined the group, telling you all sorts of (false) stories about how great it is and how bad the other side is, it's hard not to go along. But that doesn't automatically make them people we should fear. Going with the flow is easier than doing something on your own. Fighting along side your fellows is easier than going to a foreign country on your own to commit a terrorist attack. Because that means you have to make decisions of your own, making up your own mind about it all instead of blindly following some leader.

Yes, I'm sure there will still be a few people actually traveling to another country and actually commit a terrorist attack. But how much damage can one person do? If he's successful he'll maybe kill ten people. How much of a threat is that? In the days after, more people are killed but other means but we don't speak of them. We're all used to those threats, they're part of our life. What makes a terrorist attack threatening, is that it's new to most people and we allow the media to blow it up to huge proportions. We believe every bit of fear the media spreads and we want them to spread fear, because that feels like the most natural response.

The best way to deal with the terrorist threat is to realize that it's very small and to accept that it's there. For most people count, you'll never ever see a terrorist in your whole life and they certainly won't get you killed. And for those few unlucky people who get killed by a terrorist, be lucky that you weren't killed by something as stupid as crashing your own car into a tree.

Yes, they did. They learned that that was just an incident, that it is impossible to guarantee 100% security, that even if 100% security was possible it would make flying very unpleasant, that you should not give in to terrorist threats and that driving a car is far more dangerous than flying and everybody accepts the risk of traveling by car. The last 25 years proof that they are right.

Given the fact that security at airports is not very good and nothing really bad has happened in the last decade, what does this tell us about the real terrorist threat level in Europe?

Don't let yourself get scared by politicians who rule by using fear. Learn from the hard facts!