Why? Is there even such a thing as an "S3 key"? I've been using AWS for a long time, and I've never seen one of these (unless you count the goofball time-limited key pre-signing thing, and those keys can't be used for any purpose outside of S3).

There are, of course, AWS keys, and those keys can be granted privileges. If you grant an AWS key full access, then yes, it can be used for any API call. But really that's bad practice. If your application needs only access to a specific S3 bucket, you'd create an AWS key for your app and grant it access only to that bucket.

Since I haven't done it in a while, I tested this out. I just created an AWS key and here's what I found: it has no access at all. I can click "attach user policy" and it gives me a ton of choices for what type of access I can give the key, including "Amazon S3 Full Access" and "Amazon S3 Read Only Access", or I can use a custom policy generator.

So I think AWS is doing a halfway decent job here, giving people simple options for simple situations and complex options for complex situations. If a user is going to create an admin-level AWS key and post it to github, what is AWS supposed to do about that?

Actually, S3 keys either can or can't be used to launch EC2 instances, depending on user configuration. Using IAM, you can grant AWS keys only as many rights as are necessary, so if your program only needs to write to a certain S3 bucket, you should grant access to the key only to write to that bucket. Then, that key couldn't be used for any other purpose (like launching EC2 instances).

Also, IAM roles can be used to avoid using AWS keys in your code/config files at all if your code will be running within EC2. Just give your instance an IAM role with permissions to make only the necessary calls, and let AWS handle your key acquisition and rotation for you.

That's small potatoes compared with the real problem with doxxing. The real problem is that once the doxxed person's info is public, any asshole on the Internet can and does start harassing the victim both online and offline. Threats of violence, harassing the victim's employer, trying to get him/her fired, swatting, etc., are all common consequences of doxxing.

It's a really shitty thing to do. I don't really give one tenth of one flying fuck if someone finds out that I smoked weed in high school or banged my girlfriend in high school. Hell, if you asked me those, I'd just tell you the truth. But if I'm getting death threats left and right and people are calling my clients and saying that I am a terrible person or whatever, that's when shit starts to get real.

Somehow I knew that you were going to say this because many large tech employers, often to a fault, insist that all applicants have a CS degree. I bet a lot of these teams wanted to hire you but couldn't get you through HR because of this stupid, inflexible requirement.

Why in the actual fuck would you want to do that? For the love of all things holy, pick one of those (or one commercial + one free, if that is more appropriate to your company) and standardize. Do you support half a dozen office suites as well?

Lack of familiarity. MS was extremely opaque about what the hell .NET even was when it first came out until they finally admitted that it was their version of Java. And since there was no reasonable free way to get started with it (and I don't think it's cross platform, right?), most devs and universities standardized on Java.

At this point, from my point of view, there is little point in ever learning .NET since it offers nothing over the Java ecosystem. My next language will probably be either Python or Scala.

I wish you would have read the next sentence:

They managed to get an anti-science dig in with their prone-to-violence dig. This is the typical crap that you read in The Atlantic.

I'd be curious to read what exactly these people recommend in place of timeouts. I mean, I'm always up for learning new parenting techniques, but I just don't see how a "teachable moment" tactic will work in the real world. Certainly with younger children.

As you well know, when a parent corrects a young child's behavior, the typical response is to either engage in a debate or to throw a tantrum. In neither case is the child internalizing the lesson behind the "teachable moment". A timeout effectively avoids both of those responses because once the child is placed into a timeout, there is no one to argue with, and there is no one to watch the tantrum.

So that would be my question: how does this new technique compensate for the real-world problem of toddlers acting like toddlers?

Was that BC Calc? Because if it was, then that's not really a fair comparison because BC Calc is supposed to cover 2 semesters. That being said, you're not seriously arguing that AP Calc is harder than taking the course in college, are you? Any day of the week, I'd rather learn calculus from an experienced, English-speaking teacher in a 20 person classroom whose career goal is to teach students mathematics than from a math prof who only teaches because he has to in a 300 person lecture hall and a TA from Elbonia. A few decades later, I remember a lot of calc from my AP calc class, but I don't remember a damn thing from calc 3 which I had to take in college.

Anyway, the AP classes that I was talking about were things like AP U.S. History, AP U.S. Lit, AP Chemistry, Physics, etc. These were all semester-long courses in university, but took a full year to teach in high school. Learning the same material in twice the time is not impressive to me.

Aren't we talking about a minor change, here? All I'm saying is that a motivated student ought to be able to take a bloody AP class if he or she wants to, even in the absence of a stellar transcript. I mean, really. If a kid is fascinated with history, why shouldn't that kid be allowed to take AP U.S. History instead of standard U.S. History? The kid'll get some exposure to college level work in a class that piques his or her interest instead of being told, "Hey, sorry kid. You're too dumb to handle college work."

Back when I was in school, there was this chick who really wanted to take AP Econ, but she didn't have good grades, and the teacher gave her the boot (it was in front of the whole class, too. Ouch!). All I'm saying is that there were plenty of supposedly qualified kids in that class who never even came close to grasping the material, but I bet this chick would have gotten it because she cared more than they did.

I know it's just an anecdote and I know it's just my opinion not a scientific study, but anyway, that's what I think. Because frankly, who cares if they fail? I'd rather see a motivated kid challenge him or herself and come up short than not to take the challenge at all.

Ahh, sorry. I missed that part of the conversation.

Maybe the "Let's Encrypt" initiative will help. Cloudflare is also a good option.

Cheers!

And it fucking pisses me off that the grocery store won't just give me free food, too.

StartSSL is a business, and its business model is to give out free Class 1 certs with the hope of converting you into a paying customer. They charge for every possible thing other than issuing personal use basic certs, even cert revocations. So if you say wanted to revoke your "free" cert for a very good reason like, say, Heartbleed, then be prepared to be converted to a paying customer.

I'm not saying that you should never use StartSSL, though. I'm just saying that you should know what you're getting yourself into, and know why they don't offer (and never will offer) other free services like wildcard certs.

Ideally, your web host should hold your hand through this.

I don't want to come across as a shill, so I'm not going to name names, but I just looked at the customer panel for a large shared hosting provider, and the process for adding HTTPS was dead simple. You just click on "Secure Hosting", and it walks you through it. You can use a self-signed cert (which they create for you automatically), buy an SSL cert through them for $15/yr, or you can copy/paste in your own (if you want to save a few bucks and get a PositiveSSL from Namecheap for $9/yr or a "free" cert from StartSSL). It took me about 2 pointy-clickys to add SSL to a test domain.

Or even better, imagine going through college as a conservative. As you no doubt remember, only expressions of Leftist doctrine are permitted in the "marketplace of ideas" that we call college. Never mind examining the merits of all ideas; college is a place where everyone from the students through the professors consider it to be their moral duty to ignore what you say and then insult you personally while explaining how sensitive and inclusive and open-minded they are.

At the end of the day, the path to your dreams need not run through any club nor class nor approval of the tactless. It's consistent, persistent action that advances you toward your goals and dreams, and that is the lesson that I hammer into my children's heads. I have very little patience for "oh, but she might get awkwardly hit on!" Apparently that happens 742 times per hour just walking down the street, anyway.

I understand what they do. My point is that they should not do that. They should give motivated kids a chance to be challenged. And let's be honest, do AP classes represent an actual challenge? I took a metric assload of them, and I did not find them to be challenging at all. The reason for this should be obvious: they take a semester-long college course and consume a full academic year teaching it. Of course they're dead easy.

Well, maybe they should change that.

I'm not GP, but many schools restrict who can enroll in AP courses. Personally, I think that this is stupid. Even the lower-class-rank students should be able to take an AP class if they think that they can handle it. They may not be taking a full course load of AP, but why not let them try some college level work in a subject that they like?

I would argue that those guys are not brilliant at all.

Any programmer can solve a complex problem with a complex solution. The brilliant programmers are the ones who can take a complex problem, distill it down to well-organized chunks, making the solution appear straightforward and obvious (even when the solution was anything but obvious).

When you get a dev on your staff who writes clear, straightforward code, you keep that dev in high morale and you don't let him or her go.