Slashdot videos: Now with more Slashdot!

Since you refuse to clarify, and I, being relatively ignorant, must rely on the dictionary definitions, I don't understand the point you are trying to make:

From those definitions, it appears that it is possible to be a misanthrope and not be sociopathic, but that one of the defining characteristics of being a sociopath is some level of misanthropy (or, at least, misanthropic behaviour). Of course, rather than berating the original poster, perhaps you could attempt to bring clarity. On the other hand, perhaps you were trying to exemplify the misanthropy suggested in the original post, in which case I apologize for missing the joke.

Yeah, at least with major league OSes like Windows we never have to worry about decade-old bugs. And Windows 8.0 was the model of usability.

With regards to Voyager, you can view it as Janeway's slow descent into desperation. Starts out all do-goody then as time goes by, deals are made, morals are readjusted and by the end it's just, "The hell with this".

No, those who want perfect solutions want the impossible. I want a framework that can be improved over time.

What's the goal? With maybe a handful of exceptions, everyone does something that can compromise their security. HTTPS relies on a trust architecture that we're being reminded recently (Superfish, PrivDog) is actually extremely fragile. And yet it's being encouraged to make the job of the average surveillance tool more difficult. It's very much letting The Other Guy(TM) (remember, three caps minimum on the TM'ed stuff) handle security. It has flaws, but it raises the bar.

That's what we need for end-to-end crypto. It can have flaws, but it needs to raise the bar, and be able to keep raising the bar.

As for understanding how it happens, how many people can describe how an RSA key is generated, much less how a proper PRNG produces a suitably random number and then how AES/Blowfish/whatever encrypts the data? Does the average person need to know that? Not really. And even if they did, they don't care, which is why they don't use it now.

Right now, we have options where you can let a CA provide you your TLS certificate (usually 2048-bit and SHA1). If you know what you're doing, you can roll your own with better security. We need something with that flexibility (though I recognize the flaws of that exact model) for end-to-end crypto, too. We need clients that auto-update, that add or deprecate algorithms as they arrive or are broken without the user having to worry about it, and that can provide safe (and revocable) storage for the keys so they survive a catastrophic loss or be deleted with near-absolute certainty if the user wishes. We need common libraries or protocols that can allow new or existing clients to safely implement connections to these services without having to build them from scratch, thereby preserving and encouraging competition.

These don't lead to a perfect system. They lead to a good enough system with room to grow and improve. But I would argue (as I think Moxie does) that what we have now is far from a perfect system because it's too difficult to use.

Not remotely. He's encouraging good encryption, but calling for some updates (it hasn't significantly changed since the mid-'90s) and a better wrapper. GPG is still largely by geeks, for geeks. I couldn't get my parents to use GPG because they'd dismiss it as too hard, even if one of them is happy to stick it to the man. The suggested minimum settings vary based on where you look and when they were posted.

Example: An RSA key size of 2048 bits is largely considered secure, but NIST recommends 3072 bits for anything that one would want to keep secure into the 2030s. People still often see their e-mail as their private papers and may be concerned over who can read them well past the 2030s. But does that mean they use 3072, or go with the random crypto weblog guy who says to always go with 4096? And why can't I create 8192- or 16384-bit keys like that software claims to over there?

And what to hash to use? Plenty of sites still say MD5, but they were written years ago. Some have updated to SHA1, but others point out weaknesses there. OK, SHA2, then. But then there's SHA256, which must be better, right? (I know SHA256 is a subset of the SHA2 family, but those unfamiliar with crypto will not.)

Until GPG-style crypto becomes relatively automated, it won't be embraced by more than a handful of people. HTTPS is widely used because people don't have to think much about it. This has some downsides for poorly-configured servers and Superfish/Comodo-style backdoors, but browsers and other software help take up the slack by rejecting poor configurations. PGP/GPG were designed to reach near-perfect levels of encryption, but that bar is clearly too high for significant uptake. We should instead be looking for something that encourages end-to-end encryption that is good enough. We can build on if the underlying structure is properly designed, and as people get more accustomed to crypto in their lives, they'll be able to adjust to improvements.

When the majority of communications are relatively well-secured, it makes it far more difficult for a surveillance state to conduct its operations. Perfect security can still be a long-term goal, but we need more realistic goals to encourage uptake in the meantime.

Agents don't care if you are good, only that you make money. There are a lot of mediocre actors that make their agents a lot of money.

Then why did you use it as an example?

If the developer is good? yes.

But to become A list, they needed an agent.

It was never widely known that Sega of Japan was, for a time, negotiating to merge with/acquire The 3DO Company. Unfortunately, best available information suggests that Trip Hawkins, 3DO's chairman and CEO, wanted too much, and the deal fell through.

As it happens, about three years ago I started doing an irregular series of Let's Play/Drown Out videos on YouTube with my colleage, GammaDev. Both of us are former employees of 3DO, and we covered The Deal that Never Happened in a video about two years ago (seek to 25:12).

The law is generally stated that for two vehicles traveling in the same lane with no immediate changes before a collision, the trailing driver is at fault in case of a collision. However, it's a valid defense if the leading driver performed an unsafe maneuver prior to the collision, such as changing lanes with insufficient spacing.

That's a nice concept as far as it goes, but at some point you're still dependent on hardware-specific drivers from Lenovo. As of this writing, you can pick up device drivers piecemeal. But once they get it into their tiny little brains to create a single "Universal Installer" that bundles all the necessary drivers with all the unnecessary, unwanted bloatware and spyware, you're back in the same leaky boat.

Frankly, I'm having a hard time seeing how Lenovo recovers from this.

Sweet Jesus, at least install Fail2Ban and block an IP for 24 hours after 3 failed attempts.

except automation is getting to the point where the new job will be automated from the get go.

This is supported by a lot of data.
The easiest to grok is the decrease in jobs, but the increase in GDP. creating more, with less. Easy to look up.

Oh good ol hornwumpus. WHen you argument fails, always falling back on the tried and true ad hom.