Forgot your password?

Comment: Re:There aren't infinite bugs (Score 1) 235

by JesseMcDonald (#46788595) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

Then it doesn't matter whether most people would find the effective hourly rate "insulting"; all that matters is that anybody who does find an exploit will turn it in to the company rather than selling it on the black market or exploiting it themselves.

You're assuming they can only choose one. What is there to prevent someone from exploiting the bug themselves for a while, selling it on the black market (to a discrete buyer), and still eventually turning it in to collect the bounty?

Comment: Re:Isn't prop 13 irrelevant to buyers? (Score 1) 359

by JesseMcDonald (#46771733) Attached to: San Francisco's Housing Crisis Explained

How is it not so good for buyers? It seems buyers would be paying taxes based on a current assessment with or without prop 13? In other words prop 13 seems irrelevant to that initial assessment and tax rate, that it only affects increases not the initial rate.

It's bad if you consider that the tax burden is distributed unevenly. New buyers pay a larger fraction of the tax, yet receive the same share of city services as long-time owners of similar properties. The rate has to be set higher to make up for the shortfall from the undervalued properties. Let's say the city needs 5% of the current market value of all the properties to meet its budget. If half those properties are undervalued by 50% for tax purposes, the tax rate has to be set at 6.7% instead of 5%, which means new buyers are paying a third more than they would if all the property taxes were based on current market value.

Comment: Re:Recording laws (Score 1) 797

Recording a conversation without the consent of the other party even for the purpose of providing evidence requires a warrant, under the first amendment and the laws governing free speech. While I understand the intentions and agree that attempting to resolve it by providing clear evidence is reasonable, the simple truth is that under US law recording conversations is prohibited without the oversight of a judge who can determine whether or not it is an appropriate exception to the right of free speech.

You're making it sound like all-party consent laws exist throughout the entire US. Only twelve states require all-party consent: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Nevada, New Hampshire, Pennsylvania, Vermont, and Washington. In the other 38 it's perfectly legal to record the conversation as long as you are a party to it. This isn't anywhere close to a first amendment or free speech issue. Your right to speak freely does not imply a right to make others forget what you said or prevent them from testifying about it—and the only relevant difference between a recording made in person and one's own memory is that the recording is a more reliable form of evidence, which is all to the good.

It's the all-party consent states, like this one, which are being unreasonable here. So long as the person speaking is aware that you can hear them, they have no reasonable expectation of privacy from you and you ought to be perfectly free to record what they say.

Comment: Re:Lol... (Score 1) 1116

by JesseMcDonald (#46699215) Attached to: Mozilla CEO Firestorm Likely Violated California Law

You lose that ability the moment you incorporate. You want protections of incorporation, then you also get regulated.

You shouldn't have to forfeit your rights and submit to arbitrary restrictions imposed by a third-party just to exercise your natural freedom of association and act as a group.

The protections of incorporation are really fairly limited. It's not an absolute defense; if you cause harm which can't be made whole out of corporate funds, incorporation won't help—you can still be made personally liable for the damage. The benefits of incorporation mostly come down to simplified tax accounting and clarifying the scope of each party's responsibilities when entering into contracts. The first part is a solution to a problem created by government in the first place, and the second doesn't need government at all, just a mutually-agreeable arbiter to settle disputes.

Comment: Re:Any Excuse? Yes. (Score 1) 277

Most security in this world is about prosecution.

Sure. But that assumes that you can prosecute. For a crime like breaking & entering, that may work often enough to serve as a deterrent. Online, not so much. You'll probably never find out who orchestrated the attack, and even if you do, they're like to be in a different jurisdiction (or even have state backing). As a result, your security measures have to be strong enough to prevent the attack from succeeding in the first place.

That's not to say that you always need absolute security. There's still a cost/benefit analysis involved. You just can't count on making up your losses by prosecuting the offender when the security fails, which increases the net benefit of having proper security in place.

Comment: Re:Terrible summary (Score 4, Insightful) 190

by JesseMcDonald (#46649555) Attached to: Scientists Solve the Mystery of Why Zebras Have Stripes

very unconvincing... wouldnt it be easier to grow your hair a few mm longer?

What's to say that didn't happen? We just don't call the ones with longer hair instead of stripes "zebras".

Evolution doesn't involve a species voting on how it would prefer to evolve. If there are multiple possible adaptations then it's entirely possible that different subgroups will evolve in different directions in response to the same environmental factors. This is one path to speciation, if the change are significant enough.

Comment: Re:One big way in which Git is not SVN-compatible (Score 1) 162

by JesseMcDonald (#46639941) Attached to: Subversion Project Migrates To Git

git does support hierarchical branches. You can have a branch named maria/new-crypto, and even pattern-match on the branch path in refspecs. The problem, as you alluded to, is that SVN doesn't have native branches at all, just copies. How is git-svn supposed to know that /branches/maria/new-crypto refers to a branch of /trunk and not to a directory within the "maria" branch? They look the same. For that matter, you could get that path by creating a branch named "maria" (copied from some version of /trunk) and then coping /trunk into it as a subdirectory—a branch within a branch.

You can work around odd SVN layouts somewhat by manually configuring custom branch paths in .git/config:

[svn-remote "origin"]
url =
fetch = trunk:refs/remotes/origin/trunk
branches = branches/maria/*:refs/remotes/origin/maria/*
branches = branches/fred/*:refs/remotes/origin/fred/*
tags = tags/*:refs/remotes/origin/tags/*

Comment: Re:April Fools! (Score 2) 162

by JesseMcDonald (#46633239) Attached to: Subversion Project Migrates To Git

You then stash apply. You get the conflicts, say "I give up for now". Now all you have to do is figure out what the SHA1 of the copy that was in the stash is. Might have to do some reflog digging, but it is not only possible but actually pretty easy if you know about the reflog.

You don't even need to bother finding the SHA1 or searching the reflog. stash apply doesn't get rid of the stash, so it's still right there as stash@{0}. You can also find it with stash list. stash pop would normally get rid of the stash after applying it, but even there the original stash is preserved if there were any merge conflicts.

Comment: Re:Free market (Score 1) 353

by JesseMcDonald (#46622887) Attached to: If Ridesharing Is Banned, What About Ride-Trading?

I was pointing out that this is a 'free market', with the government being another variable that companies must take into account...

This should go without saying, but if you have to take third-party interference with the peaceful exercise of your property rights into account, then it isn't a free market. (The absence of such interference is exactly what the "free" part refers to.)

Comment: Re:Wi-Fi in the store (Score 1) 455

by JesseMcDonald (#46603829) Attached to: Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

Bitcoin takes an average of 10-30 minutes before the transfer is effectively irreversible by the customer. With a credit card, due to chargebacks, it takes months to reach that point. Checks are faster than credit cards, but easier to fake, and still much slower to finalize than Bitcoin.

Even before you get your 1-3 confirmations, unless the customer controls a large fraction of the mining network or is colluding with someone who does they have very little change of implementing a double-spend once the transaction has been broadcast through the network, a process which takes only a few seconds. In the meantime you probably have them on camera, and they can't get very far before the transaction is confirmed or invalidated. If you're concerned about a particularly large transaction you can always ask for a photo ID in case you need to track them down later.

Comment: Re:Haircuts are cheap (Score 1) 110

You're buying insurance for both yourself and your wife, so your case isn't relevant to the discussion. Obviously any policy covering both a male and a female will include coverage for male-specific procedures for the male and female-specific procedures for the female. That doesn't imply that anyone should be forced to buy insurance for a procedure he or she is guaranteed to never need. Gender should be taken into account when calculating risk factors and premiums.

Comment: Re:Haircuts are cheap (Score 0, Troll) 110

This is how insurance works. We pool everyone. You're not buying specific health procedures. You're buying decreased risk.

No, that's not how insurance works. That's how charity works (or wealth transfer, a.k.a. theft, when it's forced). True, you're not paying for specific procedures. However, you should be paying according to the probability and cost of the procedures you're covered for. A procedure you'll never need has zero probability, and thus shouldn't affect your premiums.

You're not buying decreased risk. Risk is the product of probability and cost; if anything, insurance increases your risk by adding the insurance company's overhead and profit margin. It certainly can't decrease risk for everyone no matter how you structure it; there must always be at least as much payed in as the insurance company pays out, on average, or the company goes bankrupt. The purpose of insurance is to reduce the cost of an insured event to something manageable, in the event it does occur, at the expense of increasing the probability of paying that cost (you have to pay the premiums whether the event happens or not).

The idea behind insurance pools is to group together statistically independent policies of about the same level of risk. They don't necessarily have to cover the same things, you just want to avoid holding a bunch of cash in reserve, or else bankrupting the company in the event several large claims have to be paid out at the same time.

The only thing cheaper than hardware is talk.