Really, it doesn't matter if the brain lacks free will. We necessarily must presume it does for our legal system to have any effect. It doesn't matter whether you're a thief or a diagnosed kleptomaniac, either way we need to find a way to keep you away from the personal property of others. Sure, the methods used may change, but we've determined (whether through free will or some reasonably complete facsimile thereof) that this is not acceptable behaviour in our society, and it must be caught and removed.
Perl [lets] you express a lot of operations in a few characters. Syntactically succinct, hard to read.
That really depends on your experience level, like in anything. Reading a wiring diagram is arcane to the uninitiated, but once you know what symbols represent what types of circuit pieces (including resistors, capacitors, diodes, FETs, etc.), they are both syntactically succinct and easy to read because you can tell what goes where at a glance, you don't need to read and parse a lot of text.
Same thing in Perl. Once you actually learn it, it becomes easier and faster to read than, say, Java, because there's less skipping over of absolute boilerplate. The more I use perl, the less patience I have for trying to find my way through the verbosity that is Java.
There's a good reason for not reading beyond the first couple sentences in this case.
And that's not just to avoid the standard lack of editing around here: "assuming you tune they [sic] system along the way" ???
You tell that to the President of (what remains of) Ukraine. Ever since Obama has said "Yeah, well, don't cross this line. I mean it!" Putin has known exactly how much he can get away with.
Do you think that simply because you omitted that common attack vector that it's magically not going to happen?
Rate limiting, et al, has a singular primary purpose: to make things hard enough that an attacker doesn't get the password hash. Anything else is pure gravy.
Once the attacker has the password hash, the next defense is a strong password. And that's where we need to focus the entire debate about passwords vs passphrases vs biometrics vs telepathy. Assume the attacker has your password hash. This worst-case scenario is reality all too often. Yes, throttle password attempts and all that, but if your server has Sarah Palin or Barack Obama on it, assume that someone, somewhere, will deploy sufficient resources to getting that password hash through some zero-day vulnerability. (If your site is just discussing hooch for local rednecks in Bumfuk, Virginia, then the passwords are likely safe, regardless of how insecure the system is.)
Clang warns about bad variable names? I need to switch!
Real science is always open to upending. If they weren't willing to listen to critics, they'd be called a religion.
Excersise for the reader: are there any other scientists not willing to listen to their critics?
I'd suggest the penalty be based on the savings, not the cost.
If the illegal is simply indentured, unpaid servant, the penalty goes to zero? Instead, I'd suggest asking a local union (just for kicks, mind you) what the going rate is for that work, subtracting the actual pay, and using that as your basis for penalty. If the illegal was paid full union rates, I could live with "no penalty" - they've been penalised enough, I suppose.
I used to be a huge fan of C++.
All those negatives you cite seem to me to be advantages. Because when you know how to use them, they become powerful forces for good. Sure, there's plenty of room to shoot your foot off, but there are some things you can do in Perl that a stricter language wouldn't let you do.
I've put that bullet through that approach.
I've grabbed the precise versions of everything that we're going to use, checked into our version control system, complete with a full build-from-scratch setup that will build perl from source, with the exact options we need (or at least the exact same options every time, not sure if we need threading, for example), and the precise list of CPAN modules that we are using, along with standard patches to said modules where required (some of them don't support AIX as well as we need). Upgrading a module will require a degree of regression testing, etc.. And all developers will use exactly the right levels of everything as the level that is going into production.
I'm a huge fan of CPAN. It has issues, such as some crap code, but yet it remains one of Perl's greatest strengths. Like anything else worth having, it provides sufficient rope to hang yourself with, so you do have to be careful, putting the onus back on the developer to find a mode that works for them. And yet, to fulfill corporate requirements, I'm using precise levels of code. There's no reason why you can't have the best of both worlds.
Gee, if that was the criteria, I'd be banning Java at work. Because I've seen first-hand a number of Java devs writing absolutely stupid things resulting in a heap of vulnerabilities.
The reality is that you get a bunch of stupid developers, and it doesn't matter what language you put in front of them, they're going to write stupid code. The people who've worked under me in perl don't get the opportunity to write code that dumb because a) I provide a saner framework work in where those gotchas are centralised into common functions and objects, and b) I code review everything that goes in until they acquire a better knowledge base to work from and then I do spot reviews and review anything they feel, with their now better experience, might be tricky and should get extra eyes.
I don't care what language you're working in. If you don't realise that calling the shell with special characters that you didn't know you had will cause problems, it's the developer at fault, not the language. I don't care if it's cmd = "do-stuff " + tainted_value; Process p = java.lang.Runtime.exec(cmd); or my $cmd = "do-stuff $tainted_value"; my $rc = system($cmd);, that's going to result in broken code. If you don't realise that doing the same thing with SQL is going to cause problems, you shouldn't be doing SQL. Or running a subprocess, waiting for it to exit, and THEN reading its stdout. These are all common things, in my experience, and most of them I've seen in Java code, though I do get to work with some nimwits in a different reporting chain using perl stupidly as well. I don't ascribe the bad code to the language, but to the bad developers. Maybe you should look, too, and you'd find it's your developers that are the problem, not the language.
Given that this is SCARY and NEW TECHNOLOGY, I can see an abundance of caution here. Also, it's the manufacturer that has to have the insurance, which seems to me to be rather cheap, especially since many players, especially Google, could self-insure something like this and wouldn't really notice any pinch. To be honest, this seemed to me to be somewhat low if their primary purpose is to ease peoples' minds about the new technology.
Remember that the state is going down uncharted waters here, regulating these things prior to actual use as opposed to the catch-up-with-existing-practices we did the first time round with these horseless carriage things. So they're taking things easy. It's probably the best way to make everyone comfortable with the process, other than perhaps the manufacturers.
I know that reading the fine article is frowned upon, but I
The article had this weird text and stuff, and it overwhelmed me, but when I finally sobered up long enough to take my eyes off the road and read my tablet, I saw this odd text:
Approximately 41 million people receive speeding tickets in the U.S. every year, paying out more than $6.2 billion per year, according to statistics from the U.S. Highway Patrol published at StatisticBrain.com. That translates to an estimate $300,000 in speeding ticket revenue per U.S. police officer every year.
(my emphasis.) Now, I get that the cost of policing isn't simply the officer's salary, but the cost of the vehicle, maintenance, gas, supervisors, etc. But I highly doubt that the cost per officer is $300k per year. I would say that $150k per year might be an excessive estimate. So let's call it $200k/year/officer. It seems like there's a significant profit being made here somewhere. I just don't know where it's all going, other than possibly into municipality coffers.