I find it interesting you call me arrogant and then claim to know things about me. At no point did I say, "it is xyz", I just said, "I think it is FAR more likely that xyz". As in, based on the evidence and available knowledge, one cause seems more likely than another. If there were more evidence in favour of another cause, I'd happily change my mind to that.

I doubt that you'd deduced it would explode through any special knowledge, as you say you yourself. But - based on the evidence thus far - I also doubt it was precognition that would turn our understanding of the universe and physics completely on its head. It seems more likely to me that you thought, "I wonder what it would look like if it explodes" and then after it did, your memory altered itself to make you think you had thought something slightly different.

No, I can't prove it, but there is plenty of evidence of memories changing themselves like that, and none whatsoever for the kind of precognition you're describing. It's simply a matter of probabilities.

That might not be the case - maybe you said it out loud to someone who also remembers you saying it, in which case the chance of it being changed memory is lessened significantly.

But to me, even the chance that you spontaneously thought it, then it happened, and it was just "dumb luck" is significantly higher than the chance of this kind of precognition being a phenomenon that exists in our universe.

Conventional wisdom can often be wrong; but it usually has a basis in reality since otherwise it wouldn't be considered wisdom of any kind. We know we don't know everything and we know that in many cases we know "damn near nothing" about a lot of things. But we do have a reasonable picture of the basic functioning of elements of the fundamental properties of the universe and from our understanding at this point in time, precognition of any kind seems very unlikely. That might change in the future - maybe someone will discover something really new and interesting about time that turns our ideas on our heads; but until such a thing happens, there are two things to do:
1) Continue to study and refine our knowledge
2) Focus on things that we believe are wrong
Perhaps you should consider studying in the field of neuroscience, or perhaps deep in to the fields of physics dealing with time (depending on whether you think the precognition might be a property of the brain; or of the universe), or even both if you've got the time and the smarts. Maybe you'll come up with something really interesting.

If you look at my post history, you might get a somewhat different picture of me than you currently seem to have. Yes, I'm scientifically minded and consider Occam's Razor to be a fairly reliable guide in many situations (but of course, it must be used appropriately). However I'm also a strong advocate of the use of psychedelic substances for self-discovery; a fairly "unconventional thinker" in general; and don't hold any stock in the idea of believing something just because everyone else does (mostly, I'm quite anti-authoritarian, which includes holding the concept of arguments from authority in extremely low regard).

You owe me a new keyboard.

What needs to be done, as a minimum, is something like Password Hasher (the firefox plugin) needs to be built into each browser.

That protects against what is probably the least interesting situation—when the user's password to one site is silently compromised by attacking that site, and the user used that same password on another site. First, it assumes that the user's password is weak enough to be readily cracked by someone hammering on the password database (which if it is salted properly, is unlikely). Second, it ignores the reality that most passwords are not compromised by server-side security holes; they're compromised by client-side security holes—keyloggers, etc.

To use a car analogy, this is like putting an un-pickable lock on a car to protect your expensive radio, but leaving the factory glass windows untouched.

I think that Google Authenticator tries to prevent mitm attacks by having any given token usable exactly once in addition to having a very short lifespan.

Here's why that doesn't work. The attack is very, very, very simple, and once you see it explained, you'll never trust those sorts of services again. A basic attack looks like this:

1. Attacker compromises the device and waits for user to log into Google.
2. Attacker captures the response to the authentication request and forwards it to their own server.
3. Attacker's server connects to Google's system and obtains credentials.
4. Attacker displays a network error message to the user. The user logs in again to the real Google server, unaware that the first attempt was successful, just for somebody else.

Elapsed time: tens of milliseconds after the user logs in. A slightly more sophisticated attack looks like this:

1. Attacker compromises the device and waits for user to log into Google.
2. Attacker captures the response to the authentication request and forwards it to their own server.
3. Attacker's server connects to Google's system and obtains credentials.
4. Attacker masquerades as a forwarder for Google's server so that the user is completely oblivious.

Elapsed time: tens of milliseconds after the user logs in. And if the service you're logging into works the way most services do, an even simpler attack looks like this:

1. Attacker compromises the device and waits for user to log into Google.
2. Attacker steals the cookies that Google stores on the user's system and uses them on another machine.

Elapsed time: zero milliseconds after the user logs in. But the best one of all is this:

1. Attacker compromises the device and steals the private key used to generate the authentication token.
2. Attacker logs in at will. From anywhere. At any time. Forever and ever.

Elapsed time: zero milliseconds after the device is first compromised or GA is first installed.

All four techniques are 100% transparent and are 100% effective attacks against software-generated time-based authentication schemes. The first two are 100% effective against hardware tokens used for time-based authentication, too. In fact, even if Google upped the ante and made the authenticator be interactive, where the Google servers sent a unique nonce that had to be encoded along with the time stamp, this scheme would still not be significantly stronger. The only change required to the first two schemes would be adding one additional step—telling the attacker's server to issue a request to Google and pass that request nonce to the compromised client. And the third and fourth schemes would continue working as-is. This is why time-based authentication is basically worthless unless the endpoint is trusted (and at this point, I'm growing more and more convinced that users should assume that their endpoints are not trusted).

The reality of the matter is that time-based authentication schemes are an anachronism. When they were first conceived by RSA in the mid-1980s, they were not intended for general users. They were intended to protect against precisely one threat—an attacker with a very specific target watching a user type in his or her password from a distance. They work well for that purpose. They can be compromised once by any attacker who gains control over the system where the authentication token is being entered, even if hardware tokens are involved, and they are permanently compromised by any attacker who gains control over the system where the secret key is stored. The reason there haven't been very many new implementations of time-based authentication since the 1990s is that such schemes just aren't particularly useful against modern attacks. They give the illusion of security without actually adding any. Well, unless you're worried about your roommate seeing you enter your password.

Put another way, creating a secure authentication scheme where the endpoint is compromised is fundamentally impossible for precisely the same reason that perfect DRM is fundamentally impossible. Alice is also Eve and Mallory. Food for thought.

Sigh. Ignore the first sentence in the second paragraph. This is what over-editing does.

Yes, lots of weak passwords are guessed by automated bots. This tends to affect websites like Facebook, message boards, etc., where the maximum possible damage is fairly limited and mostly harmless. By contrast, most people's bank account passwords are not "12345".

Not for important accounts, though. For things like banks, the password rules generally are already strong enough to make guessing problematic unless you know your victim, and to some degree, even then. It is far easier to make a virus that compromises millions of machines and looks at what letters the users just typed, or injects spyware into their browsers to detect which of those virtual PIN number pad buttons the user clicked, or whatever. Instead of an attack on a specific person that requires research, you can successfully compromise thousands or even millions of people. Why spend a high amount of effort per target when you can spend almost none and get similar results?

This, of course, ignores attacks on the infrastructure itself (e.g. attacking a credit card processor to steal credit/debit card numbers en masse or installing a card skimmer on an ATM). Those sorts of attacks also seem to be pretty popular, but they don't have much to do with passwords.

The FIDO stuff sounds like a whole lot of expensive extra technology with no real benefit over a password. A finger swipe is a replayable event just as much as a password or PIN.

The Google Authenticator is conceptually okay in theory, but in practice, AFAIK, it too becomes a gaping security hole as soon as your mobile device gets compromised.

If you want something stronger than passwords, it must have the following criteria:

1. Immune to replay attacks. Done correctly, this means that each authentication request must have a unique ID that must be signed or otherwise combined with some shared secret in a secure way.
2. Immune to man-in-the-middle attacks. Each request for authentication must be signed by the requestor so that the user can be certain that he/she is not agreeing to do something other than what is intended. Each response from the user must include at least a hash of the original request.
3. Immune to device compromise. The most common way that computer security is breached is through password sniffers or other compromise of the user's computer or mobile device. If you cannot trust the device that is performing the authentication, you cannot trust the action being performed, and all security goes out the window, including existing measures for preventing MITM and replay attacks, such as SSL/TLS.

None of these schemes I've seen so far address #3, and as a result, none of them are significantly more secure than typing letters at random and pasting the resulting password into a text file on your Desktop. They try to address problems that don't actually exist, while failing to address the root of the problem, which is that computers, mobile devices, etc. are not inherently secure.

For example, Google Authenticator uses a time-based token. This tries to avoid replay attacks by limiting the period during which an attack is possible. That doesn't work very well, though, unless you can delay an attacker's ability to sniff that token. This means that you have to prevent a MITM attack. As soon as the device is compromised, SSL and TLS are no longer capable of preventing a MITM attack, so the entire scheme falls apart.

Anything short of a non-networked device communicating with your computer over a very simple protocol (think "formal verification" here) is not a major win, IMO. And it can't be something silly like touching a smart card to an RFID reader, either, because the reader could perform more than one transaction, and you would have no way of knowing that you just bought some farmer in Iowa a new tractor alongside that DVD from Amazon. No, you really need a physical screen and a button on the device saying, "Do you agree to transfer $258,000 to Bank of Nigeria?" in order to significantly improve things. Anything short of that is just wasting a lot of time and expense without addressing the real problem—that if you can't trust the endpoint, you can't trust the message. Start by developing a truly trusted endpoint. After that, the entire problem becomes fairly trivial.

I, for one, am 100% gung-ho about having a 3rd-party in the 'cloud' handling every single one of my packets so that they can balance them between my connections!

There are already lots of third parties handling each of your packets. I'm not sure why one extra router would be a cause for concern.

I don't agree on the megapixel thing. As far as I can tell, consumers as a whole never cared about megapixels except as a means of helping them choose between two cameras that were otherwise basically indistinguishable. I don't know anyone who ever said, "I want to buy a new camera because it has more megapixels." They bought new cameras because their old ones started having problems, or occasionally because they saw photos from other people's digital cameras that looked better. Indeed, this is the norm when it comes to hardware. People buy new hardware when the old hardware stops working or starts to look worn out.

Now the marketing people pushed megapixels because it was the only thing they had to differentiate one cheap camera from the next, but in the end, that didn't matter because as far as consumers are concerned, there's a point at which it becomes "good enough". When cell phone cameras got to be "good enough", almost everyone stopped buying and using low-end cameras. As a result, the most popular cameras currently on the market, at least as far as the number of pictures taken, are all either some model of iPhone or some model of DSLR. Everything else is very nearly lost in the noise (or at least the long tail).

What this says is that the people who actually cared about picture quality before still do (and use DSLRs), because their goal is to take photos. Everyone else takes photos using whatever they have handy, same as they always did, and they upgrade when their old cell phone breaks or when they see somebody's new cell phone and realize that it is much better than theirs was. The only real difference is that they now carry one fewer devices than they did before.

As for the Hi-Fi thing, that's pretty much the same situation. It's not that it was a fad so much as that good quality sound takes up a lot of space, so a lot of folks switched to smaller speakers once they got "good enough" even if they didn't sound quite as good. The audiophiles still take the time to tune their rooms, buy good quality speakers, etc. Everyone else buys whatever is cheap at the time because they need something to do a particular job. It just so happens that whatever is popular tends to also be cheap, because of economies of scale. :-)

96.9% of the people in India (1.18 billion people) live on less than $5 per day (adjusted for purchasing power.) Confiscating 100% of Bill Gates wealth will only give each of them a one time payment of $61.61, less than a month of income.

The upshot of realizing these things is that you see that wealth disparity is a pretend problem, and the closest thing it is to a real problem is the fact that so many people can be so easily fooled into droning on about it like it actually was a problem.

That's specious reasoning for two reasons.

First, the only useful measure of wealth is a local one, because most commerce occurs locally. The people in India don't pay American prices for food, shelter, clothing, etc., so Bill Gates being rich doesn't affect them significantly. The more interesting question is what his wealth would do if redistributed to the poorest people in his own country, where there are a quarter as many people, and where only about 15% of those are living in poverty relative to the rest of Bill Gates's home country.

Second, your argument assumes only a single ultra-wealthy person. When you actually look at real numbers instead of your strawman assumptions, the reality is very different from what you're presenting. Here are the cold, hard facts:

• If you took away all the wealth of just the Forbes 400 (the richest 400 people in the U.S.) and redistributed it, you could give $35,000 apiece to every single American living below the poverty line. That's enough to wipe out their debt entirely and put them on the road to financial recovery.
• If you extend that to the top 1% of Americans, you would have enough to give every American currently living below the poverty line nearly a million dollars apiece—enough for them to retire right now and live off the interest for the rest of their lives while still making about as much per year as they currently do!

Frankly, wealth is even more unequally distributed in the U.S. today than it was in the days leading up to the French Revolution. The only reasons things aren't as bad as they were then are because we have a middle class, we allow people other than the top couple of percent to own land, and we are geographically large enough to be resistant to local droughts that would cause famine in a country as small as France. Those differences make the wealth disparity no less real, though.

I'm not suggesting that it's time to behead the top 1% and redistribute their wealth, but clearly we cannot afford to ignore the problem indefinitely.

About half as much power as a low-current LED.

A trillion apples is a roughly 4.5-apple-thick layer of large apples covering all of Manhattan.

Now that I've said that, it's easy to conceptualize it. In fact, you've already visualized it in your mind, and if you're from anywhere other than Manhattan, you're also probably thinking that it sounds like a good idea.

I was talking about my experience - rather than making sweeping generalisations. Here's an example: Not long ago I wrote a long report about some technical matters, 100 something pages. I used OpenOffice, and I always turn off spell check etc, because most of the words are not in the dictionary anyway. I handed it to a manager, who felt that he needed to put me down for whatever reason - so he ran a spell check and found 1 genuine spelling mistake. Just 1 - but this was apparently a major issue, and one of the brilliantly enlightening comment he made were "Surely you learned how to use a spell-checker when you wrote your thesis at uni?" - Except that when I did that, the IBM PC had only just come to market, and everybody wrote their theses by hand, using ink and paper. He would have realised if he had bothered with thinking, I'm sure.

I can of course shrug that sort of nonsense off, but it has done little to build confidence in the abilities of managers. I mean, one incident means he had a bad day, but this level of idiocy on an almost daily basis, what does that mean? It isn't just ignorance about technical matters - ignorance I can understand and tolerate, it's the scale of it combined with the bloated and mostly misplaced self-assurance, the "I'm richer than you, so I am evidently better and more intelligent".

I think, in many ways what you are doing by holding on to 'the old ways' is the right thing. A lot of these 'next big thing' gadgets are only fads, and anyway, what do you think lies under it all? The next big thing won't happen unless there is a lot of good old-fashioned computer skills happening somewhere, just out of sight. Hold on to what you are doing well, and keep yourself up to date with some of the new stuff, but don't let it take over - it is not worth it.

See, this is one of the reasons why we in Europe have public health care: your fate and health depends less on people that actually have an interest in not helping you when need it; ie, insurance companies.

I don't know about Larry Page - to me he is just another suit that got lucky. I have worked in software engineering for over 20 years, and I have never worked out why people like him are admired; they are always shallow, sometimes embarrasingly ignorant about things and a bit deficient, morally and otherwise. Which is why the got rich, really.