When I step on my scale, it tells me if I need to carry an umbrella today (based on the weather forecast it downloaded). Then it sends my weight etc. to my iPhone where it's merged with information from my fitness wristband and my diet tracker. Based on that, I get suggestions like "you've been going to bed a little later than usual. You should catch up." or "drink more water today" or "try to walk this much further than you did yesterday".
I think that's not so shabby.
One thing I haven't heard discussed is whether affected companies should be notifying their end users about whether they were affected and when it was fixed. I haven't heard from my bank, for example. Where they ever vulnerable? Should I update my password? If they were vulnerable, is it fixed now or would I just be handing an attacker my new password if I were to reset it today?
I wrote up a proposal called Heartbleed headers for communicating this information to site visitors. While I'd like it if everyone picked my idea as the new standard way for doing this, I just wish admins would start using something. We're so close to having a browser plugin be able to tell you "you need to update your password on this site" as you browse. How nice would that be?
So... the business made a stupid decision, and when they realised the error of their ways, rather than trying to reach agreement on the best way forward, you delighted in rubbing their noses in it, using processes designed to protect you to hurt your employing organization instead.
One of the most important pieces of career advice I've received is to make sure that people who cause pain feel the pain. It is not my job to be a whipping boy who suffers for every bad decision I tried to warn someone about. If management insists that I do something really goofy, then they should not be spared from the consequences of their plans. Insulating them only enables them to keep making bad choices and inflicting them on codependent organizations.
You say "rubbing their nose in it". I say "making sure decision makers understand the results of those decisions".
And having succeeded, they continue to use those same computers to this day.
From a review of the Samsung 840 EVO 1TB SSD I just stuck in my MacBook Pro:
- Sequential READ: up to 540 MB/s
- Sequential WRITE: up to 520 MB/s
- Random READ: up to 98,000 IOPS
- Random WRITE: up to 90,000 IOPS
From the same site reviewing a WD Black 4TB HDD:
Performance from the WD Black scaled from 66 IOPS at 2T/2Q to 86 IOPS at 16T/16Q, versus the 7K4000 which scaled from 82 IOPS to 102 IOPS.
So assuming IOPS scales linearly with heads (they don't), you'd need about 1,000 heads to get similar random access performance out of HDDs as one SSD.
There's a reason everyone's migrating to SSDs for anything remotely IO related.
I'm not saying this is the "right" or "best" solution, but...
I taught my son to punch hard and aim for the nose: "if you miss, you'll get his mouth or cheek or eye and it'll still hurt". I also explained that if the bully hit, slapped, tripped, or otherwise battered him, that my son was to lay him out. "What if I get in trouble?", he asked. "You let me handle that part", I replied. We had to play-act it a few times because my boy kept wanting to say something first, like "if you touch me again I'll hit you in the nose!" No. You've already warned him before and he kept it up. Don't talk: act.
Cut to a week later when the teacher was waiting for me when I went to get my son from school. "He hit another kid today." "Was it so-and-so?" "Yes." "Good. I told him to." The teacher looked around, leaned in and confessed: "someone needed to belt that little asshole."
The bullying ended that day. My boy stopped coming home with torn clothes, scratches, and bruises. My son got an enormous confidence boost and hasn't had a problem with other little thugs since then.
Violence is not the solution to all problems, but damned if it can't fix some.
... so much of the internet depends on for security just one reviewer for a commit seems way way way too little, honestly checking anything into openssl (or gnutls) should be at least a 4-step approval process (submitter -> mantainer for that area -> overall library mantainer -> security officer), for any code that includes buffers/malloc especially if related to user supplied data the final security review should be a panel.
Plus three extra steps: compiles without warnings, passes Valgrind, and makes it through an intensive test suite.
Follow the proposed specification at http://heartbleedheader.com to tell your users when you've patched your servers. This eliminates the guessing: "is it OK to update my password now? Do I even need to? Can I trust that I'm not being MITMed with their old SSL key that an attacker stole?" It's bad enough using the tools at hand to detect that information from a single site, let alone the hundreds you might have in your password manager.
"Obviously, the first performance enhancement you do on any computer you own is max out the RAM"
I don't think it's that unreasonable. My MacBook has two RAM slots. 8GB of RAM from Newegg is about $80 and 16GB is about $150. Given that you can't start with 8 and then later add more - you have to replace what's already there - I tend to go with 16GB right from the start. If it saves me an hour of grief over the course of the three years I'll be using it, then it's more than paid for itself.
16GB is basically video editing only.
...or programming, like a huge chunk of the Slashdot community. A text editor and a few terminal windows don't chew through RAM, granted, but I've never had so much memory that a compiler didn't wish it had more. I'm also running a lot of local daemons (RabbitMQ, Cassandra, Mongo, Redis, etc.) so that I can run a full test suite without Internet access and all of those want their pound of flesh.
My company laptop has 8GB of RAM. The fact that swap is on an SSD is the only thing that makes it a comfortable development environment.
There is a difference between a risky endeavour and certain death.
Not really. There are some fields of endeavor that are incredibly, inherently, irreducibly dangerous. Space travel is one of them. There's not much of a gap between, say, a 25% chance of fiery or icy death and a 100% one. It's certainly not the same as the difference between driving to work and taking flight in a space shuttle.
Instinctively, we accept risk of death when the reward justifies it. Being a successful astronaut is rewarding - in terms of prestige if nothing else.
Have you ever listened to an astronaut? To a person, they'd all return to space in a heartbeat if asked. Their motivations have very little to do with personal prestige - they just want to return to the stars.
A compelling scientific mission that will add to human knowledge is arguably more rewarding for civilization, but not for the individual who dies, and the reward is too abstract for our instinctive response.
There's no place for instinctive response here. My instincts are that climbing into a tin foil capsule on top of a fuel tank filled with 5 million pounds of kerosene and LOX is insane. And yet people have worked out the risk-reward calculations and decided that hey, this is a good thing we should do.
Plus it's not obvious that there is a lot that live astronauts can do that do that robots can't.
Well, other than collect data on the effects of deep space travel on human physiology, and the ever-present "anything a robot hasn't been specifically designed to do".
Simply 'being first' will not be a compelling reason for others to enable suicide, or be left to watch it helplessly from a distance.
Then use any of the other millions of reasons why human space travel is something we need to start figuring out and practicing.