On the contrary. I'm a Facebook user and a privacy advocate. I also have many friends (some of whom are privacy researchers) who feel the same. I know quite well the value of privacy, and I do not give it up lightly. Instead, I view the sacrifice of a small amount of privacy (which I control by limiting the amount of data that I publish) to be the price that I am paying for using the service. I have friends all over the world, and Facebook provides the common platform that we use to keep in touch. Thus, it's not as simple as saying that I don't value privacy. Rather, I have found that the cost-benefit analysis Facebook offers is quite nice for my purposes.

Citation please. If this is true, then why are things like art and porn protected on grounds of free speech? There is plenty of free speech that has nothing to do with beliefs, opinions, or facts. I believe what you mean is that any speech that doesn't violate the Harm principle is protected speech.

Depending on the country, though, there actually are plenty of reasons to curb free speech and expression. Countries like China, North Korea, and Iran do it to keep their governments in power. I'm not saying they're good reasons, but they're reasons nonetheless.

As for corporate personhood, it's actually kind of funny if you look at the history. The court didn't actually decide that corporations were people. Instead, the court reporter inserted a remark into the record that has since been interpreted to grant corporate personhood. So it's been used as precedent, even though that is not what the case actually decided.

See my response above. Assuming that they will actually learn the lesson here requires a big leap of faith (and naivete and a lack of experience studying how well "user education" solves security problems).

Again, making students feel bad is not an effective teaching technique. It may work on some, but it will completely backfire on others and you've completely lost them for good. And you don't really have to worry about the lawyers as much as the parents. Yes, the parents. Even in college.

Actually, it's not as wide as you think. The researchers did not collect any of the personal data. They simply provided a message that this could have been a scam. So the "payload" there was also harmless. The outrage wasn't about any stolen data. The outrage was completely about the deception. Even after the administration placated fears that the students had about identity theft, the uproar continued. Also, the class isn't focused on malicious software. That's just the topic of this lesson. The class is a 101 introduction to computing. If this were a more advanced class...maybe...given the circumstances. But this is absolutely not the right audience for this kind of lesson.

As for the harmless payload, how does the student know that? All the student sees is that they clicked on something and the teacher infected their computer. Sure, during the lesson, you point out how to delete the file. But how does the student know that was the only file you installed? You could have embedded a keylogging rootkit within that virus for all they know. By falling for your trick, they lose a little bit of trust in you. As a result, some of them (especially those who are not doing well and think it's because you "have it out for them") will remain suspicious and think that you've planted something nefarious on their computer. Without that trust, you can't convince them otherwise.

As for the lesson being "fully understood [...] at the end of the class," that's just wishful thinking. After all these years, everyone now knows not to click on email attachments, right? Apparently not. I remember reading some commentary once (I think it was Adam Shostack) that pointed out that user education doesn't work. Many, many people who have undergone security training get phished, install viruses, etc. Why is phishing still a problem? Because it works. Social engineering is effective. All you have to do is surround that link with some text about getting rich fast, seeing celebrity X naked, losing 50 pounds in a week, etc., and you will get some hits. Even from people who have been trained to know better.

Most likely, some of these students will (in the short term) not click on anything they get via email, even if it's legitimate. After a while, though, the lesson will fade, they'll become complacent, start clicking on things...and we're back at square one. Many of the students will still click on attachments, thinking they're safe. After all, this attachment isn't called "CS101-Example.exe" so it must be safe, right? "What do you mean I got a virus? All I did was open this .doc file. It wasn't a .exe!"

I don't know what your profession is, but I'm willing to bet it's not teaching. Or at least I hope not. Yes, the "burned hand" technique can be very effective, provided that the student "understand[s] how and why you were burned." But you're automatically assuming that every student will understand what happened. See above, regarding user education. You're also assuming that every student that clicked on that virus will actually attend the lecture where you teach them what happened.

The bigger problem with the "burned hand" is that it also undermines the relationship of trust between the instructor and students. Yes, most of the students will learn the lesson (temporarily anyways). The problem is that not all students will feel that way. It turns out that people don't like being made fools of, even if it is part of learning a lesson. And some students will react harshly. Very harshly. I'm not saying the teacher would get fired. But there will almost certainly be a student that will shut down as a result of this lesson. You've completely undermined their confidence because they feel stupid.

The benefit of this lesson is marginal at best, yet the cost is almost certainly that you would cause irreparable damage in the confidence and/or trust of some of the students. Any "real teacher" will tell you that the benefit in this case comes nowhere near outweighing the cost.

Did I say anything about protecting them from the real world? In the class room, you can talk all you want about how evil and vicious the world is. You can run through some illustrations. Have at it. But deception, even though it can be effective, is not a good teaching technique.

Thanks for the laugh. Yes, Millenials are notorious for self esteem issues, and many of them have very fragile egos. They may not necessarily run to the Dean's office, but, yes, something as simple as accidentally falling for installing a harmless "virus" will have a devastating effect on some. And you never know. Some of them may tell their parents who happen to be wealthy and influential donors of the university. I can't find the story now, but recently, a judge (I think? maybe an AG?) got reprimanded because he used official letterhead to threaten his son's professor because the professor said he had high standards for performance in the class.

Market share, yes. Vulnerabilities in Windows code...eh, not so much any more. It may not be the most popular thing to say around these parts, but MS has made great strides in adopting and pushing secure coding techniques. These days, the most culpable are third-party developers, especially device drivers. Sure, you can argue that Windows' access control policies allow it, but that's not what you said above. But I'm just being nitpicky.

Are you insane?!? Absolutely DO NOT DO THIS!!

I remember a few years ago when researchers at Indiana University conducted a study on phishing. Basically, they set up a web site and lured students to enter their credentials. The s*** storm that erupted was immediate and furious. The only thing that saved these researchers' jobs was that they had worked very closely with the school's Institutional Review Board (IRB) to make sure that they were adequately ensuring (among other things) respect for persons. Deception is inherently disrespectful, even if it is done with good intentions.

What may seem like a "harmless infection" to you demeans the students, because you're encouraging the instructor to abuse the trust that their students have placed in him. In short, what you are proposing causes harm to the teaching profession.

Well, yeah, it'd be exactly the same if every physician refused to give you chemotherapy, even if you offer to pay out of pocket. Fortunately, the medical profession is regulated and they have to follow the Hyppocratic Oath.

Exactly! Clearly, the state of Tennessee has laws forbidding anyone from offering a private fire service. Oh wait...they haven't.

Look, privatized fire departments don't work. They don't make economic sense. To understand why, look into decision theory, specifically areas like Dempster-Shafer theory. When the level of uncertainty rises, people become significantly more risk averse. Consider the following games:

• Game 1: Flip a fair coin, and pick heads or tails. If you're right, you win $100. If you're wrong, you lose $100.
• Game 2: Flip a biased coin, and pick heads or tails. By biased, it either comes up heads 9999 times out of 10,000, or it comes up tails 9999 times out of 10,000. But you don't know the bias. If you're right, you win $100, and if you're wrong, you lose $100.

Now here's the catch: You have to play the games 10,000 times, and you have to always pick the same way. So once you choose "heads," you're always choosing heads.

Which game do you choose? Clearly, game 1. Since you know the coin is fair, you'll be right about half the time and wrong about half the time. So you'll break even. Now look at game 2. If you guess correctly, you'll win 9999 times and lose once. That means you would win $999,900. If you guess wrong, you'll lose $999,900. But look...the expected value is still $0! So, according to basic probability theory, there's no rational reason to pick game 1 over game 2. But when you start considering factors such as the uncertainty about the probabilities, changes in the possible payoffs, etc., things become more complicated, and most people become risk averse.

Now, let's return to the privatized fire department world. Does your neighbor subscribe to a fire service? More uncertainty. Is your service really the best you can get? Perhaps your service's company policy is to only attempt to fight the fire after 99% of the house is burned down. (Sure, you could read their policy, if disclosure was required by evil government regulators. And clearly no company (cell phones *cough cough* credit cards *cough*) has ever used intentionally complicated policies to mislead their customers.) More uncertainty. Competing fire services have a vested interest in your service doing poorly (i.e., more business for them later on). Are those competing services doing unethical things that could interfere with your fire service? More uncertainty.

There is considerably more uncertainty in privatized services like this than in public systems. As a result, subscribers would be significantly more risk averse...which means the market would establish a significantly higher equilibrium point, based on higher demand. Such privatized services will impose a larger total cost on everyone. Also, since the vast majority would subscribe in the privatized version (because they're risk averse), that means that the average cost per person would also probably be higher in a private system. The only way the average privatized cost would be lower is if the overwhelming majority of fires happened to non-subscribers (meaning they would pay most of the costs).

At the end of the day, free market zealots that argue for the privatization of everything don't understand economics, don't understand human nature, or are simply being irrationally dogmatic. Or some combination thereof.

And just to prevent any ad hominem rebuttals that I'm an evil, commie, Marxist, socialist, fascist... I'm not arguing against all private enterprise. I am simply pointing out that, in some areas, yes, a government-run solution can be less costly than a private solution, and just as efficient.

First correction: He did not offer to pay $75. He offered to pay whatever the cost to put out the fire.

You are exactly right. So clearly, just billing the $75 is not adequate. So, like you said, treat it as insurance. Consider the parallels to the medical world (at least the idealized version of it). If you have health insurance and go to the emergency room, you pay $X, which is significantly less than the actual cost of service. If you don't have insurance, you have to pay for the actual services used. So do the same thing in this situation. The invoice could be:

• 8 firefighters, billed at $200/hour for the duration. If it takes 3 hours of work, that's $4800.
• $5000 for use of the truck.
• $1000 for the water.
• $500 for the call to dispatch.
• Grand total: $11,300

Again, that's what the guy offered to pay...not just the $75. Basically, it comes out to skipping the $75 payment for 150 years. To me, that's plenty of incentive to pay $75 a year for guaranteed service.

Interesting follow-on to this story: One of Cranick's relatives later went to the fire station and punched the chief that ordered the firefighters not to put out the fire (even though they were on the scene). He's now been charged with assault, but I know a lot of people who want to contribute to the guy's legal defense fund.

YES!

Statements like this completely ignore the power of symbolism. If I were to urinate on a crucifix in public, does that mean upset Christians would be overreacting? I mean, come on, it's just a couple of sticks with a statue on it, right? What about if somebody were to put a big cross on an African American's lawn and set it on fire? Clearly, they'd only be upset because you trespassed, right? Burning a Qur'an is much more than just burning a book. (I would say the same thing if the moron was burning a Bible, the Gita, or any other holy text.) It is burning a religious symbol and showing utter contempt and disrespect for others' beliefs. The fact that the text is considered sacred by that religion's followers does make the act different than burning, say, Animal Farm.

And, yes, a public burning of the Qur'an in the current environment is drastically more of a problem than burning any other religious text. The reason is that there are many, many Muslims who feel that the U.S. and its allies are trying to wipe out Islam, not just terrorists. Acts like this offer yet more evidence to them, making them more likely to take up arms against our troops. GWBush may have been overly simplistic in his world view, but he was at least intelligent enough to understand the importance of this point.

Burning that particular book may not seem to affect you, leading to your indifference. However, burning the Qur'an will actually cost you money, because it makes our involvement in the Middle East more complicated, leading to a longer war there. Or, the extremists may choose to take their frustrations out by bringing the conflict here, like they did on 9/11. You need to accept that the reality of the world requires that we can't just piss everybody off without repercussions.

Heh heh heh. Yuh tawk lahk uh fag.

...if only it were that simple. I'm a year away from finishing my Ph.D. at a major research university. My motivation has always been to teach at the college level. I just do not find high school material interesting. Give me some undergrad-level cryptography, OS, theory of computing...that's fun material. Sadly, here's what I've learned from my years in grad school:

Great research + mediocre teaching = tenure
Mediocre research + great teaching = fired

(Technically, you're not fired...just denied tenure. However, when you're hired, you're given a 7-year contract that is only extended by tenure. Otherwise, when your 7 years is up, so is your job.)

At a university, research is everything. The rule of thumb that I've been told is that the time spent preparing to teach should be the same as the time spent actually teaching. So if you teach a 3-credit hour class (2 days a week, 75 minutes each class), that means you should spend 2.5 hours per week preparing your lecture. Anything more than that, and you're taking away from your research.

The reason for so much emphasis on research is money. At a research university, you are expected to bring in money in the form of research grants. How do you get a grant? By demonstrating that you have a history of successful research (i.e., a large number of publications). So it's not only tenured professors that are obsessed with publishing, it's the entire faculty. And it's because that is the single biggest factor in keeping your job.

The emphasis on bringing in external grant funding is getting even stronger, because the amount of money that universities are receiving from the state and federal governments has been plummeting in recent years (20-30). Part of that is the "fiscal conservatives" obsession with tax cuts, rather than having an actual balanced budget. By cutting taxes and government revenues, you are cutting university operating costs. At the same time, there has been a philosophical shift in the populace. Years ago, people were more likely to support public funding for schools, because the perception was that college students would ultimately go on to benefit society. So society helped the students out by contributing to the cost of education. Now, the perception is that people go to college are doing so for the selfish benefit of a better job. As a result, people feel less inclined to help pay for others' education. I'm not passing judgment on these views, just stating them as reasons that the budget has shifted.

The decreased government support also means that universities have to pass more of the cost on to students. That's why tuition has been rising at double the cost of inflation. To make matters worse, states like CA kept their tuition artificially low for years. That's why there was a huge increase last year (something like 30%, if I remember correctly).

Given all of these money issues, you can now see why there are so many crappy teachers at research universities. In an ideal world, these universities would hire a teaching faculty and a research faculty. But that's just not feasible financially. If hiring committees have to pick, they'll always favor the candidate with the stronger research background.

...which is why I continue to visit Slashdot.

Yeah, that sentence struck a nerve with me, too.

These types of studies and discussions seem (to me) to be based on a completely flawed premise, which is that religion is such an important topic that everyone must talk about it. Why are there no studies examining why scientists don't talk openly about art, music, architecture, politics, pro sports, etc.? What makes religion so important that my unwillingness to discuss it openly is perceived as a character flaw?

It seems to me that those outside the scientific community have no understanding of the culture of scientists. We care about facts, not opinions. We are trained to make assertions only when we can do so with appropriate authority and evidence. You can't make a living as a scientist by making bold statements without empirical results to support your claims. As a result of this training, most scientists shut up when the discussion moves away from their areas of expertise. If I am sitting with a group of biologists, I won't make any claims regarding the veracity of evolution. I'll let the others talk and learn from what they say. My opinion is irrelevant.

The problem with this culture is that it assumes mutual respect and good faith. People who are motivated by religion do not share our restraint. That is, they do not experience discomfort when speaking without being able to cite the relevant study or journal paper. They are more willing to assert an opinion, and feel that it should be respected irrespective of others' opinions. That's why you have historians and philosophers (I'm looking at you, Discovery Institute) expressing pseudo-scientific opinions that they want treated with the same respect granted to peer-reviewed work. They simply do not agree with the perspective that the methods of how you came to your opinion are more important than the opinion itself.

So I don't think scientists need to talk more about religion. We just need to do a better job of explaining why we don't talk about it.

[Obligatory disclaimer: Coming from a science background, I feel the need to state that the preceding statements are my opinions based on observations. I did not set up a proper experiment and had not control group. Hence, these statements should not be construed as fact.]