Actually that's not true, since 3.0 at least the default style (from scaffolds for example) has been Post.find(params[:id]), many people don't use dynamic finders at all, as you can use where(...) and scopes instead.

Also, according to the advisory, the HMAC is required, that's really very unusual and important.

If you publish the key used to sign sessions, people could fake session cookies and log in as someone else for example so this vulnerability would be the least of your problems. It's a problem all by itself, and is not something that is possible to do without publishing your entire app source on GitHub for example and forgetting to hide the passwords/keys which should be kept private (e.g db passwords, hmac). You can't publish it by mistake by misconfiguring your web server for example, it would have to be a deliberate choice to publish the entire app source on another channel including secrets.

So for the majority of sites it seems this vuln (and others requiring the secret key) is a non-issue.

The newer style without dynamic finders would just be Model.find(2), or Model.where(:id => 2). The books you are looking at are a little out of date perhaps.

According to the article, this is not in fact a major security flaw, unless you have made your secret session key (HMAC) for the app public, and are using old style finder methods like find_by_id(2) etc. For a start the attacker has to know your HMAC - this is randomly generated when creating a rails app, and is not supposed to be publicly disclosed, though if your app is open source and you forgot to change it and left it in a public repo, it is possible someone could find it. The vast majority of rails apps this is not going to apply to, and there are obvious reasons you shouldn't make your session signing key public anyway.

So it looks like this is a bug which the majority of rails users won't have to worry about, but it's good that they fixed it.

Homeland security, the world's most massive and expensive military, drones creating terrorists in other lands, off the books and off the charts spending on spying (foreign and domestic). Cut all that (save the *defence* force the USA actually needs) and you could easily balance the budget.

This is what the OP was discussing, and it's not included (best check you're right before calling others morans on the internet):

http://store.apple.com/uk/product/MD820/lightning-to-micro-usb-adapter

The power adapter is a power adapter with a USB socket (which fits one end of the USB cable supplied), but that doesn't help you if you are someplace else without your special iphone charging cable and wish to plug in your iphone to charge, because the iphone itself will not accept a USB connection without an adapter (which is NOT included in the original package).

There's no technical reason they had to use a 'lightning' socket, it's simply a play to grab more cash from users upgrading peripherals, and from peripheral manufacturing license agreements. They could easily have used micro usb instead, or even better gone for wireless charging too. So they have ignored the spirit of EU agreement and pissed off a lot of their users by creating yet another locked down adapter. The sort of thing they could get off with when there were no competing devices, but now that Android is pretty much caught up, this sort of thing undermines confidence in Apple.

Fertiliser bombs should be available over the counter just like assault rifles. Bombs don't kill people, people kill people.

Why would a company charge itself money to use its own logo, except to evade tax?

A more apposite question would be how many people reading this have set up offshore shell companies solely for the purpose of avoiding tax, or have the resources to do so? Comparing a company like Google to an individual is absurd sophistry on the level of taxation.

The problem here is not whether companies should volunteer to pay more taxes, but the fact that global corporations have found ways to avoid the jurisdiction of any one country (or indeed, of any country at all), and are able to funnel their revenue through complicated structures in various countries which mean they pay virtually no taxes. This is similar to hollywood accounting, borderline fraudulent, and bears no relation to the tax affairs of most individual taxpayers.

That they would avoid all tax was not part of the bargain made with countries who let companies incorporate and set up business in their country, with all the protections and privileges that a limited company implies. This is a relatively recent phenomenon, and you can expect countries to find new ways of taxing companies if they insist on trying to evade corporation tax. For example countries could impose a tax on all transactions, a tax on all revenue (before profit/loss calculations), a tax on advertising, etc. This might not suit companies like Google, and they'd probably find it worse than corporation tax, but when companies like Google boast about avoiding paying any tax at all, that's what they should expect in response.

Tax is the price we pay for civilisation, and companies should not be able to escape paying their due to the country that hosts them.

That's right, it's worth more than one dollar though, around 1.3 USD. So really the fact that they're used elsewhere with no ill effects (the pound coin is another example) means its surprising that the US is so behind on this issue.

Nice try. I sincerely hope you don't have a lot of money or time invested in RIM and wish you the best of luck.

I was comparing digital cash (i.e. money held at a bank as figures in their computers), with Bitcoin - digital cash has none of the problems you note above. Are you seriously trying to compare paper cash with Bitcoin, if so why? The real comparison is between digital currency and BTC, as those are the equivalents, and Bitcoin is competing with digital cash, not paper cash. Unfortunately Bitcoin has thrown out the advantages of digital cash in a misguided (IMHO) attempt to emulate paper cash, and ended up with many of the same problems as paper cash, as opposed to cash in bank accounts which is easily traceable, not anonymous, protected by law, etc, etc.

Transactions are only traceable if the *other* person chooses to let them be, and chooses not to lie, that's not an acceptable level of security for me when dealing with any significant sums. Simply refusing to deal with anonymous buyers/sellers would work in some sort of crypto-anarchists paradise, in the real world I don't want to use a currency which even allows anonymous transactions - it'll end up with the same abuse and problems as say email, which relies on trusting the sender.

Re adoption of the currency, I made the separate point that it is not mandated by law as legal tender - this is an important point and is not the same as simply not having wide adoption.

I agree to some extent on this point - this isn't a damning criticism on its own, it does mean I wouldn't trust any of the BTC exchanges though, and leads me to distrust the entire industry which has grown up around BTC, which is mostly populated by amateurs and kooks. I remember the bitcoinia post on Hacker News, announcing his intention to set up an exchange on a cheap VM, and several people warning him he would be hacked without serious controls - amateurs setting up financial systems has very much the same consequences as non-cryptographers attempting cryptography.

Here's some more entries for your disadvantages column:

The disadvantages of Bitcoin:

    * It's anonymous and therefore it is hard to trust
    * Transactions are not traceable to real world identities and therefore it is hard to trust, and impossible to trace theft properly
    * Transactions and organisations are not regulated as banks are, and therefore it is hard to trust
    * It is not backed by the assets and credibility of a nation, and therefore it is hard to trust
    * It is impossible to insure properly against theft and loss, because there are not traceable transactions and anonymous transactions are allowed
    * It is subject to massive speculation, hoarding and other manipulation, and therefore the value fluctuates wildly
    * It's controlled by a cartel of core developers, and the rules could be changed at any time (in this sense it is a fiat currency!)
    * Savings are not guaranteed by law as they are in national currencies
    * Acceptance of the currency is not mandated by law, so it can be hard to spend, though it is not hard to convert (but this will lose some value)
    * Many of the organisations helping to store/exchange bitcoins are amateurs and have been subject to massive theft and fraud (Mt.Gox, bitfloor, Bitomat, MyBitcoin, Bitcoinia, Bitcoin Savings and Trust) - needless to say, the perpetrators of these thefts have not been caught or charged.

Re your advantages column, national currencies can also be transmitted globally within seconds, and are of course secured against theft and loss by guarantee.

Who enforces those contracts? Individuals can't, or the worth of a contract is simply directly proportional to the physical violence or other form of coercion that individual is willing to wield in order to enforce it. Society (i.e. social contracts between individuals or groups) requires the threat of violence and coercion in order to exist, as otherwise freeloading becomes the optimal strategy. Many individuals will not share power willingly, or allow personal freedom to others, you don't seem to account for those refusniks.

Actually no, the essence of this question (Is anarchy equal to chaos, or is it something else?) lies exactly at the nexus you have tried to sidestep - is 'political anarchy' viable, and if not, what defines the difference between anarchy and simple chaos? Without answering that question, and thus defining who holds the power, you can't really say what anarchism means, and whether it is worth considering as a political philosophy.

PS I love your term political anarchy, with it's implication that we can achieve political anarchy, as you narrowly define it, without all other kinds of anarchy following in its wake. Your political anarchy seems to depend on entirely rational humans acting in their own long-term self-interest.

You realise that the chart you linked to *removes the top 5% of sales* (where the majority of the money is) in order to distort the statistics? It's meaningless puffery, and I'm afraid the BB platform has changed far too late to attract any developers.