Yes, we face that problem all the time with identical twins - deciding what rights they have is a political nightmare! The fact that clones are not just identical twins, but time-shifted identical twins makes the problem more complex than the human mind could unravel.

100 times as much water as is found on the surface? Wow - that's almost a gallon!

Yeah, that was my first thought: They're going to kill babies to help gays? This should be fun to watch!

But no mention was made of using the money to pay artists or record labels or whatever - the summary at least says they want to avoid becoming the next greece, so it sounds like just another tax to help fund various govt operations. In that case I can't see that it changes the copyright/liability situation at all.

However, at 103 euro for a 2TB drive, that's pretty close to a 100% tax, and Moore's law says the tax rate will double every 18 months. Yikes! (yes, I know Moore's law applies to transistors, not spinning rust, but the effect is similar)

I don't so much care how "thick" your data access layer is - a thousand layers of code or just a rule - the important thing is that at the bottom you MUST use bound parameters instead of doubling all your quotes and wrapping it in quotes.

Poor choice of words, perhaps - what it really boils down to is, don't let your users write your source code. Seems pretty obvious when you say it that way, but so many things like SQL injection attacks, XSS browser problems, etc, all come down to taking a string of user input and putting it into an environment where it gets evaluated as executable code. People see that it's happening (usually the first time Mr. O'Brien registers), and they try to patch it, but they usually fail one way or another.

For example, go back a few weeks and find the slashdot article about the voting machine being hacked (legally, during a public eval period) by some researchers. It turned out to be the wrong kind of quotes used in a shell script, which meant that a carefully crafted input ended up being executed as code. Watch over the next few weeks/months as various as-yet-unknown exploits are discussed in academic or real-world settings, and 99% of the time it ends up that user input is being executed in some way. And more often than not, there was some sort of attempt at "sanitizing" the input, which failed to account for something.

Yes, there could always be a bug in an underlying library. If the bug is in a subroutine that supposedly sanitizes your data, you're screwed (and note that there's a decent chance you won't know about the bug until someone else uses it on you). If the bug is in the SQL binding code, and the 8 bytes that's supposed to represent am IEEE floating point number happens to end up containing 'or1=1-- , then it probably doesn't matter, because no part of an SQL driver is likely to be expecting to execute the binary data of a bound parameter. And if there is someone a problem where the data packets DO try to get evaluated, you're far more likely to find it before the system hits production, because the vast majority of such attempted evaluations will fail miserably due to syntactical errors or whatever.

I only know of ONE environment where you really have no choice but to "escape" a bunch of strings, glue them together, and hope for the best: HTML. There's no equivalent of a bound parameter. And this fundamental flaw is why web pages designed by careless people (realistically, that's most of them) will always be easily exploitable, and web pages designed by careful people will also be exploitable, just not as easily and somewhat less often.

Mark my words: ten years from now, if people are still using HTML, there will still be major new types of attacks being discovered and utilized every other month or so. It's inherent in the architecture, and every new feature (javascript, CSS, etc) just introduces new escaping rules for people to fuck up..

Why oh why do people still make and use systems/apps/tools/interfaces/etc that use in-band signaling and thus require that their inputs be "sanitized"? Can't everyone see that sanitizing inputs is a fool's errand? You'll ALWAYS miss something, or the next version will have a feature you forgot to screen for, or something. In-band signaling is BAD BAD BAD and any system that uses it is doomed to an endless series of X-injection attacks.

For example (and yes, I realize this has nothing to do with SQL, it's just an example) don't even try to sanitize your SQL inputs; use bound parameters instead - not only is it guaranteed 100% safe, it's easier and faster too! As much as I love XKCD, little Bobby Tables really screwed the pooch on that one.

Remember, folks: when it comes to any sort of in-band signaling: JUST SAY NO. If you think you need to sanitize your inputs, you're doing something completely wrong. Stop and figure out what it is, and figure out how to do it right; don't just throw in some half-assed regex or character translation/stripping or whatever and hope that no one is cleverer than you are.

Did you READ TFA? He's not talking about lifting the ban on talking on the phone - he's talking about lifting the ban on having gizmos powered on during the takeoff and landing. If you can tolerate someone next to you reading a kindle or playing angry birds for 10 hours, you can tolerate it for another 30 minutes.

His real point is that he's too weak to turn his gizmos off when he wants some down time, so he wants to make sure no one else can use theirs either.

Actually, I wonder - if that's the only time he can get away from his gizmos, does he book pointless flights back and forth across the country, with as many stops as possible, just to get some quiet time?

This doesn't help much for those of us with crappy internet - I've only got about 300K (bits) upload speed, and at that speed backing up 1TB would take around a year.

FWIW, my strategy is to keep truly important stuff on a raid enclosure (and backup to other disks periodically), and to just live with the fact that there's really nothing irreplaceable about the rest.

It depends on which direction you're counting from: from the top down, electrons are on the same level as protons and neutrons ("constituents of atoms") - but from the bottom up, electrons and quarks are on the same level (level 0 = fundamental [as far as we know] particles ), but protons and neutrons are a level above electrons (level 1 = stuff built directly from fundamental particles)

Yes, thousands of nefarious henchmen are implausible... but more mundane threats exist, too. Imagine an abusive husband telling his wife (and/or kids) who to vote for... Right now they can agree with him (to save their skins) and then go into the voting booth and do whatever the hell they want to do. But with him looking over their shoulders, that option disappears. Multiply this by the number of overbearing spouses out there, and it could become significant.

Actually you've got a problem no matter how much you spend or how secure it actually is: even if no shenanigans have taken place - even if none COULD take place, due to some amazing design - the losers will claim that the system was rigged against them. They've always done that, of course, but have generally gotten limited traction because undetectable large-scale fraud with paper ballots is implausible. The difference is that with a fully-computerized system, fraud will seem plausible to the average person. No amount of gibberish spewed by so-called "expert cryptographers" will convince the public that fraud didn't take place. Without any brakes on the conspiracy theories, huge sections of the population will convince themselves that the gov't is a fraud (remember, it doesn't matter whether fraud actually took place or not) and that could be very bad for society.

I'll stick with paper ballots.

P.S. To prove my point about how people want to deny the results of elections, I guarantee I'll get lots of responses detailing how past elections have already been stolen. I'm not saying they have or haven't - and it's completely irrelevant to my point - but I'll get lots of responses anyway. Now imagine if there were no effective way for the average person to estimate the likelihood of these claims being true - just 49% of the country believing it was all a scam, and 51% telling the 49% to shut the hell up and quit being sore losers.

I'm sorry to hear that - but surely you don't think this was caused by melanin?

Look, I'm not saying there aren't plenty of bad people - of every race. Maybe there's a higher percentage in some races than others (though separating that effect from environment and income might be a statistical challenge), but even if there were it wouldn't justify PRE-JUDGING people based on a superficial characteristic.

I never said all whites are bad - I'm white, and I'm not bad!. Hell, I lean a little to the (US) right, so you might expect me to be sympathetic to your position - but I'm not. I think you have to treat people as individuals. Is that so hard?

This can't make sense in the long run - a car driving around takes up more space than a parked car, and roads cost more to build/maintain than parking lots. So even ignoring the cost of gas, you're using more of a more expensive resource. The only thing that makes it seem like a good idea is the fact that roads are "free" whereas parking often costs money.

Read up on the tragedy of the commons.

Then why do you undermine your argument by using words like "niggers"? It doesn't make your argument any stronger; it just makes you look like a moron. Since you're too stupid to see that, people are going to assume you're also too stupid to analyze the actual pros/cons of the situation.

No, questioning the security of the site isn't racism.

But calling people "niggers" is.