The real security concern with VMs is duplication ... if you clone a bunch of VMs but they start with the same entropy pool, then generate an SSL cert after clone, the other SSL certs will be easily predicted.

Yeah, I encountered that the other day. Built a VM, took a snapshot, did some stuff, reverted, did the same stuff. I was testing a procedure doc I was writing. Part of the procedure was creating an SSL cert, and I got an identical one on both attempts. That seems a little fishy to me; I would expect the certs to be (by the standards of cryptography) very similar, not identical. With that said, I didn't actually generate the cert myself, I ran a script (which I didn't write) to do it. The script might be using the same random seed or something. Or it could be a characteristic of moznss.

Feeling good about your EC2 instances, eh?

No shit. It might be worthwhile to use your desktop or some other hardware you control to seed your VM's PRNG with higher-quality entropy. That way, you should at least be able to avoid collisions with other VMs on the same hardware.

That's a great idea, but the problem is that the cost of digital reproduction is near enough zero as makes no difference. If you publish an e-book, and I buy a copy for $5, why would anyone else buy a copy when they could get one for free from me? Some people would do it out of habit. Others would do it because they feel it's the honest thing to do. But most people would not. I've got to imagine that it would be really hard to make a living this way.

You'd probably have to switch to a Kickstarter-like model. The prospective author uploads a high-level summary of what he wants to write. People who want to read it donate a couple bucks. The author then writes something and releases it for free. This would probably work, at least in a sense, but it'd be hard to fund longer works this way. You'd get a lot of short stories, novellas, and serials. I've got nothing against those formats, but I do like to have some diversity.

Philosophically, we're both in total agreement. I really only have a problem with how it would work (or not) in practice. I think a more realistic solution would be to have copyright, just like we do now, but with a drastically reduced term. Like, one year by default, up to a maximum of five years if you apply for an extension each year. If you can't break even on your copyrighted work in less than five years, you're never going to. If people are willing to wait for your copyright to expire rather than buying now, your work isn't important enough to deserve protection.

Yeah, the summary reads like word salad. Hell, the woman's name reads like word salad.

In this context, "internal" means "within the NSA," and "external" means "outside the NSA, but still within the federal government."

When the hospital staph

Hilariously topical malapropism.

The herbicide in question -- Roundup, aka glyphosate -- kills plants that aren't genetically modified to be resistant to it. If you plant a bunch of non-GM corn and then spray the whole thing with Roundup, you will kill everything, including the corn. So yeah, I can't imagine any reason a farmer would be doing that either.

It is if you can sell the duck for enough money to buy 400 shells.

seriously, the bootloader on modern hardware doesn't need all that bullshit.

Yes, it does need "all that bullshit." Booting from anything except an on-board hard disk controller on a PC BIOS is a hackjob. It's just an absolutely horrible clusterfuck. The fact that it ever works at all is a testament to the hard work put in over the past 20+ years by all the bootable expansion card makers.

I'm not trying to be a dick, but your comment really makes me think that you've never used anything except a desktop PC. In the server world, you always boot from an expansion card -- note that onboard NICs count as expansion cards in this context, because the BIOS can't boot from them directly; it has to pass control to the NIC's BIOS, which handles PXE -- at least once in the server's life to kickstart it. And there are a good number of situations where you never boot from a local hard disk. That's not just PXE. It also includes iSCSI and FC HBAs, ROMs or flash devices, RAID controllers, and probably a raft of things that I've simply never encountered.

I think that OpenBoot would've been a better choice than UEFI, personally. But I don't think any knowledgeable person can dispute the need for something better than the 1980s-era PC BIOS.

Ultimately, I think the compromise that we will get is that you will be able to resell used games, and you, the distributor, and the publisher will all get a cut. It's unfair for the publisher to get anything -- it doesn't right now, with physical media-only resales -- but you know they will fight and fight to prevent resales at all. The only way they'll ever agree to it is if they get something in return. Unfair though it might be, I don't see any solution that doesn't result in them getting a piece of the action.

The great thing is that digitally-distributed games are fungible. There's no difference between my used copy and your used copy, or even between a used copy and a new one. This means that you can handle them exactly the same way we handle stocks, bonds, and commodities, all of which are fungible too. It makes pricing largely automatic. Pricing could actually be made completely automatic, although it would work better if you at least let sellers put in bids manually.

I'd love to see an email app that complies with IT demands for a PIN lock, encryption, and remote wipe capabilities without turning those features on for the entire phone. I don't want to enter a goddamn PIN code just so I can play Zookeeper Battle. I don't need to encrypt the pictures of my wife and kid I have on my phone. And I don't think IT really cares if my Plants vs. Zombies achievements get stolen by a hacker.

I mean, I still wouldn't buy a Blackberry device. But that strikes me as an actual business-related value-add they could offer. All the other stuff people are talking about here -- "connect to an Exchange server" and "view Excel spreadsheets" seem to be the most common -- can already be done by every other phone in existence. Those aren't awesome things your BB does. Those are basic, entry-level features that any modern smartphone must have.

It's probably obvious and I'm just being stupid, but I can't think what you could possibly break by setting all perms to 777.

Anything with the sticky, setuid, or setgid bits set.