The fundamental source of the problem is that developers are lazy.
It's far easier to start with something that already does 98% of what you need (like Linux), and add the last 2%.
Harder is to build up 100% of your application from scratch, using simple, relatively bulletproof things like state machines and (at worst) simple RTOSes.
But most of the current generation of programmers wouldn't know where to start if not handed a full-blown OS with TCP/IP, CLI, a filesystem, USB, WiFi, graphics, multitasking, etc. already running.
There's simply NO WAY to build a secure device that way - every unused and unneeded "feature" hosts a swarm of security holes.
If you want a secure device, you've got to design it bottom-up from the hardware, adding only what you need, not top-down by stripping away functionality from a general-purpose OS.
Nothing wrong with using skin color as a search qualifier
...if you're searching for a specific suspect.
If you have a report that the suspect in question is 7'2" tall, with blue hair, purple eyes, and green skin, then that's what you look for. That's not racial profiling.
If you start hassling random green-skinned people for no reason, that's racial profiling.
I'm an experienced engineer, who once was on the patent committee of a large tech company (deciding which "inventions" to submit patent applications on).
I watched the "inventions" that were submitted internally, and which of those eventually had patents issued. And kept an eye on issued patents in my field.
Of those patents approved by the PTO, only about 90 to 95% are "non-obvious" to an experienced engineer in the field.
A US government agent fires at (and kills) a person in a neighboring country.
Isn't that a traditional "act of war"? A "casus belli"?
Isn't there a law saying that US citizens aren't supposed to do that without proper authorization from the political authorities (like, a Congressional declaration of war)?
I meant random days (my next-to-last paragraph). But your point about timing is valid.
Maybe random passengers is better.
The issue about racial profiling and "hotties" is easily addressed - make it RANDOM, not "at the whim of the officers".
A computer uses random numbers to pick passengers to be screened. Nobody gets "randomly" screened without a printed receipt showing the computer did the picking.
We mustn't go all crazy and emotional about this stuff. That is -literally- how the terrorists win.
We have to do cost-benefit cacluations, and invest where we expect to save the most lives, and cause terrorists the most trouble (and innocents the least).
That means we can't do everything, everywhere.
That said, I don't think dropping all screenings at some airports is the best plan. Better would be to randomly screen everywhere (big airports and small), with most of the effort going to big airports with big airplanes.
Small airports could be screened on random days once in two weeks.
With random screening, terrorists still have to worry that their agents will get caught (thus leading to a roll-up of their organization).
(a) A little bit, but not much. (People who are irresponsible with credit are probably more likely to be irresponsible with driving too. But I don't expect a very strong correlation.)
(b) Yes, of course. (Tho I object to the word "forced". Nobody is "forced" to take a loan. But surely payment history goes to the riskiness of the loan, and I do expect lenders to take that into account in their offers.)
(c) Yes, obviously. This directly predicts expected medical expenses.
Sure, cops lie. Teachers lie, too. And engineers, artists, pilots, nurses, and auto mechanics.
People lie, and cops are people.
But not all people. Just a minority.
It's just as unfair, and unreasonable, to paint all cops with a broad brush as it is to paint any other group.
We need cops. There are genuinely bad people in the world who commit real (not victimless) crimes. Somebody has to discourage that, and stop them forcefully when necessary and possible.
That's the cops job. It's a real and necessary job. And it's a tough one - they deal with hard cases and bad people all day, instead of once in a great while like the rest of us.
Cops are supposed to enforce the laws passed by the legislature. Some of those laws are stupid, unfair, or target innocent and harmless behavior (the drug war, for example). But it's not a cop's job to second-guess the legislature. We have elections and courts for that.
None of this works perfectly, or even close. But it's the best we know how to do so far.
Do I feel comfortable when cops enter a restaurant where I'm eating? No. Because there are too many laws, too vaguely defined and enforced, and that gives the cops too much power to hassle (or destroy the lives of) innocent people.
I feel far more comfortable (contra ShadowNinja) when I see a civilian enter with a gun on a belt - that guy can't arrest me, yet can shoot a killer in an emergency.
But we need cops all the same. They fill a critical role in society, and it's wrong to attack them as a group.
By all means, attack bad cops when they misbehave. Attack bad laws, and demand they be changed. Attack broken and corrupt systems that support bad cops.
But praise good cops when they keep their head, keep the peace, and respect peaceful citizens.
And give cops they respect they're due - just like plumbers and bus drivers and doctors - for filling a necessary role in society.
On the post: California Eyes Questionable Legislation In Bid To Fix The Internet Of Broken Things
Linux and lazy developers are the problem
It's far easier to start with something that already does 98% of what you need (like Linux), and add the last 2%.
Harder is to build up 100% of your application from scratch, using simple, relatively bulletproof things like state machines and (at worst) simple RTOSes.
But most of the current generation of programmers wouldn't know where to start if not handed a full-blown OS with TCP/IP, CLI, a filesystem, USB, WiFi, graphics, multitasking, etc. already running.
There's simply NO WAY to build a secure device that way - every unused and unneeded "feature" hosts a swarm of security holes.
If you want a secure device, you've got to design it bottom-up from the hardware, adding only what you need, not top-down by stripping away functionality from a general-purpose OS.
(Kindly remove yourself from my lawn.)
On the post: Documents Show IBM Pitched The NYPD Facial Recognition Software With Built-In Racial Profiling Options
Nothing wrong with using skin color as a search qualifier
...if you're searching for a specific suspect.
If you have a report that the suspect in question is 7'2" tall, with blue hair, purple eyes, and green skin, then that's what you look for. That's not racial profiling.
If you start hassling random green-skinned people for no reason, that's racial profiling.
On the post: German Court Tells Facebook It Can't Delete Comments, Even Though German Law Says It Must Delete Comments
Re:You’re a mysinogist, racist asshole
On the post: Supreme Court Asked To Correct Appeals Court (Again) And Explain That Patentable Ideas Need To Be New
Re: Re: Obvious
5 to 10% are non-obvious.
On the post: Supreme Court Asked To Correct Appeals Court (Again) And Explain That Patentable Ideas Need To Be New
Re: Obvious
I'm an experienced engineer, who once was on the patent committee of a large tech company (deciding which "inventions" to submit patent applications on).
I watched the "inventions" that were submitted internally, and which of those eventually had patents issued. And kept an eye on issued patents in my field.
Of those patents approved by the PTO, only about 90 to 95% are "non-obvious" to an experienced engineer in the field.
On the post: A Senator Says U.S. Broadband Maps 'Stink.' Here's Why Nobody Wants To Fix Them.
This should be easy to crowdsource
Instead of asking the ISPs to tell the FCC where there's broadband (they have every incentive to lie), ask the users.
Setup a website where people can indicate their geographical location (click on the map) and report what service is available there, at what price.
Manually filter the outlier data points for sanity.
In a few weeks you'll have an accurate map, at almost no cost.
On the post: NJ Courts Impose Ridiculous Password Policy 'To Comply With NIST' That Does Exactly What NIST Says Not To Do
Oh my
Two things.
1) Those are very nearly the worst possible rules for secure passwords. See https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124 118
2) Of course: https://xkcd.com/936/
On the post: Ajit Pai Does Something Right, Will Reform Stupid Utility Pole Rules To Speed Up Fiber Deployment
Re: Have you ever tried to put yourself into the place of an inv
We all face moral choices every day. I don't rape, or rob, or kill other people. (Laws or no.)
Why do you think when I'm an investor suddenly I become immoral?
You say "Imagine it was your money, which would you do?", and then you answer for me.
But I'd act morally just as I always do (with the same rate of error and imperfection that I always have).
Why do you assume otherwise? Is that what YOU would do?
On the post: Appeals Court: No Immunity For Border Patrol Agent's Murder Of 16-Year-Old Mexican Citizen
Isn't that an act of war
Isn't that a traditional "act of war"? A "casus belli"?
Isn't there a law saying that US citizens aren't supposed to do that without proper authorization from the political authorities (like, a Congressional declaration of war)?
On the post: School Board Demands Journalists Be Punished For Reporting On The School Board's Redaction Failure
Re: First God made idiots. That was for practice.
On the post: Report Highlights How U.S. Telcos Abandoned Rural American Broadband
Re: Re: Re: Re: That solution is a non-starter.
There are none so blind as those who will not see.
On the post: Surprisingly Rational TSA Plan To Drop Screening At Small Airports Has Almost Zero Chance Of Getting Off The Ground
Re: Re: Cost-benefit calculations
Maybe random passengers is better.
The issue about racial profiling and "hotties" is easily addressed - make it RANDOM, not "at the whim of the officers".
A computer uses random numbers to pick passengers to be screened. Nobody gets "randomly" screened without a printed receipt showing the computer did the picking.
On the post: Surprisingly Rational TSA Plan To Drop Screening At Small Airports Has Almost Zero Chance Of Getting Off The Ground
Cost-benefit calculations
We have to do cost-benefit cacluations, and invest where we expect to save the most lives, and cause terrorists the most trouble (and innocents the least).
That means we can't do everything, everywhere.
That said, I don't think dropping all screenings at some airports is the best plan. Better would be to randomly screen everywhere (big airports and small), with most of the effort going to big airports with big airplanes.
Small airports could be screened on random days once in two weeks.
With random screening, terrorists still have to worry that their agents will get caught (thus leading to a roll-up of their organization).
On the post: Report Highlights How U.S. Telcos Abandoned Rural American Broadband
Re: Re: That solution is a non-starter.
It's difficult for the best of us to avoid partisan bias. The Ds are just as bad as the Rs, just in different ways.
On the post: Report Highlights How U.S. Telcos Abandoned Rural American Broadband
Re: That solution is a non-starter.
This won't get solved until a fundamentally new way of delivering broadband becomes real.
I hoping for some combination of Google Loon/WiMax from autonomous drones/massive LEO satellite constellation (Starlink).
But it'll be another 3 years, minimum.
On the post: Court Awards $12,500 For 'Emotional Harm' From Bogus Copyright Lawsuit
"the interests of justice"
Judge Roy B. Dalton, Jr., thank you for caring about justice.
And for telling it like it is. ("sockdolager of default" and "from the get-go" aren't bad either)
On the post: Irish Lawmakers Realizing The GDPR's Consent Requirements Seem A Bit Onerous, Want To 'Infer' Consent
Re: Re: Opt out of sharing?
(b) Yes, of course. (Tho I object to the word "forced". Nobody is "forced" to take a loan. But surely payment history goes to the riskiness of the loan, and I do expect lenders to take that into account in their offers.)
(c) Yes, obviously. This directly predicts expected medical expenses.
On the post: Cop Costs Taxpayers $60,000 And One (1) Drug Bust After Lying About Almost Everything Related To The Traffic Stop
Re: But bad cops don't make drugs good -- as Techdirt wishes.
Cops need to be held to a higher standard than ordinary citizens, because of the special powers they're granted.
I agree that Tim's whole "cops lie" thing overdoes it sometimes - some cops lie, I have no reason to thing *most* cops lie.
But bad cops and bad policing NEED to be exposed and punished. And good cops need to be praised.
(And, BTW, drugs are neither good nor bad - they're just chemicals and have no moral qualities. Only people and their actions can be good or bad.)
On the post: Irish Lawmakers Realizing The GDPR's Consent Requirements Seem A Bit Onerous, Want To 'Infer' Consent
Opt out of sharing?
But obviously many disagree.
For me, whether sharing is OK depends on the data. Lots of things I'm fine with being shared, as I consider them more-or-less public info.
Other things, not.
It should be up to me - and each citizen - which data falls in which category.
So - how about a checkbox?:
[x] OK to share this data for (some reasonably limited set of related purposes)
[ ] Not OK to share this data for any other purpose
On the post: If You Value The Reputation Of Your Restaurant, Maybe You Should Stop Serving Cops
You've lost it
Tim, you've lost it here.
Sure, cops lie. Teachers lie, too. And engineers, artists, pilots, nurses, and auto mechanics.
People lie, and cops are people.
But not all people. Just a minority.
It's just as unfair, and unreasonable, to paint all cops with a broad brush as it is to paint any other group.
We need cops. There are genuinely bad people in the world who commit real (not victimless) crimes. Somebody has to discourage that, and stop them forcefully when necessary and possible.
That's the cops job. It's a real and necessary job. And it's a tough one - they deal with hard cases and bad people all day, instead of once in a great while like the rest of us.
Cops are supposed to enforce the laws passed by the legislature. Some of those laws are stupid, unfair, or target innocent and harmless behavior (the drug war, for example). But it's not a cop's job to second-guess the legislature. We have elections and courts for that.
None of this works perfectly, or even close. But it's the best we know how to do so far.
Do I feel comfortable when cops enter a restaurant where I'm eating? No. Because there are too many laws, too vaguely defined and enforced, and that gives the cops too much power to hassle (or destroy the lives of) innocent people.
I feel far more comfortable (contra ShadowNinja) when I see a civilian enter with a gun on a belt - that guy can't arrest me, yet can shoot a killer in an emergency.
But we need cops all the same. They fill a critical role in society, and it's wrong to attack them as a group.
By all means, attack bad cops when they misbehave. Attack bad laws, and demand they be changed. Attack broken and corrupt systems that support bad cops.
But praise good cops when they keep their head, keep the peace, and respect peaceful citizens.
And give cops they respect they're due - just like plumbers and bus drivers and doctors - for filling a necessary role in society.
Next >>