If a woman blogged unkind and sexist behavior at a tech company, but
hid her name to avoid the backlash (like Michael), that would be
unethical. I guess she'd be an "asshat", right? Same thing for a
journalist using an anonymous source?
Did you just compare a woman blogging about a legitimate grievance that makes her work environment intolerable to someone suggesting "Fair game" practices a la Scientology for criticizing his company?
According to alex, the "critical difference" is anonymity. On this dimension, the sympathetic figure and the big jerk do not differ. So if he is correct about anonymity, then they are indeed comparable. The point is to test whether he really believes his stated principle or whether it's merely a convenient justification to criticize big jerks that he dislikes.
If you think that's not right, that's fine. Then come up with your own principle separating Emil Michael's journalism proposal from Pando/Valleywag. I'll repeat this exercise - trying to come up with a sympathetic figure on the other side of your principle and see if you still support the conclusions.
That's how you test whether your ethical principles are really valid.
And this, folks, is why taxi regulation is a thing. Of course, there is crime and corruption and they have their own variety of scams[1]. But what you won't see is a sweeping sense of impunity because if you go out of bounds to this degree so blatantly (and at regular intervals, it seems), a rather large hammer will come down on you and your union. Taxi drivers in general are well aware of this.
But a bunch of broexecs, who answer to no one, setting the tone for everyone else is unlikely to feel any need to change any time soon.
So taxi regulations are in place to ensure faceless execs don't make mean remarks? Uber might not be startup of the month right now, but given the choice of excellent service for customers at the cost of a couple assholes in a boardroom somewhere versus crappy service while the execs try to please everyone, I'd choose excellent service every time. Ignoring the fact that, of course, taxi regulations don't stop people from being assholes; after all it has never stopped drivers from not picking up minorities.
I think regulations have more to do with the drivers not taking you on 20 mile detours, trying to sexually assault or yelling at a cancer patient (all Uber stories).
"San Francisco taxi drivers routinely flout the law by refusing rides, declining to take credit cards, charging unauthorized fees, speeding, smoking, and talking and texting on cellphones while driving, according to a year’s worth of passenger complaints reviewed by The Bay Citizen."
How many of those drivers lost their license, do you think?
I was giving examples, it certainly isn't an exhaustive list. How many complaints against Uber in a year? We don't know because there isn't any regulator oversight besides trusting Uber.
To be fair, there would be countless equivalent stories from the taxi side of the fence. The ability to rate drivers to encourage better service strikes me as one thing Uber gets right.
There might be bad attitudes filtering down from the top and from handlers/motivators, but that's less about regulations and more about just being nice people. Taxi drivers could often do with the same improvement.
Rude taxi drivers and huge detours to charge you more money are par for the course when it comes to taxis. Regulation doesn't fix this. I'm not sure what does, really.
I never said they were immune... I was merely pointing out that there is a lack of regulation. There is no taxi commission to go to if Uber screws you.
I think what'll come out of this entire experiment is something very, very similar to the current taxi industry - simply with better apps and dependability, and I will not complain at all. A little part of me suspects that this will not be Uber (at least in America, where the regulatory blockade feels really impenetrable as an engineer), although at this point it's anyones game.
My honest hope when I first heard of Uber was that it would give a huge wakeup call to the industry. Let's face it, America is a service industry and many of its services suck. The attitude is marginal at best, horrifying at worst. I hoped this level of customer scrutiny on performance would bring it up to the same level as in Japan.
I'm still hoping someone will make it happen. Or rather, perhaps an entire army of services will make it happen as we've seen, a de facto monopoly, yields terrible results.
Your point reminds me of that recent New Yorker article on learning [1]. In particular, the author points out how particularly niche industries (competitive sports, theatre, orchestras) have seen significant improvements in median performance over the past few decades. However, this has been limited mostly to fields where there are a small number of potential openings and a pool of candidates significantly larger than the number of openings. One of the big questions I think about sometimes is how America can push its citizens and employees to be a little more disciplined/dedicated (ahh not exactly clear how to phrase that..) purely through economic manipulation (and not cultural impetus a la Japan).
Über's ran into legal problems in Germany, but a city like Berlin has a very same regulatory system. Taxi licenses are available at a reasonable processing charge, drivers have to be licensed for driving skill and commercially insured, and the majority of drivers are single or a few car small businesses. Also, the cars are plentiful, inexpensive, clean and modern (there's some variery, but a random hail will usually net a Mercedes with leather seats). It's mostly what Uber says they want, except that if they play by the sensible rules here then they don't have any competitive edge.
There are multiple apps like mytaxi which add a layer of usability, estimated pick up time and cost, pay from app, interactive maps, and driver rating.
Probably because taxi companies are a dime-a-dozen across various cities and states, and the capital required for an engineering investment to pull something like this off just isn't there at any given shop. It's a technology problem that the existing industry faces, and because the existing competition is essentially a coalition of independent companies, they can't band together to build something like this without a joined effort (nigh impossible).
I was recently in Pittsburgh and saw a clunky touch-screen app stuck to the back of the passenger seat that sounded just like Uber, so it's clear that someone out there is working on building Uber-like dependability for your taxi. But I also remember talking to the cab-driver on that trip, and having him tell me that their 'dispatch' is still one person sitting in an office somewhere manually dialing and dispatching cabs to received calls. The status quo in the industry is just so ancient in so many ways. Here's to hoping they can start moving and respond though.
Probably because it would be expensive and risky to roll out something across a large, already existing network, but at the same time running an innovative "side project" may well be met by anxiety (and corresponding resistance) by those who aren't able to participate. It seems to me that both of these responses are fairly economically rational, given the corresponding risks.
Regulation could be useful here, if properly designed, by helping to alleviate the fears of those in the existing industry who are most likely to be directly affected by these useful innovations. Unfortunately, the allergic political response of some sectors of society to anything interventionist makes coming to reasonable arrangements quite difficult, so we just end up with something that isn't really that great for anyone.
The Taxi drivers in Seattle protested by blocking downtown traffic in their cabs on multiple occasions when the Uber/Lyft vote was going on. Uber and Lyft are now capped at 150 cars each.
The McGill Password length has also been increased from exactly eight
characters to a variable length of eight to 18 characters.
So they're not using bcrypt (usable length 72). Even PBKDF2 would have been acceptable, but my guess is that they were sold a "layer over" on their stack with this. I can already tell this is a hacky patch.
Every year, about 1,200 to 1,500 McGill accounts are compromised in
one way or another.
Phishing + guessing. I know someone who gets about 2-3 emails a week asking to enter their login info into some site in Brazil or the Czech Republic.
If every site properly salted and hashed passwords, reuse isn't even a problem. But as we know :
- Most people choose crappy passwords.
- Most sites use crappy hashing schemes (if they hash at all)
When other sites are compromised, there's an easy list of ready passwords to try against other potential targets.
They may be artificially limiting the password length because other services which authenticate (e.g. VPNs, mail systems, older UNIX logins, administrative software, payroll, etc.) may have limits on password input fields.
This is why PBKDF2 would have made more sense then. They can centrally authenticate, derive a secondary token from the original pass while specifying the max limit for each of those services. Best of all, this means the mail, UNIX login etc... need not have the same login token.
On the plus side, they're telling people about the limit. I visit so many websites that will happily take passwords of arbitrary length without complaint... until you try to log in and your password doesn't work because the password you entered was too long and it truncated it.
It's a pet peeve of mine when a site puts a max length on characters (which is dumb itself) and then they don't put a max length on the password input later. Nothing but a regular workout for your 'forgot my password' feature.
It bothers me less now that I use a good password generator/safe, but still bothers me nonetheless.
I have an auto loan with a company which truncates the username. It's bizarre because they'll happily let you key in the entire username when you go to log in, but it truncates when you first set your account up.
Why on earth would you ever need to truncate a username?
In addition to the frontend issue mod mentioned, it often happens accidentally without any errors or warnings when using a VARCHAR in a relational database, which have a maximum length. If the username field is VARCHAR(20), the application ignores database truncation warnings, and the developer didn't think to check the username length before storing it in the database, it'll truncate a 21-character username without you knowing. This comes down to the devs using sensible field lengths and handling edge cases.
Well, you have to have some limit. Otherwise a user could register with a 1GB username. This might break all sorts of things that assume they can display or work with usernames.
I saw an example of that on a JavaScript-related site recently, where a guy's username was aaa...aaa several hundred characters long, causing a ludicrous horizontal scroll bar. You'd think it would be easy enough to say upfront during account creation that both usernames and passwords are limited to x characters.
> Phishing + guessing. I know someone who gets about 2-3 emails a week asking to enter their login info into some site in Brazil or the Czech Republic.
I think it probably has something to do with this.
That's pretty bad. I think those get filtered before it gets to the inbox most of the time, but the phishing continues too. This one from 2010 is pretty similar :
Bcrypt is not the ONLY secure solution to securely store passwords (contrarily to what everyone is trying to tell you). See Thomas Pornin's answer on SO:
The registrar issuing cert solution would certainly speed up HTTPS adoption; you're dealing with one less org to secure your site. The down-side is that if you decide to move registrars, that still complicates things. What if the new registrar refuses to issue a new cert without a hefty fee? Or what about revoking the previous cert? Now the registrar is functioning as a de facto CA so it doesn't completely eliminate the middle-man factor.
I'm hoping the EFF project will smooth over these hiccups, which is why I'm looking forward to it.
> The down-side is that if you decide to move registrars, that still complicates things. What if the new registrar refuses to issue a new cert without a hefty fee?
Then everyone stops using that registrar and they go out of business.
> Or what about revoking the previous cert?
You're asking this as if there is some kind of functioning method of revoking certificates already. If anything this makes it easier because it could be plausible for clients to somehow retrieve who the registrar is for the domain and then only accept certificates signed by that registrar.
If the popularity of GoDaddy has taught me anything, it's that people use what they know; not what's good. The list of companies that should have gone out of business is as long as the number of years since commerce began.
The fact that they still stay means (and this is relevant to the EFF project as well), creating alternatives is just as hard as making enough people know and care about them.
The registrar check per domain is probably the biggest plus in having it act as CA. Of course, that adds overhead to the registrar which they may not be willing to accept (margins and all that).
Privatoria.net is a service which provides secure communication, anonymous
surf and secure file sharing for individuals and business. All security
services are united together in Privatoria. It includes Secure VPN and
Anonymous Proxy, that enable surf anonymously, change IP, unblock sites,
Anonymous E-mail, Secure Chat, Secure Call, Secure Video Chat for secure
communications and Secure file sharing via FTP and Secure Data Storage.
No conflict of interest there at all in your badmouthing of Tor, with no corroborating evidence at all to boot.
That's extreme. This is just a swing toward turning internet access into utilities like electricity and water which are available without being tied to your residence. You still have public street lights and public water fountains outside your home. Likewise, internet is slowly moving away form this "thing" you always have to pay for to stay connected.
Verizon, TWC, Optimum, Comcast et al require that you have an account with them to use their hotspots. But you don't need an account with ConEd to be able to read your newspaper or book out on the street. This is where internet is headed.
McDonalds, Starbucks, and many other private companies, all do not require an account, many don't even require you buy anything.
Counting street lights as electricity is a bit of reach. Last I checked to have electrical service or water service I actually had to have an account. After all, where would they provide it?
10 stories a month. Also, even though you may only post one or two as you say from these sites, others do the same adding to that total E.G. wsj.com Which doesn't allow viewing at all unless you browse in from a search engine or subscribe.
There are many reasons not to freely give out your address, or name for that matter. The validity of ideas need not be tied to an identity. If an idea can stand on its own, then so be it. If not, you can just move on.
"...being accountable for an opinion is probably bad for them in this case." Same for you as well, it seems.
"While these death threats and the like are in no doubt horrible..." Then let's stop there.
No bridge is sacred enough to warrant physical threats when burned. No attitude poor enough to elicit the response that this did. It's bloody software.
You don't like it, you fork the last version you did and start from there. If enough people agree with you, you'll be fine. If not, you are probably wrong.
Amen. Actually that would have been the better outcome anyway since it adds entropy to the gene pool. Cross pollination of ideas could have benefitted both parties. And even if your side doesn't take the cake, enough people would have flocked to the source that we could have fixed some bugs and resolved potential security issues due to the addition of more eyes.
Looking from afar, you'd think this was some tiff over imaginary lines on a map or something. Now that would be silly.
Gentoo is waiting to welcome all the systemD haters.
OpenRC is going strong.
We also support systemD as well because USE flags rock.
In fact being able to see the sysV and systemD init files side by site was what finally convinced me it is an improvement. An improvement with many questionable additions... Like free money attached with losing my 25/20 eyesight to normal 20/20 or some other minor debilitating affliction.
Having used Zypper, Yum, Apt, and Pacman, I'd have to rank them pacman > zypper > apt > yum. Have you tried the others? Apt syntax is so cumbersome using either the Suse or Arch package manager.
