And rightly so. As Dr. Quinlivan points out:
In 2006, I remember interviewing the Mayor of Schenectady (New York), Brian Stratton, who made a very persuasive case to me for directly elected mayors. He said that when he was elected mayor he inherited a fiscal train wreck but was able to turn things around because he had immense executive powers. What he failed to mention though was that the fiscal train wreck had been caused by the previous directly elected mayor who had bankrupted the city with a massive deficit and a rock-bottom credit rating.
Many directly elected mayors in America have veto power over the council and are all powerful. When I asked the mayor of Albany, Gerald Jennings, about his relationship with his council, he laughed and said, ‘I’m not obliged to go to council meetings, thank God.’
Do we need an executive Mayor? Hmm.
The best way to learn something is to start doing it. Don’t wait for full knowledge to come to you. Often it won’t. Just pretend you know what you’re doing, and hit the walls. That helps define the shape of the problem. Make it small enough that you can start solving it right now, without waiting. Each part of the problem is smaller than the whole thing. And tell yourself you can do it, because you can.
via Memex: How to do new things.
This is pretty bad :
In short, Heartbeat allows one endpoint to go “I’m sending you some data, echo it back to me”. It supports up to 64 KiB. You send both a length figure and the data itself. Unfortunately, if you use the length figure to claim “I’m sending 64 KiB of data” (for example) and then only actually send, say, one byte, OpenSSL would send you back your one byte — plus 64 KiB minus one byte of other data from RAM
So, what does that mean?
This allows the other endpoint to get random portions of memory from the process using OpenSSL. An attacker cannot choose which memory, but if they try enough times, their request’s data structure is likely to wind up next to something interesting.
And to add insult to injury,
None of this will be logged anywhere, unless you record, like, all your raw TLS connection data.
Which means you won’t know if you’ve been hit, so you need to assume you have.
For further detail, there’s a good summary here:
existential type crisis : Diagnosis of the OpenSSL Heartbleed Bug.
Una Mullally in the Irish Times:
Peaches Geldof was just 25.The television presenter, journalist, and daughter of Bob Geldof and the late Paula Yates was the mother of two young sons with her second husband, musician Thomas Cohen – Phaedra who will turn two later this month, and Astala, one.
Her father, the Irish musician, author and activist, Bob Geldof, issued a statement earlier this evening: “Peaches has died. We are beyond pain. She was the wildest, funniest, cleverest, wittiest and the most bonkers of us all. Writing ‘was’ destroys me afresh. What a beautiful child. How is this possible that we will not see her again. How is that bearable?
All deaths are tragedies, but that of youth the most tragic of all.
BBC Research Blows Out the 1% Rule.
In the UK at least. It’s now more like a 23/60/17 rule (passive/easy/intense participation), which the BBC dub the ‘Participation Choice’.
The reserach considers digital media interaction, from sharing links and photos to writing blogs. It turns out that the old 1% rule, which said that more people will lurk in a virtual community than actively participate, is old news and that now, more than 10% are getting online to contribute and interact.