> Private medical care is in most circumstances illegal in Canada and they have large enough wait lists that people are dying in large numbers waiting for medical care. Medical tourism to Canada is a non-starter for Yanks.
Can you cite a source for people dying in "large" numbers waiting for medical care in Canada?
Canadians live longer, and they spend about half as much on healthcare per person.
If Canadians are dying in large numbers waiting for care, something pretty grim is going on south of the border to make the stats worse in the US.
The bottom link is to commentary on the Supreme Court’s recent ruling in the case, and the criticism of a more privatised system is interesting.
“The entire premise underlying the Canada Health Act is that people ought to be able to access health-care services based on need, rather than ability to pay…
It's pretty clear that having physician's practice both in and outside of the public system, if anything, results in longer wait times for patients in the public system, not the other way around…
The people most likely to need urgent surgery are often the least able to pay out of pocket.”
Notably, the legal action was brought by someone with very vested interests.
There's no reason to assume that government care supply would rise to meet demand. If private pay is allowed, and medical school enrollment is not artificially constrained, supply can rise to meet demand at a low price.
> Their normal plan is to steal keys by compromising users and computers. This is in contrast to the normal "hack" that works by finding and exploiting bugs in code.
That's the primary way hacks are conducted by most hackers. Hackers are primarily social engineers, not technical. Technical hackers are extremely rare regardless of nationality.
I have no evidence for this, but my feeling was always that the highest-volume exploits were just having a bot run yesterday's Day-0 on every IP listening on a port. You can't get that kind of volume by calling people and asking for their password.
If you leave an unsecured mail server accessible to the internet, it'll start sending spam emails within 30 minutes.
On the other hand, phishing emails are also automated, and that's essentially asking for the password.
It's probably safe to say that phishing is the most common method among APTs like state intelligence agencies. It's cheap, it's easy, it works. No reason to burn zero-days unless simpler methods with less exposure don't work, and they usually do.
But we can broadly categorize security incidents into two bins: first are opportunistic attackers which broadly attempt a method that sometimes works. Two common examples are minimally-targeted phishing emails (think Best Buy invoice) and automated scanning for old versions of WordPress with known vulnerabilities. Second are targeted attacks, where the attacker chooses a target and then attempts different methods to reach success. Overall targeted attacks are far less common than opporunitistic ones, but because they involve a higher level of effort they're only attempted when there's a high level of motivation. Targeted attacks tend to result in greater financial losses than opportunistic attacks, for example, because compromising machines to add them to a botnet usually isn't worth the effort of a targeted attack, but getting banking credentials or crypto wallets usually is.
All of information security is fairly bimodal in this way. It often seems like even technical professionals like software engineers struggle to understand basic security practices, but I think this is one of the biggest causes: most people tend to think about one case and ignore the other. Unfortunately one of the things that makes security very difficult is that both cases are real and the two require fairly different practices to deter, prevent, and detect.
Social methods are far more common with targeted attacks because "true" social engineering involves a higher level of effort, like time on the phone. That said, phishing falls into an in-between where some consider it to be a social method but it is amenable to widespread automation. There's also a wide spectrum of effort in phishing. Many are tempted to try to categorize phishing activity into a binary of "phishing" and "spear-phishing" (I hate these terms), but that doesn't really reflect reality very well. In a large corporation you can usually find examples of phishing that are targeted to varying degrees of specificity: at anyone, at corporate employees broadly, at people in the industry, at employees of a company, a department in that company, and even carefully tailored to a specific employee. The frequency of course tails off as you get more specific, but then it's not that unusual for some organized crime group to run a sustained campaign of fairly closely-targeted phishing as happened recently with Twilio.
Opportunistic attacks are certainly greater in volume to the extent that some call them "internet background noise," but most think that targeted attacks probably produce greater total financial damage. Security is very faddish though, not only on the defense side but also on the offense side, so it probably varies from year to year. For example, the emergence of ransomware was a major trend that required a strategic shift in defense in many organizations since ransomware attacks were fairly low effort but also very high damage in many cases.
Mostly startups use GSuite, big traditional companies and banks still run their own. But that wasn't really my point. My point is that there are a lot of bots looking for low-hanging fruit.
In 2011 I spent hours writing a script to brute force a wifi password at a hotel because I didn't want to pay $5 a day for wifi. It worked. I was pleased with myself.
When I checked out they gave me a receipt and I went to throw it away and saw a handful of wifi passwords in the trash bin.
He's not wrong. Certainly when it comes to the full scope of being a programmer, Linux and BSD are your only real options. You can't easily add a new filesystem or screw with the kernel on macOS/windows without having to buy hundreds of dollars worth of their books and attend conferences.
There isn't really any good detailed up to date documentation online about either. The docs for linux/bsd aren't perfect either but at least there you can always fall back on the source. That makes a massive difference.
For example, one of the reasons I switched from Java to Go back in the day is that I could actually read the source code of the APIs I was using. So I could fully understand the standard library whereas in Java it was all obfuscated bytecode. I'm not sure if the situation has changed with OpenJDK but my point stands, an open core system is far superior platform for learning.
It's not that Linux/BSD don't offer the most freedom (though as many have pointed out MacOS is essentially BSD with an Apple WM/GUI). It's the snobbishness of saying 'only ____ makes you a TWUE PWOGWAMMER'.
You can see this to some extent in other professions. Cardiologists and neurosurgeons get paid big bucks because their job is life or death stuff and requires skill and innovation. But would you want to work with a cardiologist that goes around sneering at every other kind of medical professional and saying they're not real doctors? Of course not, because they're assholes and when people like that screw up they'll blame their colleagues or patient rather than admit fault.
Back in the tech context, you can pursue authenticity into absurdity. You're not a real programmer unless you use (language). You're not a real programmer unless you contribute the language. You're not a real programmer unless you get into kernel hacking. Sure, you call yourself a programmer, but do you even assembler? Programming? Sorry, I design chips. Chips? Do you even basic circuit designs. Me, I roll my own capacitors built from carbon nanotubes...and so on up through materials science, physics, and mathematics.
Well, you cannot directly “screw with the kernel” on Windows. I am not sure how that is keeping you from growing as a developer exactly though. You can write your own kernel from scratch using Windows as your host platform. And, of course, you can build a filesystem to use with Windows. You can even make it Open Source as well which many have.
If you do want to “screw” with the system on Windows, one option would be to replace the MS stuff one DLL at a time. You might take a DLL from ReactOS for example and make it work with your version of Windows, extending or altering it as you desire.
> For example, one of the reasons I switched from Java to Go back in the day is that I could actually read the source code of the APIs I was using.
What APIs were you using? I haven’t used Java in a while but one of the main attractions for me was that I could download and read the source code. (I’d been in the closed-source Microsoft ecosystem before that.)
of course they’re wrong, there are thousands of competent programmers working on windows and macos, I love linux I just hate this kind of hyperbolic self-aggrandizing
You can't easily add a new filesystem or screw with the kernel on macOS/windows without having to buy hundreds of dollars worth of their books and attend conferences.
There isn't really any good detailed up to date documentation online about either.
That's not true, at least for Windows. MS has published a lot of docs on their site, e.g.:
uhm... when was this? the jdk has included "src.zip" since.... forever(atleast 15 years). This included the entire class library, and any half competent IDE could(and still can) view it directly if you simply went "view source".
This goes back to before oracle purchased sun, and as such way before openjdk aswell.
It loads the dynamic library at runtime, instead of linking against it, which means it makes cross-compiling with CGO easier as no target C toolchain is needed.
What slimsag wrote is correct. It makes cross-compiling code that needs to call C functions as easy a setting the GOOS and GOARCH and just building. This means no need to worry about building a C cross-compiler.
I do want to write an article about how purego works under the hood.
I don't have either. I was gonna figure out how to post it after I actually sat down and wrote it lol. I'll probably post it in the golang subreddit and maybe link to it in the README.md since it describes how purego works.
If memory serves, dev.to tends to be downranked or outright filtered by a bunch of places.
(I have no idea how or why that came about, I've merely observed people having all sorts of trouble getting posts on there visible in aggregators and etc.)
What do you mean US-style? As far as I'm aware, such debate clubs exist all throughout the world. The most famous of which are probably the Cambridge Union and the Oxford Union both in the UK.
I don't know about the Oxford Union, but the people arguing in the Cambridge Union generally believe the arguments they are making. This makes it quite different from debate clubs in school.
Absolutely agreed. I see so much bullcrap being peddled by people on hackernews and reddit it's absolutely maddening. People hide behind having a source like it's an immovable shield that protects them against having to perform their own critical thinking.
Can you cite a source for people dying in "large" numbers waiting for medical care in Canada?