The Harold McGee article linked on the right mentions that the alkaline ingredients in ramen noodles are slightly different from baking soda:
>As for the particular alkaline ingredients that are added to noodles, Chinese and Asian alkaline noodles, in general, contain potassium and sodium carbonate, which are not the sort of things that we usually have lying around in our kitchens. They’re carbonate salts of those metals, sodium and potassium. They’re standard ingredients in Asia but not so much in the West.
>However, you can easily make your own version of them by taking baking soda and baking it at a low temperature—200°, 250°F—for about an hour. You take baking soda, sodium bicarbonate, and turn it into sodium carbonate just by that gentle heat. Now, that leaves out potassium carbonate, but I’ve found that when I’ve experimented with it, simply using sodium carbonate gives you most of the effect that you’re looking for in an alkaline noodle.
Would it make sense to prebake the baking soda? I'll have to experiment myself.
My local Asian supermarket sells the alkaline McGee is talking about as "lye water". Check if yours does as well. A lot easier to just buy a bottle rather then screwing around with baking soda in the oven.
The stuff sold as "Lye Water" in Asian supermarkets isn't actual lye (NaOH), but rather a dilution of potassium carbonate or a mixture of sodium carbonate and potassium carbonate.
You're probably using the right thesaurus. The default on Apple devices is the Oxford American Writer's Thesaurus, which is great at conveying little shades of meaning. I'm always delighted to find a "Word Notes" entry by an author I like. Try "bourgeois" for Zadie Smith or "feckless" for David Foster Wallace.
In addition, that blog post is another incredibly well written example, in case anyone has been left in the mood.
"So back in ought-whenever-it-was, the general consensus was that print thesauruses were dead, dead, dead, and that nobody would ever buy them again, but, leaving that aside, Oxford being Oxford and having to publish thesauruses much in the same way that birds gotta fly and fish gotta swim, we had to create a new one anyway."
This bug was pretty serious. I'd better be extra careful and install and verify this myself.
Oh, good: there's a standalone installer available (http://support.apple.com/kb/DL1726). But the download is served over HTTP. Maybe I can
just try the same URL with HTTPS:
Nope. Well, at least I can verify the SHA1 sum displayed on the download page. Wait, no, that was served over HTTP, too.
Okay, I'll follow Apple's instructions for checking the certificate fingerprint in the installer (http://support.apple.com/kb/ht5044).
But that page (Last modified November 2011) displays a different fingerprint (9C864771 vs FA02790F)...and that fingerprint was also served over HTTP.
The packages themselves are signed: Mount the .dmg file and use pkgutil --check-signature /path/to/Installer.pkg to check whether the package is signed by a valid CA (if you want to be totally sure, do this check on a machine running 10.8 or earlier)
FWIW, I did this for the combo update. The SHA1 checksum on the Apple page, c06a63982b522e43997a05cedc04b0bdb1a10207, matches the file, and pkgutil reports
Package "OSXUpdCombo10.9.2.pkg":
Status: signed Apple Software
Certificate Chain:
1. Software Update
SHA1 fingerprint: 1E 34 E3 91 C6 44 37 DD 24 BE 57 B1 66 7B 2F DA 09 76 E1 FD
-----------------------------------------------------------------------------
2. Apple Software Update Certification Authority
SHA1 fingerprint: FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
This is all pointless handwaving; the update package itself is signed and will not install if tampered with, regardless of TLS certs used to download it.
Meh, just admit you didn't realise how packages are signed and move on. TLS shouldn't and cannot be used to sign installation packages. After all, TLS stands for _Transport Layer_ Security...
Well you have the right to feel offended, but he really didn't "follow logical steps and make a fair enough point" as his idea was completely wrong when it comes to signing installation packages.
Yes. That's the marketing page explaining how Gatekeeper works, but yes, in the end it's a feature of Gatekeeper that makes it harder for you to open unsigned packages and impossible to open packages with a broken signature.
So even when you don't know about pkgutil (most people don't), Gatekeeper will still help you.
"Mom, First use linux/fbsd/obsd/win box to download update. Next verify authenticity of cert/sha1. Then just scp dmg / copy to USB drive, apply update and move on."
That is a cute response. The only problem is that you are substituting "mom" for OP.
Did the mother of your thirteen year old preface her question with "I already tried to use curl but then I realized that would not work. Then I thought I could verify the SHA1 but I realized I was obtaining the sha1 value over an insecure channel."?
Steady now, that's my mother you're talking about...
I agree that context matters. That's why statistically the proposed solution isn't a solution. It doesn't really work in a way that address the serious issue because the serious issue is the sheer magnitude of the number of compromised systems.
To put it another way, if you have a Linux or Windows or BSD box why keep a potentially deeply compromised OSX installation around at all. The patch isn't going to unpwn a pwnd box. The hoops might insure the patch isn't compromised but in terms of system security the horse is out of the barn and all the way to the glue factory.
The only case where jumping through those hoops makes a difference is in the second best case. And that's statistically equivalent to the best case and preparing for the best case in regard to security goes by the name of "wishful thinking."
Seems ironic that of all the patches that don't get served over SSL, the "SSL is meaningless" bug is the one where you'd point out that SSL should be available :P
I wrote my undergrad thesis on conspiracy theories (in Turkish politics)[1], but it includes a section reviewing academic literature on conspiracy theories and a lot of resources in the bibliography.
Karl Popper wrote briefly about conspiracy theories in "Open Society and its Enemies."[2] It was part of a larger argument about emergent vs. planned orders, but I think it's a very good point: many conspiracy theories arise "from the mistaken theory that, whatever happens in society – especially happenings such as war, unemployment, poverty, shortages, which people as a rule dislike – is the result of direct design by some powerful individuals and groups." It's simply hard for us to accept that improbable, harmful events are the result of lots of unplanned actions rather than one malevolent design.
To me it seems like this can also cut the other way, with some people assigning any positive results to the efforts of powerful people with whom they agree.
An example is the belief that economic growth results directly from government policy and actions. This is true to some extent, in that the government must enforce fair dealing. But we learned in the 20th century that economies that are too centrally directed will fall behind those that allow emergent behavior in an open marketplace.
Money might buy "freedom from depression," but I suspect it does so by buying antidepressants and therapy.
I think Robert Sapolsky is on to the best explanation of depression: it's a disease rooted in biology and genetics, similar to (and exacerbated by) chronic stress. (Here's a lecture that I'm sure has been posted here before: https://www.youtube.com/watch?v=NOAgplgTxfc). Reducing stress can alleviate the symptoms, but really effective treatments treat depression as a disease.
This is interesting, but I think completion rates (and enrollments, to a degree) are bogus statistics. All the incentives are aligned toward signing up for lots of courses, with or without any intention to finish. I'm "enrolled" in 13 Coursera classes at the moment, but only active in two (and something close to this has been my moving average for the last six months).
The only cost to me is a few too many automated emails. And since course quality still varies widely, trying out lots of courses and sticking with the best ones is a good strategy.
Yeah, I've signed up for about a dozen Coursera, Udacity and CalTech courses over the past year, and finished 3 with enough work for certificate of completion, and put in enough work on a few more to get something out of them.
His book "Why Humans Cooperate" is worth a trip to the library, too. It combines some formal models, experiments, and an interesting study on the Chaldean community in Detroit (a less-WEIRD ethnic group in the middle of our WEIRD society).
The implications of this research are even more radical (and controversial) than the article suggests. The idea that culture shapes the way we think and act is interesting enough, but then the big question becomes "where does culture come from?"
Henrich (and others[1]) suggest that culture evolves through Darwinian processes of transmission and replication, and that biological and cultural evolution are coupled. Social Darwinism and sociobiology gave this idea a bad reputation, and the idea that our social norms have evolved from kin selection all the way up to impersonal market exchange is still a hard sell for economists and anthropologists alike. But it's a fascinating idea, and it's completely changed the way I think about economic behavior and human cooperation.
