Just as an aside, there is a word for "specifically male man", it's "wereman" (just as "wifman", the old version of "woman" meant "specifically female man" -- "man" was short for "human", from "humanous" -- earthling, which both women and men are, despite martian/venutian assertions to the contrary...)
I never studied in college in the US, and I'm horrified that this is the standard. In Israel, we had the previous tests in the library, and the student union created a (for-sale) curated versions, all above board and perfectly condoned. The assumption was that memorizing the entire test-bank, containing hundreds of questions, was harder than actually understanding the material -- but that if you thought that was your best way to pass the test, go ahead and do that.
In fact, some professors explicitly encouraged memorizing proofs for all important theorems by promising that the test will contain at least one or two of them. Of course, usually they followed this by explaining that you're free to come up with your own proof, or memorize key points and manage to interpolate. I would recite proofs in the shower, to myself, every morning.
It would only be cheating if you got the actual test being used ahead of time (or, of course, consulted a confederate or disallowed materials during the test). It would not be cheating, and in fact, tolerated explicitly, to harass the professor by asking questions from test banks that you failed to solve, and getting valuable information that way ("it's not going to be on the exam, don't worry about it").
The professors assumed that anyone who puts that much energy into studying for the test deserved the grades they got.
tl;dr: In Israel, only stealing the tests or breaking rules during test periods was frowned upon: anything else was viewed as "studying really hard."
How will the "properly-applied" eugenics be done?
I mean, currently people get other people to write their papers for a college degree -- think of how much they'd be willing to pay if it was their kids' existence on the line!
tl;dr: Eugenics won't be properly applied because pre-eugenics people will game the system.
Yes, you are missing one thing: if you are storing that file, a security breach (several kinds of those) means an attacker can get that file. Are you thinking this is not a problem? Think again!
* For "moderately" strong passwords (say, ones which need 10,000 attempts to get), getting at your encrypted files means the difference between you being able to throttle-and-disable a serial guesser and having the password hacked (bonus points if that was the password your user uses on other sites with the same usernames.)
* An attacker can go over the file to find "extremely" easy password for some user.
* A determined attacker can test hundreds of millions of passwords for a specific user, and know when he succeeded, before you ever notice it. So unless your website has a "change password every year" policy, the attacker can breach even "moderately strong" passwords.
This is even before issues like "well proven encryption libraries" are still broken, and if the one you used is broken, your file is still out there.
This doesn't mean that it cannot be done, with enough care -- but it does mean that if you avoid doing it, it's a big relief, and a big potential crisis averted.
This says absolutely nothing, except for the ever-present "just start-up, it doesn't matter." It doesn't matter only if you're a Blub programmer (see http://www.paulgraham.com/avg.html though I imagine most people have already seen it), or if you're a non-technical manager needing to convince himself that it doesn't matter.
So here is some real advice: if you are doing a typical "mostly-web-but-a-lot-of-little-elses" choose Python. Python has good frameworks like Django (that will bring up you to speed clearly for a CRUD-based web site) and Twisted (for the small "everything elses"). If you find performance bottlenecks, well, the C-API is not a "pleasure" to work with, but it's reasonable at least. It is easy to learn, so the whole "find an engineer familiar with it" is a bit of a red herring.
Sure, this advice will not fit all start-ups, but if you think it doesn't apply to yours, you better have fairly solid arguments.
(Some arguments that I think are solid: "We already know Ruby well, and the difference is small enough that this tips the scales", "we need to write in Davlik for Android". "But I know C++" isn't, for example.)
Well, the contradictory argument can be made as well: If you're a start-up, and your early adopters get annoyed because someone made sure Firesheep works with your web site, and they're all getting pranked, they're going to decide they won't bother.
OTOH, I am writing this comment on an open wireless router.
On the gripping hand, nothing I put here is private, and if someone "pranks" me, I can just login again and delete offensive content. Karma isn't actually money...
Your local network admin, your ISP, any ad networks your ISP has or will have arrangements with and your government can log all the websites you visit and build profiles of you because https isn't used everywhere.
This might not bother you individually, today. But maybe it will cause problems for you in the future if laws change? Maybe it is causing problems for a lot of people who aren't you today? Maybe it is causing problems for citizens in countries other than yours?
The World would be better off if https was used everywhere.
For most professional use, meaning "work", I use work's e-mail system (usually based on Exchange, but I guess that depends on where you work). If I apply to companies, do you think they really care what your address is?
I do some of the interviewing duties at work, and I can tell you my eyes pretty much skip over the e-mail part of the resume. HR needs it to e-mail them "your interview is on the 10/10 at 10:10am", but I doubt the HR person really cares about the address beyond copy'n'pasting it.
(Mind you, if I got work e-mail from a personal address, I would regard this as unprofessional behavior, but it doesn't matter if it's @gmail.com or @faceboook.com)
This is a variant on Schneier's fundamental theorem: Any fool can design a CAPTCHA for which they cannot program a solver. Just like in crypto, the only true test of CAPTCHAs are which one survive the test of time after having been attacked again and again, which is why it's very dangerous to jump on the bandwagon of a new CAPTCHA scheme (or worse yet -- design your own).
This is one reason why I'm partial to reCAPTCHA: there is a lot of experience in OCR systems, and we know what the current state of the art -- and we know what kind of things foil it.
Here is a sustainable approach: make sure that teachers are legally obligated to report bullying instances they are aware of to the police. (This law can be passed in the municipal, state or federal levels -- it doesn't matter.)
Bullying is assault. The first time the police gets involved, it will be unpleasant for the bully. The second time, he gets arrested. The next bully to come along might realize he doesn't want a criminal record, and if he doesn't, his parents might. And if they don't stop, they get sent away to juvie.
Why do we assume highschool/middleschool kids are somehow untouchable by the law?
...because in some circumstances, they are. Cavanagh has vandals on film and admitting their guilt on facebook - cops don't follow up. More important things to do, I guess.
Ever had to actually get the police to follow up on something like that? They'll take your report... but if no one is injured, it often ends there.
They're not untouchable, but every year you're going to have a whole new group of kids "becoming" bullies. So any "sustainable" approach has to be made with parents, not the school system, because it's parents who are ultimately responsible.
I learn all my etymology from Dinosaur Comics, http://www.qwantz.com/index.php?comic=551 :)