It killed my Web browsing virtual machine until I used an offline update utility and fixed it manually.
Yes, XP needs to die, because it is made to deal with threats from 2000-2001, with added security patches strapped on as the need arose. Windows 7 and newer help address this issue.
However, I know plenty of places where XP is used that can't be fixed by a upgrade or platform change. Embedded stuff for example. Another are dedicated machinery that interfaces with a PC, does have newer drivers, and likely will not get newer drivers. A friend's $3000 sewing machine is one example.
Another person's CNC wood mill is another item. So, those machines are stuck with XP pretty much for good, because who is going to throw out a perfectly functioning mill just because it requires a legacy OS? Even some CD/DVD duplicators only will interface with XP, and moving to Vista or newer will be an exercise in futility.
So, XP in a lot of cases is here to stay, for better or worse.
I wouldn't say we are back to the wild west days. It is just the fact that the foundations made with wood and llama dung have started to crumble, and it is time to move to more solid building materials.
I fear encryption bloat. There was (and is) a lot of crap out there when it came to encryption, be it using AES 256 like triple DES to have 768 bits of key space, except the encryption passphrase was just stored as a MD5 hash, to advertising use of "4096 bit keys", which were really sixty-four 64-bit RSA keys [1]. The author of this program (thankfully an internal use application that was soon chucked once I found this) was clueless and did that due to performance reasons, not realizing the mistake.
Done right, encryption isn't that big of an issue. However, as I've ranted before, encryption is easy... key management is the elephant in the room that all the companies make light of.
[1]: RSA keys are not like symmetric algorithms, and 64 bits is trivial to break. Doing this 64 times gives log2(64), or about six bits of additional security, so 70 bits total, instead of the 4096 bits promised.
NASA might have been expensive, but they pioneered a lot of things that are used every day, and not just Tang.
One can list hundreds of things that have come from NASA's moon launches and are used in common products these days. LEDs, airplane de-icing systems, fire-resistant materials, and non-destructive stress testing are just starters.
Of course, NASA has become the political whipping boy because it doesn't have immediate ROI. No, sending a robot to Mars might not have dollars rolling in, but the technological hurdles overcome to do the missions are things learned and can be used in the private sector.
I respect that FF has its own authentication/encryption mechanism in place and can be set to require a password before access to passwords or other local data is granted. I wish more Web browsers did this, as opposed to relying on the OS for security.
IMHO, I don't care if they store data in the vaults of Mordor... I care about what these firms offer for a SLA, and what happens to the data if the company folds or sells out.
Here in the US, in theory, the physical servers (and their SAN backends) should be blanked, but if not and the data passes through to another party, that party holding the servers owns that data free and clear. A bank's private records could be available as a torrent, or the new server owner could legally charge a previous client of the folded firm for access to their files. Perhaps even make the files public unless a "reclamation fee" was paid.
I've wondered about using a very high speed flip-flops, or on a simpler thing, a SR latch with both inputs on, and sampling the output. I remember some cryptographically secure RNGs doing this in lieu of a radium-painted chip.
What is needed is are seed inputs. When a key is hit, get a super-accurate clock sample of it, hash it with MD5 [1], and toss it in the pool. Mouse movements, similar. If the computer is idle, this won't help much, but while it is in use, it should help provide enough unpredictable data to be up to par for security purposes. I'm sure there are other inputs that can be hashed over time and the hashed bits tossed in. Of course, the RNG from the chip can be easily tossed in as well. The good thing is that the most random factor "wins" in this case.
[1]: MD5 has its issues, but it is being used in this case as a bit blender, so hash collisions can happen, and not really matter. It would be wise to move to a newer algorithm like SHA-1024 or SHA-3, for more bits though.
Trust but verify is important, but chips are incredibly hard to know if a random source is truly random, as opposed to, say the output of a clock AES encrypted, so that it appears random.
Best thing to do is have the chip be part of the RNG, but not the only part, so another random source will provide enough unpredictability to keep thing secure.
Wonder if it might overlap with some of Chaum's anonymous currency patents. His venture didn't last long, but the underlying concepts of the currency were sound and it provided true anonymous transfer of money without relying on blockchains or "majority rules".
I wonder if it might have been a corporate or governmental regulation. I know in some environments, if the OS doesn't have FIPS, Common Criteria, or other certifications, there will be Hell to pay come audit time.
You hit the nail on the head. Apple should either get with Oracle and put ZFS back in the OS X kernel as the default filesystem, get with Microsoft and license ReFS. HFS+ was a good filesystem when OS X hit the market, but it has been over a decade, and everyone else has moved on.
One reason why the IT industry moved from RAID 5 to RAID 6 as a standard is because even though disk capacities are growing, but I/O is not keeping pace. So, it takes longer and longer to rebuild a drive. RAID 6 is now a must because of the length of a rebuild being so long that there is a good chance of another drive failing while the RAID array is in degraded mode. Of course, this is for tier 3 storage, but tier 2 storage is also having similar issues as well.
I just wish LTO drives were cheaper. Otherwise, they would be ideal for backups because they support encryption on the drives themselves. All LTO-4 tapes and newer support this, so any LTO-4 drive given the right key can decrypt another drive's tape.
Of course, WORM media is always nice, especially with malware being a constant threat.
I'm curious how that is doable. Even Amazon Glacier would be about $10.24 per terabyte stored per month, so I'd be looking at about $130/month for that much info.
I am not passing judgement... just have not heard much about CrashPlan, good/bad other than a quick search on it.
I'll be the heretic here, but on Windows 8.1 and Windows Server 2012 R2, there is a feature called Storage Spaces. It works similar to ZFS where you toss drives into a pool, then create a volume that is either simple, mirror, or with parity, and Windows does the rest. If a volume needs more space, toss some more drives in the pool.
To boot, it even offers autotiering so data can be stored on a SSD that is frequently used, or remain on the HDDs if it isn't. Deduplication is handled on the filesystem level [1].
No, this isn't a replacement for a SAN with RAID 6 and real-time deduplication, but it does get Windows at least in the same ballgame as Oracle with ZFS.
[1]: Not active deduplication. The data is initially stored duplicated, but a background task finds identical blocks and adds pointers. Of course, the made from scratch filesystem, ReFS (which has the ability to check for bit rot on reads like ZFS), doesn't have this, so one is still stuck with NTFS for this feature.
In reality, Dropbox, Skydrive, and other cloud services should be treated as a type of media, just like BD-ROMs, tape, SDD, HDD, and even hard copy.
The trick is to use different media to protect against different things. My Blu-Ray disks protect an archive against tampering or CryptoLocker (barring a hack that flashes the BD burner's ROM to allow the laser to overwrite written sectors.) However, they have to be maintained in a good environment with a good indexing system. My files stashed on Dropbox bring me accessibility virtually anywhere... but malware that erases files could wipe that volume out in no time.
Similar with external HDDs. Those are great for dealing with a complete bare metal restore, but provide little to no protection against malware. Tape, OTOH, is expensive for the drive and requires a fast computer, but once the read-only tab is flipped or the WORM session is closed, the data is there until the tape is physically destroyed.
Of course, there is not just media... there are backup programs. This is why I use the KISS principle when it comes to backups. I use an archiving utility to break up a large backup into segments (with recovery segments to allow the archive to be repaired should media go bad), then burn the segments onto optical media.
I've found that using a backup utility can work well... until one has to restore, the company is out of business, and one can't find the CD key or serial number so the software will install. One major program I used for years worked excellently... then just refused to support new optical drives (as in ignoring them completely.) So, unless I can find a DVD drive on its antiquated hardware list on eBay, all my backups are inaccessible. I was lucky enough to find that and copy the data to a HDD, but using the lowest common denominator is a good thing.
Backups are the often neglected underbelly of the IT world. While storage, security, availability and other technologies have advanced significantly, backups on the non-enterprise level are still languishing behind in almost every way possible. It was only a few years ago that encryption became standard with backup utilities [1].
[1]: With encryption comes key management, and some backup programs make that easy, some make it incredibly hard.
WinRAR isn't perfect, but it works on a number of platforms, be is OS X, Windows, Linux, or BSD. This provides not just CRC checking, but one can add recovery records for being able to repair damage. If storing data on a number of volumes (like optical media), one can make recovery volumes as well, so only four CDs out of a five CD set are needed to get everything back.
It isn't as easy as ZFS, but it does work fairly well for long term archiving, and one can tell if the archive has been damaged years to decades down the road.
A response I've seen to this argument is, "the majority of the population don't murder and rape. So, we don't need those laws on the books about these crimes then?"
Not a stance I personally side with, but "have to do something as the perfect is the enemy of the good" can be a valid argument for gun control bills.
Yes, Qubes is useful. I was pointing out how to accomplish a fraction of the security of said OS with existing tools.
In a perfect world (i.e. no installed base), that would be how all desktop operating systems would be. The ideal would be a type 1 hypervisor, a backend deduplicated filesystem, copy on write capabilities, and so on. Someone fires off their office suite in one VM, save a file to a shared directory only visible to that VM and the mail client VM, and so on. Essentially not just virtualizing the memory space like conventional operating systems do, but completely duplicating libraries and all userspace.
In addition, the application VMs can be encrypted, only decrypted when used, and once done, the keys purged. This way, if a laptop is stolen while it is being used, not everything is compromised.
Only downside of this is that it does take a learning curve. I was trying to point out a solution that is better than nothing -- stick the Web browser in its own box, well away from anything sensitive.
The problem is that demanding censorship will make it harder for police globally to do work.
Right now, a lot of people are still going about their business directly from their IP to sites. Using an encrypted, offshore VPN is a matter of a few mouse clicks, or a couple taps on a smartphone or tablet. Once people start doing this as a matter of habit, then all goes dark.
The next step would be to block/censor/throttle VPNs, but because legitimate businesses use VPNs for secure remote communications, they will gripe, and a business that gripes is heard loud and clear compared to easily ignored individuals.
There is always the next step up -- a VM. It sounds like a lot of pointless steps, but with VMWare's Unity, the Web browser appears as another application on the taskbar, except marked with a color around it.
I do agree sandboxing might take a little bit of work, but it isn't that much for the protection gained. Similar with a VM. Even when not in VMWare's Unity mode, it is just a window to click on.
Long term, this complete sandboxing functionality should be in the OS. BSD's jail(), SELinux, AppArmor, and Window's low privilege mode all are steps in the right direction, but what is needed is separation of not just the browser from the OS, but separating each window/tab from each other, so a compromised window can't affect banking data on another tab, and in no way, the compromised window can get a user context [1] or higher. This has to be a cooperation between the Web browser application and the OS, as if the Web browser has a bug in it allowing malware to gain access, this is limited as much as possible. This way, there are at least two layers before a rogue plugin has control of the machine.
[1]: If a user context is gained, that is almost as good as admin access. From there, ransomware can run to encrypt files, Trojans can be dropped, keyloggers started, BitCoin miners launched, and DDoS attacks started. None need root/admin access.
The people who really got screwed are the stockholders of GM. The GM stock that was issued turned into a bankruptcy stock, and completely new shares were issued. Shareholders are dead last in line, behind the bondholders.
What would have happened is that cars, just like TVs, computers, chipmaking, hand tools, food, plastics, building materials, engines, and generators would just come from China. The patents would be bought up by an overseas holding company, and the sole carmaker, Ford, would have an uphill battle being the sole US company in a very competitive and fickle market.
I have a Twitter account, and that was because during the job hunt a few years back, prospective employers demanded one's Twitter ID, and when I stated that there was no point, I was told the interview was over because I wasn't keeping up with the times and spilling my guts to the world on an hourly basis about my floater/sinker ratio when I hit the bathroom, etc.
So, I have one that follows some sanitized corporate sources, and has not been touched since 2010.
If I want to announce something to the world, I'll buy an ad on Facebook.
I use sandboxie, and find it well worth using. With additional "supercookies" and methods to save state, having all Web browser data saved on a different volume, and is completely purged when done, no matter how many hidden files are written, is a good method of protecting privacy. Doesn't take much doing either. One can force a browser to run in a sandbox, or just right-click on it, select "run in sandbox", pick the sandbox you want it in, and go.
This is also coupled with "click to play" for Flash or other stuff, and using AdBlock for an extension, so the browser doesn't have to deal with most of the nasty stuff.
I also run a different browser for banking that I do general browsing. The more separation, the better.
People firewall their computers, might as well have a layer of security (sandbox or VM) against untrusted code that hits their machines directly.
That is something I have to agree with. We need more coders and innovators. The fewer people in the field, the more stagnant it gets.
We need more people that can use programming as a creative tool. Right now, programming has a bad rep, being viewed as the domain of offshore programming houses and bargain basement H-1Bs. However, cool new things have to be programmed by someone.
Slashdot Mirror
It killed my Web browsing virtual machine until I used an offline update utility and fixed it manually.
Yes, XP needs to die, because it is made to deal with threats from 2000-2001, with added security patches strapped on as the need arose. Windows 7 and newer help address this issue.
However, I know plenty of places where XP is used that can't be fixed by a upgrade or platform change. Embedded stuff for example. Another are dedicated machinery that interfaces with a PC, does have newer drivers, and likely will not get newer drivers. A friend's $3000 sewing machine is one example.
Another person's CNC wood mill is another item. So, those machines are stuck with XP pretty much for good, because who is going to throw out a perfectly functioning mill just because it requires a legacy OS? Even some CD/DVD duplicators only will interface with XP, and moving to Vista or newer will be an exercise in futility.
So, XP in a lot of cases is here to stay, for better or worse.
I wouldn't say we are back to the wild west days. It is just the fact that the foundations made with wood and llama dung have started to crumble, and it is time to move to more solid building materials.
I fear encryption bloat. There was (and is) a lot of crap out there when it came to encryption, be it using AES 256 like triple DES to have 768 bits of key space, except the encryption passphrase was just stored as a MD5 hash, to advertising use of "4096 bit keys", which were really sixty-four 64-bit RSA keys [1]. The author of this program (thankfully an internal use application that was soon chucked once I found this) was clueless and did that due to performance reasons, not realizing the mistake.
Done right, encryption isn't that big of an issue. However, as I've ranted before, encryption is easy... key management is the elephant in the room that all the companies make light of.
[1]: RSA keys are not like symmetric algorithms, and 64 bits is trivial to break. Doing this 64 times gives log2(64), or about six bits of additional security, so 70 bits total, instead of the 4096 bits promised.
NASA might have been expensive, but they pioneered a lot of things that are used every day, and not just Tang.
One can list hundreds of things that have come from NASA's moon launches and are used in common products these days. LEDs, airplane de-icing systems, fire-resistant materials, and non-destructive stress testing are just starters.
Of course, NASA has become the political whipping boy because it doesn't have immediate ROI. No, sending a robot to Mars might not have dollars rolling in, but the technological hurdles overcome to do the missions are things learned and can be used in the private sector.
I respect that FF has its own authentication/encryption mechanism in place and can be set to require a password before access to passwords or other local data is granted. I wish more Web browsers did this, as opposed to relying on the OS for security.
IMHO, I don't care if they store data in the vaults of Mordor... I care about what these firms offer for a SLA, and what happens to the data if the company folds or sells out.
Here in the US, in theory, the physical servers (and their SAN backends) should be blanked, but if not and the data passes through to another party, that party holding the servers owns that data free and clear. A bank's private records could be available as a torrent, or the new server owner could legally charge a previous client of the folded firm for access to their files. Perhaps even make the files public unless a "reclamation fee" was paid.
I've wondered about using a very high speed flip-flops, or on a simpler thing, a SR latch with both inputs on, and sampling the output. I remember some cryptographically secure RNGs doing this in lieu of a radium-painted chip.
What is needed is are seed inputs. When a key is hit, get a super-accurate clock sample of it, hash it with MD5 [1], and toss it in the pool. Mouse movements, similar. If the computer is idle, this won't help much, but while it is in use, it should help provide enough unpredictable data to be up to par for security purposes. I'm sure there are other inputs that can be hashed over time and the hashed bits tossed in. Of course, the RNG from the chip can be easily tossed in as well. The good thing is that the most random factor "wins" in this case.
[1]: MD5 has its issues, but it is being used in this case as a bit blender, so hash collisions can happen, and not really matter. It would be wise to move to a newer algorithm like SHA-1024 or SHA-3, for more bits though.
Trust but verify is important, but chips are incredibly hard to know if a random source is truly random, as opposed to, say the output of a clock AES encrypted, so that it appears random.
Best thing to do is have the chip be part of the RNG, but not the only part, so another random source will provide enough unpredictability to keep thing secure.
Wonder if it might overlap with some of Chaum's anonymous currency patents. His venture didn't last long, but the underlying concepts of the currency were sound and it provided true anonymous transfer of money without relying on blockchains or "majority rules".
I wonder if it might have been a corporate or governmental regulation. I know in some environments, if the OS doesn't have FIPS, Common Criteria, or other certifications, there will be Hell to pay come audit time.
You hit the nail on the head. Apple should either get with Oracle and put ZFS back in the OS X kernel as the default filesystem, get with Microsoft and license ReFS. HFS+ was a good filesystem when OS X hit the market, but it has been over a decade, and everyone else has moved on.
One reason why the IT industry moved from RAID 5 to RAID 6 as a standard is because even though disk capacities are growing, but I/O is not keeping pace. So, it takes longer and longer to rebuild a drive. RAID 6 is now a must because of the length of a rebuild being so long that there is a good chance of another drive failing while the RAID array is in degraded mode. Of course, this is for tier 3 storage, but tier 2 storage is also having similar issues as well.
I just wish LTO drives were cheaper. Otherwise, they would be ideal for backups because they support encryption on the drives themselves. All LTO-4 tapes and newer support this, so any LTO-4 drive given the right key can decrypt another drive's tape.
Of course, WORM media is always nice, especially with malware being a constant threat.
I'm curious how that is doable. Even Amazon Glacier would be about $10.24 per terabyte stored per month, so I'd be looking at about $130/month for that much info.
I am not passing judgement... just have not heard much about CrashPlan, good/bad other than a quick search on it.
I'll be the heretic here, but on Windows 8.1 and Windows Server 2012 R2, there is a feature called Storage Spaces. It works similar to ZFS where you toss drives into a pool, then create a volume that is either simple, mirror, or with parity, and Windows does the rest. If a volume needs more space, toss some more drives in the pool.
To boot, it even offers autotiering so data can be stored on a SSD that is frequently used, or remain on the HDDs if it isn't. Deduplication is handled on the filesystem level [1].
No, this isn't a replacement for a SAN with RAID 6 and real-time deduplication, but it does get Windows at least in the same ballgame as Oracle with ZFS.
[1]: Not active deduplication. The data is initially stored duplicated, but a background task finds identical blocks and adds pointers. Of course, the made from scratch filesystem, ReFS (which has the ability to check for bit rot on reads like ZFS), doesn't have this, so one is still stuck with NTFS for this feature.
In reality, Dropbox, Skydrive, and other cloud services should be treated as a type of media, just like BD-ROMs, tape, SDD, HDD, and even hard copy.
The trick is to use different media to protect against different things. My Blu-Ray disks protect an archive against tampering or CryptoLocker (barring a hack that flashes the BD burner's ROM to allow the laser to overwrite written sectors.) However, they have to be maintained in a good environment with a good indexing system. My files stashed on Dropbox bring me accessibility virtually anywhere... but malware that erases files could wipe that volume out in no time.
Similar with external HDDs. Those are great for dealing with a complete bare metal restore, but provide little to no protection against malware. Tape, OTOH, is expensive for the drive and requires a fast computer, but once the read-only tab is flipped or the WORM session is closed, the data is there until the tape is physically destroyed.
Of course, there is not just media... there are backup programs. This is why I use the KISS principle when it comes to backups. I use an archiving utility to break up a large backup into segments (with recovery segments to allow the archive to be repaired should media go bad), then burn the segments onto optical media.
I've found that using a backup utility can work well... until one has to restore, the company is out of business, and one can't find the CD key or serial number so the software will install. One major program I used for years worked excellently... then just refused to support new optical drives (as in ignoring them completely.) So, unless I can find a DVD drive on its antiquated hardware list on eBay, all my backups are inaccessible. I was lucky enough to find that and copy the data to a HDD, but using the lowest common denominator is a good thing.
Backups are the often neglected underbelly of the IT world. While storage, security, availability and other technologies have advanced significantly, backups on the non-enterprise level are still languishing behind in almost every way possible. It was only a few years ago that encryption became standard with backup utilities [1].
[1]: With encryption comes key management, and some backup programs make that easy, some make it incredibly hard.
WinRAR isn't perfect, but it works on a number of platforms, be is OS X, Windows, Linux, or BSD. This provides not just CRC checking, but one can add recovery records for being able to repair damage. If storing data on a number of volumes (like optical media), one can make recovery volumes as well, so only four CDs out of a five CD set are needed to get everything back.
It isn't as easy as ZFS, but it does work fairly well for long term archiving, and one can tell if the archive has been damaged years to decades down the road.
A response I've seen to this argument is, "the majority of the population don't murder and rape. So, we don't need those laws on the books about these crimes then?"
Not a stance I personally side with, but "have to do something as the perfect is the enemy of the good" can be a valid argument for gun control bills.
Yes, Qubes is useful. I was pointing out how to accomplish a fraction of the security of said OS with existing tools.
In a perfect world (i.e. no installed base), that would be how all desktop operating systems would be. The ideal would be a type 1 hypervisor, a backend deduplicated filesystem, copy on write capabilities, and so on. Someone fires off their office suite in one VM, save a file to a shared directory only visible to that VM and the mail client VM, and so on. Essentially not just virtualizing the memory space like conventional operating systems do, but completely duplicating libraries and all userspace.
In addition, the application VMs can be encrypted, only decrypted when used, and once done, the keys purged. This way, if a laptop is stolen while it is being used, not everything is compromised.
Only downside of this is that it does take a learning curve. I was trying to point out a solution that is better than nothing -- stick the Web browser in its own box, well away from anything sensitive.
The problem is that demanding censorship will make it harder for police globally to do work.
Right now, a lot of people are still going about their business directly from their IP to sites. Using an encrypted, offshore VPN is a matter of a few mouse clicks, or a couple taps on a smartphone or tablet. Once people start doing this as a matter of habit, then all goes dark.
The next step would be to block/censor/throttle VPNs, but because legitimate businesses use VPNs for secure remote communications, they will gripe, and a business that gripes is heard loud and clear compared to easily ignored individuals.
There is always the next step up -- a VM. It sounds like a lot of pointless steps, but with VMWare's Unity, the Web browser appears as another application on the taskbar, except marked with a color around it.
I do agree sandboxing might take a little bit of work, but it isn't that much for the protection gained. Similar with a VM. Even when not in VMWare's Unity mode, it is just a window to click on.
Long term, this complete sandboxing functionality should be in the OS. BSD's jail(), SELinux, AppArmor, and Window's low privilege mode all are steps in the right direction, but what is needed is separation of not just the browser from the OS, but separating each window/tab from each other, so a compromised window can't affect banking data on another tab, and in no way, the compromised window can get a user context [1] or higher. This has to be a cooperation between the Web browser application and the OS, as if the Web browser has a bug in it allowing malware to gain access, this is limited as much as possible. This way, there are at least two layers before a rogue plugin has control of the machine.
[1]: If a user context is gained, that is almost as good as admin access. From there, ransomware can run to encrypt files, Trojans can be dropped, keyloggers started, BitCoin miners launched, and DDoS attacks started. None need root/admin access.
The people who really got screwed are the stockholders of GM. The GM stock that was issued turned into a bankruptcy stock, and completely new shares were issued. Shareholders are dead last in line, behind the bondholders.
What would have happened is that cars, just like TVs, computers, chipmaking, hand tools, food, plastics, building materials, engines, and generators would just come from China. The patents would be bought up by an overseas holding company, and the sole carmaker, Ford, would have an uphill battle being the sole US company in a very competitive and fickle market.
I have a Twitter account, and that was because during the job hunt a few years back, prospective employers demanded one's Twitter ID, and when I stated that there was no point, I was told the interview was over because I wasn't keeping up with the times and spilling my guts to the world on an hourly basis about my floater/sinker ratio when I hit the bathroom, etc.
So, I have one that follows some sanitized corporate sources, and has not been touched since 2010.
If I want to announce something to the world, I'll buy an ad on Facebook.
I use sandboxie, and find it well worth using. With additional "supercookies" and methods to save state, having all Web browser data saved on a different volume, and is completely purged when done, no matter how many hidden files are written, is a good method of protecting privacy. Doesn't take much doing either. One can force a browser to run in a sandbox, or just right-click on it, select "run in sandbox", pick the sandbox you want it in, and go.
This is also coupled with "click to play" for Flash or other stuff, and using AdBlock for an extension, so the browser doesn't have to deal with most of the nasty stuff.
I also run a different browser for banking that I do general browsing. The more separation, the better.
People firewall their computers, might as well have a layer of security (sandbox or VM) against untrusted code that hits their machines directly.
That is something I have to agree with. We need more coders and innovators. The fewer people in the field, the more stagnant it gets.
We need more people that can use programming as a creative tool. Right now, programming has a bad rep, being viewed as the domain of offshore programming houses and bargain basement H-1Bs. However, cool new things have to be programmed by someone.