I never think to google someone or stalk their social media profiles but everyone I work with does it immediately after getting a resume or meeting someone over the phone. OK...they only do the last one if she sounds hot.
That is awesome. Our QA team couldn't test their way out of a wet paper bag. Completely useless, and wouldn't even begin to know how to test for a security vulnerability.
A lot of this has been done. You have to know the tools and use the correctly. Something you can't get around is that they are using languages that let you write your own shit from scratch cause you may or may not know that a fully tested and secure method already exists in the framework.
Yeah...but then everyone gets really annoyed at the security team or security engineer for holding up the release if they are allowed to at all. If the devs try to code a fix it does not solve the problem and the security engineer is again stuck being the bad guy asking for it to be re-coded over and over again while business stakeholders start pressuring the CTO/CIO, and the project managers start complaining a lot, and the pressure builds til we just release whatever it is. Or a security hole is discovered that has existed for years and no one wants to deal with it because of the above scenario that always plays out and because "it hasn't caused any problems yet." Being a security engineer is a thankless position filled with a lot of CYA emails and politics that all revolve around not enforcing security. An atmosphere of compliance-over-security forms and they pick their battles just to make it though a work week without upsetting too many people that don't care about security because it doesn't fall within their measurement of success. Show me a company that *really* values and pursues security in a serious way and I will never forget their name.
This incident has made those loose flash drives all the more tempting. No one can resist examining a random flash drive. It is like finding a wallet. You have to open it and rifle through the whole thing.
Exactly. Developers get the business to let them waste time on writing unit tests because they hear "testing" which sounds really good and like it may be something that could prevent the constant bumbling that follows each release. I sit there mumbling something about "waste of time" under my breath and ask how they are going to ensure that this test suite is going to be maintained and that it will actually test anything we care about. The developers admit to the pitfalls, the air lets out of their sails, and they go ahead with it anyway because it is what every good developer is supposed to do. To this day, after years, there is no test coverage.
Pretty much the same with QA. They test what the developers tell them to test and seek guidance from them on how and what to do. Surprise, surprise, we discover how the application really works when it hits production.
Most people who use FaceBook assume that they are the owners of the experience and their data regardless of the reality. The use of FaceBook is taken as an unalienable right. Zuckerburg and team better wake up because this sentiment that their users hold is going to exert serious political pressure on them given an incident or if something happens to jar this sentiment. My hope is that some backlash does happen and FaceBook is forced to provide an API to users that will let other innovators and competitors easily move people off of the centralized, dangerous, exploitative scam that FaceBook is and is becoming. It would be nice to see FaceBook and other companies struggling to give users control over their data instead of the opaque data orgy that is currently unfolding.
I picture users being able to enable or disable access to their data and getting compensated by companies (with crypto-currency) who bid for certain levels of access or classifications--all in a decentralized way. FaceBook is awesome, not because it is special tech, it is not, but because of all of the users that have joined and use the platform. It is too big and important to be centralized and "owned" by a single entity.
I pretty much completely forgot about FireFox until I started seeing talk about it on slashdot recently or when I work on my grandma's computer where I installed it ten years ago. I never a had an explicit reason to stop using it but it was a default install along with chrome about five years ago whenever I installed an OS on a new machine. I guess it did get slow and maybe I just didn't want to think in two or three browsers any more. I just install chrome and use it exclusively now as does just about everyone I know. Signing into chrome with my google/gmail account removes a lot of friction on browsing experience--at the cost of privacy I guess.
Not if they refuse to incite violence. You really should not beat people up because they want to gather their toys and go home. It is their choice...leave them alone.
" Or it could be completely unreliable when the network flakes in a way your tests didn't anticipate."
This. Nothing boils my blood quicker than a developer blaming the infrastructure for a bug in their software. I snap back: "Why did you trust the network? Never trust the network or the database!" "I know, I know." "Then why are you back here? Go fix your code!!"
Slashdot Mirror
If they are not doing this all the time I don't want to work there. I can't do the same shit over and over.
"I need to make to my LinkedIn profile so it triggers warning bells,"
Pretty much all I cared about after reading the summary. I like to keep them on edge.
I never think to google someone or stalk their social media profiles but everyone I work with does it immediately after getting a resume or meeting someone over the phone. OK...they only do the last one if she sounds hot.
"The judge warned such an interpretation "could profoundly impact open access to the internet.""
What is this judge smoking? I like him.
I'm here for the CReimer posts.
This isn't really newsworthy.
Huh? It's not?! I have been boasting my knowledge of the new intel chipset discovery to my colleagues all morning.
"had to explain to some people with supposedly 5 years experience in that space what an HTTP header looks like"
Had that conversation a few times myself. I have also had to walk through TCP sessions and handshakes and the like to explain things....whoooosh!!
Eventually stopped giving internet 101 lessons to senior devs.
That is awesome. Our QA team couldn't test their way out of a wet paper bag. Completely useless, and wouldn't even begin to know how to test for a security vulnerability.
A lot of this has been done. You have to know the tools and use the correctly. Something you can't get around is that they are using languages that let you write your own shit from scratch cause you may or may not know that a fully tested and secure method already exists in the framework.
Yeah...but then everyone gets really annoyed at the security team or security engineer for holding up the release if they are allowed to at all. If the devs try to code a fix it does not solve the problem and the security engineer is again stuck being the bad guy asking for it to be re-coded over and over again while business stakeholders start pressuring the CTO/CIO, and the project managers start complaining a lot, and the pressure builds til we just release whatever it is. Or a security hole is discovered that has existed for years and no one wants to deal with it because of the above scenario that always plays out and because "it hasn't caused any problems yet." Being a security engineer is a thankless position filled with a lot of CYA emails and politics that all revolve around not enforcing security. An atmosphere of compliance-over-security forms and they pick their battles just to make it though a work week without upsetting too many people that don't care about security because it doesn't fall within their measurement of success. Show me a company that *really* values and pursues security in a serious way and I will never forget their name.
....or if you are really serious about scanning some docs perhaps a Brother or Fijitsu
This incident has made those loose flash drives all the more tempting. No one can resist examining a random flash drive. It is like finding a wallet. You have to open it and rifle through the whole thing.
Great. Now random flash drives are going to become even more irresistible than they already where. Every security manager's worst nightmare.
"We have also launched an internal investigation to understand how this happened..."
Let me tell you what happened. Someone dumped the files onto a flash drive and dropped it somewhere.
Exactly. Developers get the business to let them waste time on writing unit tests because they hear "testing" which sounds really good and like it may be something that could prevent the constant bumbling that follows each release. I sit there mumbling something about "waste of time" under my breath and ask how they are going to ensure that this test suite is going to be maintained and that it will actually test anything we care about. The developers admit to the pitfalls, the air lets out of their sails, and they go ahead with it anyway because it is what every good developer is supposed to do. To this day, after years, there is no test coverage.
Pretty much the same with QA. They test what the developers tell them to test and seek guidance from them on how and what to do. Surprise, surprise, we discover how the application really works when it hits production.
Most people who use FaceBook assume that they are the owners of the experience and their data regardless of the reality. The use of FaceBook is taken as an unalienable right. Zuckerburg and team better wake up because this sentiment that their users hold is going to exert serious political pressure on them given an incident or if something happens to jar this sentiment. My hope is that some backlash does happen and FaceBook is forced to provide an API to users that will let other innovators and competitors easily move people off of the centralized, dangerous, exploitative scam that FaceBook is and is becoming. It would be nice to see FaceBook and other companies struggling to give users control over their data instead of the opaque data orgy that is currently unfolding.
I picture users being able to enable or disable access to their data and getting compensated by companies (with crypto-currency) who bid for certain levels of access or classifications--all in a decentralized way. FaceBook is awesome, not because it is special tech, it is not, but because of all of the users that have joined and use the platform. It is too big and important to be centralized and "owned" by a single entity.
I pretty much completely forgot about FireFox until I started seeing talk about it on slashdot recently or when I work on my grandma's computer where I installed it ten years ago. I never a had an explicit reason to stop using it but it was a default install along with chrome about five years ago whenever I installed an OS on a new machine. I guess it did get slow and maybe I just didn't want to think in two or three browsers any more. I just install chrome and use it exclusively now as does just about everyone I know. Signing into chrome with my google/gmail account removes a lot of friction on browsing experience--at the cost of privacy I guess.
Jesus...you need to get a real job.
Countries should not have High Courts. All they do is attempt to validate corrupt officials and mangle laws into a shell of their former intent.
Instead, fear will burst into flames of violence and nothing will ever absolve them of the shame to follow.
Not if they refuse to incite violence. You really should not beat people up because they want to gather their toys and go home. It is their choice...leave them alone.
Why are people so hell-bent on telling others what to do? It seems like that is the only theme I can glean from modern media about society. WTF?!
" Or it could be completely unreliable when the network flakes in a way your tests didn't anticipate."
This. Nothing boils my blood quicker than a developer blaming the infrastructure for a bug in their software. I snap back: "Why did you trust the network? Never trust the network or the database!" "I know, I know." "Then why are you back here? Go fix your code!!"
Show me someone who has "100% test coverage" and I will walk over to the closet and let the unicorn out.