The funny thing is though, that if you go back a generation you'd see a role reversal in the jealousy with regards fancy Americans with their indoor plumbing and other technological innovations.
Comes around. Goes around. Etc. Get off the merry go round or keep cycling in what amounts to self hatred.
Thinking of a cool idea is not even almost in the same league as inventing it. Example: The flying car.
But don't blame a lack of support from others, because that's just lame. You could always, you know, take a dead-end job in a patent office or something giving you the time to develop your ideas into something that will gain you recognition rather than derision.
Re:Slashdot comments: censorship by glut
on
Censorship By Glut
·
· Score: 1
:-) It's more financially viable than kuro5hin, at least.
I didn't follow the FOSS story that closely, but wasn't the gist of it that support contracts naturally have less ROI for clients as FOSS software and/or systems mature and things "just work" a lot more? To me that would be a good thing all round - less "insurance policy"/"service contract" wastage, and more paying for actual development on the stable FOSS systems which have been adopted.
Re:Slashdot comments: censorship by glut
on
Censorship By Glut
·
· Score: 1
Worse, it actively provides a motivation not to deeply consider your response, which further enforces the groupthink as it's an easy scaffold to quickly assemble a half-assed idea.
But - to criticise it would be to miss the point, which is that the payoff for such people is to recognise themselves and be recognised as a member of a group. This is more emotionally desirable than the notion of distributing or receiving useful information, which is what Slashdot masquerades itself as.
The appeal for those outside these particular group-think modes, is that there is the occasional fresh insight which has been penned quickly enough to be visible.
But I submit to you that if Slashdot already has the ideal comment/moderation system for running a business - fast moving - sometimes informative - mostly disposable entertainment - repeat.
The question is, could Slashdot ever improve that system and turn the balance further towards a meritocracy, and still remain financially viable?
I'm content to let the old guard (literally) die off. It wasn't too long ago that email was the office bogeyman and considered a novelty - until legitimate business uses were consistently made of it.
It's the same story - if your workers are abusing a technology then your problem is with your workers - or rather your management of those workers - not the technology.
Management is usually last to point the finger of blame at itself, which is precisely why we continually see technology scapegoated.
Filtering content as 'serious' or 'time-wasting' legitimises the bogus mindset of the old-guard and thus prolongs the damage they perpetuate to true innovation.
Now tell me that those 30 seconds don't convey more via video than could be conveyed through 30 seconds of reading abstract symbols.
Every tool can be misused, and video is not a perfect tool for many tasks. But to slate all of YouTube because it can be used frivolously is dangerously short sighted.
Doesn't work as nicely as it does in private industry - the policy makers are not scientifically inclined and only display a token interest the opinions of those beneath them.
I daresay (because I've been out of it directly for the last 6 years) that private industry has already found a balance between the productive and non-productive usage of things like YouTube.
If I thought that Wikipedia were near the end of the scale of what we can achieve through collaborative information gathering and/or decision making, then I'd readily agree.
As Clay Shirky points out with regards our cognitive surplus, Wikipedia is just a drop in the ocean with regards our potential.
Not really, as it would require other people to judge what is relevant to the particular scientific area I'm currently researching, and hopefully place it upon ScienceTube.
An employer who trusted their employees to actually work and not to go all giddy over pictures of puppies wearing hats, would solve the problem more efficiently.
The innovation going on behind the scenes is trending to make the pay-per-view technical journals less relevant precisely because of their exclusionary nature which relies upon a monopoly on the accepted forms of professional communication.
As someone who works in R&D I can absolutely agree.
I stumbled across his valuable work in my own time though, since the Government of Canada blocks Youtube and other blog/social networking sites. Until workplaces and institutions relax/modernise internet policy usage, we won't be seeing the full benefit of these new methods of communication.
Isn't it a limit of three installs which have all talked to the spore server within 10 days rather than a lifetime limit? So after 10 days of not using an install on PC:A, you can reinstall it on PC:B?
Annoying - yes, but you'd have to try very hard to be legitimately disadvantaged by it.
It sounds cynical. Without evidence it also sounds childish.
I'm not a regular gamer any more, but I like to keep an eye on titles which push the genres a little - e.g. GTA IV, Little Big Planet and Spore. Even though I run only Linux now, and won't be able to play it anyway, I found the review interesting and not out of place.
This reads like an LSD-spiked stream of consciousness. What is your actual point?
For example - you're now arguing that Symantec fixing the security flaws it created in its own products is an example of your original proposition that there are more whitehats than blackhats? If you're part of the problem while marketing yourself as part of the solution, then your hat is pretty grey to my eyes.
I also have a problem with your "Experts in the field should do X because of (vague generalisation)" argument style.
I'm not concerned about other people not updating against exploits - I'm concerned about my updated machine falling victim to a malformed ping packet which no whitehat knows about yet.
If the opinions held by 'mysidia' ever gained more traction, the chances of that exploit being discovered by whitehats would decrease proportionally.
An AC blithely inferring personal experience of "the computer underground", doesn't carry as much weight as you seem to wish it does.
Word is that there are several dozen zero-day Linux kernel exploits on the blackhat market right now. For what it's worth that's anecdotal, but even if that figure is exaggerated, the blackhats are still out powering the whitehats in either number or technical ability.
If they didn't then they wouldn't exist.
I'm not going to be able to respond to you point-by-point because of a rather general lack of coherence, so I'm going to pick and choose:
Companies like Symantec and F-Secure are public. Their staffing and other financial records are available for inspection; lookup their annual reports to see massive spending&staffing in research; there can be no doubts there.
My impression was that the R&D was spent on things like Vista compatibility and defending their own protection programs from being disabled as part of the exploit.
I've never heard of one case of an anti-virus company proactively researching a vulnerability and patching it. There wouldn't seem to be much of a business model to create from that. But if I'm wrong then there should be plenty of evidence - why would they spend the R&D that you mention, and not publicise its positive effects?
Some crackers will be searching for new bugs, the bulk of them do not need to, they'll just wait until a new exploit is eventually published by a researcher, or they they can try to buy it. In either case, the research by a third party is what spreads the 'hack' into use.
At least in the Linux world, vulnerabilities, once published, tend to have fixes out pretty darn quickly. This is not a winning strategy for a blackhat.
Also - a researcher who sells to blackhats, is a blackhat by definition.
I don't think it's all that difficult to make useful but dangerous research information available to the security concerned while making it hard for all except the truly dedicated crackers.
You seem to be describing exactly what happened with the recent DNS server vulnerability?
A $1 or $2 nominal fee for access would generally reduce digestion by the general public, and teenagers without credit card access
Blackhats are not terribly concerned about copyright infringement. If they didn't hack the server silently to get past the $1 or $2 fee, then they'd use someone elses credit card info.
Once one copy is made, then the information is available on the blackhat market anyway, except the whitehats have a harder time getting to it.
Both fortunately and unfortunately, the unhampered public posting means anyone who searchers for the right keywords will see it..
Blackhats aren't idly spending their days typing "latest exploit info" into Google. They have their own information market spaces, and they are skilled and efficient at what they do.
Everything you describe which makes it harder for whitehats is to the benefit of blackhats.
there are massive numbers of full-time researchers and few full-time bad guys.
Do you have any figures/research for this or is it opinion?
The "researchers" are helping, providing inspiration, and guidance to would-be part-time bad guys.
The bad guys who will continue to go on and sell their exploits on international markets? So, the monetary motivation is nothing compared to the motivation generated by researchers?
Exploits exist. Bad guys have a motivation to find them and keep them secret. Without researchers in the field, the good guys would never be able to fix the exploits.
What about coming up with a better solution before panning the current situation which seems to work quite well? Do you work in the security field at all?
Slashdot Mirror
The funny thing is though, that if you go back a generation you'd see a role reversal in the jealousy with regards fancy Americans with their indoor plumbing and other technological innovations.
Comes around. Goes around. Etc. Get off the merry go round or keep cycling in what amounts to self hatred.
Thinking of a cool idea is not even almost in the same league as inventing it. Example: The flying car.
But don't blame a lack of support from others, because that's just lame. You could always, you know, take a dead-end job in a patent office or something giving you the time to develop your ideas into something that will gain you recognition rather than derision.
:-) It's more financially viable than kuro5hin, at least.
I didn't follow the FOSS story that closely, but wasn't the gist of it that support contracts naturally have less ROI for clients as FOSS software and/or systems mature and things "just work" a lot more? To me that would be a good thing all round - less "insurance policy"/"service contract" wastage, and more paying for actual development on the stable FOSS systems which have been adopted.
Worse, it actively provides a motivation not to deeply consider your response, which further enforces the groupthink as it's an easy scaffold to quickly assemble a half-assed idea.
But - to criticise it would be to miss the point, which is that the payoff for such people is to recognise themselves and be recognised as a member of a group. This is more emotionally desirable than the notion of distributing or receiving useful information, which is what Slashdot masquerades itself as.
The appeal for those outside these particular group-think modes, is that there is the occasional fresh insight which has been penned quickly enough to be visible.
But I submit to you that if Slashdot already has the ideal comment/moderation system for running a business - fast moving - sometimes informative - mostly disposable entertainment - repeat.
The question is, could Slashdot ever improve that system and turn the balance further towards a meritocracy, and still remain financially viable?
Mean, Median and Mode. In a world of 99 uniform dumbasses and 1 genius, 99% would be below mean intelligence.
Not sure where you get the 50% from.
That's pretty awesome, thanks for the tip.
I'm content to let the old guard (literally) die off. It wasn't too long ago that email was the office bogeyman and considered a novelty - until legitimate business uses were consistently made of it.
It's the same story - if your workers are abusing a technology then your problem is with your workers - or rather your management of those workers - not the technology.
Management is usually last to point the finger of blame at itself, which is precisely why we continually see technology scapegoated.
Filtering content as 'serious' or 'time-wasting' legitimises the bogus mindset of the old-guard and thus prolongs the damage they perpetuate to true innovation.
Just take 30 seconds of time and bandwidth, by viewing this starting half-way through from 2:30-3:00
http://www.youtube.com/watch?v=Jd3-eiid-Uw
Now tell me that those 30 seconds don't convey more via video than could be conveyed through 30 seconds of reading abstract symbols.
Every tool can be misused, and video is not a perfect tool for many tasks. But to slate all of YouTube because it can be used frivolously is dangerously short sighted.
Doesn't work as nicely as it does in private industry - the policy makers are not scientifically inclined and only display a token interest the opinions of those beneath them.
I daresay (because I've been out of it directly for the last 6 years) that private industry has already found a balance between the productive and non-productive usage of things like YouTube.
If I thought that Wikipedia were near the end of the scale of what we can achieve through collaborative information gathering and/or decision making, then I'd readily agree.
As Clay Shirky points out with regards our cognitive surplus, Wikipedia is just a drop in the ocean with regards our potential.
Not really, as it would require other people to judge what is relevant to the particular scientific area I'm currently researching, and hopefully place it upon ScienceTube.
An employer who trusted their employees to actually work and not to go all giddy over pictures of puppies wearing hats, would solve the problem more efficiently.
And Wikipedia.. that'll never work.
The innovation going on behind the scenes is trending to make the pay-per-view technical journals less relevant precisely because of their exclusionary nature which relies upon a monopoly on the accepted forms of professional communication.
As someone who works in R&D I can absolutely agree.
I stumbled across his valuable work in my own time though, since the Government of Canada blocks Youtube and other blog/social networking sites. Until workplaces and institutions relax/modernise internet policy usage, we won't be seeing the full benefit of these new methods of communication.
C'mon, you and I both know that an IPv6 Spectrum would kick its ass, with or without hardware sprite support.
Perhaps because they are already involved in protecting the safety of the vice and presidential candidates?
You can apparently get 3 more installations if you run out (at the discretion of EA customer support) - but that's hardly any better.
Isn't it a limit of three installs which have all talked to the spore server within 10 days rather than a lifetime limit? So after 10 days of not using an install on PC:A, you can reinstall it on PC:B?
Annoying - yes, but you'd have to try very hard to be legitimately disadvantaged by it.
A legal way to play a legally purchased copy would be nice :-/
Sweet - thanks for the tip! I found the Wine/Spore report page - looks like there are still a few bugs, but very promising.
How does "Bought" sound?
It sounds cynical. Without evidence it also sounds childish.
I'm not a regular gamer any more, but I like to keep an eye on titles which push the genres a little - e.g. GTA IV, Little Big Planet and Spore. Even though I run only Linux now, and won't be able to play it anyway, I found the review interesting and not out of place.
This reads like an LSD-spiked stream of consciousness. What is your actual point?
For example - you're now arguing that Symantec fixing the security flaws it created in its own products is an example of your original proposition that there are more whitehats than blackhats? If you're part of the problem while marketing yourself as part of the solution, then your hat is pretty grey to my eyes.
I also have a problem with your "Experts in the field should do X because of (vague generalisation)" argument style.
I'm not concerned about other people not updating against exploits - I'm concerned about my updated machine falling victim to a malformed ping packet which no whitehat knows about yet.
If the opinions held by 'mysidia' ever gained more traction, the chances of that exploit being discovered by whitehats would decrease proportionally.
An AC blithely inferring personal experience of "the computer underground", doesn't carry as much weight as you seem to wish it does.
Word is that there are several dozen zero-day Linux kernel exploits on the blackhat market right now. For what it's worth that's anecdotal, but even if that figure is exaggerated, the blackhats are still out powering the whitehats in either number or technical ability.
If they didn't then they wouldn't exist.
I'm not going to be able to respond to you point-by-point because of a rather general lack of coherence, so I'm going to pick and choose:
Companies like Symantec and F-Secure are public. Their staffing and other financial records are available for inspection; lookup their annual reports to see massive spending&staffing in research; there can be no doubts there.
My impression was that the R&D was spent on things like Vista compatibility and defending their own protection programs from being disabled as part of the exploit.
I've never heard of one case of an anti-virus company proactively researching a vulnerability and patching it. There wouldn't seem to be much of a business model to create from that. But if I'm wrong then there should be plenty of evidence - why would they spend the R&D that you mention, and not publicise its positive effects?
Some crackers will be searching for new bugs, the bulk of them do not need to, they'll just wait until a new exploit is eventually published by a researcher, or they they can try to buy it. In either case, the research by a third party is what spreads the 'hack' into use.
At least in the Linux world, vulnerabilities, once published, tend to have fixes out pretty darn quickly. This is not a winning strategy for a blackhat.
Also - a researcher who sells to blackhats, is a blackhat by definition.
I don't think it's all that difficult to make useful but dangerous research information available to the security concerned while making it hard for all except the truly dedicated crackers.
You seem to be describing exactly what happened with the recent DNS server vulnerability?
A $1 or $2 nominal fee for access would generally reduce digestion by the general public, and teenagers without credit card access
Blackhats are not terribly concerned about copyright infringement. If they didn't hack the server silently to get past the $1 or $2 fee, then they'd use someone elses credit card info.
Once one copy is made, then the information is available on the blackhat market anyway, except the whitehats have a harder time getting to it.
Both fortunately and unfortunately, the unhampered public posting means anyone who searchers for the right keywords will see it..
Blackhats aren't idly spending their days typing "latest exploit info" into Google. They have their own information market spaces, and they are skilled and efficient at what they do.
Everything you describe which makes it harder for whitehats is to the benefit of blackhats.
Is this sarcasm which is going over my head?
there are massive numbers of full-time researchers and few full-time bad guys.
Do you have any figures/research for this or is it opinion?
The "researchers" are helping, providing inspiration, and guidance to would-be part-time bad guys.
The bad guys who will continue to go on and sell their exploits on international markets? So, the monetary motivation is nothing compared to the motivation generated by researchers?
Exploits exist. Bad guys have a motivation to find them and keep them secret. Without researchers in the field, the good guys would never be able to fix the exploits.
What about coming up with a better solution before panning the current situation which seems to work quite well? Do you work in the security field at all?
Also, Slashdot supports paragraphs.