So far timothy, soulskill, and samsenpuss all post this crap from Bennett. Is it official dice policy to promote the shit this guy writes?
Seconded! Is he paying for this placement? Is he someone's friend? WHY is he getting this space on/.?
His posts always follow the same pattern. 1. He becomes aware of... something. 2. His massive intellect solves it. 3. He posts 1,000+ words to/. about how he solved it. 4. His solutions fail to address anything other than the most superficial aspects of whatever it is that he just became aware of.
That's not "News for Nerds". There's no in depth analysis.
I think more and more IT is becoming a manager of services, instead of a manager of servers.
Services run on servers.
Users access services that are running on servers.
When there are companies out there making the basics easy to manage, then you can afford the time to get the Like buttons running.
I keep getting marketing literature from companies promising that. But it never seems that they can deliver on their claims. Instead, it's just another service that needs to be maintained.
Just PATCHING systems includes identifying/testing/deploying: firmware drivers OS apps for every server / workstation / switch / router / firewall / wireless connected to your network.
The main problem is that most of the people making "IT decisions" do not understand the full impact of those decisions (or believe that they will not be held responsible).
Moving anything "to the cloud" simply means moving it "to someone else's computer". How do you judge their security?
What happens when one of their other clients is arrested for something illegal and the "cloud" computers get confiscated?
Anyway, from TFA:
If IT wants to stay relevant, weâ(TM)re going to have to find a way to leverage our deep understanding of technology to a new environment, working with other parts of the organization and relying on influence and expertise instead of gatekeeping and rigid rules.
Which will NEVER work. Spend some time reading up on the latest cracks that leaked credit card info. If you have to rely on "influence" you should look for another job. There will always be someone with more "influence" than you.
If I were President and I felt that X was necessary then I would document why I thought X was necessary and that I was solely responsible for X.
Afterwards, I'd release that to the media.
There wouldn't be any of these rolling revelations. Everyone would know that I thought it was necessary to torture persons A, B and C (and no one else) and that they were tortured and (redacted) information was collected and that the people who did so did so under my DIRECT ORDERS. No one else tortured anyone other than A, B and C.
Instead, we have denials, euphamisms, "extraordinary rendition", "black sites" and unsubstantiated claims.
Part of being the "good guys" means NOT being the "bad guys".
More people die in traffic accidents EVERY YEAR than the "terrorists" have ever killed here. So why give up a morally superior position to "fight" people who pose almost no threat to anyone outside their own countries?
So 1,800 "cyber-warriors" crash 48,000 machines. Or... each "cyber-warrior" crashes 27 machines. Yeah. Big threat there.
And crashing 48,000 machines? What is "elite" about that?
This sounds less like "a sophisticated cyber-warfare cell" and more like a few script-kiddies. If you want to cause damage then you search for Excel files and you make a few, random changes to the numbers. Do the same with any database files you can find.
And, lastly, you NEVER crash a machine. You want to maintain control for as long as possible.
So, yeah, it reads like bullshit propaganda. It probably is.
What kind of people are those going to be who volunteer to do a corporation's job?
That would be those people who already have an agenda that they believe could be furthered by restricting other people's accounts.
Tyranny of the majority.
And that isn't counting hiring people to do that. For just $X a day, you can down-vote post opposing Y and up-vote posts supporting Y. Think about whatever political position you don't like and imagine those people doing that.
Bennett Haselton is an idiot. That's okay.
The fact that Bennett Haselton's idiotic ideas get front page posting on/. is a problem. Why did samzenpus feel that this was worth posting?
If you want "rich" then tech probably is not the career path for you.
But seriously...if they got rich by knowing enough tech to found and build a startup, what's your beef with them?
Some did get rich through their technical skills. But more did it through business skills, relationships and such.
So what if it is a rich white frat guy.
Because the rich, white, frat guy will hire his frat brothers instead of you. One of them will be named CTO/CIO and that person will hire a manager and that manager will hire you. They get the stock options and you get a salary.
If you want to be part of that group then you go to that school and you join that frat.
Learn to deal with them and it might get you in the circles of people that are getting wealthier and help you do the same.
And that is the core problem. You see the tech person as lacking something that needs to be improved in order to join the frat brothers.
What do the frat brothers bring to the company?
You are disposable. There will always be another one just like you that they can hire. They can get a dozen resumes with a single call. That's if they don't just get someone on a H1B visa.
I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.
Or had those companies outsourced their email?
Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.
Dear Alice, please go to this website and enter your email password and do not ask me why the next time you see me in person because it is a secret. Sincerely, Bob
That's what I thought, also. Even if they were dragging planets with them (is it possible for planets to orbit that fast?) wouldn't the planets have been sterilized by the conditions at the center of whatever galaxies they came from?
Just finding one of them should be cool enough. There's no need to postulate about "life".
I'm beginning to think that many corporations establish online systems without ever doing a serious 3rd party security audit and then penetration testing, plus using whatever real time monitoring tools they can to detect and stop intrusions.
I worked with a company that used TrustWave for their 3rd party pen test. The TrustWave person was... okay... but he was only allowed to "test" for 5 work days (Mon-Fri) not counting travel time (no Mon morning or Fri afternoon). Or evenings/nights (take his laptop to his hotel). So, in total, less than 40 hours before declaring the system "secure" enough.
A real cracker could rack up double that in a 3 day weekend. Even with only one compromised machine.
And the "real time monitoring tools" usually only detect the script kiddies. Which is a positive step. Just not enough of one.
I think that the core problem is that "computer security" as a concept is way beyond the cognitive capability of most management types.
It really comes down to YOUR skills in PROTECTING the systems v the skills of EVERYONE in the world who can script automatic ATTACKS against those systems.
So right from the beginning YOU are at a disadvantage. Then YOU also have to COMMUNICATE the risks and requirements and costs to management. Every single day that you are NOT cracked (or the crack detected) means that YOU were wrong AGAIN about the risk of not spending $X on sub-system Y.
And management types do understand the concept of "inflating" your budget/status by overstating the real risks/rewards.
I thought we argued on all the downloading stories that an IP is not an identifier?
It is not sufficient for prosecution.
First off, an IP address can be re-assigned. So you'd need an IP address and date/time to be able to link it to a specific ISP account.
Each account can have multiple machines behind it that may or may not belong to that account (depending upon the security of their wireless network for example or whether any have been cracked already).
So an IP address is not sufficient for prosecution BUT it can be a personal privacy issue.
Bennett Haselton spends 1341 words on what should be a 3 sentence summary.
If you want to know whether X accessed the mayor's dropbox (why is the mayor using dropbox in the first place) then you need to a. get the IP addresses & times that they were used to access it b. match the IP addresses to ISP user accounts at those times
Now, if the judge does not support you, personally, having access to the IP addresses then the judge can appoint a disinterested 3rd party do handle it. You are only interested in the ISP user accounts and whether those belong to lobbyists.
There! Done! And no need for Bennett Haselton's weird tangent on cracking via web browsers.
In my experience (as a dev team lead and interviewer) foreign workers are generally more educated, more productive and more willing to got the extra mile than the local self-entitled bunch.
Well, unless you secretly work for Google or some such, this is not about you. They're the ones who can afford to attract the best people from around the world.
The other people claiming to be in tech usually mean H-1B visa recipients. And the real reasons to hire them are:
1. They're cheaper than hiring US citizens.
2. They cannot change jobs as easily as US citizens. No matter how many hours you demand that they work.
3. They're easier to dispose of. You just send them back home. No need to worry about wrongful termination suits or such.
If you cannot afford to hire the people with the training necessary then you need to look at your business plan.
Complaining that the local people who will take the job at the pay you're offering lack the education necessary says more about your pay than about the skills of the local people.
Isn't the most common scenario for these enterprises where the programmer's customers grow beyond his ability to support just by himself?
So he starts adding people to handle the portions that he cannot, efficiently, handle himself.
If you're going into this wondering what the "ratio of senior programmers to intermediate and junior programmers" should be then I think you've skipped too many steps.
The same with "different tools and/or languages". The 2nd programmer uses exactly what the 1st programmer uses. The idea is to provide support for the founder so he can focus on what he is good at.
Slashdot Mirror
There are about 500,000 Muslims in Australia.
1 of them is committing this crime.
He did "Kingdom of the Crystal Skull". I wouldn't trust his motivations on this one.
But my question is whether they will keep Deckard as a Replicant. And whether he will know that he is or not. Or will they retcon something stupid in.
Blade Runner was a great movie. There is no need for a sequel. They could make another movie in that universe without needing to make it a sequel.
Seconded! Is he paying for this placement? Is he someone's friend? WHY is he getting this space on /.?
His posts always follow the same pattern. ... something. /. about how he solved it.
1. He becomes aware of
2. His massive intellect solves it.
3. He posts 1,000+ words to
4. His solutions fail to address anything other than the most superficial aspects of whatever it is that he just became aware of.
That's not "News for Nerds". There's no in depth analysis.
So WHY does he keep getting space on /.?
As always, security is not a line-item. You cannot purchase "security".
I prefer to measure "security" as "how many people can successfully attack X".
If fewer people can successfully attack X after a change then that change has made X more secure.
If more people can successfully attack X after a change then that change has made X less secure.
So moving anything to "the cloud" will result in it being less secure. In almost every instance.
Services run on servers.
Users access services that are running on servers.
I keep getting marketing literature from companies promising that. But it never seems that they can deliver on their claims. Instead, it's just another service that needs to be maintained.
Just PATCHING systems includes identifying/testing/deploying:
firmware
drivers
OS
apps
for every server / workstation / switch / router / firewall / wireless connected to your network.
The main problem is that most of the people making "IT decisions" do not understand the full impact of those decisions (or believe that they will not be held responsible).
Moving anything "to the cloud" simply means moving it "to someone else's computer". How do you judge their security?
What happens when one of their other clients is arrested for something illegal and the "cloud" computers get confiscated?
Anyway, from TFA:
Which will NEVER work. Spend some time reading up on the latest cracks that leaked credit card info. If you have to rely on "influence" you should look for another job. There will always be someone with more "influence" than you.
If I were President and I felt that X was necessary then I would document why I thought X was necessary and that I was solely responsible for X.
Afterwards, I'd release that to the media.
There wouldn't be any of these rolling revelations. Everyone would know that I thought it was necessary to torture persons A, B and C (and no one else) and that they were tortured and (redacted) information was collected and that the people who did so did so under my DIRECT ORDERS. No one else tortured anyone other than A, B and C.
Instead, we have denials, euphamisms, "extraordinary rendition", "black sites" and unsubstantiated claims.
I prefer this memo:
http://www.theatlantic.com/daily-dish/archive/2007/05/-versch-auml-rfte-vernehmung/228158/
Part of being the "good guys" means NOT being the "bad guys".
More people die in traffic accidents EVERY YEAR than the "terrorists" have ever killed here. So why give up a morally superior position to "fight" people who pose almost no threat to anyone outside their own countries?
So 1,800 "cyber-warriors" crash 48,000 machines. Or ... each "cyber-warrior" crashes 27 machines. Yeah. Big threat there.
And crashing 48,000 machines? What is "elite" about that?
This sounds less like "a sophisticated cyber-warfare cell" and more like a few script-kiddies. If you want to cause damage then you search for Excel files and you make a few, random changes to the numbers. Do the same with any database files you can find.
And, lastly, you NEVER crash a machine. You want to maintain control for as long as possible.
So, yeah, it reads like bullshit propaganda. It probably is.
Yep. Which is why /. should require that every down-mod be accompanied by a short explanation of WHY it fit "abusive/trolling/offtopic".
Up-mods don't matter. If you want to mod something up then no explanation is necessary since they don't "bury" unpopular opinions.
That would be those people who already have an agenda that they believe could be furthered by restricting other people's accounts.
Tyranny of the majority.
And that isn't counting hiring people to do that. For just $X a day, you can down-vote post opposing Y and up-vote posts supporting Y. Think about whatever political position you don't like and imagine those people doing that.
Bennett Haselton is an idiot. That's okay.
The fact that Bennett Haselton's idiotic ideas get front page posting on /. is a problem. Why did samzenpus feel that this was worth posting?
Since the AI will probably be a computer ... doesn't the exact nature of the threat come down to what that computer is connected to?
AI + tank is a different issue than AI + colour printer.
Know what you want and then go after it.
If you want "rich" then tech probably is not the career path for you.
Some did get rich through their technical skills. But more did it through business skills, relationships and such.
Because the rich, white, frat guy will hire his frat brothers instead of you. One of them will be named CTO/CIO and that person will hire a manager and that manager will hire you. They get the stock options and you get a salary.
If you want to be part of that group then you go to that school and you join that frat.
And that is the core problem. You see the tech person as lacking something that needs to be improved in order to join the frat brothers.
What do the frat brothers bring to the company?
You are disposable. There will always be another one just like you that they can hire. They can get a dozen resumes with a single call. That's if they don't just get someone on a H1B visa.
I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.
Or had those companies outsourced their email?
Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.
Dear Alice, please go to this website and enter your email password and do not ask me why the next time you see me in person because it is a secret.
Sincerely, Bob
That's what I thought, also. Even if they were dragging planets with them (is it possible for planets to orbit that fast?) wouldn't the planets have been sterilized by the conditions at the center of whatever galaxies they came from?
Just finding one of them should be cool enough. There's no need to postulate about "life".
I worked with a company that used TrustWave for their 3rd party pen test. The TrustWave person was ... okay ... but he was only allowed to "test" for 5 work days (Mon-Fri) not counting travel time (no Mon morning or Fri afternoon). Or evenings/nights (take his laptop to his hotel). So, in total, less than 40 hours before declaring the system "secure" enough.
A real cracker could rack up double that in a 3 day weekend. Even with only one compromised machine.
And the "real time monitoring tools" usually only detect the script kiddies. Which is a positive step. Just not enough of one.
I think that the core problem is that "computer security" as a concept is way beyond the cognitive capability of most management types.
It really comes down to YOUR skills in PROTECTING the systems
v
the skills of EVERYONE in the world who can script automatic ATTACKS against those systems.
So right from the beginning YOU are at a disadvantage. Then YOU also have to COMMUNICATE the risks and requirements and costs to management. Every single day that you are NOT cracked (or the crack detected) means that YOU were wrong AGAIN about the risk of not spending $X on sub-system Y.
And management types do understand the concept of "inflating" your budget/status by overstating the real risks/rewards.
It is not sufficient for prosecution.
First off, an IP address can be re-assigned. So you'd need an IP address and date/time to be able to link it to a specific ISP account.
Each account can have multiple machines behind it that may or may not belong to that account (depending upon the security of their wireless network for example or whether any have been cracked already).
So an IP address is not sufficient for prosecution BUT it can be a personal privacy issue.
Bennett Haselton spends 1341 words on what should be a 3 sentence summary.
If you want to know whether X accessed the mayor's dropbox (why is the mayor using dropbox in the first place) then you need to
a. get the IP addresses & times that they were used to access it
b. match the IP addresses to ISP user accounts at those times
Now, if the judge does not support you, personally, having access to the IP addresses then the judge can appoint a disinterested 3rd party do handle it. You are only interested in the ISP user accounts and whether those belong to lobbyists.
There! Done! And no need for Bennett Haselton's weird tangent on cracking via web browsers.
I think that they'd just demand MORE visas be made available.
And they'd still be claiming a "shortage" because they cannot find the talent they need at the price they want to pay.
This link might work better for you.
http://www.huhcorp.com/
Because nothing says "the future" like having to run scripts to see anything on their page.
Sentence.
Fragments.
So this was just some slashvertisement to run up Ideo's page count? I'm not waiting for their site to load whatever-it-is that it was trying to load.
Is he saying we might end up in a fight with [China|Russia]?
Because if he is not then we'd be better served spending that money trying to stabilize the mid-east. And re-building our own infrastructure.
Well, unless you secretly work for Google or some such, this is not about you. They're the ones who can afford to attract the best people from around the world.
The other people claiming to be in tech usually mean H-1B visa recipients. And the real reasons to hire them are:
1. They're cheaper than hiring US citizens.
2. They cannot change jobs as easily as US citizens. No matter how many hours you demand that they work.
3. They're easier to dispose of. You just send them back home. No need to worry about wrongful termination suits or such.
If you cannot afford to hire the people with the training necessary then you need to look at your business plan.
Complaining that the local people who will take the job at the pay you're offering lack the education necessary says more about your pay than about the skills of the local people.
Isn't the most common scenario for these enterprises where the programmer's customers grow beyond his ability to support just by himself?
So he starts adding people to handle the portions that he cannot, efficiently, handle himself.
If you're going into this wondering what the "ratio of senior programmers to intermediate and junior programmers" should be then I think you've skipped too many steps.
The same with "different tools and/or languages". The 2nd programmer uses exactly what the 1st programmer uses. The idea is to provide support for the founder so he can focus on what he is good at.
I'm thinking that there should be some mechanism for funding X scholarships in STEM for X visas of the H1B1 type.
Corporations receive 100 H1B1 visas this year, then 100 STEM scholarships are also provided this year. Funding via taxes on those corporations.
At least it would make it easier to graduate in a STEM field without the massive debt.