So MacGuyver can pick your house's door lock in 15 seconds with a light bulb filament. So what? You're not worried about MacGuyver. You probably haven't changed your house keys since you moved in. Does that make your house vulnerable? Maybe, but we've learned to live with that level of risk. Besides, if somebody really wants into your house, they'll just kick the door in or break a window. Keys just keep honest people honest, and you rely on your neighbors, and the police, to prevent unauthorized access to your home.
My bank ATM card is protected only with a 4-digit PIN, which is encrypted in the bank's records using 64-bit DES. But I've never heard of anybody cracking that DES encryption, or brute-forcing ATM codes, to gain unauthorized access to people's bank accounts. Instead, they use easier methods--human engineering--to get people to reveal their account numbers or other personal information. Then the thieves don't even need your PIN number! In other words, they come in through a window. So a 4-digit PIN number turns out to be secure enough after all.
If you're Fort Knox, you might have reason to care about the strength of your password or pass phrase. But for those of us that live in the real world, ANY password is good enough.
I did the same thing when I was a kid. But now, I find Wikipedia even more fun to read! Not only does it have so much more depth, but there are all those links everywhere in the article, leading to all kinds of other subjects. Now, I sometimes catch my kids reading article after article online!
I have a phone that has a Web browser, can send and receive e-mail, has a full QWERTY keyboard, and run Java apps. But I'm pretty sure it's considered a "dumb" phone. What exactly is it that makes a phone "smart"? Gestures? Siri? Android or iOS? My dumb phone would have been considered "smart" just 12 years ago, when the first Blackberry was introduced!
I'm convinced that Walmart does this kind of data mining too. As soon as I walk into the store, their computer systems identify me, figure out what I'm about to buy, and make SURE that item is already sold out!
Maybe this is what AARP has been doing. They've been sending me invitations to join their organization for years, ever since I was in my 20's. Undoubtedly their data mining algorithms determined that I would one day reach retirement age, so they are doing everything they can to "capture" me now!
When I first brought daily 10-minute meetings to my programming team, they were skeptical. They hated meetings because they had been long and unproductive. But recently, after three years, I gave the team the option to reduce the number of meetings to, say, twice a week. Unanimously, they wanted to continue the daily meetings. Each of them said they got a lot out of them. They felt they knew what was going on, and many problems were caught before they grew.
The thing is, I respect my team members. I treat them like they are the professionals they are. In return, they give me everything they've got.
Daily meetings done right can be highly valuable. Done wrong, they can be torture.
I'll go even farther. In the real world of business, most advanced college degrees aren't worth much. I've came to consider an MS degree as one strike against a candidate for a programming position, and a Ph.D. as two strikes against!
That's not to say that advanced degrees are worthless, or that those who hold them are unintelligent...quite the opposite! But those with advanced degrees seem often to excel more in the lab than in the practical world of delivering a quality software product.
My theory is that, in a university setting, students never really have to build software that must pass the ultimate test: misuse by end users.
Your contrast is not really hacker vs. engineer, but agile vs. waterfall.
If you think building software is like building a building (spec it out in detail before you start, write tons of documentation, resist any change orders)--that's "waterfall" methodology, what you are referring to as "engineering."
If you want to start with a software sketch, show the sketch to your customer, and then incrementally improve it until the shape develops into something really useful and valuable--that's "agile" methodology, what you are referring to as "hacking."
Both are totally legitimate forms of software engineering. But waterfall-style "engineering" is cumbersome, slow, extremely expensive, and tedious. If you love programming, pick a small company with an agile mentality. I've done both styles, and I don't ever want to work in a large software shop again!
I don't even trust GMail to keep my e-mail store forever, but download them to my own copy of Thunderbird each day. GMail is probably not going away any time soon, but what would I do if for some reason they shut down my account? Customer service for issues like this at Google isn't exactly stellar. If you don't have your own backups of what you have in the cloud, you are asking for trouble.
You are exactly right. For the very reasons you listed, security audits often fail to uncover real security problems that exist. A comprehensive and competent audit requires a lot of money, a lot more than most companies or local governments are willing to pay. And that is precisely why I put so little faith in audit findings.
I can also speak from personal experience. A company I worked for had to pass a security audit in order to do business with the City of Houston government. It was a joke. We programmers all knew of glaring security holes, but the audit missed everything, and we passed with flying colors.
The moral of the story? Use common sense. Do the things that you know make a site more secure. Don't store plain-text passwords. Use stored procedures. Use SSL. Use the latest development tools. Somebody will still find a way around your security controls. But to keep your customers happy, get a security audit done. That will give them the peace of mind they want, and you the cover you need.
Nobody has created real rock-solid security--physical or digital--without spending truckloads of money.
Yes, you are so right. Each of my major career advancements came as a result of side projects that helped my "main" job. I never sold my work to my company. They got the benefits of what I created, but I didn't hand over the rights to it. One building block led to another. And I never averaged more than 42 hours per week either.
To the original post: Don't sweat it. Just let the company have it. You'll still benefit in the long run.
Nobody really believes Al Gore claimed to "invent" the Internet, not even those who joke about it. It's called sarcasm. The point of the sarcasm is to poke fun at the notion that Gore thought he deserved credit for having any significant role in the creation of the internet.
The snopes.com article seems a little less objective than their typical fare.
When your body has a bug to report (pain), you call the doctor. What does the doctor do?
- Ask where it hurts.
- Ask when the problem started.
- Ask about other symptoms that might be occurring.
- Run some diagnostic tests.
The fact is, you're never going to get meaningful bug reports from non-technical people, any more than patients are going to report detailed symptoms and vital signs, complete with test results, to their doctor. That's the doctor's job, and diagnosing software problems is your job.
Not necessarily. Our company uses a system that takes snapshots several times a minute. It's never used except when there's already a problem with an employee. It is then used to document the actions of that employee, in order to provide legal cover once they are fired.
Different companies have different notions of how much, and how, to police the work that is done by employees and contractors. Some are better than others, but it's their money to safeguard. This does not seem like a problem to me. Personal equipment not used for work, however, is a different story.
PCs have had enough power (including GPU power) to compete with game consoles for a long time. Why didn't they?
Phones and tablets are beginning to approach the level of power of a PC. But they won't replace game consoles either. Why? Because, as with PC's, it's not about the processor or GPU power.
The game console has some strategic advantages over PC's and tablets: 1) it's cheaper than a PC or tablet, 2) it is specifically made for playing games, and 3) it sits next to the TV, permanently connected and ready to play. Just turn it on and go. No need to set up a connection each time you want to play. No need to go fetch the tablet to hook it up to the TV. It's already there.
Simply put, a multi-purpose device will never be quite as good at gaming as a dedicated gaming device.
Yes, very true. The proof that/.'s system works well is that we all read the comments before we even read the referenced article (if we even read the article)! What other site's comments are such interesting reading? Who cares if it's perfectly moderated. It's moderated well enough.
It is a joke because people's typical work-weeks these days are more like 50-60 hours, and families live on two incomes instead of one, effectively doubling the work hours per family. Of course, we wouldn't need to work so much to maintain the standard of living of the 70's. That's not the point! The point is, people today work, on average, more hours per week than they did in those days. Automation has not decreased people's workloads. Instead, it has increased the pace.
Since the Industrial Revolution, people have been worrying about machines replacing them. People rioted in the streets because machines were cheaply producing the products they had been handcrafting for centuries.
In the 70's people were predicting that the computer would do so much of our work for us that in a few years, we would all have a 10-hour work-week. What a joke!
I for one am not quite ready to go live off the land. Besides, if I did that, I might run into one of those Y2K nuts that still doesn't know the world survived that apocalypse!
It doesn't look like part of the cloud to me, the brightness and tint isn't quite right. It looks more like a reflection, as if there were glass between the camera and the sky, with something in the foreground reflecting at just the right place to make it look like part of the cloud.
If you read my original post, you'll see that my premise was IF...THEN. It was not my intention to argue for the legitimacy of intellectual property, merely to draw a logical conclusion based on the assumption that it is legitimate.
No, of course pirating a copyrighted work is not equivalent legally to killing a policeman. Neither is shoplifting.
You can't illegally copy a copyrighted work without depriving the creator (owner) of income that could otherwise be derived from that work. This is the crux of the matter: many creators / authors would not do what they do if they were not able to derive income from their work. If we as a society value the contributions these creators make to our society, we have to have a model of rewarding them monitarily for their efforts. That is, at its core, the basis for the legal recognition of intellectual property.
Slashdot Mirror
So MacGuyver can pick your house's door lock in 15 seconds with a light bulb filament. So what? You're not worried about MacGuyver. You probably haven't changed your house keys since you moved in. Does that make your house vulnerable? Maybe, but we've learned to live with that level of risk. Besides, if somebody really wants into your house, they'll just kick the door in or break a window. Keys just keep honest people honest, and you rely on your neighbors, and the police, to prevent unauthorized access to your home.
My bank ATM card is protected only with a 4-digit PIN, which is encrypted in the bank's records using 64-bit DES. But I've never heard of anybody cracking that DES encryption, or brute-forcing ATM codes, to gain unauthorized access to people's bank accounts. Instead, they use easier methods--human engineering--to get people to reveal their account numbers or other personal information. Then the thieves don't even need your PIN number! In other words, they come in through a window. So a 4-digit PIN number turns out to be secure enough after all.
If you're Fort Knox, you might have reason to care about the strength of your password or pass phrase. But for those of us that live in the real world, ANY password is good enough.
I did the same thing when I was a kid. But now, I find Wikipedia even more fun to read! Not only does it have so much more depth, but there are all those links everywhere in the article, leading to all kinds of other subjects. Now, I sometimes catch my kids reading article after article online!
I have a phone that has a Web browser, can send and receive e-mail, has a full QWERTY keyboard, and run Java apps. But I'm pretty sure it's considered a "dumb" phone. What exactly is it that makes a phone "smart"? Gestures? Siri? Android or iOS? My dumb phone would have been considered "smart" just 12 years ago, when the first Blackberry was introduced!
I'm convinced that Walmart does this kind of data mining too. As soon as I walk into the store, their computer systems identify me, figure out what I'm about to buy, and make SURE that item is already sold out!
Maybe this is what AARP has been doing. They've been sending me invitations to join their organization for years, ever since I was in my 20's. Undoubtedly their data mining algorithms determined that I would one day reach retirement age, so they are doing everything they can to "capture" me now!
Why shouldn't our smaller units of currency be converted to paper to reflect this situation and keep costs down
It isn't clear that paper money is cheaper overall than coins. http://en.wikipedia.org/wiki/Banknote#Advantages_and_disadvantages
When I first brought daily 10-minute meetings to my programming team, they were skeptical. They hated meetings because they had been long and unproductive. But recently, after three years, I gave the team the option to reduce the number of meetings to, say, twice a week. Unanimously, they wanted to continue the daily meetings. Each of them said they got a lot out of them. They felt they knew what was going on, and many problems were caught before they grew.
The thing is, I respect my team members. I treat them like they are the professionals they are. In return, they give me everything they've got.
Daily meetings done right can be highly valuable. Done wrong, they can be torture.
I'll go even farther. In the real world of business, most advanced college degrees aren't worth much. I've came to consider an MS degree as one strike against a candidate for a programming position, and a Ph.D. as two strikes against!
That's not to say that advanced degrees are worthless, or that those who hold them are unintelligent...quite the opposite! But those with advanced degrees seem often to excel more in the lab than in the practical world of delivering a quality software product.
My theory is that, in a university setting, students never really have to build software that must pass the ultimate test: misuse by end users.
Your contrast is not really hacker vs. engineer, but agile vs. waterfall.
If you think building software is like building a building (spec it out in detail before you start, write tons of documentation, resist any change orders)--that's "waterfall" methodology, what you are referring to as "engineering."
If you want to start with a software sketch, show the sketch to your customer, and then incrementally improve it until the shape develops into something really useful and valuable--that's "agile" methodology, what you are referring to as "hacking."
Both are totally legitimate forms of software engineering. But waterfall-style "engineering" is cumbersome, slow, extremely expensive, and tedious. If you love programming, pick a small company with an agile mentality. I've done both styles, and I don't ever want to work in a large software shop again!
I don't even trust GMail to keep my e-mail store forever, but download them to my own copy of Thunderbird each day. GMail is probably not going away any time soon, but what would I do if for some reason they shut down my account? Customer service for issues like this at Google isn't exactly stellar. If you don't have your own backups of what you have in the cloud, you are asking for trouble.
If it was hard to write, it should be hard to understand!
http://www.thinkgeek.com/homeoffice/stickers/9d48/
Then they'll say, "You can't say we didn't warn you!" Oh but wait, they won't be here to gloat, will they?
ANY (analog) clock with stopped hands is right twice a day!
You are exactly right. For the very reasons you listed, security audits often fail to uncover real security problems that exist. A comprehensive and competent audit requires a lot of money, a lot more than most companies or local governments are willing to pay. And that is precisely why I put so little faith in audit findings.
Citibank had a security hole that let people just change the credit card number in the URL! http://yro.slashdot.org/story/11/06/26/1334209/citi-hackers-got-away-with-27-million. AND they passed security audits!
I can also speak from personal experience. A company I worked for had to pass a security audit in order to do business with the City of Houston government. It was a joke. We programmers all knew of glaring security holes, but the audit missed everything, and we passed with flying colors.
The moral of the story? Use common sense. Do the things that you know make a site more secure. Don't store plain-text passwords. Use stored procedures. Use SSL. Use the latest development tools. Somebody will still find a way around your security controls. But to keep your customers happy, get a security audit done. That will give them the peace of mind they want, and you the cover you need.
Nobody has created real rock-solid security--physical or digital--without spending truckloads of money.
Yes, you are so right. Each of my major career advancements came as a result of side projects that helped my "main" job. I never sold my work to my company. They got the benefits of what I created, but I didn't hand over the rights to it. One building block led to another. And I never averaged more than 42 hours per week either.
To the original post: Don't sweat it. Just let the company have it. You'll still benefit in the long run.
Nobody really believes Al Gore claimed to "invent" the Internet, not even those who joke about it. It's called sarcasm. The point of the sarcasm is to poke fun at the notion that Gore thought he deserved credit for having any significant role in the creation of the internet.
The snopes.com article seems a little less objective than their typical fare.
When your body has a bug to report (pain), you call the doctor. What does the doctor do?
- Ask where it hurts.
- Ask when the problem started.
- Ask about other symptoms that might be occurring.
- Run some diagnostic tests.
The fact is, you're never going to get meaningful bug reports from non-technical people, any more than patients are going to report detailed symptoms and vital signs, complete with test results, to their doctor. That's the doctor's job, and diagnosing software problems is your job.
Not necessarily. Our company uses a system that takes snapshots several times a minute. It's never used except when there's already a problem with an employee. It is then used to document the actions of that employee, in order to provide legal cover once they are fired.
Different companies have different notions of how much, and how, to police the work that is done by employees and contractors. Some are better than others, but it's their money to safeguard. This does not seem like a problem to me. Personal equipment not used for work, however, is a different story.
PCs have had enough power (including GPU power) to compete with game consoles for a long time. Why didn't they?
Phones and tablets are beginning to approach the level of power of a PC. But they won't replace game consoles either. Why? Because, as with PC's, it's not about the processor or GPU power.
The game console has some strategic advantages over PC's and tablets: 1) it's cheaper than a PC or tablet, 2) it is specifically made for playing games, and 3) it sits next to the TV, permanently connected and ready to play. Just turn it on and go. No need to set up a connection each time you want to play. No need to go fetch the tablet to hook it up to the TV. It's already there.
Simply put, a multi-purpose device will never be quite as good at gaming as a dedicated gaming device.
Yes, very true. The proof that /.'s system works well is that we all read the comments before we even read the referenced article (if we even read the article)! What other site's comments are such interesting reading? Who cares if it's perfectly moderated. It's moderated well enough.
It is a joke because people's typical work-weeks these days are more like 50-60 hours, and families live on two incomes instead of one, effectively doubling the work hours per family. Of course, we wouldn't need to work so much to maintain the standard of living of the 70's. That's not the point! The point is, people today work, on average, more hours per week than they did in those days. Automation has not decreased people's workloads. Instead, it has increased the pace.
Since the Industrial Revolution, people have been worrying about machines replacing them. People rioted in the streets because machines were cheaply producing the products they had been handcrafting for centuries.
In the 70's people were predicting that the computer would do so much of our work for us that in a few years, we would all have a 10-hour work-week. What a joke!
I for one am not quite ready to go live off the land. Besides, if I did that, I might run into one of those Y2K nuts that still doesn't know the world survived that apocalypse!
YES! I think I see her image in the clouds! Now what do you suppose we can sell to commemorate the event?
It doesn't look like part of the cloud to me, the brightness and tint isn't quite right. It looks more like a reflection, as if there were glass between the camera and the sky, with something in the foreground reflecting at just the right place to make it look like part of the cloud.
If you read my original post, you'll see that my premise was IF...THEN. It was not my intention to argue for the legitimacy of intellectual property, merely to draw a logical conclusion based on the assumption that it is legitimate.
No, of course pirating a copyrighted work is not equivalent legally to killing a policeman. Neither is shoplifting.
You can't illegally copy a copyrighted work without depriving the creator (owner) of income that could otherwise be derived from that work. This is the crux of the matter: many creators / authors would not do what they do if they were not able to derive income from their work. If we as a society value the contributions these creators make to our society, we have to have a model of rewarding them monitarily for their efforts. That is, at its core, the basis for the legal recognition of intellectual property.