How about just plain old Flash? Adobe has yet to release a stable 64b linux Flash player. The hacks to make the 32b version work on 64b linux are rather poor, too. I'm sure Google would want to use 64b linux for their Chrome Window Manager, but that would be a hard sell to consumers with flaky Flash support.
IP addresses used in attacks are usually Chinese or Russian. Furthermore, the malware found on hacked machines often uses Chinese or Russian characters.
It's a pretty good bet that the hackers themselves reside in those countries. We can't conclude that they are hacking at the request of their governments, but it wouldn't be surprising; those governments aren't doing much to stop the hacking (which would be easy to do using national firewalls).
I also hear rumors that game developers earn far less money and work far more (life-destroying) hours than, well, any other sort of developer or IT worker.
Iraqi and Afghani nationals and sympathizers are not necessarily terrorists. That's an absurd statement for you to make.
It takes specialist knowledge to perform these attacks. And there really aren't a huge number of terrorists in the world. It was surprising that AlQueda was able to find three of them smart enough to pilot airplanes. Doing what I suggest would require broader and deeper knowledge of diverse IT systems, datacenters, and corporate culture. This sort of knowledge is hard to come by when you're hiding in Pakistani caves, dodging predator drones. But, as I said, it's not hard for a modern state to acquire such skills.
How long would it take you to count to 2^119? The time it took to crack AES used to be a multiple of that.
Now how long would it take you to count to 2^110.5? The new time to crack AES is a multiple of that number, which anyone who went to college will tell you is MUCH smaller than 2^119. It's still a big number, though.
My point is that you can shut down the economy with a very small effort. It could be done much more easily and inexpensively than trying to plant an ICBM on, or fly a bomber over, every power plant in the country.
Furthermore, banks have disaster recovery plans to operate from alternative datacenters if a natural disaster or fire wipes out one of their buildings. Such DR plans don't help much against hackers and DoS attacks.
It's fear, yes. But it is extremely well-justified fear.
I do penetration tests for large companies. It's bad. Everywhere. The only reason penetration tests are ever unsuccessful is when the tester's hands are tied. Attacker's hands are not tied. Furthermore, denial-of-service flaws are universally ignored because information disclosure is considered a higher priority, and most companies have their hands full dealing with those flaws.
So let me make this as clear as possible: A single individual could shut down pretty much any large company. A group of individuals (say, from a hostile government) could halt operations in multiple simultaneous companies. Target a few large supply-chain management companies and a few large payment-processing/banking companies, and it would be relatively easy to shut down the economy for a while.
That means food rots on delivery trucks while paychecks stop flowing to employees. And don't think we will all switch over to doing things by hand during such an attack. The infrastructure to do so has been dismantled. We are entirely dependent on digital transactions these days.
Why hasn't such an attack happened? Is the probability really "low" as you suggest? It's just a matter of motivation. There isn't much profit in doing such a (tedious) thing for the eastern-european hacker crime groups, nor for the bored teenagers. There is more profitable, lower-hanging fruit. But if we went to war with a sophisticated nation, the motivations are entirely different. Widespread DoS combined with targeted database corruption would do much more damage to the economy (that thing that allows us to have the best military) than similarly-funded missile strikes.
Ignore the sound-bites security companies feed the media, but don't ignore the problem. This is perhaps the weakest part of our nation's defense infrastructure.
When you're the only man with a toilet in your country, you will use it a lot, because your neighbors' lack of hygiene will result in frequent diarrhea and other contagious diseases for you.
Sure--and mechanical engineers should just learn the mathematical models of bridge design in school. It's not the school's job to each them case studies and practical skills. They can learn that from experience after the first few bridges collapse.
(If you missed my point: it is horribly horribly stupid for schools to excuse themselves from teaching things simply because they could be theoretically be discerned through "experience.")
Software engineering is an art distinct from the mathematical concepts of computer science. Those who are self-taught and those who studied only CS are unlikely to have discovered all the important aspects of the production and maintenance of large, complex software projects--without many many years of experience, that is. McAllister is correct in this respect.
Our universities do a disservice by sticking students in computer science programs while software engineering is more aligned with the goals of the vast majority of students.
We outsourced a lot of development and IT to an Indian office, and found the experience to be most similar to managing a workforce composed entirely of interns. Our security group is also terribly concerned with the attitude toward (customer) data security observed in the Indian office.
I am quite sure some brilliant minds have come from India, but I get the impression they all left for the West where they could make six figures. If you are good with technology, why stick around in a country where half of households don't even have toilets? You just won't get talent for $20k/year, not even in India.
Your "physically secured" den is still vulnerable to XSRF vulnerabilities. Of course, there are better ways to protect against this than 10-minute timeouts. But still, it reduces the risk. There is a lot more to infosec than most people (even "computer experts") realize. Infosec is its own field because it is incredibly large and complex.
They don't typically post pay rates. But it isn't unusual to also see them demand expert knowledge in six or seven obscure and unrelated technologies, I'm sad to say.
Still, if experience requirements mean anything, it is very unusual to see a job posting willing to hire anyone younger than 35 or 40. You can say anti-old-people-ageism exists, but all of my experience suggests the opposite.
Bullshit. I've been looking at IT job postings, and most call for 10, 12, or even 15 years of experience as a requirement. If that's ageism, it's reverse ageism.
IT is stressful because it is a complicated, immature, and rapidly-changing industry. There are plenty of high-paying jobs in IT, but I think people leave the industry because they get sick of it.
The good news, however, is that these jobs pay so well that after a decade or two, a diligent saver can have enough investment cashflow to semi-retire, while consulting part-time to get that discretionary income. That's my dream, anyway, after working in IT for five years and investing 1/3rd of my income.
I would call it job liquidity, not job security. But this is the reason I am trying to move to Silicon Valley from this midwestern town. Well, that and the fact that I will be surrounded by brilliant people rather than average joes...
Slashdot Mirror
Which 64b Linux Flash player are you using? Flash 10 Alpha for Linux 64 crashes all the time.
How about just plain old Flash? Adobe has yet to release a stable 64b linux Flash player. The hacks to make the 32b version work on 64b linux are rather poor, too. I'm sure Google would want to use 64b linux for their Chrome Window Manager, but that would be a hard sell to consumers with flaky Flash support.
IP addresses used in attacks are usually Chinese or Russian. Furthermore, the malware found on hacked machines often uses Chinese or Russian characters.
It's a pretty good bet that the hackers themselves reside in those countries. We can't conclude that they are hacking at the request of their governments, but it wouldn't be surprising; those governments aren't doing much to stop the hacking (which would be easy to do using national firewalls).
I also hear rumors that game developers earn far less money and work far more (life-destroying) hours than, well, any other sort of developer or IT worker.
Iraqi and Afghani nationals and sympathizers are not necessarily terrorists. That's an absurd statement for you to make.
It takes specialist knowledge to perform these attacks. And there really aren't a huge number of terrorists in the world. It was surprising that AlQueda was able to find three of them smart enough to pilot airplanes. Doing what I suggest would require broader and deeper knowledge of diverse IT systems, datacenters, and corporate culture. This sort of knowledge is hard to come by when you're hiding in Pakistani caves, dodging predator drones. But, as I said, it's not hard for a modern state to acquire such skills.
How long would it take you to count to 2^119? The time it took to crack AES used to be a multiple of that.
Now how long would it take you to count to 2^110.5? The new time to crack AES is a multiple of that number, which anyone who went to college will tell you is MUCH smaller than 2^119. It's still a big number, though.
SQLite on the low end, Postgres for mid-range apps, and Oracle on the high end.
Where is the niche for MS SQL and MySQL in this picture?
My point is that you can shut down the economy with a very small effort. It could be done much more easily and inexpensively than trying to plant an ICBM on, or fly a bomber over, every power plant in the country.
Furthermore, banks have disaster recovery plans to operate from alternative datacenters if a natural disaster or fire wipes out one of their buildings. Such DR plans don't help much against hackers and DoS attacks.
...aaaand you did not refute a single one of my points, Mr. Coward. Typical.
It's fear, yes. But it is extremely well-justified fear.
I do penetration tests for large companies. It's bad. Everywhere. The only reason penetration tests are ever unsuccessful is when the tester's hands are tied. Attacker's hands are not tied. Furthermore, denial-of-service flaws are universally ignored because information disclosure is considered a higher priority, and most companies have their hands full dealing with those flaws.
So let me make this as clear as possible: A single individual could shut down pretty much any large company. A group of individuals (say, from a hostile government) could halt operations in multiple simultaneous companies. Target a few large supply-chain management companies and a few large payment-processing/banking companies, and it would be relatively easy to shut down the economy for a while.
That means food rots on delivery trucks while paychecks stop flowing to employees. And don't think we will all switch over to doing things by hand during such an attack. The infrastructure to do so has been dismantled. We are entirely dependent on digital transactions these days.
Why hasn't such an attack happened? Is the probability really "low" as you suggest? It's just a matter of motivation. There isn't much profit in doing such a (tedious) thing for the eastern-european hacker crime groups, nor for the bored teenagers. There is more profitable, lower-hanging fruit. But if we went to war with a sophisticated nation, the motivations are entirely different. Widespread DoS combined with targeted database corruption would do much more damage to the economy (that thing that allows us to have the best military) than similarly-funded missile strikes.
Ignore the sound-bites security companies feed the media, but don't ignore the problem. This is perhaps the weakest part of our nation's defense infrastructure.
"I had to OC my clock, so I added a butterfly trap to get extra energy."
PHP now comes with more GOTO!
When you're the only man with a toilet in your country, you will use it a lot, because your neighbors' lack of hygiene will result in frequent diarrhea and other contagious diseases for you.
Sure--and mechanical engineers should just learn the mathematical models of bridge design in school. It's not the school's job to each them case studies and practical skills. They can learn that from experience after the first few bridges collapse.
(If you missed my point: it is horribly horribly stupid for schools to excuse themselves from teaching things simply because they could be theoretically be discerned through "experience.")
Software engineering is an art distinct from the mathematical concepts of computer science. Those who are self-taught and those who studied only CS are unlikely to have discovered all the important aspects of the production and maintenance of large, complex software projects--without many many years of experience, that is. McAllister is correct in this respect.
Our universities do a disservice by sticking students in computer science programs while software engineering is more aligned with the goals of the vast majority of students.
We outsourced a lot of development and IT to an Indian office, and found the experience to be most similar to managing a workforce composed entirely of interns. Our security group is also terribly concerned with the attitude toward (customer) data security observed in the Indian office.
I am quite sure some brilliant minds have come from India, but I get the impression they all left for the West where they could make six figures. If you are good with technology, why stick around in a country where half of households don't even have toilets? You just won't get talent for $20k/year, not even in India.
What you describe sounds like a hybrid with the French keyboard layout. Don't blame HP; blame Canada for tolerating Quebec.
Your "physically secured" den is still vulnerable to XSRF vulnerabilities. Of course, there are better ways to protect against this than 10-minute timeouts. But still, it reduces the risk. There is a lot more to infosec than most people (even "computer experts") realize. Infosec is its own field because it is incredibly large and complex.
You might change your position on this topic once you graduate and get a real job.
You and your friends can go drink in the woods around a fire.
They don't typically post pay rates. But it isn't unusual to also see them demand expert knowledge in six or seven obscure and unrelated technologies, I'm sad to say.
Still, if experience requirements mean anything, it is very unusual to see a job posting willing to hire anyone younger than 35 or 40. You can say anti-old-people-ageism exists, but all of my experience suggests the opposite.
Bullshit. I've been looking at IT job postings, and most call for 10, 12, or even 15 years of experience as a requirement. If that's ageism, it's reverse ageism.
You are right that it does make an assumption about laziness distribution. So we'll call it a logical approximation, rather than a proper syllogism.
IT is stressful because it is a complicated, immature, and rapidly-changing industry. There are plenty of high-paying jobs in IT, but I think people leave the industry because they get sick of it.
The good news, however, is that these jobs pay so well that after a decade or two, a diligent saver can have enough investment cashflow to semi-retire, while consulting part-time to get that discretionary income. That's my dream, anyway, after working in IT for five years and investing 1/3rd of my income.
I would call it job liquidity, not job security. But this is the reason I am trying to move to Silicon Valley from this midwestern town. Well, that and the fact that I will be surrounded by brilliant people rather than average joes...