Well, putting 'terrorist' in quotes isn't helpful.
Considering what qualifies for the label "terrorist" these days, putting it in quotes isn't unreasonable.
I think it's pretty well understood that there *are* terrorists and a lot of them and they're walking among us.
While terrorists certainly exist, I don't believe for a moment that there are a lot of them walking among us. I think there's a very tiny number of them.
It's the storing and processing that bothers me.
I agree.
If the government is just watching the crowd and identifying people because they're searching for them then I'm okay with that.
This entirely depends on how they do it and what the false positive rate is.
If they start building a database that tracks me over a lifetime then I have a problem.
Then you have a problem, because that database exists and is tracking you for your entire life. It has existed for years now.
Indeed. I am so torn over this. On the one hand, the technology is very cool. On the other hand, the inevitability of abuse seems to outweigh the benefits.
Usually if they make it to the top of the popularity list they have proven gameplay to meet player expectations.
I'm not claiming otherwise! I'm saying that there are a lot of people who buy games and have rather low expectations in terms of gameplay. That's fair, people like what they like. My point isn't that people should have tastes similar to mine, it's that review scores are not sufficient to cover these differences, and are therefore entirely worthless for me.
I don't expect every developer to be an expert in cryptography. I do expect every developer to have a basic understanding of cryptography, which would include the type of understanding that the poster was asking for. What is PKI? How would I use it?
Then you should be asking those questions, not a really vague one like "Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?"
He didn't even say anything about "build an app which sends a file using PKI". He just said "how would I send a file?"
Right, which is an absolutely terrible question because it's too vague. Vague questions are always red flags in an interview -- there are too many possible ways of answering to be able to determine which is the "right" answer, and applicants will tend to start looking for where the trick is, since it sounds like a trick question.
The better approach is to be specific in the questions. Plus, asking specific questions will make the interview process for accurate.
It's no more unreasonable than asking "I want to send a stream of bytes to another computer on the internet, how would I do that?" and expecting an answer describing TCP sockets.
Correct, but that is also a terrible question to ask for the same reason. There are multiple ways of correctly answering it, but with no clear hint as to which is the answer the interviewer wants.
There is far more that can be known than a single person can know, so you should never, ever assume that a developer is skilled (or even knowledgeable) in a particular specialty based only on the number of years experience they have. I think you're doing a disservice in your process for finding qualified applicants: if you want them to know about PKI, for example, then you need to specify that in the job listing.
I'm not familiar with the "dear kitten" videos, so I can't comment on those specifically. But I don't have to -- even if such advertising is the best, most compelling entertainment ever made, I would still find them incredibly annoying, because they aren't doing a single thing that makes advertising useful to me and are instead trying their hardest to engage in highly objectionable emotional manipulation.
What makes an advertisement useful is really very simple: tell me that the product exists, what its benefits are, where I can get it, and how much it will cost. If an ad isn't telling me those things, then the ad is not useful and is therefore even more annoying.
If you are more adventurous like I am, you'll actually go and try games that aren't in the top 50.
Yes, almost exclusively. Games that rate highly tend to be games that have high production values in terms of video and audio. Games with such high production values tend to be games with poor gameplay.
As far as I'm concerned the most popular games are the games that should get the best scores because they are the ones people like.
If the ratings were a simple measure of popularity, I wouldn't have a problem with them at all. But instead, they pretend to represent the overall quality of a game in a single number, which is impossible. Therefore, the ratings are worthless. Often worse than worthless: they are misleading.
"The point of brand advertising is not to make you go out and buy a beer, but to make sure that when you do, you'll choose Budweiser."
But it can backfire. I know that I make it a point to avoid purchasing from brands that do this sort of advertising. Brand advertising is the most obnoxious advertising.
According to Thompson the future of online advertising looks increasingly like the business of television
God help us all. As annoying as "transactional" ads are, those stupid "immersive" ads are even worse.
and is likely to be dominated by services like Facebook, Snapchat or Pinterest
I would be absolutely thrilled by this. If the bulk of advertising takes place there, then I won't ever have to see the bulk of advertising. That's a win/win.
Review scores have always been worthless, with the sole exception that very low scores are almost always indicative of crap. Higher scores don't tell you what you need to know. For instance, I've seen games with terrible gameplay get high score simply because they're visually beautiful. That's probably legitimate for certain types of players, but it is actively misleading for other types (like me) who just want the gameplay to be excellent and couldn't care less how beautiful the art is.
I agree about the use of crypto. Don't misunderstand me -- I'm not saying not to use crypto at all! I encourage its use everywhere. I'm just saying that it's not as protective of data at rest as lots of people think.
So I'm not sure "keeping physical control" really accomplishes much
It forces them to deal with you and your machines to get access to your data. It might give you a change to fight against the disclosure, but even if not, you at least know the disclosure happened. If the data is in the cloud, it will just get handed over and you'll never know.
It also goes a long way to accomplish the same effects that you and I agree about: making it more difficult to engage in wholesale surveillance.
Yes, I care. In the first place, good crypto is not a panacea -- certainly not as good as maintaining physical control over your data storage. All crypto that is in common use (that I'm aware of) can be broken given enough time and effort. If you're using crypto to protect long-term storage, you're taking a risk. And, given that the NSA said they store encrypted communications indefinitely, all transmitted information is long-term storage. Remember the purpose of crypto is not to keep something a secret forever, it's to raise the cost of enemies reading that information and to delay the reading of it for long enough that it isn't valuable by the time it can be read
In the second place, crypto doesn't help at all with traffic analysis.
Umm, you didn't fix it for me, you broke it! I was intentionally and explicitly referring to all attackers, not just the NSA. That includes script kiddies (who happen to be the easiest crowd to defend against).
you shouldn't judge a browser on it's ability to support java and flash, that's really not how the web should work or will work in the future.
How the web should work or will work in the future is less important to me than how it works right now -- and right now, flash is still (unfortunately) important.
You, and encryption you implemented... absolutely nobody else. Period.
Encryption you've implemented?? If you aren't actually a cryptographer and you haven't had your implementation tested by other actual cryptographers, then you're making a terrible mistake in trusting your implementation. It's incredibly easy to implement crypto that looks and acts as if it is correct, but contains a hidden, subtle flaw that renders it easy to crack nonetheless.
"The cloud" is just too fuzzy a term. I have no problem with cloud-based file storage services, but I'd never put, say, my personal photos on an online photo-sharing service, or any other content-aware cloudy-thing.
"The cloud" is just the hip new marketing-speak for "centralized server". In this context, it's not too fuzzy at all. Your file storage service is no safer from spying than content-aware services.
My own hardware? That's silly. From Snowden we know the NSA can access files on my home server just as easily as they can on a cloud-based file server.
We don't know that at all, because it's not true unless you haven't set up your own server correctly or you don't have the correct security measures in place. Yes, a determined attacker (NSA or otherwise) can find a way into your servers, but it's' much more difficult for the government than cloud services, because they will have to bring their NSL or search warrant to your house or actually engage in hacking.
I do not trust any third party storage for my data, short or long term, and especially not cloud providers. It is legally impossible for them to guarantee that it remains safe from spying. Instead, I keep my data stored on my personal servers that live in a place that I physically control.
Right now, I use three different web browsers (on Windows that would be IE, FIreFox, and Chrome, and on Linux, that would be Opera, Firefox, and Chrome) because there are too many websites that only work under one or the other of them. A few years ago, this wasn't necessary, so we have backslid a fair ways. The "success" is far from complete, and getting farther as each day goes by. I expect HTML 5 to make the situation even worse.
Firefox has lost favor with me because it has pretty much abandoned the things that I loved about it, while continuing to make changes that are not only unnecessary, but actively make the browser worse. Mozilla needs to realize that their original goal is far from accomplished and get back on that horse. If they did that, I'll start giving them money again.
True enough. But would that get Google to stop pestering me to set up 2FA? I suppose my resistance to Google's authentication is partly my distrust of Google in general and partly a petulance that has come about from Google's annoying me about the whole thing.
Really? I would consider myself somewhat tech savvy, I run Linux, but I do use gmail as a secondary e-mail.
Well, I did say "most", not "all", and I was also talking jsut about the people I personally know. I don't pretend that I know the stats overall. That said, even you admit you use it as a secondary, not primary. I do the same -- which means that I'm not using gmail for much of anything.
I use it via IMAP (with SSL enabled) with a real mail client, not via webpage. So no ads for me.
Ads aren't the issue. Spying is.
I understand that some people prefer not to use gmail themselves, but why refuse to send e-mail to gmail addresses. If one is worried about Google analyzing messages, that's what gpg and S/MIME are for.
They don't send to gmail addresses because they want to avoid the tracking. Yes, crypto is another way to address it, but amongst the people I know who routinely use crypto for their emails, none of them use gmail. And even amongst the tech-savvy, only a minority of people encrypt their emails no matter what. Also, crypto doesn't do anything about traffic analysis.
If the store employees were somehow transferring their visual memory into a massive database then the outcry would be exactly the same.
Well, putting 'terrorist' in quotes isn't helpful.
Considering what qualifies for the label "terrorist" these days, putting it in quotes isn't unreasonable.
I think it's pretty well understood that there *are* terrorists and a lot of them and they're walking among us.
While terrorists certainly exist, I don't believe for a moment that there are a lot of them walking among us. I think there's a very tiny number of them.
It's the storing and processing that bothers me.
I agree.
If the government is just watching the crowd and identifying people because they're searching for them then I'm okay with that.
This entirely depends on how they do it and what the false positive rate is.
If they start building a database that tracks me over a lifetime then I have a problem.
Then you have a problem, because that database exists and is tracking you for your entire life. It has existed for years now.
Indeed. I am so torn over this. On the one hand, the technology is very cool. On the other hand, the inevitability of abuse seems to outweigh the benefits.
Usually if they make it to the top of the popularity list they have proven gameplay to meet player expectations.
I'm not claiming otherwise! I'm saying that there are a lot of people who buy games and have rather low expectations in terms of gameplay. That's fair, people like what they like. My point isn't that people should have tastes similar to mine, it's that review scores are not sufficient to cover these differences, and are therefore entirely worthless for me.
I don't expect every developer to be an expert in cryptography. I do expect every developer to have a basic understanding of cryptography, which would include the type of understanding that the poster was asking for. What is PKI? How would I use it?
Then you should be asking those questions, not a really vague one like "Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?"
He didn't even say anything about "build an app which sends a file using PKI". He just said "how would I send a file?"
Right, which is an absolutely terrible question because it's too vague. Vague questions are always red flags in an interview -- there are too many possible ways of answering to be able to determine which is the "right" answer, and applicants will tend to start looking for where the trick is, since it sounds like a trick question.
The better approach is to be specific in the questions. Plus, asking specific questions will make the interview process for accurate.
It's no more unreasonable than asking "I want to send a stream of bytes to another computer on the internet, how would I do that?" and expecting an answer describing TCP sockets.
Correct, but that is also a terrible question to ask for the same reason. There are multiple ways of correctly answering it, but with no clear hint as to which is the answer the interviewer wants.
There is far more that can be known than a single person can know, so you should never, ever assume that a developer is skilled (or even knowledgeable) in a particular specialty based only on the number of years experience they have. I think you're doing a disservice in your process for finding qualified applicants: if you want them to know about PKI, for example, then you need to specify that in the job listing.
I'm not familiar with the "dear kitten" videos, so I can't comment on those specifically. But I don't have to -- even if such advertising is the best, most compelling entertainment ever made, I would still find them incredibly annoying, because they aren't doing a single thing that makes advertising useful to me and are instead trying their hardest to engage in highly objectionable emotional manipulation.
What makes an advertisement useful is really very simple: tell me that the product exists, what its benefits are, where I can get it, and how much it will cost. If an ad isn't telling me those things, then the ad is not useful and is therefore even more annoying.
If you are more adventurous like I am, you'll actually go and try games that aren't in the top 50.
Yes, almost exclusively. Games that rate highly tend to be games that have high production values in terms of video and audio. Games with such high production values tend to be games with poor gameplay.
As far as I'm concerned the most popular games are the games that should get the best scores because they are the ones people like.
If the ratings were a simple measure of popularity, I wouldn't have a problem with them at all. But instead, they pretend to represent the overall quality of a game in a single number, which is impossible. Therefore, the ratings are worthless. Often worse than worthless: they are misleading.
"The point of brand advertising is not to make you go out and buy a beer, but to make sure that when you do, you'll choose Budweiser."
But it can backfire. I know that I make it a point to avoid purchasing from brands that do this sort of advertising. Brand advertising is the most obnoxious advertising.
According to Thompson the future of online advertising looks increasingly like the business of television
God help us all. As annoying as "transactional" ads are, those stupid "immersive" ads are even worse.
and is likely to be dominated by services like Facebook, Snapchat or Pinterest
I would be absolutely thrilled by this. If the bulk of advertising takes place there, then I won't ever have to see the bulk of advertising. That's a win/win.
Popular in most cases doesn't mean you will like it, it just means many people like it. Movie ratings are no different in that matter.
True, which is why they're pointless. As are movie ratings, for that matter.
Review scores have always been worthless, with the sole exception that very low scores are almost always indicative of crap. Higher scores don't tell you what you need to know. For instance, I've seen games with terrible gameplay get high score simply because they're visually beautiful. That's probably legitimate for certain types of players, but it is actively misleading for other types (like me) who just want the gameplay to be excellent and couldn't care less how beautiful the art is.
I agree about the use of crypto. Don't misunderstand me -- I'm not saying not to use crypto at all! I encourage its use everywhere. I'm just saying that it's not as protective of data at rest as lots of people think.
So I'm not sure "keeping physical control" really accomplishes much
It forces them to deal with you and your machines to get access to your data. It might give you a change to fight against the disclosure, but even if not, you at least know the disclosure happened. If the data is in the cloud, it will just get handed over and you'll never know.
It also goes a long way to accomplish the same effects that you and I agree about: making it more difficult to engage in wholesale surveillance.
If you use good encryption, do you care?
Yes, I care. In the first place, good crypto is not a panacea -- certainly not as good as maintaining physical control over your data storage. All crypto that is in common use (that I'm aware of) can be broken given enough time and effort. If you're using crypto to protect long-term storage, you're taking a risk. And, given that the NSA said they store encrypted communications indefinitely, all transmitted information is long-term storage. Remember the purpose of crypto is not to keep something a secret forever, it's to raise the cost of enemies reading that information and to delay the reading of it for long enough that it isn't valuable by the time it can be read
In the second place, crypto doesn't help at all with traffic analysis.
Oh, yes, I do this all the time. There are far, far too many sites who try to enforce the use of a particular browser for no good reason.
Umm, you didn't fix it for me, you broke it! I was intentionally and explicitly referring to all attackers, not just the NSA. That includes script kiddies (who happen to be the easiest crowd to defend against).
That may be the case, and yet there are websites that work right under one and not under the other.
you shouldn't judge a browser on it's ability to support java and flash, that's really not how the web should work or will work in the future.
How the web should work or will work in the future is less important to me than how it works right now -- and right now, flash is still (unfortunately) important.
Encryption you've implemented?? If you aren't actually a cryptographer and you haven't had your implementation tested by other actual cryptographers, then you're making a terrible mistake in trusting your implementation. It's incredibly easy to implement crypto that looks and acts as if it is correct, but contains a hidden, subtle flaw that renders it easy to crack nonetheless.
"The cloud" is just too fuzzy a term. I have no problem with cloud-based file storage services, but I'd never put, say, my personal photos on an online photo-sharing service, or any other content-aware cloudy-thing.
"The cloud" is just the hip new marketing-speak for "centralized server". In this context, it's not too fuzzy at all. Your file storage service is no safer from spying than content-aware services.
My own hardware? That's silly. From Snowden we know the NSA can access files on my home server just as easily as they can on a cloud-based file server.
We don't know that at all, because it's not true unless you haven't set up your own server correctly or you don't have the correct security measures in place. Yes, a determined attacker (NSA or otherwise) can find a way into your servers, but it's' much more difficult for the government than cloud services, because they will have to bring their NSL or search warrant to your house or actually engage in hacking.
I do not trust any third party storage for my data, short or long term, and especially not cloud providers. It is legally impossible for them to guarantee that it remains safe from spying. Instead, I keep my data stored on my personal servers that live in a place that I physically control.
Right now, I use three different web browsers (on Windows that would be IE, FIreFox, and Chrome, and on Linux, that would be Opera, Firefox, and Chrome) because there are too many websites that only work under one or the other of them. A few years ago, this wasn't necessary, so we have backslid a fair ways. The "success" is far from complete, and getting farther as each day goes by. I expect HTML 5 to make the situation even worse.
Firefox has lost favor with me because it has pretty much abandoned the things that I loved about it, while continuing to make changes that are not only unnecessary, but actively make the browser worse. Mozilla needs to realize that their original goal is far from accomplished and get back on that horse. If they did that, I'll start giving them money again.
True enough. But would that get Google to stop pestering me to set up 2FA? I suppose my resistance to Google's authentication is partly my distrust of Google in general and partly a petulance that has come about from Google's annoying me about the whole thing.
Really? I would consider myself somewhat tech savvy, I run Linux, but I do use gmail as a secondary e-mail.
Well, I did say "most", not "all", and I was also talking jsut about the people I personally know. I don't pretend that I know the stats overall. That said, even you admit you use it as a secondary, not primary. I do the same -- which means that I'm not using gmail for much of anything.
I use it via IMAP (with SSL enabled) with a real mail client, not via webpage. So no ads for me.
Ads aren't the issue. Spying is.
I understand that some people prefer not to use gmail themselves, but why refuse to send e-mail to gmail addresses. If one is worried about Google analyzing messages, that's what gpg and S/MIME are for.
They don't send to gmail addresses because they want to avoid the tracking. Yes, crypto is another way to address it, but amongst the people I know who routinely use crypto for their emails, none of them use gmail. And even amongst the tech-savvy, only a minority of people encrypt their emails no matter what. Also, crypto doesn't do anything about traffic analysis.