It's hard to take Java security seriously as long as the Java installer tries to push malware. I've tried to figure out if it actually is legal for them to do that, but so far I haven't really found any good analysis of the case.
That is Oracle for ya. They are too cheap to pay for the bandwidth. So eyecandy spyware is included to cover the costs since Larry doesn't make enough money.
All your code belongs to US open room implementation or not just like how they screwed Google and Apache.
No thank you and why should we help them with their own incompetence. Java is dead. Let it live in legacy in a dusty MDF somewhere with it's elderly uncle COBOL.
Then explain why routers and phones don't have these problems?
The externality of a poor quality is not passed to the consumer with IOT but to us. That is the problem. Not the market and explains why the other products mentioned do not have the problems. If they did the consumer would be harmed and they would not tolerate it.
We do not need regulation. Just give ISPs the power to shut off connections doing bot attacks. Once customers start getting their internet turned off and paying hundreds for geeks to come in and tell them that new camera, not a PC is the cause then the free market will kick in just like phones and cable modems today have basic security for this reason.
The user doesn't even know that an IOT is not secure. After all his phone is and so is the cable modem right?
Until ISPs start disconnected internet service and hit the consumers by the pocketbook this will continue. We know if phones could randomly be botted or cable modems with no security 0wned every PC in 2 mins that company would be prosecuted and sued a million times over for losses.
Funny. We do not have these problems with phones. TVs. Computers. Or refrigerators.
Consumers plug them in and they just work. Why would the cool new camera to put in the office be any different?
No, the reason is if the consumer received a financial penalty or looses his or her data then all hell breaks loose the company gets prosecuted and risks a huge financial liability.
If the camera in the office gets botted and sends data galore to take down servers who cares? Not their problem. Everything works just fine etc.
Just like today anyone in desktop support gets PISSED when these morons with admin rights keep installing malware! Tell them to stop and they say that is your problem IT man I do not own this computer. At home he or she would never open a funny attachment from the boss etc.
So what is the incentive for company to secure their products? Until the consumer is screwed over the problem will never go away. A crappy made IOT vs a good one is no different. Whoever makes it the cheapest right?
It has nothing to do with the dancing pigs problem. 97% of us in 2017 know better than to run dancing_pigs.exe. At work people do not give a shit as it is your problem in the I.T. department since they do not own the systems so it is an outliner. In 2002 when computers were new to non-nerds and business folks it was an issue as grandma or a 50 year old Mom who doesn't use a PC at work had no idea why that would be bad.
For non IT geeks outside of slashdot they plug in a TV and it works! They turn on a phone and it works! THey plug in a cable modem and it works and is secure! The PC just works and is secure!
So why would they think this cool new camera they can put outside the office would be any different?
The point of using binary logs is they are signed. It is not about a horrible database system being corrupted which is what is being applied (not relevant) but rather a way of having every root or administrator having his or her own sets of keys. If a hacker uses lets say the system service to cover the tracks there would be evidence of that as a different SID (The NT version of a key sort of) or in the case of Linux just key there would be evidence.
So if you had let's say objects that are signed but had text encapsulated you could still use your unix tools too. Another root user would have a different key which the filesystem would show modification by that key.
If a hacker has write access to/var/logs, he can do a helluva lot more than just monkey with log files. At that point, he's got root access, or something nearly as nasty.
And the reason behind text files is that they are human-readable and human-editable, even if the only editor available is ed. There's a place for binary blobs, but I don't believe that place is configuration. Replicating configuration settings when you're forced to use binary files like the registry can be problematic, whereas I can rebuild functionality on a new *nix machine by simply copying over plain text files, and I've done it on many occasions. I build custom iptables routers, and believe me, the speed at which I can get a new router up and going where I have backups to/etc is a helluva lot faster than anyone will ever get trying to shove binary blobs through Powershell pipes.
I am not disagreeing but if I r00t a server you bet the first thing I am going to do is rewrite your/var/logs when I put in my rootkit to hide evidence. That is a flaw which Solaris too now uses binary logs and switched away from init that angered many admins for this reason.
An object based or signed object with text encapsulation system inside Bash I would not be opposed too. Text files are simple and readable but can be dangerous. If objects have a format they are not black box blobs per say which is how PowerShell works.
Linux has moved to encrypted binary log files[1], unfortunately, a vocal minority of older system admins and developers refuse to see the necessity of this feature.
SystemD hate is big for a variety of reasons. But I can see System Admins concern as how can you edit and run scripts on binary files?
I like the concepts of PowerShell and piping objects even if they are less readible as even in Unix not everything is an object. If Plan9 became popular the need for an object based shell like PowerShell would not be as much of an issue but still security is a problem in a text based system.
Perhaps since so much of Linux is turning object based that a new shell or extension underneath Bash could be used to do things like view and change logs that are binary or process XML files? Maybe a signed text based redirector framework so you could run awk, sed, perl scripts on binary systemD objects.
But the old times would go ballistic and switch to FreeBSD faster than you can say SystemD lol... turns to sighs.
That may be, but Windows is still a prime target, and while security features in a scripting language aren't a bad thing, at the end of the day what actually stands between a system and an attacker is the underlying OS. After all, Powrshell is hardly the only interpreter that runs on Windows.
I think Microsoft and its supporters should spend their efforts securing their own system, and stop the marketing-style "yeah, but look at MacOS!" nonsense. As to security, all OSs have vulnerabilities, so comparing who has more and the severity and so forth is just another form of pissing contest.
For myself, I still find Powershell a frankly horrible scripting language, it's only positive feature being that it's the best Windows has, and I'll its outrageously verbose syntax simply because it does do the job, no matter how awkwardly and slowly.
How many grandmas have Powershell turned on with execution-policy Allsigned or RemoteSigned turned on by default for hackers to target? If you are going to target you use an ad.
I am not all pro MS per say but I can do nifty things with PowerShell like this on my SSD drivers " Get-PhysicalDisk | Get-StorageReliabilityCounter | Select Wear " to find on the disk in percentages. Cool stuff as PowerShell deals with objects, while Unix scripts can only process things if they are text.
Nothing wrong with that in something like the Unix creators failed successor Plan9 where you can even pull up slashdot.org with shell scripting. But, impossible to do anything else in Unix if it is not a text file. I believe (As a non System Admin but a real one feel free to correct me) the hate on SystemD comes from the fact the log files are not text files.
For a Windows Admin binary files are good idea as a hacker can just rewrite/var/logs to cover the tracks which is an embarrasing security flaw. But if all your tools have perl -e... awk, sed, and grep this is an unacceptable nightmare!
PowerShell uses objects for this reason so you can have encrypted binary event logs that hackers can't overwrite, but you can still view them.
Their job is not to hire you. Their job is to reduce risk and retention.
They often do an excellent job at reducing retention, I give you that.
Now, reducing attrition would be a more noble goal. I would suggest that HR should have a forced attrition matching the company's overall attrition, for both senior and junior positions. That would give them some incentive.
What's the profit motive?
Now if I owned a company where high talent was required like let's say a.COM company I would agree. If I were the CEO of Denny's I would pick retention. It doesn't take a genius to wait tables, put a steak and eggs on a grill, etc. I guess it depends on the industry, but as a worker I do find it insulting and hurtful frankly to be treated like garbage and filtered out using software applications that HR loves to use to prevent you from applying if you are not in a statistical average of not being crap or quiting.
Doing the same repetitive tasks over again doesn't make a great employee per say like a great programmer who mostly has used Java for hte past 5 years doesn't mean he can't code for Python if he learned or C++ if he used it last decade. But HR would agree that person is an outliner and be a risk of being fired so do not consider even if he or she might be great.
BUZZ Taleo or IMS filtered you out. HR won't even read your cover letter as a result.
Welcome to the world of automated hiring by cloud software. Taleo was designed as an example to score and assist, but the sales team promises HR they need to do 0 screening WE DO IT ALL for you! So unless your resume has node.js for every single job you ever did since 2007 your application will be deleted and a liar will get the automated email to the HR manager.
More than likely they will whine WE CAN"T FIND QUALIFIED applicants rather than blame the program and will have the executives lobby for H1B1 Indians to come in since they are the only ones who work hard and have 10 years of node.js experience etc.
Their job is not to hire you. Their job is to reduce risk and retention. That means less firings and lawsuits.
If that means hiring Indians who have that experience, but may not be A players that is fine as that reduces variation as they can't leave as easily. HR can show the numbers to MBAs that they reduced lawsuits and unemployment benefits.
Very good and very bad and unpredictableness is hated among the folks who do statistics at your workplace. Dull people who show up everyday you have to fire the least and get sued.
The problem is HR is blamed when someone else makes a poor hiring decision and needs to fire of if they quit to find a job that pays better. So they are trying to reduce this by adding mediocre workers who fit the job description rather than great or bad employees.
I am now 40 and bad news. I can't play anymore. My reflexes have remarkingly slowed down terribly. I am done before I see what is up. I get confused and pause on maps too for a good 1/6th of a second too. I am not really out of it like I am 80, but that one 1/6th of a second pause where I wonder where I am on the map and look around is enough for someone to run a rail in the back of my head.
I am not 23 anymore so I gave up on FPS. You can try but the young kids today will 0wn you as they have 200% faster reflexes
If you want to do something fun us old farts do MMOs like SWTOR (star wars the old republic) and or Elder scrolls online based on based on Skyrim. Man this is depressing
I maybe in the minority with the young hipsters, but this summarizes my thoughts on Node.js from the same guy who did nosql webscales video where he pointed out non SQL databases don't have data protection or integrity.
Basically the video states node.js has the complexities of assembler with the syntax of javascript. You have to write your own freaking threads with callback after callback loop. Why?? It makes no sense in 2017 where NGINX has async threading models built in. Javascript is bad language too and while node.js looks cool for simple things if you already know Javascript it gets sucky very very quickly when you need something complex.
So why build your own multitasking when you can use built in threads?
WPF has been depreciated. If you want you can use GTK# for c# for gui development.I believe their was an editor or search index utility for GNome 2 written with Mono's implementation of C#.
Because that https://www.youtube.com/watch?v=nvks70PD0Rswas before all the kewl millennials decided to use Agile/Scrum as the only way to develop code. No QA as your users are the testers with smily or frowns. Windows 10 has had no QA at all whatsoever as an example.
Slashdot Mirror
It's hard to take Java security seriously as long as the Java installer tries to push malware.
I've tried to figure out if it actually is legal for them to do that, but so far I haven't really found any good analysis of the case.
That is Oracle for ya. They are too cheap to pay for the bandwidth. So eyecandy spyware is included to cover the costs since Larry doesn't make enough money.
Name one big new project that is popular made in the past 3 years based on Java?
All your code belongs to US open room implementation or not just like how they screwed Google and Apache.
No thank you and why should we help them with their own incompetence. Java is dead. Let it live in legacy in a dusty MDF somewhere with it's elderly uncle COBOL.
Then explain why routers and phones don't have these problems?
The externality of a poor quality is not passed to the consumer with IOT but to us. That is the problem. Not the market and explains why the other products mentioned do not have the problems. If they did the consumer would be harmed and they would not tolerate it.
We do not need regulation. Just give ISPs the power to shut off connections doing bot attacks. Once customers start getting their internet turned off and paying hundreds for geeks to come in and tell them that new camera, not a PC is the cause then the free market will kick in just like phones and cable modems today have basic security for this reason.
The user doesn't even know that an IOT is not secure. After all his phone is and so is the cable modem right?
Until ISPs start disconnected internet service and hit the consumers by the pocketbook this will continue. We know if phones could randomly be botted or cable modems with no security 0wned every PC in 2 mins that company would be prosecuted and sued a million times over for losses.
Funny. We do not have these problems with phones. TVs. Computers. Or refrigerators.
Consumers plug them in and they just work. Why would the cool new camera to put in the office be any different?
No, the reason is if the consumer received a financial penalty or looses his or her data then all hell breaks loose the company gets prosecuted and risks a huge financial liability.
If the camera in the office gets botted and sends data galore to take down servers who cares? Not their problem. Everything works just fine etc.
Just like today anyone in desktop support gets PISSED when these morons with admin rights keep installing malware! Tell them to stop and they say that is your problem IT man I do not own this computer. At home he or she would never open a funny attachment from the boss etc.
So what is the incentive for company to secure their products? Until the consumer is screwed over the problem will never go away. A crappy made IOT vs a good one is no different. Whoever makes it the cheapest right?
It has nothing to do with the dancing pigs problem. 97% of us in 2017 know better than to run dancing_pigs.exe. At work people do not give a shit as it is your problem in the I.T. department since they do not own the systems so it is an outliner. In 2002 when computers were new to non-nerds and business folks it was an issue as grandma or a 50 year old Mom who doesn't use a PC at work had no idea why that would be bad.
For non IT geeks outside of slashdot they plug in a TV and it works! They turn on a phone and it works! THey plug in a cable modem and it works and is secure! The PC just works and is secure!
So why would they think this cool new camera they can put outside the office would be any different?
You don't. This is why you need to set-execution policy remote signed or allsigned off before you can do anything useful.
The point of using binary logs is they are signed. It is not about a horrible database system being corrupted which is what is being applied (not relevant) but rather a way of having every root or administrator having his or her own sets of keys. If a hacker uses lets say the system service to cover the tracks there would be evidence of that as a different SID (The NT version of a key sort of) or in the case of Linux just key there would be evidence.
So if you had let's say objects that are signed but had text encapsulated you could still use your unix tools too. Another root user would have a different key which the filesystem would show modification by that key.
If a hacker has write access to /var/logs, he can do a helluva lot more than just monkey with log files. At that point, he's got root access, or something nearly as nasty.
And the reason behind text files is that they are human-readable and human-editable, even if the only editor available is ed. There's a place for binary blobs, but I don't believe that place is configuration. Replicating configuration settings when you're forced to use binary files like the registry can be problematic, whereas I can rebuild functionality on a new *nix machine by simply copying over plain text files, and I've done it on many occasions. I build custom iptables routers, and believe me, the speed at which I can get a new router up and going where I have backups to /etc is a helluva lot faster than anyone will ever get trying to shove binary blobs through Powershell pipes.
I am not disagreeing but if I r00t a server you bet the first thing I am going to do is rewrite your /var/logs when I put in my rootkit to hide evidence. That is a flaw which Solaris too now uses binary logs and switched away from init that angered many admins for this reason.
An object based or signed object with text encapsulation system inside Bash I would not be opposed too. Text files are simple and readable but can be dangerous. If objects have a format they are not black box blobs per say which is how PowerShell works.
Linux has moved to encrypted binary log files[1], unfortunately, a vocal minority of older system admins and developers refuse to see the necessity of this feature.
[1]https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/g1E6AxVKtyc
SystemD hate is big for a variety of reasons. But I can see System Admins concern as how can you edit and run scripts on binary files?
I like the concepts of PowerShell and piping objects even if they are less readible as even in Unix not everything is an object. If Plan9 became popular the need for an object based shell like PowerShell would not be as much of an issue but still security is a problem in a text based system.
Perhaps since so much of Linux is turning object based that a new shell or extension underneath Bash could be used to do things like view and change logs that are binary or process XML files? Maybe a signed text based redirector framework so you could run awk, sed, perl scripts on binary systemD objects.
But the old times would go ballistic and switch to FreeBSD faster than you can say SystemD lol ... turns to sighs.
That may be, but Windows is still a prime target, and while security features in a scripting language aren't a bad thing, at the end of the day what actually stands between a system and an attacker is the underlying OS. After all, Powrshell is hardly the only interpreter that runs on Windows.
I think Microsoft and its supporters should spend their efforts securing their own system, and stop the marketing-style "yeah, but look at MacOS!" nonsense. As to security, all OSs have vulnerabilities, so comparing who has more and the severity and so forth is just another form of pissing contest.
For myself, I still find Powershell a frankly horrible scripting language, it's only positive feature being that it's the best Windows has, and I'll its outrageously verbose syntax simply because it does do the job, no matter how awkwardly and slowly.
How many grandmas have Powershell turned on with execution-policy Allsigned or RemoteSigned turned on by default for hackers to target? If you are going to target you use an ad.
I am not all pro MS per say but I can do nifty things with PowerShell like this on my SSD drivers " Get-PhysicalDisk | Get-StorageReliabilityCounter | Select Wear " to find on the disk in percentages. Cool stuff as PowerShell deals with objects, while Unix scripts can only process things if they are text.
Nothing wrong with that in something like the Unix creators failed successor Plan9 where you can even pull up slashdot.org with shell scripting. But, impossible to do anything else in Unix if it is not a text file. I believe (As a non System Admin but a real one feel free to correct me) the hate on SystemD comes from the fact the log files are not text files.
For a Windows Admin binary files are good idea as a hacker can just rewrite /var/logs to cover the tracks which is an embarrasing security flaw. But if all your tools have perl -e ... awk, sed, and grep this is an unacceptable nightmare!
PowerShell uses objects for this reason so you can have encrypted binary event logs that hackers can't overwrite, but you can still view them.
You mean how Bash supports execution policies and does encryption by default. Oh wait ...
HR is doing their job.
Their job is not to hire you. Their job is to reduce risk and retention.
They often do an excellent job at reducing retention, I give you that.
Now, reducing attrition would be a more noble goal. I would suggest that HR should have a forced attrition matching the company's overall attrition, for both senior and junior positions. That would give them some incentive.
What's the profit motive?
Now if I owned a company where high talent was required like let's say a .COM company I would agree. If I were the CEO of Denny's I would pick retention. It doesn't take a genius to wait tables, put a steak and eggs on a grill, etc. I guess it depends on the industry, but as a worker I do find it insulting and hurtful frankly to be treated like garbage and filtered out using software applications that HR loves to use to prevent you from applying if you are not in a statistical average of not being crap or quiting.
Doing the same repetitive tasks over again doesn't make a great employee per say like a great programmer who mostly has used Java for hte past 5 years doesn't mean he can't code for Python if he learned or C++ if he used it last decade. But HR would agree that person is an outliner and be a risk of being fired so do not consider even if he or she might be great.
BUZZ Taleo or IMS filtered you out. HR won't even read your cover letter as a result.
Welcome to the world of automated hiring by cloud software. Taleo was designed as an example to score and assist, but the sales team promises HR they need to do 0 screening WE DO IT ALL for you! So unless your resume has node.js for every single job you ever did since 2007 your application will be deleted and a liar will get the automated email to the HR manager.
More than likely they will whine WE CAN"T FIND QUALIFIED applicants rather than blame the program and will have the executives lobby for H1B1 Indians to come in since they are the only ones who work hard and have 10 years of node.js experience etc.
HR is doing their job.
Their job is not to hire you. Their job is to reduce risk and retention. That means less firings and lawsuits.
If that means hiring Indians who have that experience, but may not be A players that is fine as that reduces variation as they can't leave as easily. HR can show the numbers to MBAs that they reduced lawsuits and unemployment benefits.
Very good and very bad and unpredictableness is hated among the folks who do statistics at your workplace. Dull people who show up everyday you have to fire the least and get sued.
The problem is HR is blamed when someone else makes a poor hiring decision and needs to fire of if they quit to find a job that pays better. So they are trying to reduce this by adding mediocre workers who fit the job description rather than great or bad employees.
I am now 40 and bad news. I can't play anymore. My reflexes have remarkingly slowed down terribly. I am done before I see what is up. I get confused and pause on maps too for a good 1/6th of a second too. I am not really out of it like I am 80, but that one 1/6th of a second pause where I wonder where I am on the map and look around is enough for someone to run a rail in the back of my head.
I am not 23 anymore so I gave up on FPS. You can try but the young kids today will 0wn you as they have 200% faster reflexes
If you want to do something fun us old farts do MMOs like SWTOR (star wars the old republic) and or Elder scrolls online based on based on Skyrim. Man this is depressing
Have her watch this video? Yes, it is from the same guy who did the hilarious nosql == webscale video that was popularly posted here.
Absolutely easy with no problems at all when needing high performance.
I maybe in the minority with the young hipsters, but this summarizes my thoughts on Node.js from the same guy who did nosql webscales video where he pointed out non SQL databases don't have data protection or integrity.
Basically the video states node.js has the complexities of assembler with the syntax of javascript. You have to write your own freaking threads with callback after callback loop. Why?? It makes no sense in 2017 where NGINX has async threading models built in. Javascript is bad language too and while node.js looks cool for simple things if you already know Javascript it gets sucky very very quickly when you need something complex.
So why build your own multitasking when you can use built in threads?
WPF has been depreciated. If you want you can use GTK# for c# for gui development.I believe their was an editor or search index utility for GNome 2 written with Mono's implementation of C#.
Then go to GitHub and download and compile it yourself? Go fork it if you want that is what the argument for Opensource is.
Because that https://www.youtube.com/watch?v=nvks70PD0Rswas before all the kewl millennials decided to use Agile/Scrum as the only way to develop code. No QA as your users are the testers with smily or frowns. Windows 10 has had no QA at all whatsoever as an example.
Come on Firefox must use Agile!