In fact, I think the idea that we should put people in jail for reading a web site is so dangerous that we should put Posner in jail before he says it again.
Unions have a dark side, too, like the inability to fire incompetent people, valuing seniority over ability, creating artificial scarcity (you can only hire union people for job x, and the union won't let people in), etc.
There's no upside for Uber. If they were going to do everything the union wants anyway, then at best the union is a NOOP.
"Only imperial storm troopers are so precise"? What sort of transparently false "evidence" was that?
When I heard that I immediately thought "typical bad Lucas dialog". I don't think there's some grand alternate plot happening, I think it's just a really good story that isn't told that well. Imperial stormtroopers, it turns out, aren't that precise at all considering the number of times Luke/Leia/Solo+crew are shot at and not hit.
Yahoo was already dying. Nobody needed to do anything to drive it into the ground. For years people have been saying the best thing about Yahoo is that it owns a chunk of another company. I think Marissa Meyer was probably looking at no possibility of taking the helm at Google, through no fault of her own, so looked elsewhere. She got a chance to try to turn it around and a pile of money if it didn't work. I don't think we need a conspiracy to explain it.
NPR had a great piece on this yesterday where they openly stated that if strong encryption was backdoored, some kid would just write an app in his basement implementing strong encryption without a backdoor. The algorithms are public, and honestly not that complicated. The iPhone encryption that has everyone in such a lather is a Federal standard, after all.
I worked in hospital IT for over a decade. Your speculation is entirely wrong.
the only way to avoid those is to strip down the computer until it is to all intents a single purpose old analog device. The security issues which plague, aand will forever hobble personal computers will simply not apply to near bare-metal single purpose, constantly reflashable devices.
Fixing security problems isn't a "nuanced" process of weighing tradeoffs: it's about educating coders to write god code, rather than just "crap that works."
Let me give you an example. Your security problem is that you just hired a guy who plans to steal documents on your Super Secret Widget. He has no criminal record (yet), or other reason for you not to hire him. He has legitimate access to the system containing the plans, copies them, and goes home. Security problems are often nothing to do with software.
Software security is certainly important, but it's only a small part of security as a profession. The default assumption is that all software has vulnerabilities, and that the truth of that has been proven time and time again.
What about the time between them creating the workaround and you identifying it and closing it?
What if lots of people do it? You can't fire them all.
This is my point: If the thing the user is doing is actually important for the business, the business should be HELPING them do it in a secure way. The security role's job is to support the business so that the decision makers understand the risks of different approaches and can make a reasonable choice of which of those risks to accept.
His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"
He's absolutely dead right and more people in the security profession need to understand what their job is really about. Security is a support role. Our job is to make someone else's stuff work better. Even if you're secret service protecting the president, the core value in your job isn't security for it's own sake, it's making sure the guy in the suit is able to do his job tomorrow.
I don't think it's different at all. Corporations are made of people, and I don't care how big you are, the work is going to be done by a person who really can't possibly have more than a couple decades of experience, and the old experience is largely irrelevant anyway.
A cloud vendors expertise isn't necessarily better than mine or yours. If my next job happens to be at a cloud vendor, I'm not magically better at it than before because I work there, not here. If you're going to claim $CLOUDVENDOR has policies/procedures/practices that are distilled from many people's worth of experience, then you're right back to making an argument based on scale.
This really seems like an exceptionally useless thing to do.
"Hey, everybody! Let's take something that one person can do well in minutes and have a million people do it badly over a few days, if it ever works at all!"
Of course, the other part that needs to be acknowledged is that the business is profitable while paying that much.
doesn't mean anything because he's paying his staff exactly what he was paying before. It's just distributed differently. It's just to be expected that his company, which was profitable before, is still profitable after not changing his expenses.
I don't think that's it. On the emotional side, I love the idea of everybody getting the standard of living that $70,000/year buys today. My rational side just can't look past the "will it really work?"
In this case, he got a ton of resumes and customer inquiries. That's directly because he did something unusual. That's where I'd caution people not to assume this is a thing that would work as a general policy. You don't get a ton of resumes and customer inquiries when you're doing the same thing everyone else is doing.
Of course it's hogwash. You missed my point that it, like vyvepe's argument, is arbitrary speculation and not based in actual fact.
Closed source doesn't make software secure. Open source doesn't make software secure. Securing software makes it secure. Assuming that someone else always bothered to do that for any given piece of open source software is foolish.
Closed source, commercial software is written by people who are paid to do it. Software that people are paid to written more often includes the boring, not-fun parts like testing, documentation, and auditing. Therefore closed source software has a higher chance of being audited.
We're both just constructing arguments that may or may not be true. My point is that those arguments are irrelevant. A given piece of software either has or has not been audited. It doesn't matter if it's closed or open, it matters if it's been audited by someone who is technically proficient enough to do the job to the satisfaction of the user.
Slashdot Mirror
I'd bet the majority of criminals who get caught thought the very same thing before they got caught.
I was gonna say poker, but both poker and craps are more probability than statistics.
In fact, I think the idea that we should put people in jail for reading a web site is so dangerous that we should put Posner in jail before he says it again.
Unions have a dark side, too, like the inability to fire incompetent people, valuing seniority over ability, creating artificial scarcity (you can only hire union people for job x, and the union won't let people in), etc.
There's no upside for Uber. If they were going to do everything the union wants anyway, then at best the union is a NOOP.
When I heard that I immediately thought "typical bad Lucas dialog". I don't think there's some grand alternate plot happening, I think it's just a really good story that isn't told that well. Imperial stormtroopers, it turns out, aren't that precise at all considering the number of times Luke/Leia/Solo+crew are shot at and not hit.
Because we were kids once and nostalgia is a thing.
Yahoo was already dying. Nobody needed to do anything to drive it into the ground. For years people have been saying the best thing about Yahoo is that it owns a chunk of another company. I think Marissa Meyer was probably looking at no possibility of taking the helm at Google, through no fault of her own, so looked elsewhere. She got a chance to try to turn it around and a pile of money if it didn't work. I don't think we need a conspiracy to explain it.
NPR had a great piece on this yesterday where they openly stated that if strong encryption was backdoored, some kid would just write an app in his basement implementing strong encryption without a backdoor. The algorithms are public, and honestly not that complicated. The iPhone encryption that has everyone in such a lather is a Federal standard, after all.
Some of the media gets it.
I worked in hospital IT for over a decade. Your speculation is entirely wrong.
Good idea. Nobody does that.
Let me give you an example. Your security problem is that you just hired a guy who plans to steal documents on your Super Secret Widget. He has no criminal record (yet), or other reason for you not to hire him. He has legitimate access to the system containing the plans, copies them, and goes home. Security problems are often nothing to do with software.
Software security is certainly important, but it's only a small part of security as a profession. The default assumption is that all software has vulnerabilities, and that the truth of that has been proven time and time again.
What if that user is an executive?
What about the time between them creating the workaround and you identifying it and closing it?
What if lots of people do it? You can't fire them all.
This is my point: If the thing the user is doing is actually important for the business, the business should be HELPING them do it in a secure way. The security role's job is to support the business so that the decision makers understand the risks of different approaches and can make a reasonable choice of which of those risks to accept.
I have to say that if this is his position:
He's absolutely dead right and more people in the security profession need to understand what their job is really about. Security is a support role. Our job is to make someone else's stuff work better. Even if you're secret service protecting the president, the core value in your job isn't security for it's own sake, it's making sure the guy in the suit is able to do his job tomorrow.
I don't think it's different at all. Corporations are made of people, and I don't care how big you are, the work is going to be done by a person who really can't possibly have more than a couple decades of experience, and the old experience is largely irrelevant anyway.
A cloud vendors expertise isn't necessarily better than mine or yours. If my next job happens to be at a cloud vendor, I'm not magically better at it than before because I work there, not here. If you're going to claim $CLOUDVENDOR has policies/procedures/practices that are distilled from many people's worth of experience, then you're right back to making an argument based on scale.
Can the cloud be more secure than your own servers? Yes.
Can the cloud be less secure than your own servers? Yes.
This really seems like an exceptionally useless thing to do.
"Hey, everybody! Let's take something that one person can do well in minutes and have a million people do it badly over a few days, if it ever works at all!"
Just...why?!?
Ohm's law, though. For the same resistance (a human body), lower voltage == lower current.
And this:
doesn't mean anything because he's paying his staff exactly what he was paying before. It's just distributed differently. It's just to be expected that his company, which was profitable before, is still profitable after not changing his expenses.
The company is profitable because they aren't spending any extra money. The CEO slashed his own salary to compensate for the payroll increase.
I don't think that's it. On the emotional side, I love the idea of everybody getting the standard of living that $70,000/year buys today. My rational side just can't look past the "will it really work?"
In this case, he got a ton of resumes and customer inquiries. That's directly because he did something unusual. That's where I'd caution people not to assume this is a thing that would work as a general policy. You don't get a ton of resumes and customer inquiries when you're doing the same thing everyone else is doing.
Pretty sure all those numbers are annual, so more like $250/month.
Of course it's hogwash. You missed my point that it, like vyvepe's argument, is arbitrary speculation and not based in actual fact.
Closed source doesn't make software secure. Open source doesn't make software secure. Securing software makes it secure. Assuming that someone else always bothered to do that for any given piece of open source software is foolish.
Closed source, commercial software is written by people who are paid to do it. Software that people are paid to written more often includes the boring, not-fun parts like testing, documentation, and auditing. Therefore closed source software has a higher chance of being audited.
We're both just constructing arguments that may or may not be true. My point is that those arguments are irrelevant. A given piece of software either has or has not been audited. It doesn't matter if it's closed or open, it matters if it's been audited by someone who is technically proficient enough to do the job to the satisfaction of the user.
They're both wrong.
Open == You can audit it if you want. It's absolutely no guarantee that anyone ever has.
The issue with martian soil as presented in the movie isn't that it doesn't have enough nutrients, it's that it has a lot of poison (perchlorates).
This is a good read:
http://www.space.com/21554-mar...
It wasn't composted. It was sealed in plastic in a box sitting outside, frozen. He was just growing pooptatoes.