Do people not understand the concept of security research? What would you prefer they do, wait for someone else to discover vulnerabilities and not notify tor?
I've done both several times, and I'm always happier when I just buy a decent workstation and stick a graphics card into it without tweaking the settings.
It is no fun after the first few hours trying to figure out why your machine isn't stable and likes to hang.
You sound like a MS shill, because the bug would not have been automatically disclosed if Microsoft had attempted to contact Google regarding this bug within 90 days.
I myself am out of date, so I need to beg off of specific numbers, but there is a third metric to consider here, power consumption. If the Intel is $50 more expensive, but the AMD consumes an extra 10W, and you pay for your electric bill, then there is a good chance that the Intel is actually cheaper to own. It's basically like gas mileage on cars.
Does this mean I won't have to pay $600/yr soon if I want a wildcard SSL certificate? I've never been able to figure out why they cost more from a technical standpoint, except that they may get more requests on average.
No, that means you have to fix the problem over the phone. Do you know what kind of descriptions you get when you ask someone non-technical to tell you what's on the screen?
How many 14 year olds are the captain of their high school varsity team? That might only be local news if it happened, but slashdot is specialized news too.
India probably has one of the most active software industries out there, but how many major Indian software products do you use on a daily basis? (Indian CEOs and branch offices don't count) If you're a global company, you tend to make the USA your HQ. It just makes sense given the dominance of the USA stock exchanges.
Also, there's a reason why Kaspersky doesn't have trouble hiring AV developers.
.3% false positive rate isn't bad but isn't great. However, you have to think of this approach as a technique rather than a solution. An effective anti-spam solution will combine several techniques, so the false-positive rate of any individual technique won't be enough to reject mail. Also, the penalty for flagging a mail as spam can be scored in a way that mail is not lost. For example, yahoo is notorious for flagging legitimate mail as spam, but generally delays the mail via greylisting instead of rejecting it outright.
When combined with other scoring mechanisms into an overall heuristic,.3% is tolerable as one tool in the box. However, my first impression is that this is at best an incremental improvement over an IP blacklist.
Some of the tactics used by this researcher remind me of the full court press in basketball. The rules of basketball allow a full court press, yet to do so never crosses the mind of most players. Playing one side of the court at a time is convention. The full court press is extremely effective, yet if you use it, the other team will no doubt call your win "cheap".
Still, when you are the underdog, and must win at all costs, the press is your only option. I sympathize with those who use it (and recognize that it isn't easy to pull off either).
Full court presses are not considered "cheap". They just aren't used all the time because they are only effective under rare circumstances -- either when the offensive team is under a time crunch to move the ball across half court or score, or when weak ball handlers can be trapped and forced into a low-percentage pass.
Otherwise, trying to guard the entire court is not as effective as concentrating your defense in the half where the other team can score points. A full court press is hard because it is basically a man-to-man defence over the entire court, giving the offense plenty of room to maneuver and making it that much harder to double team or switch defensive assignments.
I think the full court press reference is "how david beat goliath". Basically, some guy who had never seen basketball had to coach for a league of 12 year old girls. The full tactic wasn't just full court press, it was 4 full quarters of full court press, at a level of play where no other team had the endurance necessary to sustain it. "How david beat goliath" is actually a pretty good analogy, as it came from a coach who was unfamiliar with social norms, felt that his job was to win at all costs, and received a lot of negative feedback for making the game not fun for other teams.
The industry uses C++; standardized API's (eg, openGL, D3D, openAL); middleware (physX, morpheme); and is largely based in 3D graphics (BSP trees, quad trees, quat blending, shaders etc etc).
The hardcore gaming industry frequently suffers from delusions of grandeur, and feels that it represents the gaming industry.
OP: Teach yourself some flash, and write a game. Or learn how to make maps/mods/etc. for existing games with game builder components. Repeat until you've written something good enough to grab some attention, and you now have a portfolio.
I don't think I've had a single piece of spam pass through G-mails filter and only one false positive
You mean you've only noticed one false positive.
I'm sure it's been mentioned in half of the comments in this thread, but security by obscurity is effective because there is value in stopping half of the spam, unlike traditional security where having your data stolen and sold once is not a big gain over having it done many times. There are many reasons why obscurity works towards this goal of reduction rather than elimination.
Slashdot Mirror
Because I have no idea who the ISP is when I travel.
If I'm at home, this is probably overkill.
If I use google without dnssec or dns-over-https, then it's easy to see which sites I visit.
https://cloud.google.com/beyondcorp/
But it's hard to bolt onto an existing infrastructure without restricting it.
"attacked"
Do people not understand the concept of security research? What would you prefer they do, wait for someone else to discover vulnerabilities and not notify tor?
I've done both several times, and I'm always happier when I just buy a decent workstation and stick a graphics card into it without tweaking the settings.
It is no fun after the first few hours trying to figure out why your machine isn't stable and likes to hang.
"Hey here's some money for your sports team"
Your main point has merit, but this particular one cracks me up.
I think I've had one discussion ever regarding our sports teams, and it was from someone who was a member of a rival div iii football team.
Bring Your Own Device definitely makes things more complicated, but that has nothing to do with the age of workers.
You sound like a MS shill, because the bug would not have been automatically disclosed if Microsoft had attempted to contact Google regarding this bug within 90 days.
If you have proper monitoring, you don't need to be up at 2am. You just need to be willing to answer the phone at 2am.
Can't agree enough, regular downtime is the root of the problem.
Usually you still want to do it off-peak just in case you're caught with reduced capacity.
Is it true that you're contributing to the open source versions of the apps so that they don't rot away?
I have assets (laptop and monitor) from an old job, and they can have it back the moment they figure out how to write a check for my back pay.
That only works if you lock up your server, otherwise you've just provided a thief with more portable electronics to take.
According to the last publicly available data, less than 2 percent of Googlers were over 40.
Repeatedly quoting this won't make it true.
I myself am out of date, so I need to beg off of specific numbers, but there is a third metric to consider here, power consumption. If the Intel is $50 more expensive, but the AMD consumes an extra 10W, and you pay for your electric bill, then there is a good chance that the Intel is actually cheaper to own. It's basically like gas mileage on cars.
Does this mean I won't have to pay $600/yr soon if I want a wildcard SSL certificate? I've never been able to figure out why they cost more from a technical standpoint, except that they may get more requests on average.
No, that means you have to fix the problem over the phone. Do you know what kind of descriptions you get when you ask someone non-technical to tell you what's on the screen?
At least there's logmein now.
How many 14 year olds are the captain of their high school varsity team? That might only be local news if it happened, but slashdot is specialized news too.
We outsource to Russia at my office.
India probably has one of the most active software industries out there, but how many major Indian software products do you use on a daily basis? (Indian CEOs and branch offices don't count) If you're a global company, you tend to make the USA your HQ. It just makes sense given the dominance of the USA stock exchanges.
Also, there's a reason why Kaspersky doesn't have trouble hiring AV developers.
.3% false positive rate isn't bad but isn't great. However, you have to think of this approach as a technique rather than a solution. An effective anti-spam solution will combine several techniques, so the false-positive rate of any individual technique won't be enough to reject mail. Also, the penalty for flagging a mail as spam can be scored in a way that mail is not lost. For example, yahoo is notorious for flagging legitimate mail as spam, but generally delays the mail via greylisting instead of rejecting it outright.
When combined with other scoring mechanisms into an overall heuristic, .3% is tolerable as one tool in the box. However, my first impression is that this is at best an incremental improvement over an IP blacklist.
Some of the tactics used by this researcher remind me of the full court press in basketball. The rules of basketball allow a full court press, yet to do so never crosses the mind of most players. Playing one side of the court at a time is convention. The full court press is extremely effective, yet if you use it, the other team will no doubt call your win "cheap".
Still, when you are the underdog, and must win at all costs, the press is your only option. I sympathize with those who use it (and recognize that it isn't easy to pull off either).
Full court presses are not considered "cheap". They just aren't used all the time because they are only effective under rare circumstances -- either when the offensive team is under a time crunch to move the ball across half court or score, or when weak ball handlers can be trapped and forced into a low-percentage pass.
Otherwise, trying to guard the entire court is not as effective as concentrating your defense in the half where the other team can score points. A full court press is hard because it is basically a man-to-man defence over the entire court, giving the offense plenty of room to maneuver and making it that much harder to double team or switch defensive assignments.
I think the full court press reference is "how david beat goliath". Basically, some guy who had never seen basketball had to coach for a league of 12 year old girls. The full tactic wasn't just full court press, it was 4 full quarters of full court press, at a level of play where no other team had the endurance necessary to sustain it. "How david beat goliath" is actually a pretty good analogy, as it came from a coach who was unfamiliar with social norms, felt that his job was to win at all costs, and received a lot of negative feedback for making the game not fun for other teams.
http://www.newyorker.com/reporting/2009/05/11/090511fa_fact_gladwell
The industry uses C++; standardized API's (eg, openGL, D3D, openAL); middleware (physX, morpheme); and is largely based in 3D graphics (BSP trees, quad trees, quat blending, shaders etc etc).
The hardcore gaming industry frequently suffers from delusions of grandeur, and feels that it represents the gaming industry.
OP: Teach yourself some flash, and write a game. Or learn how to make maps/mods/etc. for existing games with game builder components. Repeat until you've written something good enough to grab some attention, and you now have a portfolio.
I don't think I've had a single piece of spam pass through G-mails filter and only one false positive
You mean you've only noticed one false positive. I'm sure it's been mentioned in half of the comments in this thread, but security by obscurity is effective because there is value in stopping half of the spam, unlike traditional security where having your data stolen and sold once is not a big gain over having it done many times. There are many reasons why obscurity works towards this goal of reduction rather than elimination.
You can tell around here which developer to ask about a piece of code based on the answer to that question. Also, thank god for auto-complete.