One of the biggest differences between the two types of warfare is that attribution is non-trivial in cyber. So even if agreements were made between two or more countries, how can you verify that they are enforced if you can't determine who authored/deployed the illegal malware?
In traditional warfare, which often relies on kinetic weapons, its pretty straightforward to trace the trajectory of a weapon back to where it was deployed
why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
Defense is more expensive and takes longer to develop because it is only as strong as the weakest link. You have to make sure the entire perimeter is secure by eliminating as many holes as you can.
On the offensive side, you only need to find one hole. As a consequence, offense is relatively cheap and the costs are typically associated with the initial R&D. After the initial R&D, cyber weapons can be replicated with virtually zero-cost.
Companies often times prefer younger developers because they are cheaper. It is as simple as that. That older, incompetent developer was probably just as incompetent when he/she was in their 20's.
Hindsight is always 20:20. In fact the best ideas, those that become second nature, are often considered obvious after the event. The real question though is, if they were so obvious, why didn't someone else do it before?
The technology was not there to do it yet. Almost always, peoples ideas for what can be possible are far ahead of what is currently possible.
That problem is already solved. It is called SRP With SRP, even if the attacker has full access to the host, they cannot reverse engineer the passphrase.
If you are determined to use drop box, use an open source software as 7zip that will encrypt and zip. Otherwise, stop using drop box and move on to something else. One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data. Also note that those rules are subject to change at any time, and you don't have any say in those changes (I guess the only option is to speak with your wallet and move to greener pastures).
If you could double the active lifespan of a (sane, healthy) individual, you'd get twice the amount of work for the same amount of high-school and college man-years. It's simple economy of scale.
New ideas are usually adopted once the old people with the old ideas dies . Classic example is the theory of relativity. There were brilliant physicist of their time who went to their graves refuting Einstein's theory because they had invested too much of their time and effort in the status quo. Furthermore, acceptance of the theory of relativity would have meant their work was invalid.
If you want some relevant history and insight on the struggles and triumphs of software engineering, I highly suggest reading the Mythical Man-Month.
What was surprising to me was the fact that something written in the 60's about software development is still very relevant today.
The engineers who worked on the IBM System/360 OS discovered software engineering through pure trial and error.
One of the classic insights from the book that I've seen companies (i.e. Microsoft) violate over and over is Brooke's Law. Brooke's law states that "adding manpower to a late software project makes it later." It is incredible how we reinvent the wheel everyday instead of taking time learn the from the trials and mistakes of others.
Another surprising insight to me at the time was the following. Although the engineers were working on a very technical problem, the biggest challenges they had to overcome were social/people challenges.
“Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years,” said Stamos
Laymen terms: There is a small, but non-zero probability that an asteroid will collide into the earth and destroy civilization in the next 4 or 5 years
My thought: There is a non-zero probability of INSERT_UNLIKELY_EVENT happening in the next 4 or 5 years. Should we panic? Nah. That is called life... There are no guarantees. If we worried about unlikely events happening...we'd be in a state of paranoia, fear, and constant worry of the next catastrophe. Oh wait....wrong thread.
Traditional insurance that include life insurance and fire insurance work on a key premise. This premise is that they can get enough different types of clients that can not only distribute the risk, but also decouple the risk.
Take fire insurance for example. A fire that happens in say Miami, FL is most likely not going to increase the risk of a fire occurring in Seattle, WA. Therefore a fire insurance company can make sure that the clients they select are geographically distributed to distribute the risk AND minimize the risk correlation.
In contrast, Cyber Insurance is somewhat unique from typical insurance because there is an inherent correlated risk that you run into regardless of how and where you choose your clients. Most clients run the same OS (Windows) and use the same software and AV packages. Therefore, a data breach that occurs with one client can mean other clients can be at immediate risk to also have a data breach
So what can happen is that a cyber insurance company can end up needing to pay out more money than they collect because breaches can happen concurrently or consecutively.
This random system then prevents people from spending all their time scheming to set up the ideal circumstances where all the other candidates have been pushed under a bus. Also then they don't owe any favors for their job.
Even with that method....you would have the same problem. This is because of how a "qualified" candidate will most likely be defined. The "qualified" candidates will be the ones that are the most adept at politicking (i.e. backstabbing) and marketing (i.e. look at all the amazing things I do for company Z) themselves.
So you'd have a random pool of people who were all scheming and calculating there way to the top.
I know this might be a bit more difficult, but It would be neat if you could distribute your files with random peers. Of course, the files stored with a random peer would be encrypted. It would be something similar to Buddybackup .
The advantage of synching and sharing with random peers is increased bandwidth and more redundancy in case one or more of your devices are not working or have limited network connectivity.
Correction: You are not just your biomarkers. The environment that a person grows up in can significantly impact the person they become in not so obvious ways. There has been research using identical twins that demonstrates this key point.
The environment that a person grows up in can significantly impact the person they become in not so obvious ways. There has been research using identical twins that demonstrates this key point.
I don't particularly like ads on cable tv or video game consoles, but from a business perspective it is the rational thing to do.
Imagine you are an executive at a company that makes a gadget that users interact with. The user pays for the gadget along with the interactive services that the gadget provides.
Lets also suppose that the gadget is very popular and has a large user base. Being a profit-seeking individual, you as an executive come up with the genius idea of integrating ads into the gadget.
You demonstrate that by introducing ads you can immediately impact the bottom line in a positive manner (at least in the short term). Since most businesses are short-term oriented, everyone is excited. Your genius idea is implemented and you get a bonus that is commensurate with the money your idea brings in.
All the executives line their pocket and live happily ever after. As far as the consumers who were buying your gadget, if they eventually stop buying/using your gadget, so what. You got yours (golden parachute opens).....The end.
In any bureaucratic organization there will be two kinds of people: those who work to further the actual goals of the organization, and those who work for the organization itself.
Unions can be a victim of the Iron law. The people who put their energy into furthering the goals of the union are almost always politically out-muscled and displaced by the people who preserve the union itself. So at the end, only those who preserve the union are left.
Imagine person A is lobbying for things that will actually make a difference for fellow workers. While Person A is lobbying, person B is figuring out how get the union to grow and get stronger. Person B is making political connections and becoming more powerful while person A is in the trenches fighting for the workers causes. Its no surprise that it is Person B that ends up rising to the top.
So at the end of the day, unions can be a double edged sword. They have the potential to make meaningful changes, but as they grow in size, there is a potential to begin focusing on doing things that keep the union in existence/power instead of doing what is best for the workers.
Does this mean that companies have to report the breach after it actually occurs or when they "notice/detect" that it occurred.
Keep in mind there can be a significant gap between when something happens, it is noticed, and when it is "officially" reported by the company.
I am not sure there is a company where transition from engineer lead to financial lead produced any benefit to the products. And bad products push companies in death spiral.
What about the Microsoft transition from Bill Gates to Steve Ballmer or Apple and its transition to John Sculley? Oh wait, bad examples.
I think this is what Netflix is doing well at. Specifically, producing their own content (i.e. House of cards) and allowing people to watch the content without having to subscribe to packages the cable company forces you to.
Online courses can be a viable alternative to the traditional University experience,but it does not replace the University Experience. If for whatever reason, you aren't able to attend a brick & mortar course, the best alternative is to take it online. Much of the learning that happens taking traditional courses happens outside the classroom. It is when you are working with others on projects and sharing ideas that really expands your knowledge set. It is being able to interact with professors and visit them during office hours where you really get to push your knowledge frontier.
If you look at the extraordinarily successful people, it wasn't just what they knew that got them to where they are, it was who they knew/know. The traditional university has tremendous resources that are dedicated to facilitating networking between students, their peers, the faculty, and industry.
I've seen quite a few posts telling the OP to apply to the big companies such as Google, Microsoft, IBM, Cisco, etc.....
It could be worth a shot to do this. However, now you are now competing with a large pool of very qualified applicants who may have conducted research in the specific areas that the job is in. The odds of landing a position at a big Tech company may be slim with a PhD in a research area outside of the companies interest area.
Although the PhD, your research, and your experience could add significant value to the company, it may be difficult for prospective employers to see/appreciate this value. Like other posters have said, consider starting at the bottom (volunteer, low paying position, startup, self-employed)
Heck, one of the greatest physicist of all time, Albert Einstein, spent 9 years after he graduated trying to get the job that he actually wanted. Four of those years were after he had written four papers in 1905 that would revolutionize physics. During the interim period between graduating and landing a professorship, he took a tutoring job, worked as a patent clerk, and taught classes pro-bono at a local university.
As much as I hate to say that, hiding a part of your education from resume (like not mentioning your PhD) is a pretty common method of getting employment. Of course with lower salary. They run screaming just because they think that they would need to pay more, because you had PhD.
My perspective as potential employee
I'm a PhD candidate (Computer Engineering) at a top 5 engineering school, and I would say that through the process of looking for full-time employment, the opposite has been happening to me.
Employers see the PhD and their expectations rise exponentially; they expect you to walk on water and work miracles during the interview process even though the position you have applied for only requires a MS. Ironically, an MS graduate would have an easier time getting the same job that I applied to.
Employer perspective
I do understand things from the employers' perspective. Employers are concerned about retention and not just about at the company, but at the position you applied for at the company. They worry that if they pay you below fair market value for PhD salary, that you may jump ship when an opportunity comes along for you to get a PhD salary at some other position and/or some other company. Also, a PhD can signal to the employer that you are very ambitious and really like to learn. Above average ambition and appetite/ability to learn can be a risk factor for them because you may get bored of your current position and jump ship
Who would have thought, since the bad guys can test their malware against the most up-to-date popular av software to ensure that the malware does not get detected
Slashdot Mirror
In traditional warfare, which often relies on kinetic weapons, its pretty straightforward to trace the trajectory of a weapon back to where it was deployed
why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
Defense is more expensive and takes longer to develop because it is only as strong as the weakest link. You have to make sure the entire perimeter is secure by eliminating as many holes as you can.
On the offensive side, you only need to find one hole. As a consequence, offense is relatively cheap and the costs are typically associated with the initial R&D. After the initial R&D, cyber weapons can be replicated with virtually zero-cost.
Companies often times prefer younger developers because they are cheaper. It is as simple as that.
That older, incompetent developer was probably just as incompetent when he/she was in their 20's.
Hindsight is always 20:20. In fact the best ideas, those that become second nature, are often considered obvious after the event. The real question though is, if they were so obvious, why didn't someone else do it before?
The technology was not there to do it yet. Almost always, peoples ideas for what can be possible are far ahead of what is currently possible.
That problem is already solved. It is called SRP With SRP, even if the attacker has full access to the host, they cannot reverse engineer the passphrase.
If you are determined to use drop box, use an open source software as 7zip that will encrypt and zip. Otherwise, stop using drop box and move on to something else. One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data. Also note that those rules are subject to change at any time, and you don't have any say in those changes (I guess the only option is to speak with your wallet and move to greener pastures).
Use Shamir's Secret Sharing . That way ordering doesn't matter. You just need the N secrets.
If you could double the active lifespan of a (sane, healthy) individual, you'd get twice the amount of work for the same amount of high-school and college man-years. It's simple economy of scale.
New ideas are usually adopted once the old people with the old ideas dies . Classic example is the theory of relativity. There were brilliant physicist of their time who went to their graves refuting Einstein's theory because they had invested too much of their time and effort in the status quo. Furthermore, acceptance of the theory of relativity would have meant their work was invalid.
What was surprising to me was the fact that something written in the 60's about software development is still very relevant today.
The engineers who worked on the IBM System/360 OS discovered software engineering through pure trial and error.
One of the classic insights from the book that I've seen companies (i.e. Microsoft) violate over and over is Brooke's Law. Brooke's law states that "adding manpower to a late software project makes it later." It is incredible how we reinvent the wheel everyday instead of taking time learn the from the trials and mistakes of others.
Another surprising insight to me at the time was the following. Although the engineers were working on a very technical problem, the biggest challenges they had to overcome were social/people challenges.
“Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years,” said Stamos
Laymen terms: There is a small, but non-zero probability that an asteroid will collide into the earth and destroy civilization in the next 4 or 5 years
My thought: There is a non-zero probability of INSERT_UNLIKELY_EVENT happening in the next 4 or 5 years. Should we panic? Nah. That is called life... There are no guarantees. If we worried about unlikely events happening...we'd be in a state of paranoia, fear, and constant worry of the next catastrophe. Oh wait....wrong thread.
Take fire insurance for example. A fire that happens in say Miami, FL is most likely not going to increase the risk of a fire occurring in Seattle, WA. Therefore a fire insurance company can make sure that the clients they select are geographically distributed to distribute the risk AND minimize the risk correlation.
In contrast, Cyber Insurance is somewhat unique from typical insurance because there is an inherent correlated risk that you run into regardless of how and where you choose your clients. Most clients run the same OS (Windows) and use the same software and AV packages. Therefore, a data breach that occurs with one client can mean other clients can be at immediate risk to also have a data breach
So what can happen is that a cyber insurance company can end up needing to pay out more money than they collect because breaches can happen concurrently or consecutively.
This random system then prevents people from spending all their time scheming to set up the ideal circumstances where all the other candidates have been pushed under a bus. Also then they don't owe any favors for their job.
Even with that method....you would have the same problem. This is because of how a "qualified" candidate will most likely be defined. The "qualified" candidates will be the ones that are the most adept at politicking (i.e. backstabbing) and marketing (i.e. look at all the amazing things I do for company Z) themselves.
So you'd have a random pool of people who were all scheming and calculating there way to the top.
The advantage of synching and sharing with random peers is increased bandwidth and more redundancy in case one or more of your devices are not working or have limited network connectivity.
Correction: You are not just your biomarkers. The environment that a person grows up in can significantly impact the person they become in not so obvious ways. There has been research using identical twins that demonstrates this key point.
The environment that a person grows up in can significantly impact the person they become in not so obvious ways. There has been research using identical twins that demonstrates this key point.
Imagine you are an executive at a company that makes a gadget that users interact with. The user pays for the gadget along with the interactive services that the gadget provides.
Lets also suppose that the gadget is very popular and has a large user base. Being a profit-seeking individual, you as an executive come up with the genius idea of integrating ads into the gadget.
You demonstrate that by introducing ads you can immediately impact the bottom line in a positive manner (at least in the short term). Since most businesses are short-term oriented, everyone is excited. Your genius idea is implemented and you get a bonus that is commensurate with the money your idea brings in.
All the executives line their pocket and live happily ever after. As far as the consumers who were buying your gadget, if they eventually stop buying/using your gadget, so what. You got yours (golden parachute opens).....The end.
In any bureaucratic organization there will be two kinds of people: those who work to further the actual goals of the organization, and those who work for the organization itself.
Unions can be a victim of the Iron law. The people who put their energy into furthering the goals of the union are almost always politically out-muscled and displaced by the people who preserve the union itself. So at the end, only those who preserve the union are left.
Imagine person A is lobbying for things that will actually make a difference for fellow workers. While Person A is lobbying, person B is figuring out how get the union to grow and get stronger. Person B is making political connections and becoming more powerful while person A is in the trenches fighting for the workers causes. Its no surprise that it is Person B that ends up rising to the top.
So at the end of the day, unions can be a double edged sword. They have the potential to make meaningful changes, but as they grow in size, there is a potential to begin focusing on doing things that keep the union in existence/power instead of doing what is best for the workers.
Does this mean that companies have to report the breach after it actually occurs or when they "notice/detect" that it occurred.
Keep in mind there can be a significant gap between when something happens, it is noticed, and when it is "officially" reported by the company.
So, as usual, your skills are worth precisely dick. It's about whoever's vagina you were lucky enough to pop out of.
Warren Buffet refers to it as the "Ovarian Lottery"
I am not sure there is a company where transition from engineer lead to financial lead produced any benefit to the products. And bad products push companies in death spiral.
What about the Microsoft transition from Bill Gates to Steve Ballmer or Apple and its transition to John Sculley? Oh wait, bad examples.
I think this is what Netflix is doing well at. Specifically, producing their own content (i.e. House of cards) and allowing people to watch the content without having to subscribe to packages the cable company forces you to.
Online courses can be a viable alternative to the traditional University experience,but it does not replace the University Experience. If for whatever reason, you aren't able to attend a brick & mortar course, the best alternative is to take it online. Much of the learning that happens taking traditional courses happens outside the classroom. It is when you are working with others on projects and sharing ideas that really expands your knowledge set. It is being able to interact with professors and visit them during office hours where you really get to push your knowledge frontier.
If you look at the extraordinarily successful people, it wasn't just what they knew that got them to where they are, it was who they knew/know. The traditional university has tremendous resources that are dedicated to facilitating networking between students, their peers, the faculty, and industry.
Grad students who do the work are usually lead authors on their papers.
But everyone knows that the last author is the one who funded the research and will credit for the idea....the research adviser
It could be worth a shot to do this. However, now you are now competing with a large pool of very qualified applicants who may have conducted research in the specific areas that the job is in. The odds of landing a position at a big Tech company may be slim with a PhD in a research area outside of the companies interest area.
Although the PhD, your research, and your experience could add significant value to the company, it may be difficult for prospective employers to see/appreciate this value. Like other posters have said, consider starting at the bottom (volunteer, low paying position, startup, self-employed)
Heck, one of the greatest physicist of all time, Albert Einstein, spent 9 years after he graduated trying to get the job that he actually wanted. Four of those years were after he had written four papers in 1905 that would revolutionize physics. During the interim period between graduating and landing a professorship, he took a tutoring job, worked as a patent clerk, and taught classes pro-bono at a local university.
As much as I hate to say that, hiding a part of your education from resume (like not mentioning your PhD) is a pretty common method of getting employment. Of course with lower salary. They run screaming just because they think that they would need to pay more, because you had PhD.
My perspective as potential employee
I'm a PhD candidate (Computer Engineering) at a top 5 engineering school, and I would say that through the process of looking for full-time employment, the opposite has been happening to me.
Employers see the PhD and their expectations rise exponentially; they expect you to walk on water and work miracles during the interview process even though the position you have applied for only requires a MS. Ironically, an MS graduate would have an easier time getting the same job that I applied to.
Employer perspective
I do understand things from the employers' perspective. Employers are concerned about retention and not just about at the company, but at the position you applied for at the company. They worry that if they pay you below fair market value for PhD salary, that you may jump ship when an opportunity comes along for you to get a PhD salary at some other position and/or some other company. Also, a PhD can signal to the employer that you are very ambitious and really like to learn. Above average ambition and appetite/ability to learn can be a risk factor for them because you may get bored of your current position and jump ship
Who would have thought, since the bad guys can test their malware against the most up-to-date popular av software to ensure that the malware does not get detected