I would love to see a Power 8 workstation. If I could afford it I would definitely be doing my development on one, but alas this is where it gets crazy. They are afraid of cannibalizing the high end server sales with affordable desktop machines. This is probably not a good plan because exposing more people to the platform will pay dividends in the future, but in the short term and due to volume concerns it makes sense.
The power systems are very impressive. I think the last time I used them was around the Power5. Still, very good hardware, excellent performance characteristics, ran Linux like a beast.
It is skilled labor, and yes there is a major difference between the best and the average, but almost no one cares.
There will be continued downward price pressure as the size of the work force increases, and the US will become a management layer like in every other industry that we once dominated. The few remaining programmers in the US will be very highly specialized workers.
No amount of protectionism is going to change that reality, not letting them in doesn't give the jobs to Americans, it just sends them overseas entirely. At least some portion of the money being injected into H1Bs is being recirculated in the local economy. Of course this shill is just trying to depress American wages, it has nothing to do with finding the best or brightest, besides we have genius visas for that. If we try to put up artificial barriers to this process more aggressive economies will simply take the jobs away. If you feel that your wage and job is threatened by H1B influx, its time to either climb the skill ladder or make a move into a different industry.
Well if we are talking physical access control then most of these places have figured it out. My argument is that the threat is from the firms connecting into the exchange. A lot of them have poor border security, and if you don't have any additional checks then what?
Yeah, HFT encryption is spectacularly rare. I think the argument that the links is short doesn't make much sense to me. If you are talking about third parties hacking the link I guess maybe you make a point, but that wasn't the attack vector I was thinking about. I was talking about third party HFT firms getting hacked and then leveraging those short, encrypted and insecure connections into matching engines to cause problems. I guarantee you that there are exploitable vectors into some of these major markets.
The security of the stock exchanges is really pretty bad. Low latency access means no firewalls and few application level checks. For the longest time people were sending ethernet raw packets...There is a perverse incentive not to properly secure exchanges because security is slow.
Vim is the best editor. I think many people who use Sublime or some other random text editor and think it is good have not devoted enough time to understanding Vim. If you know Vim well, it may very well be the last editor you ever need to use. I'm also under 40, and nobody forced me at gunpoint to pick up Vim, and have at some point at least tried every major IDE and editor in existence.
I'm not a huge fan of the language, but it is absolutely everywhere. Completely pervasive and very accessible. By learning javascript you can:
Build cross platform web based front ends Do cross platform mobile development (Cordova/Phonegap/Titanium) Build backend systems, apis (Node.js) Interface with tons of third party systems and services which have exposed restful/json apis.
So from a practical perspective it is definitely the way to go, most bang for your buck. Shallow learning curve, lots of use cases. If you are already programming in C and Lisp this will be a breeze.
It might just have something to do with the fact that the Juniper products are with few exceptions a million times better. I avoid almost all of the CIsco gear like the plague.
I agree that we need to do better, but the funding for hardware startups isn't there. The risks are perceived as being too great, and long gone are the days when someone builds an Apple I in their garage. I thought the Novena laptop was a good step in the right direction, but that clearly demonstrates the challenges involved when competing with hardware designed at scale. Software is just so much more accessible and cheaper to build.
We are going to have to agree to disagree. I haven't read Lewis' book, but I do have a fairly significant background in trading. All you have to do is look at the bid/ask spread and tick data from the late 80' until now to see the massive change technology has introduced. You can also see how the banks have reacted to this competition by trying to take their business into sheltered exchanges where the market is more "fair" to their interests. You can execute a trade at a fraction of the cost and the spread is tighter than it has ever been, how can there be any argument that individuals aren't getting excellent pricing and liquidity. If anything I think the move into dark pools is far more insidious as it prevents public price discovery. The outcry over extremely well funded players who have invested tens of millions into people and technology in order to "win" versus the average person who gets a good price and can always fulfill an order for $5 on E-trade is silly. Normal people aren't competing with HFT companies in either scale or timeline, and in aggregate are reaping substantial savings due to the insane free market competition between them. I'll see if I can pick up that book, but experience tells me a very different story than the one people on slashdot keep touting.
There is nothing guaranteed about it. The market is entirely open in that regard. If you have the capital and the expertise then beat them at their game. If they didn't lose any money then they were just really good at it. Every time you place an order you are taking a capital risk, you may be on the wrong side of the trade, your systems may crash, or your competitors may be better than you, or any number of a thousand other things that could make you lose money. You don't win for five years straight by being a rent seeker, it is perhaps the most competitive technology sector in the world.
I have to disagree. HFT is not rent seeking. It requires extraordinary amounts of capital and technology in order to be successful in HFT, and similar amounts over a long period of time in order to remain so. People seem to forget that HFTs inject real money into the market in order to operate, which means they take capital risk and also reap rewards if they are good at what they do. It isn't anything like sitting on a piece of land and collecting rent, the comparison is absurd.
I don't think so. This is a high value vulnerability, you keep it in the back pocket. Especially since it has demonstrated key extrication and affects a large number of hardware and software platforms.
This doesn't negate the fact that this was their favorite vulnerability. Realistically most intelligence services probably new about this shortly after that commit.
" and it's basically an inherent flaw down to the fact that the internet (TCP/IP) is routed randomly"
The Internet and TCP/IP are not routed randomly, your basic failure to understand that leads me to believe that you shouldn't be advocating for adding latency to HFT infrastructure you don't understand.
This is totally valid. Obviously not the point I'm trying to make. The suggestion you had above of making some kind of event that shuts it down is a good one, I'lll have to give it some thought.:)
When I read the summary I immediately thought to myself that I have similar goals to these guys, in that I want to make cryptography easily accessible to a wide variety of users. I'm specifically focused on secure file transfer, and am in open beta. You guys can check it out at https://www.senderdefender.com/ and let me know what you think.
Given how insecure cloud data is in general I suspect we will see a growing number of client side encrypted communication tools.
I think I have some insight into this as I have an end to end encrypted cloud service called coinlock.com
My slashvertisement on the subject was ignored though;) millions in funding tends to get people noticed.
Anyway on this particular subject I think you have hit the nail on the head. The key to long term security is to completely open up the API and separate the client side components so that third parties can use te service with their own sotware or with the software that you have provided them directly on their local computer.
This is easier said than done for most services, but its something that I am striving towards and intend to do a full client auditable release as well as publish the public facing api. This idea that people can move their services outside of the country and it matters I think is very flawed. U.S. companies are subject to the law regardless of where they do their hosting, and the managment team is the weakest link in the security chain. This is something that is best solved by transparency.
Slashdot Mirror
I would love to see a Power 8 workstation. If I could afford it I would definitely be doing my development on one, but alas this is where it gets crazy. They are afraid of cannibalizing the high end server sales with affordable desktop machines. This is probably not a good plan because exposing more people to the platform will pay dividends in the future, but in the short term and due to volume concerns it makes sense.
The power systems are very impressive. I think the last time I used them was around the Power5. Still, very good hardware, excellent performance characteristics, ran Linux like a beast.
It is skilled labor, and yes there is a major difference between the best and the average, but almost no one cares.
There will be continued downward price pressure as the size of the work force increases, and the US will become a management layer like in every other industry that we once dominated. The few remaining programmers in the US will be very highly specialized workers.
No amount of protectionism is going to change that reality, not letting them in doesn't give the jobs to Americans, it just sends them overseas entirely. At least some portion of the money being injected into H1Bs is being recirculated in the local economy. Of course this shill is just trying to depress American wages, it has nothing to do with finding the best or brightest, besides we have genius visas for that. If we try to put up artificial barriers to this process more aggressive economies will simply take the jobs away. If you feel that your wage and job is threatened by H1B influx, its time to either climb the skill ladder or make a move into a different industry.
Well if we are talking physical access control then most of these places have figured it out. My argument is that the threat is from the firms connecting into the exchange. A lot of them have poor border security, and if you don't have any additional checks then what?
Yeah, HFT encryption is spectacularly rare. I think the argument that the links is short doesn't make much sense to me. If you are talking about third parties hacking the link I guess maybe you make a point, but that wasn't the attack vector I was thinking about. I was talking about third party HFT firms getting hacked and then leveraging those short, encrypted and insecure connections into matching engines to cause problems. I guarantee you that there are exploitable vectors into some of these major markets.
The security of the stock exchanges is really pretty bad. Low latency access means no firewalls and few application level checks. For the longest time people were sending ethernet raw packets...There is a perverse incentive not to properly secure exchanges because security is slow.
Everything old is new again once enough people forget about it.
Vim is the best editor. I think many people who use Sublime or some other random text editor and think it is good have not devoted enough time to understanding Vim. If you know Vim well, it may very well be the last editor you ever need to use. I'm also under 40, and nobody forced me at gunpoint to pick up Vim, and have at some point at least tried every major IDE and editor in existence.
I'm not a huge fan of the language, but it is absolutely everywhere. Completely pervasive and very accessible.
By learning javascript you can:
Build cross platform web based front ends
Do cross platform mobile development (Cordova/Phonegap/Titanium)
Build backend systems, apis (Node.js)
Interface with tons of third party systems and services which have exposed restful/json apis.
So from a practical perspective it is definitely the way to go, most bang for your buck. Shallow learning curve, lots of use cases. If you are already programming in C and Lisp this will be a breeze.
Does anyone else think this doesn't make any sense?
So, you give them the key to encrypt your data with, and they couldn't possibly store that key, intercept it or otherwise save it somewhere for later?
This is pretty much how all of the cloud providers operate though, the moment you hand over the keys to an intermediary its over.
Actually no, I meant it. Most of the Cisco products are a steaming pile.
It might just have something to do with the fact that the Juniper products are with few exceptions a million times better. I avoid almost all of the CIsco gear like the plague.
I agree that we need to do better, but the funding for hardware startups isn't there. The risks are perceived as being too great, and long gone are the days when someone builds an Apple I in their garage. I thought the Novena laptop was a good step in the right direction, but that clearly demonstrates the challenges involved when competing with hardware designed at scale. Software is just so much more accessible and cheaper to build.
We are going to have to agree to disagree. I haven't read Lewis' book, but I do have a fairly significant background in trading. All you have to do is look at the bid/ask spread and tick data from the late 80' until now to see the massive change technology has introduced. You can also see how the banks have reacted to this competition by trying to take their business into sheltered exchanges where the market is more "fair" to their interests. You can execute a trade at a fraction of the cost and the spread is tighter than it has ever been, how can there be any argument that individuals aren't getting excellent pricing and liquidity. If anything I think the move into dark pools is far more insidious as it prevents public price discovery. The outcry over extremely well funded players who have invested tens of millions into people and technology in order to "win" versus the average person who gets a good price and can always fulfill an order for $5 on E-trade is silly. Normal people aren't competing with HFT companies in either scale or timeline, and in aggregate are reaping substantial savings due to the insane free market competition between them. I'll see if I can pick up that book, but experience tells me a very different story than the one people on slashdot keep touting.
There is nothing guaranteed about it. The market is entirely open in that regard. If you have the capital and the expertise then beat them at their game. If they didn't lose any money then they were just really good at it. Every time you place an order you are taking a capital risk, you may be on the wrong side of the trade, your systems may crash, or your competitors may be better than you, or any number of a thousand other things that could make you lose money. You don't win for five years straight by being a rent seeker, it is perhaps the most competitive technology sector in the world.
I have to disagree. HFT is not rent seeking. It requires extraordinary amounts of capital and technology in order to be successful in HFT, and similar amounts over a long period of time in order to remain so. People seem to forget that HFTs inject real money into the market in order to operate, which means they take capital risk and also reap rewards if they are good at what they do. It isn't anything like sitting on a piece of land and collecting rent, the comparison is absurd.
And someone doesn't get it....
I don't think so. This is a high value vulnerability, you keep it in the back pocket. Especially since it has demonstrated key extrication and affects a large number of hardware and software platforms.
This doesn't negate the fact that this was their favorite vulnerability. Realistically most intelligence services probably new about this shortly after that commit.
Your entire post is factually incorrect.
" and it's basically an inherent flaw down to the fact that the internet (TCP/IP) is routed randomly"
The Internet and TCP/IP are not routed randomly, your basic failure to understand that leads me to believe that you shouldn't be advocating for adding latency to HFT infrastructure you don't understand.
This is totally valid. Obviously not the point I'm trying to make. The suggestion you had above of making some kind of event that shuts it down is a good one, I'lll have to give it some thought. :)
Hah, yeah. I've had mixed reactions to that. :-) I'll probably replace it with something a little less threatening that still gets the point across.
When I read the summary I immediately thought to myself that I have similar goals to these guys, in that I want to make cryptography easily accessible to a wide variety of users. I'm specifically focused on secure file transfer, and am in open beta. You guys can check it out at https://www.senderdefender.com/ and let me know what you think. Given how insecure cloud data is in general I suspect we will see a growing number of client side encrypted communication tools.
Matt
I think I have some insight into this as I have an end to end encrypted cloud service called coinlock.com My slashvertisement on the subject was ignored though ;) millions in funding tends to get people noticed.
Anyway on this particular subject I think you have hit the nail on the head. The key to long term security is to completely open up the API and separate the client side components so that third parties can use te service with their own sotware or with the software that you have provided them directly on their local computer.
This is easier said than done for most services, but its something that I am striving towards and intend to do a full client auditable release as well as publish the public facing api. This idea that people can move their services outside of the country and it matters I think is very flawed. U.S. companies are subject to the law regardless of where they do their hosting, and the managment team is the weakest link in the security chain. This is something that is best solved by transparency.