Yeah, that was what I was implying - I see no way random screening *plus* occasional "profiling" could statistically *decrease* the chances vs. random screening alone...
it would include an override that watching agent could trigger a red light if he saw something suspicious... if only to ensure the continued employment of said agents. And such an override would result in profiling, negating one of the major advantages of the system
Wait, *how* is not allowing an agent who saw something suspicious to stop someone an *advantage*!?
"Sir, I just saw this guy typing a text message 'almost through - they'll never find it before I get on' - should I stop him?" "No, that would be profiling. Just make sure he pushes the button."
Randomized screening may allow a single terrorist through, but something like 9/11 which required 19 guys means almost certainly one of them will be caught. If one is caught, you know to look for others.
It wouldn't have made a bit of difference, since nothing they did was illegal at the time. They were basically using a few (at the time allowed) X-Actos in their luggage and several months of training on how to fly the planes.
You assume the terrorists are all stupid enough to try to bring something *currently* illegal through screening, which will almost never be the case.
There is so much wrong with this post it's kind of sad...
As I described above a C memory do not require RAM
This statement makes no sense in any possible way I read it. I'm not even sure what "a C memory" is, but any normal executable requires memory, of course.
Static libraries in C are not something that you would use other than for system utilities that need to work when dynamic loading are failing.
Not necessarily true at all. I work a lot in embedded systems and game consoles, where static linking is really common for C/C++ apps (to have better control over system libs, and for performance).
Static libraries are as I stated before not really loaded but memory-mapped and in some systems shared between applications in order to save memory.
This statement doesn't make any sense either. A static library is just an archive that the linker pulls from to include code into another executable. Therefore it's NOT shared between "applications" (I assume you mean processes in this case). Shared/dynamic library code, on the other hand, is shared between processes on many (but not all) operating systems.
One solution would be for a javascript engine to detect loading of popular libraries and override them with native implementations but that would create problems with versioning.
That generally wouldn't work since Javascript is a dynamic language, and by design the code can be self modifying.
Trivial Python script? Neither his thread nor the article as a whole is remotely about "trivial" *or* "Python". it's about about HTML5/Javascript programming (in complex web/client apps) vs C. I am comparing complex Javascript apps with complex C apps.
Netflix uses Javascript for most of their platforms (everything from browsers to the Playstation 3). Most of the Google browser apps like Gmail, etc use it. So does Facebook. Hell, Microsoft now supports MS Store apps (formerly "Metro") written entirely in Javascript, and in fact it's the only platform available for Media apps on the XBox One *and* the PS4 (both of which I am working on now, having done a previous 360 app in C# and PS3 app in C/C++).
I sense that you have never actually done a complex project like that in Javascript. So *maybe* you just aren't the right person to be able to compare Javascript app development with C... libraries are libraries, whether it's jQuery for Javascript or curl, openssl, libxml2, etc for C. Unless you are doing something trivial in C you are obviously using plenty of external libraries, or reinventing the wheel a dozen times.
shared_ptr is reference counting, which is pretty much garbage collection.
Not at all. Shared pointers are just an encapsulation for reference counting that can delete the object when it's no longer used. There is no garbage - the memory is around when needed, and freed as soon as it isn't. And there is no collection - the last shared pointer object goes out of scope, and its destructor can delete the object it contains.
This sort of thing is what object oriented programming is all about, it's not just a shortcut to hide your variables and put your functions inside different namespaces...
You mean frameworks like... X11? Freetype? Glib? Pthreads? Openssl? Libxml2? Gnome-terminal itself (which basically a *text* terminal) links with 52 different libraries. Implementing them all yourself would be absurd. Even a reasonably complex non-GUI executable like mysqld links with a couple dozen libraries.
HAH! In fact, it's pretty much the opposite in practice. C requires shitloads more libraries (from the application developer's point of view) to do the same things that (browser-based) Javascript does, since Javascript/HTML already has shitloads of built-in functionality.
Just try to do "much more than what you do with JavaScript" in C by only linking with libc.
The problem with "libraries" in Javascript is they are really pretty much just script includes, and most Javascript apps just load them all into the global namespace up front. Static libraries in C let you only include the code you use, and dynamic libraries tend to be shared across all processes that use them.
When you assert that a security breach has nothing to do with morality, you could not be more wrong. Morality can generate powerful motives. So can money and sex.
Morality of the person taking the data, very possibly. But clearly I was responding to the claim that if the *organization* is moral that will simply solve the problem, which is obviously untrue in the case of an immoral (and/or greedy, etc) employee/insider.
Sure, there are plenty of reasons that could be the fault of the organization (shady immoral/practices, poor treatment of employees, etc) but for every one of those I could also provide an example that is not (or mostly not) their fault: industrial espionage (there are people out there who would just have no problem stealing from their employer for a large payoff if they don't think they will be caught), political differences (also plenty of insiders/double agents/what have you on ALL sides who have been stealing secrets from governments and businesses for ideology as much as money), or just plain sociopathic behavior (unfortunate hiring decision, I suppose, but it happens - but watch out when trying to *justifiably* fire that person...).
I think you drastically underestimate the number of data leaks due to just plain greed or other personal motivation vs. "whistleblowing" - I would bet the former is much more common.
The technical question is an interesting one, sure, but don't expect people to ignore the moral dimension, especially when it's presented in such sloppy fashion.
Agreed - but then I assume you would therefore agree that the OP's post entitled "simple" and the replies that it's purely about "good and evil" is silly. The issue is most not definitely not simple nor black and white.
NSA shill? Hah. Seriously? I'm sure the NSA has better things to do than troll slashdot. I'm not any happier about what the government has been doing behind people's backs than anyone else here. I just don't think that's the point of the post at all (since if it was, it's a fairly pointless post and the submitter's are usually pretty good). Reading TFP confirms that.
And bigoted... I do not think that word means what you think it means...
Anyway, you must be new to slashdot. The sensationalistic title rarely matches the content of the submission. Pretty much like most articles in the media these days...
You could say that Tim was victim of his own success, but I say he was victim to his own creativity combined with over-excitement.
Well, hopefully it's too soon to name any victims yet... though I have to say I'm glad to see the scope was extended to a larger, more in depth adventure game, almost all of his others have been well worth it. Then again, I'm fine with waiting until it's actually finished to buy it...
FWIW, asking a crowd like this a question like that at a time like now... a straight answer is probably the last thing most of us are thinking about responding with.
And, I suppose in the end that's why TFA asked it... like the vast majority of the media (even many of the ones actually leaking Snowden's information) they really aren't all that interested in the answers, just making money off of of the publications...
The usual over-sensationalistic headline says that, but if you actual READ the details (it's not hard, most of it is right up there at the top of the page!) it says:
"when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack... What do you think the best way is to lock down a system against malicious insiders?"
No, the general question TFA asks about security breaches really has nothing to do with right and wrong or morality, it was simply about protection of data from insiders in any organization. What if Snowden's motivation had instead been monetary (which is much more common in security breaches than whistleblowing)? Or industrial espionage instead of government?
Protecting data from internal leaks is a complex issue, and pretending "if you are good it won't happen" is idiotic.
No, it's not worthless, you just didn't read it or didn't want to listen. And why would your "speculation" be the slightest bit useful to anyone in this discussion then, anyway?
They wouldn't let us move furniture - in this case move a table across a room. Do you routinely call in a highly trained furniture-moving union employee at home to move a table across the room? Do you feel like you are putting your life in your hands if you do it yourself? And yeah, some dude with a few weeks of training is SO much more qualified to run and plug Ethernet cables than engineers who have probably been doing it since they were in high school... plus, it's SO dangerous, who knows, if done wrong you might strangle yourself with the Ethernet cord!
It's purely Las Vegas convention union absurdity at its worst, I would imagine many who have done major convention setup in LV (probably plenty of people here) has experienced this. You clearly have not, so your speculation is what's "worthless"...
This prevents the whole asshattery common in the US guilds because you all have the same interest, basically - both as workers but also as workers in a company.
Maybe in some cases that's true in the US, completely not in this case. TFA was talking about a very specific branch of a union handling a very specific industry and company, and most definitely not a "trade" - ie. BART employees, who can do anything from driving trains to selling tickets.
I do take issue with your last statement, however. Compromise between whom? This idea that the workers and the employers are on two different sides of the table is a creation of the corporate class to justify "fighting" for their piece of the pie,
I'm not going to defend corporate action any more than unions or the current ridiculous tax brackets, but if you won't even acknowledge that negotiation and compromise between an employer and employee is a fundamental part of the process (and has been for thousands of years, regardless of how it turns out for either party) then you're not worth debating:)
I can get fired for, say drinking on the job, embezzlement or if the company no longer needs to perform the job I perform but that's about it. The reason I have this job security and a wage I can send my kids to university for is because of the unions. My boss has the same protections. We both work for the company. It's not the case that he, effectively IS the company and I am an indentured servant like I get the impression is the case with my american colleagues.
And, that's why there is so little innovation in the entrenched system (whether it's giant American corporations afraid of employee lawsuits, or European countries afraid of everything...) If you can't be fired for just plain being less competent at your job than someone else who could replace you for the SAME cost, it's bad for everyone but you. I have twice left cushy jobs for startup at a 30-50% pay cut and no benefits whatsoever (sometimes unsure if I'd get paid at all that week). First time it was fairly disastrous, second time paid for my house. I doubt I'd get either of those chances if I had to join a union for the job.
When was the last time you saw a union rep in a sit-com or some such that acted responsibly and was not an asshat, parasite, loser or outright thief?
Sit-coms?? Eh... who cares. But I can provide dozens of examples of strong union reps in powerful movies over the last few decades, several of which have won Oscars. Which is great, I'm not anti-union at all for the right fields, just against their "over-reach", which in the US at least, is becoming WAY too common. Hence my original point!
and companies like Google, Zynga, Netflix etc are well-known to demand long hours from their employees without paying overtime (albeit paying decent salaries instead).
Zynga, sure, but they are not the norm, they are the poster child for dysfunctional companies with a dipshit (now former) CEO. Google, not really, it's been pretty reasonable for a long time now. Netflix!?! Netflix has no vacation policy, the work policy is "get your work done and you can take as much vacation as you need." And before you say "well, that just means they will be guilted into taking less vacation" - there was a study a couple years ago that showed Netflix employees in fact did take more vacation than the average tech employee. Of course, they also fire more employees than the average company - but if you know how to work efficiently and can adjust to the somewhat different atmosphere, it's certainly far from a sweatshop...
One thing that does annoy the crap out of me is when union "rules" prevent you from even perform your *own* simple tasks, requiring a union employee to do it/be present.
For example, several times I have helped set up demos at CES booths/suites, and literally wasn't even allowed to move around furniture, unpack certain objects from boxes, or run/plug in certain kinds of cables without union workers. Sometimes we had to just sit there for an hour waiting for someone to show up to perform a 30 second task. That sort of practice not "protecting" the union employees from "management" hiring cut-rate non-union labor, it's extorting $100/hr for pointless tasks that they had no business being involved with in the first place.
THIS sort of thing is why there has been such a backlash against unions - just like government agencies these days, they DO still perform valuable services, but the bureaucracy, politics, incompetence, and waste are giving them a really bad name. It used to be about COMPROMISE, but seems to be increasingly about ENTITLEMENT...
The problem with this, is that it's still programmed failure. In my experience, hardware or software faults, or combinations of both, are not nearly as effective as plain old human stupidity.
But that's largely irrelevant to their testing methodology. They don't just simulate hardware, software, or human faults, they simulate loss of services at various levels of granularity. Doesn't matter whether a server died, someone misconfigured a router, a construction backhoe plowed a fiber cable, a Starz Network-funded hit squad took out their data center, or an earthquake struck the West Coast - it simulates an outage in their network that they want to recover from.
And let's be honest: It's more abundant in the universe than hydrogen, and infinitely harder to defend against
Ok, this line is just plain ridiculous. Been a long day, I assume? Or were you distracted in your metaphor thoughts while vigilantly defending your network against hydrogen?:)
Not cross platform at all until some browser for Linux actually implements their extensions via EME. Chrome might, but probably just for Google's own DRM (Widevine). Netflix currently uses MS PlayReady, good luck getting that in a Linux browser...
Slashdot Mirror
Yeah, that was what I was implying - I see no way random screening *plus* occasional "profiling" could statistically *decrease* the chances vs. random screening alone...
it would include an override that watching agent could trigger a red light if he saw something suspicious... if only to ensure the continued employment of said agents. And such an override would result in profiling, negating one of the major advantages of the system
Wait, *how* is not allowing an agent who saw something suspicious to stop someone an *advantage*!?
"Sir, I just saw this guy typing a text message 'almost through - they'll never find it before I get on' - should I stop him?"
"No, that would be profiling. Just make sure he pushes the button."
Randomized screening may allow a single terrorist through, but something like 9/11 which required 19 guys means almost certainly one of them will be caught. If one is caught, you know to look for others.
It wouldn't have made a bit of difference, since nothing they did was illegal at the time. They were basically using a few (at the time allowed) X-Actos in their luggage and several months of training on how to fly the planes.
You assume the terrorists are all stupid enough to try to bring something *currently* illegal through screening, which will almost never be the case.
There is so much wrong with this post it's kind of sad...
As I described above a C memory do not require RAM
This statement makes no sense in any possible way I read it. I'm not even sure what "a C memory" is, but any normal executable requires memory, of course.
Static libraries in C are not something that you would use other than for system utilities that need to work when dynamic loading are failing.
Not necessarily true at all. I work a lot in embedded systems and game consoles, where static linking is really common for C/C++ apps (to have better control over system libs, and for performance).
Static libraries are as I stated before not really loaded but memory-mapped and in some systems shared between applications in order to save memory.
This statement doesn't make any sense either. A static library is just an archive that the linker pulls from to include code into another executable. Therefore it's NOT shared between "applications" (I assume you mean processes in this case). Shared/dynamic library code, on the other hand, is shared between processes on many (but not all) operating systems.
One solution would be for a javascript engine to detect loading of popular libraries and override them with native implementations but that would create problems with versioning.
That generally wouldn't work since Javascript is a dynamic language, and by design the code can be self modifying.
Trivial Python script? Neither his thread nor the article as a whole is remotely about "trivial" *or* "Python". it's about about HTML5/Javascript programming (in complex web/client apps) vs C. I am comparing complex Javascript apps with complex C apps.
Netflix uses Javascript for most of their platforms (everything from browsers to the Playstation 3). Most of the Google browser apps like Gmail, etc use it. So does Facebook. Hell, Microsoft now supports MS Store apps (formerly "Metro") written entirely in Javascript, and in fact it's the only platform available for Media apps on the XBox One *and* the PS4 (both of which I am working on now, having done a previous 360 app in C# and PS3 app in C/C++).
I sense that you have never actually done a complex project like that in Javascript. So *maybe* you just aren't the right person to be able to compare Javascript app development with C... libraries are libraries, whether it's jQuery for Javascript or curl, openssl, libxml2, etc for C. Unless you are doing something trivial in C you are obviously using plenty of external libraries, or reinventing the wheel a dozen times.
shared_ptr is reference counting, which is pretty much garbage collection.
Not at all. Shared pointers are just an encapsulation for reference counting that can delete the object when it's no longer used. There is no garbage - the memory is around when needed, and freed as soon as it isn't. And there is no collection - the last shared pointer object goes out of scope, and its destructor can delete the object it contains.
This sort of thing is what object oriented programming is all about, it's not just a shortcut to hide your variables and put your functions inside different namespaces...
You mean frameworks like... X11? Freetype? Glib? Pthreads? Openssl? Libxml2? Gnome-terminal itself (which basically a *text* terminal) links with 52 different libraries. Implementing them all yourself would be absurd. Even a reasonably complex non-GUI executable like mysqld links with a couple dozen libraries.
HAH! In fact, it's pretty much the opposite in practice. C requires shitloads more libraries (from the application developer's point of view) to do the same things that (browser-based) Javascript does, since Javascript/HTML already has shitloads of built-in functionality.
Just try to do "much more than what you do with JavaScript" in C by only linking with libc.
The problem with "libraries" in Javascript is they are really pretty much just script includes, and most Javascript apps just load them all into the global namespace up front. Static libraries in C let you only include the code you use, and dynamic libraries tend to be shared across all processes that use them.
When you assert that a security breach has nothing to do with morality, you could not be more wrong. Morality can generate powerful motives. So can money and sex.
Morality of the person taking the data, very possibly. But clearly I was responding to the claim that if the *organization* is moral that will simply solve the problem, which is obviously untrue in the case of an immoral (and/or greedy, etc) employee/insider.
Sure, there are plenty of reasons that could be the fault of the organization (shady immoral/practices, poor treatment of employees, etc) but for every one of those I could also provide an example that is not (or mostly not) their fault: industrial espionage (there are people out there who would just have no problem stealing from their employer for a large payoff if they don't think they will be caught), political differences (also plenty of insiders/double agents/what have you on ALL sides who have been stealing secrets from governments and businesses for ideology as much as money), or just plain sociopathic behavior (unfortunate hiring decision, I suppose, but it happens - but watch out when trying to *justifiably* fire that person...).
I think you drastically underestimate the number of data leaks due to just plain greed or other personal motivation vs. "whistleblowing" - I would bet the former is much more common.
The technical question is an interesting one, sure, but don't expect people to ignore the moral dimension, especially when it's presented in such sloppy fashion.
Agreed - but then I assume you would therefore agree that the OP's post entitled "simple" and the replies that it's purely about "good and evil" is silly. The issue is most not definitely not simple nor black and white.
NSA shill? Hah. Seriously? I'm sure the NSA has better things to do than troll slashdot. I'm not any happier about what the government has been doing behind people's backs than anyone else here. I just don't think that's the point of the post at all (since if it was, it's a fairly pointless post and the submitter's are usually pretty good). Reading TFP confirms that.
And bigoted... I do not think that word means what you think it means...
Anyway, you must be new to slashdot. The sensationalistic title rarely matches the content of the submission. Pretty much like most articles in the media these days...
You could say that Tim was victim of his own success, but I say he was victim to his own creativity combined with over-excitement.
Well, hopefully it's too soon to name any victims yet... though I have to say I'm glad to see the scope was extended to a larger, more in depth adventure game, almost all of his others have been well worth it. Then again, I'm fine with waiting until it's actually finished to buy it...
FWIW, asking a crowd like this a question like that at a time like now... a straight answer is probably the last thing most of us are thinking about responding with.
And, I suppose in the end that's why TFA asked it... like the vast majority of the media (even many of the ones actually leaking Snowden's information) they really aren't all that interested in the answers, just making money off of of the publications...
The usual over-sensationalistic headline says that, but if you actual READ the details (it's not hard, most of it is right up there at the top of the page!) it says:
"when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack ... What do you think the best way is to lock down a system against malicious insiders?"
No, the general question TFA asks about security breaches really has nothing to do with right and wrong or morality, it was simply about protection of data from insiders in any organization. What if Snowden's motivation had instead been monetary (which is much more common in security breaches than whistleblowing)? Or industrial espionage instead of government?
Protecting data from internal leaks is a complex issue, and pretending "if you are good it won't happen" is idiotic.
No, it's not worthless, you just didn't read it or didn't want to listen. And why would your "speculation" be the slightest bit useful to anyone in this discussion then, anyway?
They wouldn't let us move furniture - in this case move a table across a room. Do you routinely call in a highly trained furniture-moving union employee at home to move a table across the room? Do you feel like you are putting your life in your hands if you do it yourself? And yeah, some dude with a few weeks of training is SO much more qualified to run and plug Ethernet cables than engineers who have probably been doing it since they were in high school... plus, it's SO dangerous, who knows, if done wrong you might strangle yourself with the Ethernet cord!
It's purely Las Vegas convention union absurdity at its worst, I would imagine many who have done major convention setup in LV (probably plenty of people here) has experienced this. You clearly have not, so your speculation is what's "worthless"...
This prevents the whole asshattery common in the US guilds because you all have the same interest, basically - both as workers but also as workers in a company.
Maybe in some cases that's true in the US, completely not in this case. TFA was talking about a very specific branch of a union handling a very specific industry and company, and most definitely not a "trade" - ie. BART employees, who can do anything from driving trains to selling tickets.
I do take issue with your last statement, however. Compromise between whom? This idea that the workers and the employers are on two different sides of the table is a creation of the corporate class to justify "fighting" for their piece of the pie,
I'm not going to defend corporate action any more than unions or the current ridiculous tax brackets, but if you won't even acknowledge that negotiation and compromise between an employer and employee is a fundamental part of the process (and has been for thousands of years, regardless of how it turns out for either party) then you're not worth debating :)
I can get fired for, say drinking on the job, embezzlement or if the company no longer needs to perform the job I perform but that's about it. The reason I have this job security and a wage I can send my kids to university for is because of the unions. My boss has the same protections. We both work for the company. It's not the case that he, effectively IS the company and I am an indentured servant like I get the impression is the case with my american colleagues.
And, that's why there is so little innovation in the entrenched system (whether it's giant American corporations afraid of employee lawsuits, or European countries afraid of everything...) If you can't be fired for just plain being less competent at your job than someone else who could replace you for the SAME cost, it's bad for everyone but you. I have twice left cushy jobs for startup at a 30-50% pay cut and no benefits whatsoever (sometimes unsure if I'd get paid at all that week). First time it was fairly disastrous, second time paid for my house. I doubt I'd get either of those chances if I had to join a union for the job.
When was the last time you saw a union rep in a sit-com or some such that acted responsibly and was not an asshat, parasite, loser or outright thief?
Sit-coms?? Eh... who cares. But I can provide dozens of examples of strong union reps in powerful movies over the last few decades, several of which have won Oscars. Which is great, I'm not anti-union at all for the right fields, just against their "over-reach", which in the US at least, is becoming WAY too common. Hence my original point!
and companies like Google, Zynga, Netflix etc are well-known to demand long hours from their employees without paying overtime (albeit paying decent salaries instead).
Zynga, sure, but they are not the norm, they are the poster child for dysfunctional companies with a dipshit (now former) CEO. Google, not really, it's been pretty reasonable for a long time now. Netflix!?! Netflix has no vacation policy, the work policy is "get your work done and you can take as much vacation as you need." And before you say "well, that just means they will be guilted into taking less vacation" - there was a study a couple years ago that showed Netflix employees in fact did take more vacation than the average tech employee. Of course, they also fire more employees than the average company - but if you know how to work efficiently and can adjust to the somewhat different atmosphere, it's certainly far from a sweatshop...
One thing that does annoy the crap out of me is when union "rules" prevent you from even perform your *own* simple tasks, requiring a union employee to do it/be present.
For example, several times I have helped set up demos at CES booths/suites, and literally wasn't even allowed to move around furniture, unpack certain objects from boxes, or run/plug in certain kinds of cables without union workers. Sometimes we had to just sit there for an hour waiting for someone to show up to perform a 30 second task. That sort of practice not "protecting" the union employees from "management" hiring cut-rate non-union labor, it's extorting $100/hr for pointless tasks that they had no business being involved with in the first place.
THIS sort of thing is why there has been such a backlash against unions - just like government agencies these days, they DO still perform valuable services, but the bureaucracy, politics, incompetence, and waste are giving them a really bad name. It used to be about COMPROMISE, but seems to be increasingly about ENTITLEMENT...
The problem with this, is that it's still programmed failure. In my experience, hardware or software faults, or combinations of both, are not nearly as effective as plain old human stupidity.
But that's largely irrelevant to their testing methodology. They don't just simulate hardware, software, or human faults, they simulate loss of services at various levels of granularity. Doesn't matter whether a server died, someone misconfigured a router, a construction backhoe plowed a fiber cable, a Starz Network-funded hit squad took out their data center, or an earthquake struck the West Coast - it simulates an outage in their network that they want to recover from.
And let's be honest: It's more abundant in the universe than hydrogen, and infinitely harder to defend against
Ok, this line is just plain ridiculous. Been a long day, I assume? Or were you distracted in your metaphor thoughts while vigilantly defending your network against hydrogen? :)
Not even a new name, monkey testing has been around for a long time...
Not cross platform at all until some browser for Linux actually implements their extensions via EME. Chrome might, but probably just for Google's own DRM (Widevine). Netflix currently uses MS PlayReady, good luck getting that in a Linux browser...
Damn you, I of course followed the link and as usual spent the next half hour clicking "Random Comic"...
She just invented a new flashlight, and wants to use "energy that surrounds but we never really use."
Like, the energy that surrounds us and penetrates us, and binds the galaxy together? Her "long time interest" is clearly building a light saber.