Same way they'd sell your car if that's what you had illicitly gained and they'd seized it - and they'd sell it for US$.
This is just conversion of a seized good to monetary value (and probably at way below current rates, if "police auctions" etc. are any measure of how they'll go about it).
I'm dubious about the distance but remember that they are TARGETTING their devices.
As such, they could be on a roof 12km away with a whole array of receivers pointed to within inches of the radio source, and so 12km isn't as insane as it sounds. But it doesn't mean they have a commercially viable tech that others don't.
Pringles tins on wireless dongles - the range can be immense, and if you are good at antenna design, it can get insane. If you know to within-an-inch where you're supposed to be pointing at and/or can trigger it to do a one-off high-powered transmit to download information (by a similar one-off high-powered transmit from a distance), then it's not all that impossible.
But you're not going to see another 802.11 wireless revision out of their work. It's a whole different ball game.
I agree - however, there is the question of "who did they use them on?" and also that they were basically DESIGNED not to be detected.
Most people who they targeted probably were arrested or they never even thought they were a target. In that case they can recover their hardware.
The number of devices compromised is likely to be very small as a percentage of the devices out there. Almost certainly neither you or I have one of these devices in our kit. If we did have, how often have you popped open every keyboard/mouse/usb stick you own to make sure there's not something else in there that wasn't supposed to be?
And if they are in collusion with even a single manufacturer to produce a compromised device, then you may never know about the devices hidden functions until you do a chip-analysis of everything inside the device (probably involving decapping and analysing the whole thing which can take years and decades of expertise).
As such, it's unlikely you will ever see one, even with everyone on the Internet looking. That's also what I would expect if they were doing their job properly (or else these things would be discovered quickly and be useless to them).
Much more importantly - if this is true, and we even if we start to use only trusted hardware, this is just more reason to have more "open" machines.
Who knows what's inside a chip on your particular computer, even if it looks very similar to a mass-market item, if they could have got their hands on it and/or been the ones supplying it to you?
Most of the software I use is freeware, actually, or not open-source. The fact is that I help those projects whenever I am able because I feel a "debt" to them that does not always have a direct monetary value (but I have donated to, and bought from, such projects because I want to support them).
The rule is simple: Help me, and I'll help you. It doesn't matter about being open-source - as such - if your software/service is useful and free, I will help you out. I will refer users to it (which could generate you ad revenue). I will send in helpful suggestions. I will even take off some of your support burden by helping your own users in your own forums (or even settings up my own for them!).
And it doesn't matter about your source code - nice as that is. I've even done this for major commercial companies selling educational software, for instance.
Help me, I'll help you. Stiff me, and I'll only use you if I absolutely have to.
It was nMap if I remember rightly, finding an open port, and then applying a rootkit to it. But it was something like 10 years old at the time of filming. Because of the "we don't know what year it is", you can sort-of get away with it, but how hard would it have been to just change the numbers, tweak the name, etc. to have it do the same thing, convincingly.
Oh, and display it on a fecking WIMP-based system rather than a text console and it would look infinitely better, more modern and also not be quite so stupid (hell, put it in an SSH window, ffs).
Well, yes, but the point is that there's no need to do this.
If you're making a film about cars, get someone who knows about cars to help produce/edit it, at least for glaring inaccuracies. If you're making a film about guns, the same. If you're making a film about computers, the same.
To be honest, even the "555" phone number is enough to jolt me out of a movie I'm into - you instantly are reminded that it's fake things you are watching (which is not what a film director should be doing to their captivated audience).
I've always had this annoyance, too. I have it about computer movies, mathematics and science. A geneticist I live with has it about science and genetics in general (do not let her watch Gattaca or Jurassic Park!). My ex and her father (both black belts) have it about anything martial-arty. My dad (a mechanic) has it about cars and mechanics.
I just don't see how hard it is to get someone who vaguely knows what they are doing to actually step back and say "hold on, that wouldn't happen". I don't expect perfection but at least if you're qualified enough to teach, say, a film star kung fu over a year of filming, have the decency to make sure that the moves you teach are realistic and there's no "queue of baddies waiting to be beaten up, because they're too stupid to attack simulatenously" elements. Same for computer graphics - SOMEONE with computer knowledge had to make them and display them, just ask them what it would look like if they REALLY did what the actors are being asked to do.
Same for cars, guns, planes, stunts, etc. You have an expert on the movie, ask them if it's at all realistic and, if not, change it. Artistic licence is fine so long as you KNOW that's why you're doing it but too often directors go OUT OF THEIR WAY to make things "pretty" when actually the real thing would be a lot more realistic, useful, interesting, less jarring, etc. (e.g. who the hell uses text-based displays nowadays, and why do you need to "fake" loading screens or password decryptions or whatever - everyone KNOWS what a computer looks like and how display windows work).
You don't get this in theatre, except by accident. You don't get it in novels, because the amount of detail required means you can hide all the potential pitfalls behind the line "He logged on..." or similar.
You only get it in Hollywood, and you must only get it through directors who think they know what LOOKS better. While a certain percentage of the audience can't stop laughing at the ridiculous methods used, or just screen "NO! That's NOT how it works" at the screen.
I don't get why annoying your audience is a good thing, at the expense of listening to the people you hired to be experts anyway.
Re:i agree except for one thing
on
If I Had a Hammer
·
· Score: 3, Insightful
Agreed.
A person requires two separate lives. Work life is but one and no matter how passionate about the subject I might be, it is primarily to earn money. You ensure you earn money and continue to do so in the future by doing a good, professional job of things, don't get me wrong. And you might well be passionate about your work. But it should not take over your life.
Fact is, if you told the average person that they'd never have to go to work again, they would NOT do the things that they do as part of their working life. You are not going to see these people walking into their work at an insurance brokers and trying to arrange policies. You might, just might, find a scientist or maybe a passionate person offer their services after such an event but, in general, across the various workforces those people don't have to worry about their identity or robots coming in to do their jobs for them.
There's a couple of countries that don't understand work-life separation and they are usually the ones where you can convince people with the "cheerlead" method of inspiration ("Woohoo! Let's go do this!") and not much else. But I'm not convinced that, even under the facade, this is a healthy option, or that over-dedication is rewarded.
My previous boss basically worked himself into hospital, such was his dedication to the workplace, but it was never adequately recognised and he calmed himself down and moved on.
Every employer I go to seems to want me, at some point, to prove I have a life outside work. Literally, they have application forms that ask about my non-work-related interests and specifically say things about it not drawing on your working skillset. They don't want mindless drones with a single interest. They want humans who are happy and have a life. And I work in IT!
I don't want to work with, nor do I want to be, a corporate drone. I work as a payment to do the things I enjoy doing. Fortunately, I enjoy the majority of my work too. But even among my friends and family, my work life is a separate, mysterious thing that they don't see (unless they come work with me, like my brother did just recently).
Work is not part of my identity - it's another identity that I assume in order to live my life comfortably. If it were not necessary, that persona would not exist. And if I ever find my work identity being all I have in life, I think I'd have to seriously consider what I'm doing with it.
Yep, pretty much what I crafted. Their problem was that their ()'s lacked the power to express that it had to have something-dot, or nothing at all (specifically the "nothing at all" part, so foo.com wasn't caught by a regexp for *.foo.com
Regexp's are a programming language unto themselves.
I'm currently doing some temp IT work for schools while my promised job becomes available and it's eye-opening. The web-filtering is all reg-exp based but nobody understands how it works.
They just copy/paste an example and change the parts of the URL that they can see to match the one they want. They barely bother to test the impact, past the site they need becoming "unfiltered" or "filtered" as necessary (i.e. no implication of knock-on effects on other sites with similar names). Let's not even mention the use of "." without the escape character for them to mean a literal period (but, obviously, it means "any character" in a regexp).
I talked to them about changing their template regexp because, from the start, I could see that it wasn't really up to the job and just met if not opposition then at least apathy about the problem.
Until someone brought an iPad into the helpdesk where a site that was supposed to be unfiltered was filtered - because nobody had considered what happens if you use "http://example.com" instead of "http://www.example.com". I was the one to spot it, and tell them that it's because their regexp was very basic.
The good thing was, the other tech on the team was young and keen to learn and I was able to give them a quick rundown of regexps and we crafted an alternative template for them to use that would take account of the situation without, for instance, the blocking of "microsoft.com" affecting "antimicrosoft.com".
But it is amazing how many people I know that work in IT have no idea how to program, no idea how to handle regexps, and just work on a "copy a working example" basis.
But I've never seen nor played a game with ESDF default (and especially not Quake 2 as another poster suggests.
WASD just makes more sense in terms of hands - it's extreme left to be in the most shoulder-comfortable position when your other hand is on a right-handed mouse, but without hitting stupid / odd keys like Caps Lock etc.
The file you are reading a string from contains a string with more than 100 bytes of text before it's closing "NULL" (\0) character. The program reads in the 100 bytes and then, because the programmer didn't tell it to check or to stop (in this instance), it keeps going.
This puts whatever is in the file into whatever is NEXT TO the place you were storing the string. Often this is harmless data that happens to be near the string but, because of the nature of C and just programming in general, if you don't have appropriate protections, it COULD write over "the stack" (which happens to contains the memory addresses of where the code has to go next). As such, with lots of clever manipulation, an absence of checks and an absence of various security technologies, loading anything even as harmless as a text file, or font, or anything in a packet from the net could result in abitrary code execution as the user.
In this case, the user is root. In this case, the overflow occurs but it's not yet been demonstrated that you can do anything dangerous with it (i.e. execute code). In this case, protections like DEP and stack-checking actually block the attack and just make the program crash.
In ALL cases, if the programmer is awake and just checks ALL input that could come from an untrusted source, the question is moot.
Until I personally can buy it, for money, today, with the option of next day delivery, it doesn't exist.
Pre-orders, etc. do not count under this definition, you'll notice.
Saved me from a lot of junk that never actually arrived (everything from battery technologies, the "never-ending-development" games, to all kinds of fancy hardware and consoles).
Literally, ignore it until you can click "Buy It Now" somewhere.
Write them down. In a notebook. Label what they are the password for.
Store book in safe place and update once a year.
That's how I do it for my employers (large fireproof safe, book sealed so you can't open it without me noticing, etc.) and for myself.
If you get to my safe, get into my safe, get into the book, then it's also game over for every PC in the house anyway, not to mention my Facebook password will be the least of my worries (banking token generators, etc.).
Seriously people, stop repeating the advice to "never write down passwords". Write them all down in one huge book and PUT IT SOMEWHERE VERY VERY VERY SAFE. Then if you die, if you're on holiday and someone needs to log in for whatever reason, if your other half is at home and desperately needs to do something important as you, then you can talk them through getting access or they will know.
If you don't trust them? Lock it in a cheap safe of your own. Worst that happens is that you have to get out the cutting discs to get back into the thing and get your passwords back if you have a case of total amnesia.
"The smallest kid can build a website and business better than the largest multinational"
It all depends on how you look at it. Personally, I've bought more from tiny places I would never have known existed, and got better prices, products and service, than ever before.
The problem, I feel, is that the need for middle MANAGEMENT in such places is no longer present - and that's a real worry for a lot of people who don't actually do anything productive for their companies.
This is the real question: How the hell do you know you're even looking up the right person at all? Why does their social / sexual / personal / family life have any bearing on how they conduct their professional life at all?
As such, I put more information about my life under my pseudonyms than I ever do under my full name on Facebook (which, generally, gets you a photo of me and nothing else, because I work in IT and know how to use the privacy controls).
Any employer that ever tells me they looked me up on social networks is going to have a very hard time of it. I consider it an utter breach of privacy and trust. Employ me on what you know of my professional life. Don't judge me by what rumours you hear of my personal life.
It's easy to win on predictions - just make sure your predictions are obvious. Throw in a "robot controlled car" or two to make people think and so you don't get 100% and you're golden. Hence
- People will continue to be stupid. - There will be wars still. - Computers will become cheaper, more powerful, more "invisible" and thus more ubiquitous. - We'll send more stuff out of the atmosphere, and it won't just be the US doing so. - We'll make advances in personal medicine in (pick any particular area here, say, genetics, or mental health). - etc. etc. etc.
Read Asimov's predictions: the more specific you are, the less accurate you will be. Multi-flavoured algae is a sci-fi staple, one up from a magic meal-pill. Automated cars? We could have had them back in the 40's, it depends on your definition of automated (hint: When was the first autopilot invented? - go looking for the answer on the BBC TV show "QI"). Video phones? People have been predicting them since before TV existed. World population? Just extrapolate the curve and you won't go far wrong. The rest is all stuff that could easily have happened, we just didn't happen to go in those directions.
The problem with predicting the future isn't in being right. It's in being USEFUL in being right. None of the above predictions are helpful to anyone, even if you could GUARANTEE they would be correct. Which, even Asimov, who had a pretty good grasp of what the future could be, couldn't be better than about 20%.
And yet there aren't that many games (only a few of the very, very, very recent ones) or apps that demand that amount of RAM.
Seriously, go look through your task manager when you're running them. And even if they use >4Gb there, doesn't mean they would use >4Gb on a 4Gb machine (most of it is probably just caches of decoded data).
The whole 64-bit thing isn't much of an issue at the moment. Hell I manage school networks and a private school had a 10Gb database running EVERYTHING from attendance to reporting to all the finance (including salary runs and tax returns) etc. all running on a 32-bit machine with a 32-bit client.
Just because you can use more than 4Gb doesn't mean that you ever were for 99% of things that you do.
What do you class as adult content? Who decides? Where would an act of fellatio fall in this criteria? Would that be blocked? What about anal sex? What about playing with a vibrator? So all adult content is blocked? What about pregnancy advice? What about information on alcohol consumption? What about contraception? What about advice on which genital piercing to get? So not all adult content, then? So which content to I know that I'm opening up or not? How can I decide? Where's the list?
Cue twenty minutes of questioning, without even bordering on my side of it being considered an obscene communication with Linda, and I could make it just as awkward for Linda, and also waste an AWFUL lot of time, and even get Linda questioning herself as to why she has to ask consenting adults about this. And come to the only logical conclusion: Turn it off, because I can't tell what you have filtered for me in any way, shape or form, so it's too inconvenient to deal with "Is it a problem with my network, or my ISP, or with their filter? (whose filter?!)". Turn it off now, let's save the hassle in the future.
But, fortunately, being a customer of a major UK ISP, I haven't yet been asked. Not even once.
I was asked something similar by a mobile phone provider recently, and about 10 years ago (when GPRS was the norm), but it wasn't in person. It was an automated "I agree" box on a website / portal page. I predict that's how 99% of ISP's that are forced to do this will do it, even if there's a phone call to remind you to do it or you have to phone support to find out that the reason you see a blocked page is because you haven't done this.
To be honest, I'm not that bothered about it. I will bypass any filter that throws up even a single false positive. Sorry, I spend my working life trying to get kids away from the unfiltered net, and there is no way that even in just ordinary usage of my Internet I won't run into this and - when I do - I will bypass it. You don't even have to assume that I would go looking for pornographic material, I guarantee you that it will get in my way at some point. As such, if anyone bothers to ask me (they won't, except in a hands-off way like the 3G operators do), they will be told to remove any and all filters.
Similarly for those ISP's that used to block port 139 for me. I think it's a good idea to block it by default. But I didn't ask you to do that, and I'm clever enough to know what it is and what it does, and do better myself. So take it off, so that a single nmap packet going out on port 139 to my own private server elsewhere on the net (to test that I'm NOT doing anything stupid myself) doesn't trigger 30 minutes of web interception telling me that I have a) a Windows machine, b) exposed to the Internet without anything firewalling it at all, c) that must be infected and d) I must have some stupid option turned on that I don't even have available to me.
Honestly, there's just too much of a pain in the arse in even considering letting you putting it on by default. I will ring my ISP and have them remove it the second I see such a thing. The fact that I can get round it in a matter of *seconds* just with the tools and systems I already have available and already am using is neither here nor there.
And, you know what, I reckon those homes who think the same will do the same. And those homes who are already reliant / believing in the government to filter everything because they are too stupid to parent themselves - they'll leave it turned on.
If anything, the database behind this will see a correlation of IQ / parental responsibility with those who turn it OFF than those who leave it on.
Worse than that - they are wasting that money on a possible task that will actually have little overall impact on security whatsoever.
Post-quantum cryptography has existed for the last 30 years, at least. And to get to the point where it's an issue, what you need is an entity to push towards quantum decryption that you DON'T want to have it (i.e. the NSA, for example).
Then all that happens is we adopt those other schemes faster, spot the holes faster, compensate for them faster, and by the time the NSA can buy a quantum machine of size enough to defeat today's encryption in a reasonable time, we'll have an established standard far beyond it's capabilities and tested for (potentially) decades.
All the NSA has done is forced the entire world to up its game. Compare and contrast to, say, GCHQ who formulated public-key-encryption several years before anyone else had done it, and KEPT IT QUIET (like spy-based agencies are supposed to). They enjoyed years of secure comms, and years of advantage decrypting other secure comms when someone else eventually discovered the exact same mathematics and got famous on it (Diffie and Helman).
Sadly, the modern GCHQ is but a shadow of its former self.
Yeah - so much easier than just right-clicking on the taskbar on the app you want to kill and selecting "Close".
Took myself and my boss ten minutes (we deliberately REFUSED to Google it, to simulate our users) to work out how to close a Metro app properly on a touchscreen (slide from top to bottom or whatever it is).
We honestly tried everything, gave up, Googled it, then turned off Metro as much as humanly possible before deploying it.
Plus, the total is likely to be biased towards certain age groups, uses (home / gaming use, rather than business), and specifications of PC (i.e. that needed to run Steam).
Like any statistic, it's an indicator that has to be interpreted.
Disabled on every machine I own, every machine I've deployed, every machine that I've been given the permission to manage.
Not because I think someone might be able to sniff them and then use them against my workplaces / PC's. Purely because they are WORTHLESS.
Reporting them, you see nothing back. All those people who get error reports upon upgrading to a duff hotfix, it takes someone to whinge to Microsoft to get it fixed. Millions of crash reports aren't acted up, from what I see. I doubt anyone reads them.
When offered to software developers, etc., I'm always told that it's easier to just get me to run a debug version rather than piss about with any built-in error reporting / dumping possible from the Microsoft tools. It gives them more information, they can debug it live, and I don't have to worry about information going back and forth.
Pretty much every time I've had one, it's been ignored, by Microsoft, developers, or myself. I learned a long time ago that debugging from any default dump or crash report - even for huge multinational companies that are trying to help solve your problem - is worthless. It's just not worth the effort.
Hence I've disabled them since day one. Not only do they not do anything useful, they don't tell me anything useful, they want to connect to the Internet (which can trigger my software firewall for a completely different process to those authorised applications I already allow through, assuming the machine is even online), and they actually make the error messages HARDER to read for my users. I disabled it entirely. "There was an error" and a hard crash is infinitely better than my users trying to debug a crashed application themselves or sending off dumps because the button says to do it, and still getting a hard crash. Hell, if the crash was because the network cable fell out (which apps will if they are based on a network share sometimes), the submission process triggers a DNS lookup which hangs the PC for 30+ seconds sometimes.
Slashdot Mirror
They aren't.
They are seized goods.
Same way they'd sell your car if that's what you had illicitly gained and they'd seized it - and they'd sell it for US$.
This is just conversion of a seized good to monetary value (and probably at way below current rates, if "police auctions" etc. are any measure of how they'll go about it).
Real life more complicated that contrived mathematical / logical model.
I'm dubious about the distance but remember that they are TARGETTING their devices.
As such, they could be on a roof 12km away with a whole array of receivers pointed to within inches of the radio source, and so 12km isn't as insane as it sounds. But it doesn't mean they have a commercially viable tech that others don't.
Pringles tins on wireless dongles - the range can be immense, and if you are good at antenna design, it can get insane. If you know to within-an-inch where you're supposed to be pointing at and/or can trigger it to do a one-off high-powered transmit to download information (by a similar one-off high-powered transmit from a distance), then it's not all that impossible.
But you're not going to see another 802.11 wireless revision out of their work. It's a whole different ball game.
I agree - however, there is the question of "who did they use them on?" and also that they were basically DESIGNED not to be detected.
Most people who they targeted probably were arrested or they never even thought they were a target. In that case they can recover their hardware.
The number of devices compromised is likely to be very small as a percentage of the devices out there. Almost certainly neither you or I have one of these devices in our kit. If we did have, how often have you popped open every keyboard/mouse/usb stick you own to make sure there's not something else in there that wasn't supposed to be?
And if they are in collusion with even a single manufacturer to produce a compromised device, then you may never know about the devices hidden functions until you do a chip-analysis of everything inside the device (probably involving decapping and analysing the whole thing which can take years and decades of expertise).
As such, it's unlikely you will ever see one, even with everyone on the Internet looking. That's also what I would expect if they were doing their job properly (or else these things would be discovered quickly and be useless to them).
Much more importantly - if this is true, and we even if we start to use only trusted hardware, this is just more reason to have more "open" machines.
Who knows what's inside a chip on your particular computer, even if it looks very similar to a mass-market item, if they could have got their hands on it and/or been the ones supplying it to you?
Why is this specific to open-source?
Most of the software I use is freeware, actually, or not open-source. The fact is that I help those projects whenever I am able because I feel a "debt" to them that does not always have a direct monetary value (but I have donated to, and bought from, such projects because I want to support them).
The rule is simple: Help me, and I'll help you. It doesn't matter about being open-source - as such - if your software/service is useful and free, I will help you out. I will refer users to it (which could generate you ad revenue). I will send in helpful suggestions. I will even take off some of your support burden by helping your own users in your own forums (or even settings up my own for them!).
And it doesn't matter about your source code - nice as that is. I've even done this for major commercial companies selling educational software, for instance.
Help me, I'll help you.
Stiff me, and I'll only use you if I absolutely have to.
It was nMap if I remember rightly, finding an open port, and then applying a rootkit to it. But it was something like 10 years old at the time of filming. Because of the "we don't know what year it is", you can sort-of get away with it, but how hard would it have been to just change the numbers, tweak the name, etc. to have it do the same thing, convincingly.
Oh, and display it on a fecking WIMP-based system rather than a text console and it would look infinitely better, more modern and also not be quite so stupid (hell, put it in an SSH window, ffs).
Well, yes, but the point is that there's no need to do this.
If you're making a film about cars, get someone who knows about cars to help produce/edit it, at least for glaring inaccuracies. If you're making a film about guns, the same. If you're making a film about computers, the same.
To be honest, even the "555" phone number is enough to jolt me out of a movie I'm into - you instantly are reminded that it's fake things you are watching (which is not what a film director should be doing to their captivated audience).
I've always had this annoyance, too. I have it about computer movies, mathematics and science. A geneticist I live with has it about science and genetics in general (do not let her watch Gattaca or Jurassic Park!). My ex and her father (both black belts) have it about anything martial-arty. My dad (a mechanic) has it about cars and mechanics.
I just don't see how hard it is to get someone who vaguely knows what they are doing to actually step back and say "hold on, that wouldn't happen". I don't expect perfection but at least if you're qualified enough to teach, say, a film star kung fu over a year of filming, have the decency to make sure that the moves you teach are realistic and there's no "queue of baddies waiting to be beaten up, because they're too stupid to attack simulatenously" elements. Same for computer graphics - SOMEONE with computer knowledge had to make them and display them, just ask them what it would look like if they REALLY did what the actors are being asked to do.
Same for cars, guns, planes, stunts, etc. You have an expert on the movie, ask them if it's at all realistic and, if not, change it. Artistic licence is fine so long as you KNOW that's why you're doing it but too often directors go OUT OF THEIR WAY to make things "pretty" when actually the real thing would be a lot more realistic, useful, interesting, less jarring, etc. (e.g. who the hell uses text-based displays nowadays, and why do you need to "fake" loading screens or password decryptions or whatever - everyone KNOWS what a computer looks like and how display windows work).
You don't get this in theatre, except by accident. You don't get it in novels, because the amount of detail required means you can hide all the potential pitfalls behind the line "He logged on..." or similar.
You only get it in Hollywood, and you must only get it through directors who think they know what LOOKS better. While a certain percentage of the audience can't stop laughing at the ridiculous methods used, or just screen "NO! That's NOT how it works" at the screen.
I don't get why annoying your audience is a good thing, at the expense of listening to the people you hired to be experts anyway.
Agreed.
A person requires two separate lives. Work life is but one and no matter how passionate about the subject I might be, it is primarily to earn money. You ensure you earn money and continue to do so in the future by doing a good, professional job of things, don't get me wrong. And you might well be passionate about your work. But it should not take over your life.
Fact is, if you told the average person that they'd never have to go to work again, they would NOT do the things that they do as part of their working life. You are not going to see these people walking into their work at an insurance brokers and trying to arrange policies. You might, just might, find a scientist or maybe a passionate person offer their services after such an event but, in general, across the various workforces those people don't have to worry about their identity or robots coming in to do their jobs for them.
There's a couple of countries that don't understand work-life separation and they are usually the ones where you can convince people with the "cheerlead" method of inspiration ("Woohoo! Let's go do this!") and not much else. But I'm not convinced that, even under the facade, this is a healthy option, or that over-dedication is rewarded.
My previous boss basically worked himself into hospital, such was his dedication to the workplace, but it was never adequately recognised and he calmed himself down and moved on.
Every employer I go to seems to want me, at some point, to prove I have a life outside work. Literally, they have application forms that ask about my non-work-related interests and specifically say things about it not drawing on your working skillset. They don't want mindless drones with a single interest. They want humans who are happy and have a life. And I work in IT!
I don't want to work with, nor do I want to be, a corporate drone. I work as a payment to do the things I enjoy doing. Fortunately, I enjoy the majority of my work too. But even among my friends and family, my work life is a separate, mysterious thing that they don't see (unless they come work with me, like my brother did just recently).
Work is not part of my identity - it's another identity that I assume in order to live my life comfortably. If it were not necessary, that persona would not exist. And if I ever find my work identity being all I have in life, I think I'd have to seriously consider what I'm doing with it.
Yep, pretty much what I crafted. Their problem was that their ()'s lacked the power to express that it had to have something-dot, or nothing at all (specifically the "nothing at all" part, so foo.com wasn't caught by a regexp for *.foo.com
Regexp's are a programming language unto themselves.
I'm currently doing some temp IT work for schools while my promised job becomes available and it's eye-opening. The web-filtering is all reg-exp based but nobody understands how it works.
They just copy/paste an example and change the parts of the URL that they can see to match the one they want. They barely bother to test the impact, past the site they need becoming "unfiltered" or "filtered" as necessary (i.e. no implication of knock-on effects on other sites with similar names). Let's not even mention the use of "." without the escape character for them to mean a literal period (but, obviously, it means "any character" in a regexp).
I talked to them about changing their template regexp because, from the start, I could see that it wasn't really up to the job and just met if not opposition then at least apathy about the problem.
Until someone brought an iPad into the helpdesk where a site that was supposed to be unfiltered was filtered - because nobody had considered what happens if you use "http://example.com" instead of "http://www.example.com". I was the one to spot it, and tell them that it's because their regexp was very basic.
The good thing was, the other tech on the team was young and keen to learn and I was able to give them a quick rundown of regexps and we crafted an alternative template for them to use that would take account of the situation without, for instance, the blocking of "microsoft.com" affecting "antimicrosoft.com".
But it is amazing how many people I know that work in IT have no idea how to program, no idea how to handle regexps, and just work on a "copy a working example" basis.
I remember the days of QAOP-Space.
But I've never seen nor played a game with ESDF default (and especially not Quake 2 as another poster suggests.
WASD just makes more sense in terms of hands - it's extreme left to be in the most shoulder-comfortable position when your other hand is on a right-handed mouse, but without hitting stupid / odd keys like Caps Lock etc.
You allocate 100 bytes on the stack for a string.
The file you are reading a string from contains a string with more than 100 bytes of text before it's closing "NULL" (\0) character. The program reads in the 100 bytes and then, because the programmer didn't tell it to check or to stop (in this instance), it keeps going.
This puts whatever is in the file into whatever is NEXT TO the place you were storing the string. Often this is harmless data that happens to be near the string but, because of the nature of C and just programming in general, if you don't have appropriate protections, it COULD write over "the stack" (which happens to contains the memory addresses of where the code has to go next). As such, with lots of clever manipulation, an absence of checks and an absence of various security technologies, loading anything even as harmless as a text file, or font, or anything in a packet from the net could result in abitrary code execution as the user.
In this case, the user is root.
In this case, the overflow occurs but it's not yet been demonstrated that you can do anything dangerous with it (i.e. execute code).
In this case, protections like DEP and stack-checking actually block the attack and just make the program crash.
In ALL cases, if the programmer is awake and just checks ALL input that could come from an untrusted source, the question is moot.
Until I personally can buy it, for money, today, with the option of next day delivery, it doesn't exist.
Pre-orders, etc. do not count under this definition, you'll notice.
Saved me from a lot of junk that never actually arrived (everything from battery technologies, the "never-ending-development" games, to all kinds of fancy hardware and consoles).
Literally, ignore it until you can click "Buy It Now" somewhere.
Write them down. In a notebook. Label what they are the password for.
Store book in safe place and update once a year.
That's how I do it for my employers (large fireproof safe, book sealed so you can't open it without me noticing, etc.) and for myself.
If you get to my safe, get into my safe, get into the book, then it's also game over for every PC in the house anyway, not to mention my Facebook password will be the least of my worries (banking token generators, etc.).
Seriously people, stop repeating the advice to "never write down passwords". Write them all down in one huge book and PUT IT SOMEWHERE VERY VERY VERY SAFE. Then if you die, if you're on holiday and someone needs to log in for whatever reason, if your other half is at home and desperately needs to do something important as you, then you can talk them through getting access or they will know.
If you don't trust them? Lock it in a cheap safe of your own. Worst that happens is that you have to get out the cutting discs to get back into the thing and get your passwords back if you have a case of total amnesia.
"The smallest kid can build a website and business better than the largest multinational"
It all depends on how you look at it. Personally, I've bought more from tiny places I would never have known existed, and got better prices, products and service, than ever before.
The problem, I feel, is that the need for middle MANAGEMENT in such places is no longer present - and that's a real worry for a lot of people who don't actually do anything productive for their companies.
And the Kodak example is terrible.
Forgotten how to use Google?
http://www.zdnet.com/the-guessing-game-begins-over-skydrives-new-name-7000022744/
This is the real question: How the hell do you know you're even looking up the right person at all? Why does their social / sexual / personal / family life have any bearing on how they conduct their professional life at all?
As such, I put more information about my life under my pseudonyms than I ever do under my full name on Facebook (which, generally, gets you a photo of me and nothing else, because I work in IT and know how to use the privacy controls).
Any employer that ever tells me they looked me up on social networks is going to have a very hard time of it. I consider it an utter breach of privacy and trust. Employ me on what you know of my professional life. Don't judge me by what rumours you hear of my personal life.
It's easy to win on predictions - just make sure your predictions are obvious. Throw in a "robot controlled car" or two to make people think and so you don't get 100% and you're golden. Hence
- People will continue to be stupid.
- There will be wars still.
- Computers will become cheaper, more powerful, more "invisible" and thus more ubiquitous.
- We'll send more stuff out of the atmosphere, and it won't just be the US doing so.
- We'll make advances in personal medicine in (pick any particular area here, say, genetics, or mental health).
- etc. etc. etc.
Read Asimov's predictions: the more specific you are, the less accurate you will be. Multi-flavoured algae is a sci-fi staple, one up from a magic meal-pill. Automated cars? We could have had them back in the 40's, it depends on your definition of automated (hint: When was the first autopilot invented? - go looking for the answer on the BBC TV show "QI"). Video phones? People have been predicting them since before TV existed. World population? Just extrapolate the curve and you won't go far wrong. The rest is all stuff that could easily have happened, we just didn't happen to go in those directions.
The problem with predicting the future isn't in being right. It's in being USEFUL in being right. None of the above predictions are helpful to anyone, even if you could GUARANTEE they would be correct. Which, even Asimov, who had a pretty good grasp of what the future could be, couldn't be better than about 20%.
And yet there aren't that many games (only a few of the very, very, very recent ones) or apps that demand that amount of RAM.
Seriously, go look through your task manager when you're running them. And even if they use >4Gb there, doesn't mean they would use >4Gb on a 4Gb machine (most of it is probably just caches of decoded data).
The whole 64-bit thing isn't much of an issue at the moment. Hell I manage school networks and a private school had a 10Gb database running EVERYTHING from attendance to reporting to all the finance (including salary runs and tax returns) etc. all running on a 32-bit machine with a 32-bit client.
Just because you can use more than 4Gb doesn't mean that you ever were for 99% of things that you do.
Hi Linda,
What do you class as adult content? Who decides? Where would an act of fellatio fall in this criteria? Would that be blocked? What about anal sex? What about playing with a vibrator? So all adult content is blocked? What about pregnancy advice? What about information on alcohol consumption? What about contraception? What about advice on which genital piercing to get? So not all adult content, then? So which content to I know that I'm opening up or not? How can I decide? Where's the list?
Cue twenty minutes of questioning, without even bordering on my side of it being considered an obscene communication with Linda, and I could make it just as awkward for Linda, and also waste an AWFUL lot of time, and even get Linda questioning herself as to why she has to ask consenting adults about this. And come to the only logical conclusion: Turn it off, because I can't tell what you have filtered for me in any way, shape or form, so it's too inconvenient to deal with "Is it a problem with my network, or my ISP, or with their filter? (whose filter?!)". Turn it off now, let's save the hassle in the future.
But, fortunately, being a customer of a major UK ISP, I haven't yet been asked. Not even once.
I was asked something similar by a mobile phone provider recently, and about 10 years ago (when GPRS was the norm), but it wasn't in person. It was an automated "I agree" box on a website / portal page. I predict that's how 99% of ISP's that are forced to do this will do it, even if there's a phone call to remind you to do it or you have to phone support to find out that the reason you see a blocked page is because you haven't done this.
To be honest, I'm not that bothered about it. I will bypass any filter that throws up even a single false positive. Sorry, I spend my working life trying to get kids away from the unfiltered net, and there is no way that even in just ordinary usage of my Internet I won't run into this and - when I do - I will bypass it. You don't even have to assume that I would go looking for pornographic material, I guarantee you that it will get in my way at some point. As such, if anyone bothers to ask me (they won't, except in a hands-off way like the 3G operators do), they will be told to remove any and all filters.
Similarly for those ISP's that used to block port 139 for me. I think it's a good idea to block it by default. But I didn't ask you to do that, and I'm clever enough to know what it is and what it does, and do better myself. So take it off, so that a single nmap packet going out on port 139 to my own private server elsewhere on the net (to test that I'm NOT doing anything stupid myself) doesn't trigger 30 minutes of web interception telling me that I have a) a Windows machine, b) exposed to the Internet without anything firewalling it at all, c) that must be infected and d) I must have some stupid option turned on that I don't even have available to me.
Honestly, there's just too much of a pain in the arse in even considering letting you putting it on by default. I will ring my ISP and have them remove it the second I see such a thing. The fact that I can get round it in a matter of *seconds* just with the tools and systems I already have available and already am using is neither here nor there.
And, you know what, I reckon those homes who think the same will do the same. And those homes who are already reliant / believing in the government to filter everything because they are too stupid to parent themselves - they'll leave it turned on.
If anything, the database behind this will see a correlation of IQ / parental responsibility with those who turn it OFF than those who leave it on.
Worse than that - they are wasting that money on a possible task that will actually have little overall impact on security whatsoever.
Post-quantum cryptography has existed for the last 30 years, at least. And to get to the point where it's an issue, what you need is an entity to push towards quantum decryption that you DON'T want to have it (i.e. the NSA, for example).
Then all that happens is we adopt those other schemes faster, spot the holes faster, compensate for them faster, and by the time the NSA can buy a quantum machine of size enough to defeat today's encryption in a reasonable time, we'll have an established standard far beyond it's capabilities and tested for (potentially) decades.
All the NSA has done is forced the entire world to up its game. Compare and contrast to, say, GCHQ who formulated public-key-encryption several years before anyone else had done it, and KEPT IT QUIET (like spy-based agencies are supposed to). They enjoyed years of secure comms, and years of advantage decrypting other secure comms when someone else eventually discovered the exact same mathematics and got famous on it (Diffie and Helman).
Sadly, the modern GCHQ is but a shadow of its former self.
Personally, because I've never used an iOS device.
Yeah - so much easier than just right-clicking on the taskbar on the app you want to kill and selecting "Close".
Took myself and my boss ten minutes (we deliberately REFUSED to Google it, to simulate our users) to work out how to close a Metro app properly on a touchscreen (slide from top to bottom or whatever it is).
We honestly tried everything, gave up, Googled it, then turned off Metro as much as humanly possible before deploying it.
Plus, the total is likely to be biased towards certain age groups, uses (home / gaming use, rather than business), and specifications of PC (i.e. that needed to run Steam).
Like any statistic, it's an indicator that has to be interpreted.
Disabled on every machine I own, every machine I've deployed, every machine that I've been given the permission to manage.
Not because I think someone might be able to sniff them and then use them against my workplaces / PC's. Purely because they are WORTHLESS.
Reporting them, you see nothing back. All those people who get error reports upon upgrading to a duff hotfix, it takes someone to whinge to Microsoft to get it fixed. Millions of crash reports aren't acted up, from what I see. I doubt anyone reads them.
When offered to software developers, etc., I'm always told that it's easier to just get me to run a debug version rather than piss about with any built-in error reporting / dumping possible from the Microsoft tools. It gives them more information, they can debug it live, and I don't have to worry about information going back and forth.
Pretty much every time I've had one, it's been ignored, by Microsoft, developers, or myself. I learned a long time ago that debugging from any default dump or crash report - even for huge multinational companies that are trying to help solve your problem - is worthless. It's just not worth the effort.
Hence I've disabled them since day one. Not only do they not do anything useful, they don't tell me anything useful, they want to connect to the Internet (which can trigger my software firewall for a completely different process to those authorised applications I already allow through, assuming the machine is even online), and they actually make the error messages HARDER to read for my users. I disabled it entirely. "There was an error" and a hard crash is infinitely better than my users trying to debug a crashed application themselves or sending off dumps because the button says to do it, and still getting a hard crash. Hell, if the crash was because the network cable fell out (which apps will if they are based on a network share sometimes), the submission process triggers a DNS lookup which hangs the PC for 30+ seconds sometimes.
Worthless. Disabled.