Agreed, as a DC attendee I'd give it a miss, and if there wasn't anything on that was more interesting in the slot use it to fulfill some of the 3-2-1 rule of attending Defcon. The talk is an interesting read, and there are other confs I've attended where it would be a fit, but DC isn't it.
I think the review committee made the right call on this one.
If you're going to volunteer, go find an non profit that speaks to you and volunteer there. At least if you don't get a job lead out of it you'll feel good about the work you did instead of bitter over doing free labour for a company that didn't give you a job in the end.
In my personal case, I did volunteer work for an non-profit ISP just starting up way up north. 6 months later, I was being paid for the same work, and jump started my professional career.
There are options for lots of types of geeks, from the "we recycle used computers for disadvantaged people" to the "We send you to an impoverished country to bootstrap their technology base" ones.
I believe the ICRC is always looking for skilled technical people who can think outside the box too.
I enjoyed my time doing non profit work immensely and it still comes up 15 yrs later in job interviews, as some of my best war stories come from those jobs. There's something about the combination of the startup shoestring budget and the feeling that you're actually improving the world that comes together and energizes me. Your mileage may of course very.
Actually, unless I'm missing something in TFS, this isn't about rotating your certificate (although that's a good plan if you were vulnerable to Heartbleed, but do your own risk assessment there).
Heartbleed was a vulnerability against openssl, mitigate that and you won't be vulnerable to Heartbleed. You may want to swap out your SSL certs too in case someone grabbed them while you' were vulnerable, but certainly not wanting to pay for the cert rotation shouldn't stop you from updating openssl.
Understood, and agreed in so far as everything you wrote is concerned. My (unwritten) assertion, which is probably obvious to someone who understands that the research is about statistical medians, is that it would be dangerous to extrapolate from the study's conclusions that it would be appropriate to mandate a particular note taking style (e.g. "No laptops") because you would likely be doing a disservice to a portion of your student population who is not the 'average' student.
In point of fact I scored a 4.0 in English class, and technical writing. After that I spent 20 years in the school of working for a living. The first two taught me correct diction, grammar, and proofreading skills. The latter taught me that there was a time and place for perfection, and a time and place for writing quickly with enough accuracy to get a point across. No one pays me to write Slashdot comments, so it falls into the second category.
Yep, but I'm dysgraphic, so anything involving my fine motor system is a cognitive, rather then an associative task, as it probably is for you. E.g. writing requires cognitive processing for me as opposed to happening as an 'automatic' background task as it likely does for you.
Thus my point about the danger of making sweeping statements for 'students'. We all learn differently, so making decisions based on this sort of study is treacherous ground.
You know what worked better for me then longhand notes? No notes. Listening to the teacher instead of writing worked best for me. Turns out I recalled things better when I spent my attention listening to the teacher rather then trying to write legible notes so I could read then later.
Just goes to show that people learn differently and making blanket statements for all people gets you into trouble:)
The courses I was referring to were not the "History of Philosophy" classes. Rather, the formal logic (think Boolean logic) and argument, rhetoric and reason classes.
Teaching you to think and communicate, rather then teaching you what other people have thought before.
Having taken some comp sci and worked in IT for 20 years, I can state with some basis for argument, that comp sci has very little to do with IT. Probably about the most useful portion of the comp sci coursework to me now is computational efficiency (choose the o(n) solution not the o(n!) one).
But the poster who said psych and phil wasn't far wrong. I'd add technical writing in there as a class I don't regret taking. Philosophy to come up with the right argument and psychology to make it stick, then technical writing to put it on paper in a way that's understandable to my audience.
I have yet to solve a differential equation at work tho, (unless I'm playing with Kerbal Space Program on the side!)
I view kickstarter more as the patron system of artistic sponsorship from the middle ages. A wealth patron commissions a piece of art because they believe in the artists's artistic vision and want to see that vision brought to fruition. So they back the artist with their money.
Sometimes the patron's eye is good, and you get good art. Most of the time, not so much.
So I think the venture capitalism model, to your point isn't the correct one, and certainly isn't what I'm thinking when I donate on kickstarter. I hope that my money helps an artist's vision come to fruition, and I'll benefit from having that art available to (use/play/enjoy).
If it doesn't work out, like the patron of olde, I'm not spending money I can't afford to spend, and it'll make its way back into the economy, which will make the world go round. And there'll be fewer starved artists on the curb:).
Just to point out, the fact that a large number of people believe something does not necessarily impact the morality of it. At one point a large majority of people (at least non-African people) felt that the slave trade was right too. That does not make them any less wrong in the eyes of history. Being a part of a majority does not by definition make you right. Morality is moved forward by outliers, people with views outside the social norm, by definition. Eventually society moves towards the new moral norm and the majority now believes the position formerly occupied by outliers, and the cycle resets.
So you can't logically argue that since even the entire state of California believes something to be true that someone stating that they are morally offside is wrong, as history is replete with counter examples.
Recall that you're innocent until proven guilty (to various standards of proof) in a court of law, so ties go to the defendant.
So rather then the defendant proving that the statement is true, the plaintiff's task is proving that the statement is false. A much larger hill to climb.
Unless US law is different then I'm aware of (and a quick bit of research suggests it is not) defamation (liable or slander) lawsuits require saying/writing something that is false. Here's the OKCupid statement:
"Hello there, Mozilla Firefox user. Pardon this interruption of your OkCupid experience.
Mozilla's new CEO, Brendan Eich, is an opponent of equal rights for gay couples. We would therefore prefer that our users not use Mozilla software to access OkCupid.
Politics is normally not the business of a website, and we all know there's a lot more wrong with the world than misguided CEOs. So you might wonder why we're asserting ourselves today. This is why: we've devoted the last ten years to bringing peopleâ"all peopleâ"together. If individuals like Mr. Eich had their way, then roughly 8% of the relationships we've worked so hard to bring about would be illegal. Equality for gay relationships is personally important to many of us here at OkCupid. But it's professionally important to the entire company. OkCupid is for creating love. Those who seek to deny love and instead enforce misery, shame, and frustration are our enemies, and we wish them nothing but failure.
If you want to keep using Firefox, the link at the bottom will take you through to the site.
However, we urge you to consider different software for accessing OkCupid:"
It seems to me that the statement consists of statements that in for far as the public record is concerned, are true. E.g. "Brendan Eich, is an opponent of equal rights for gay couples.", which is supported by the contribution that started this all; the rest of it appears to be statements that either relate to feelings of OK Cupid, or clearly deliminated opinions. IANAL, but I do spend a lot of time talking to them professionally, and I think it would actually be a very weak case for liable (which is what this would be, slander refers to the spoken word, liable to the written one).
You are welcome to opinions on how OKCupid handled this, but I think the argument that it's legally actionable is probably incorrect.
In brief, in order to be defamatory, a statement must be:
1) Public (e.g. someone had to have heard it other then the two parties) 2) False 3) Not an opinion 4) Damaging (there's a couple of other items that have no baring in this case)
I think anyone reasonable could agree on 1 and 4, but 2 & 3 have larger hurdles.
Yep, that's basically what I've been doing - tracking kcals in, use a polar HR strap and software to calc burn rate.
The numbers are pretty clear. I lose weight through diet. Not having a large McDonalds shake (880kcal) is worth more then 2 days at the gym (~800kcal). So I decide that the chocolate shake is not worth 2 days worth of gym work. Which points out the value of gym work. It lets me place a value on those calories, which resonate emotionally ('two days at the gym?!? no fscking way is that shake that tasty!")
Remember here we're discussing a private space, not a public one. While I fully endorse anyone's right to express themselves (inside the rule of law, which is arguable in some of these cases, but we'll set them aside for the sake of argument) that right only extends to the public space, not a private one, be it physical or virtual.
I challenge anyone to go into Disney World, and start shouting the same sort of vitriol that takes place in the public channels of $insert_game_here and see how long it takes until you're politely, but firmly told that you are not welcome in their private space, and that you will be denied entrance in the future. Why should game companies handle unruly patrons in any different manner. All their TOSs expressly forbid many of these activities from occurring, but for years game companies have turned a blind eye with the attitude that if it bothers you, you should be the one to mute the offender.
Can anyone imagine Disney suggesting you ignore the crazy guy shouting racist slurs on the corner of main st?
It's frankly about time we as a community grew out of our collective teenagehood and developed some maturity.
Security dept: (n) A deptartment in a company that if it doesn't exist will cause the development department to be directly blamed for anything that goes wrong. See also: (n) scapegoat.
Seriously, my IT dept calls us "the latex department" because if we're involved they're protected. Otherwise they get the blame.
I agree there are companies out there like that. I'll say though, if a developer comes to me with security issue, it'll get addressed in my company. We (the security dept) has a seat at the decision making table when we select which tickets get worked on, and the power to red ticket a release until a security bug gets addressed.
That being said, one could argue that the reason we have that authority links back to the full disclosure movement and the impact of incidents like the Targets and the TJ Maxx ("What do you mean it couldn't happen here? Don't you think Target said the same thing a week before it happened there?").
If you don't have a security dept that will back you on these things, then someone hired the wrong ppl for the security dept.
Yes, because an entry level TSA employee would know about the secret data collection centers. That'd be like saying that the NSA would allow a low level sysadmin access to top secret plans to spy on Americans... er, carry on!
OK, I'm going to rant a bit here, and it's not specifically directed at the parent comment.
Hashs are NOT a form of magic pixie dust you spread on information to make them magiclly private.
Consider: You enter your SSN, the app hashes it and then sends it to me to compare against a hashed list of SSNs from some other source. I never get your unhashed SSN.
Are you safe?
No. There is NOTHING preventing me from hashing every possible SSN and comparing them. the total number of possible SSNs (ignoring for the moment that I can narrow the attack space significantly by ruling out SSNs that have not been issued yet) is not computationally prohibitive to search, even salted.
OK, now bringing us back to the case in point.
Does hashing the DNS address provide you any useful privacy preservation benefit?
Well Valve has already said that they have a list of DNS addresses they're searching for. Ergo, they have hashed that list ot compare against your DNS. How hard would it be to hash the $(sites viewed as evil by your cultural/legal framework) and compare it to your hashed DNS list. Trivial.
We all manipulate, we ask people to please pass the salt instead of saying pass the &#(@#ing salt you *#(*$@$(*@$ing $*@$"
Me thinks that if you're going to need help with an electric bill in the future, it might help to occasionally engage in a bit of manipulation on the please pass the salt level.
Paying for something is not an implicit guarantee of quality. In point of fact we use Wickr at home for casual level messaging. Why? The guys behind it are known in the infosec community and therefore have a reputational stake in not doing dumb things. Additionally it has survived an audit by forensics professionals where snapchat failed:
Just dropping in to add a few facts to the rhetoric:
Point Blank, by Gary Kleck, pg 165, citing a study by Wilson and Sherman, 1961:
âoeAt least one medical study compared very similar sets of wounds (âall were penetrating wounds of the abdomenâ(TM)), and found that the mortality rate in pistol wounds was 16.8%, while the rate was 14.3% for ice pick wounds and 13.3% for butcher knife wounds."
So a single GSW to center of mass is carries a 16.8% mortality rate.
From Wikipedia:
"In 2005, 75% of the 10,100 homicides committed using firearms in the United States were committed using handguns, compared to 4% with rifles, 5% with shotguns, and the rest with unspecified firearms.[48] The likelihood that a death will result is significantly increased when either the victim or the attacker has a firearm.[49] For example, the mortality rate for gunshot wounds to the heart is 84%, compared to 30% for people who sustain stab wounds to the heart.[50]"
Arguably when a state entity espouses such a principle in their founding documents, they would have an ethical obligation to not undermine those principles through use of state organs.
I agree that the text says they will make no law abridging the right, however, I would expect an implied corollary to be "Since we believe that this right is so important we won't engage in actions which would have a chilling effect on it."
Slashdot Mirror
Agreed, as a DC attendee I'd give it a miss, and if there wasn't anything on that was more interesting in the slot use it to fulfill some of the 3-2-1 rule of attending Defcon. The talk is an interesting read, and there are other confs I've attended where it would be a fit, but DC isn't it.
I think the review committee made the right call on this one.
Min
You kidding? They'd be terrible at tech support! They think the internet is made of tubes forchrissake!
Min
If you're going to volunteer, go find an non profit that speaks to you and volunteer there. At least if you don't get a job lead out of it you'll feel good about the work you did instead of bitter over doing free labour for a company that didn't give you a job in the end.
In my personal case, I did volunteer work for an non-profit ISP just starting up way up north. 6 months later, I was being paid for the same work, and jump started my professional career.
There are options for lots of types of geeks, from the "we recycle used computers for disadvantaged people" to the "We send you to an impoverished country to bootstrap their technology base" ones.
I believe the ICRC is always looking for skilled technical people who can think outside the box too.
I enjoyed my time doing non profit work immensely and it still comes up 15 yrs later in job interviews, as some of my best war stories come from those jobs. There's something about the combination of the startup shoestring budget and the feeling that you're actually improving the world that comes together and energizes me. Your mileage may of course very.
Min
Min
Actually, unless I'm missing something in TFS, this isn't about rotating your certificate (although that's a good plan if you were vulnerable to Heartbleed, but do your own risk assessment there).
Heartbleed was a vulnerability against openssl, mitigate that and you won't be vulnerable to Heartbleed. You may want to swap out your SSL certs too in case someone grabbed them while you' were vulnerable, but certainly not wanting to pay for the cert rotation shouldn't stop you from updating openssl.
Min
Understood, and agreed in so far as everything you wrote is concerned. My (unwritten) assertion, which is probably obvious to someone who understands that the research is about statistical medians, is that it would be dangerous to extrapolate from the study's conclusions that it would be appropriate to mandate a particular note taking style (e.g. "No laptops") because you would likely be doing a disservice to a portion of your student population who is not the 'average' student.
Min
In point of fact I scored a 4.0 in English class, and technical writing. After that I spent 20 years in the school of working for a living. The first two taught me correct diction, grammar, and proofreading skills. The latter taught me that there was a time and place for perfection, and a time and place for writing quickly with enough accuracy to get a point across. No one pays me to write Slashdot comments, so it falls into the second category.
Min
Yep, but I'm dysgraphic, so anything involving my fine motor system is a cognitive, rather then an associative task, as it probably is for you. E.g. writing requires cognitive processing for me as opposed to happening as an 'automatic' background task as it likely does for you.
Thus my point about the danger of making sweeping statements for 'students'. We all learn differently, so making decisions based on this sort of study is treacherous ground.
Min
You know what worked better for me then longhand notes? No notes. Listening to the teacher instead of writing worked best for me. Turns out I recalled things better when I spent my attention listening to the teacher rather then trying to write legible notes so I could read then later.
Just goes to show that people learn differently and making blanket statements for all people gets you into trouble :)
Min
The courses I was referring to were not the "History of Philosophy" classes. Rather, the formal logic (think Boolean logic) and argument, rhetoric and reason classes.
Teaching you to think and communicate, rather then teaching you what other people have thought before.
Min
Having taken some comp sci and worked in IT for 20 years, I can state with some basis for argument, that comp sci has very little to do with IT. Probably about the most useful portion of the comp sci coursework to me now is computational efficiency (choose the o(n) solution not the o(n!) one).
But the poster who said psych and phil wasn't far wrong. I'd add technical writing in there as a class I don't regret taking. Philosophy to come up with the right argument and psychology to make it stick, then technical writing to put it on paper in a way that's understandable to my audience.
I have yet to solve a differential equation at work tho, (unless I'm playing with Kerbal Space Program on the side!)
Min
I view kickstarter more as the patron system of artistic sponsorship from the middle ages. A wealth patron commissions a piece of art because they believe in the artists's artistic vision and want to see that vision brought to fruition. So they back the artist with their money.
Sometimes the patron's eye is good, and you get good art. Most of the time, not so much.
So I think the venture capitalism model, to your point isn't the correct one, and certainly isn't what I'm thinking when I donate on kickstarter. I hope that my money helps an artist's vision come to fruition, and I'll benefit from having that art available to (use/play/enjoy).
If it doesn't work out, like the patron of olde, I'm not spending money I can't afford to spend, and it'll make its way back into the economy, which will make the world go round. And there'll be fewer starved artists on the curb :).
Min
Just to point out, the fact that a large number of people believe something does not necessarily impact the morality of it. At one point a large majority of people (at least non-African people) felt that the slave trade was right too. That does not make them any less wrong in the eyes of history. Being a part of a majority does not by definition make you right. Morality is moved forward by outliers, people with views outside the social norm, by definition. Eventually society moves towards the new moral norm and the majority now believes the position formerly occupied by outliers, and the cycle resets.
So you can't logically argue that since even the entire state of California believes something to be true that someone stating that they are morally offside is wrong, as history is replete with counter examples.
Min
Recall that you're innocent until proven guilty (to various standards of proof) in a court of law, so ties go to the defendant.
So rather then the defendant proving that the statement is true, the plaintiff's task is proving that the statement is false. A much larger hill to climb.
Min
Unless US law is different then I'm aware of (and a quick bit of research suggests it is not) defamation (liable or slander) lawsuits require saying/writing something that is false. Here's the OKCupid statement:
"Hello there, Mozilla Firefox user. Pardon this interruption of your OkCupid experience.
Mozilla's new CEO, Brendan Eich, is an opponent of equal rights for gay couples. We would therefore prefer that our users not use Mozilla software to access OkCupid.
Politics is normally not the business of a website, and we all know there's a lot more wrong with the world than misguided CEOs. So you might wonder why we're asserting ourselves today. This is why: we've devoted the last ten years to bringing peopleâ"all peopleâ"together. If individuals like Mr. Eich had their way, then roughly 8% of the relationships we've worked so hard to bring about would be illegal. Equality for gay relationships is personally important to many of us here at OkCupid. But it's professionally important to the entire company. OkCupid is for creating love. Those who seek to deny love and instead enforce misery, shame, and frustration are our enemies, and we wish them nothing but failure.
If you want to keep using Firefox, the link at the bottom will take you through to the site.
However, we urge you to consider different software for accessing OkCupid:"
It seems to me that the statement consists of statements that in for far as the public record is concerned, are true. E.g. "Brendan Eich, is an opponent of equal rights for gay couples.", which is supported by the contribution that started this all; the rest of it appears to be statements that either relate to feelings of OK Cupid, or clearly deliminated opinions. IANAL, but I do spend a lot of time talking to them professionally, and I think it would actually be a very weak case for liable (which is what this would be, slander refers to the spoken word, liable to the written one).
You are welcome to opinions on how OKCupid handled this, but I think the argument that it's legally actionable is probably incorrect.
In brief, in order to be defamatory, a statement must be:
1) Public (e.g. someone had to have heard it other then the two parties)
2) False
3) Not an opinion
4) Damaging
(there's a couple of other items that have no baring in this case)
I think anyone reasonable could agree on 1 and 4, but 2 & 3 have larger hurdles.
Min
Yep, that's basically what I've been doing - tracking kcals in, use a polar HR strap and software to calc burn rate.
The numbers are pretty clear. I lose weight through diet. Not having a large McDonalds shake (880kcal) is worth more then 2 days at the gym (~800kcal). So I decide that the chocolate shake is not worth 2 days worth of gym work. Which points out the value of gym work. It lets me place a value on those calories, which resonate emotionally ('two days at the gym?!? no fscking way is that shake that tasty!")
Min
Exactly, the science for wieght is easy.
Energy in > Energy out => You gain weight
Energy out > Energy in => You lose weight
Beware of margins of error in your measuring methods and you're golden.
Lost 70 lbs in 10 months with my 'scientific' diet :)
Min
Remember here we're discussing a private space, not a public one. While I fully endorse anyone's right to express themselves (inside the rule of law, which is arguable in some of these cases, but we'll set them aside for the sake of argument) that right only extends to the public space, not a private one, be it physical or virtual.
I challenge anyone to go into Disney World, and start shouting the same sort of vitriol that takes place in the public channels of $insert_game_here and see how long it takes until you're politely, but firmly told that you are not welcome in their private space, and that you will be denied entrance in the future. Why should game companies handle unruly patrons in any different manner. All their TOSs expressly forbid many of these activities from occurring, but for years game companies have turned a blind eye with the attitude that if it bothers you, you should be the one to mute the offender.
Can anyone imagine Disney suggesting you ignore the crazy guy shouting racist slurs on the corner of main st?
It's frankly about time we as a community grew out of our collective teenagehood and developed some maturity.
Min
Security dept: (n) A deptartment in a company that if it doesn't exist will cause the development department to be directly blamed for anything that goes wrong. See also: (n) scapegoat.
Seriously, my IT dept calls us "the latex department" because if we're involved they're protected. Otherwise they get the blame.
Min
I agree there are companies out there like that. I'll say though, if a developer comes to me with security issue, it'll get addressed in my company. We (the security dept) has a seat at the decision making table when we select which tickets get worked on, and the power to red ticket a release until a security bug gets addressed.
That being said, one could argue that the reason we have that authority links back to the full disclosure movement and the impact of incidents like the Targets and the TJ Maxx ("What do you mean it couldn't happen here? Don't you think Target said the same thing a week before it happened there?").
If you don't have a security dept that will back you on these things, then someone hired the wrong ppl for the security dept.
Min
Yes, because an entry level TSA employee would know about the secret data collection centers. That'd be like saying that the NSA would allow a low level sysadmin access to top secret plans to spy on Americans... er, carry on!
Min
OK, I'm going to rant a bit here, and it's not specifically directed at the parent comment.
Hashs are NOT a form of magic pixie dust you spread on information to make them magiclly private.
Consider:
You enter your SSN, the app hashes it and then sends it to me to compare against a hashed list of SSNs from some other source. I never get your unhashed SSN.
Are you safe?
No. There is NOTHING preventing me from hashing every possible SSN and comparing them. the total number of possible SSNs (ignoring for the moment that I can narrow the attack space significantly by ruling out SSNs that have not been issued yet) is not computationally prohibitive to search, even salted.
OK, now bringing us back to the case in point.
Does hashing the DNS address provide you any useful privacy preservation benefit?
Well Valve has already said that they have a list of DNS addresses they're searching for. Ergo, they have hashed that list ot compare against your DNS. How hard would it be to hash the $(sites viewed as evil by your cultural/legal framework) and compare it to your hashed DNS list. Trivial.
Do you feel like your privacy is preserved?
Min
I read it somewhere:
We all manipulate, we ask people to please pass the salt instead of saying pass the &#(@#ing salt you *#(*$@$(*@$ing $*@$"
Me thinks that if you're going to need help with an electric bill in the future, it might help to occasionally engage in a bit of manipulation on the please pass the salt level.
Truecrypt.
Paying for something is not an implicit guarantee of quality. In point of fact we use Wickr at home for casual level messaging. Why? The guys behind it are known in the infosec community and therefore have a reputational stake in not doing dumb things. Additionally it has survived an audit by forensics professionals where snapchat failed:
http://www.youtube.com/watch?v=LwW9g_SQn9Y
Min
Just dropping in to add a few facts to the rhetoric:
Point Blank, by Gary Kleck, pg 165, citing a study by Wilson and Sherman, 1961:
âoeAt least one medical study compared very similar sets of wounds (âall were penetrating wounds of the abdomenâ(TM)), and found that the mortality rate in
pistol wounds was 16.8%, while the rate was 14.3% for ice pick wounds and 13.3% for butcher knife wounds."
So a single GSW to center of mass is carries a 16.8% mortality rate.
From Wikipedia:
"In 2005, 75% of the 10,100 homicides committed using firearms in the United States were committed using handguns, compared to 4% with rifles, 5% with shotguns, and the rest with unspecified firearms.[48] The likelihood that a death will result is significantly increased when either the victim or the attacker has a firearm.[49] For example, the mortality rate for gunshot wounds to the heart is 84%, compared to 30% for people who sustain stab wounds to the heart.[50]"
OK, carry on.
Min
Hey JJ, long time :)
Arguably when a state entity espouses such a principle in their founding documents, they would have an ethical obligation to not undermine those principles through use of state organs.
I agree that the text says they will make no law abridging the right, however, I would expect an implied corollary to be "Since we believe that this right is so important we won't engage in actions which would have a chilling effect on it."
Min