Making it public would solve that problem however....
Ex-Employee: "Psst, I have the customer list from Xyz corp! 100K" Prospective Buyer: "Downloaded it from their website too, but I fit mine in 4K, you should strip the HTML next time!"
****WARNING: I AM ABOUT TO BREAK GODWIN'S LAW.****
When we refer to the atrocities in Nazi Germany, in spite of them being nominally legal (they were declared extra-legal by Hitler, placing them in the same logical category as gitmo) we refer to the murder of the Jewish people.
So therefore regardless of dictionary definition, I think the general consensus is that the difference between murder and execution is a moral one, subject to hindsight.
BTW, Canada's murder rate went DOWN after we stopped executing people. Just sayin.
We just doubled our internal recruiting bonus at work. Nothing like 30K but still, doubled.
We find that people who are internally recruited have better retention rates and are less likely to be 'misrepresenting themselves' then candidates from recruiters, generally speaking.
Do you believe that children are less inventive now then when you were a kid?
Did you ever do something you didn't want your parents to know about and succeed at it?
Why would you think children today are any different? I'll be shocked if my daughter when she's 30 doesn't have teenaged secrets I know nothing about. Shocked and probably a bit sad.
Let's look at the obvious ways my daughter could get access to facebook without me knowing (oh and I work in infosec, so I'm probably harder to fool then most parents):
1) Use a computer at the public library 2) Keep a second facebook account she doesn't tell me about and use a proxy/vpn/etc to access it 3) Go to a friend's house 4) Use the computer in the school's library (might need to bypass a filter here) 5) TOR....
Ever hear the one about trying to stop a teenage boy from seeing porn? Ya, I fancy my chances about the same with facebook or anything else my daughter truly wants to get to when she's a teenager.
My solution: Teach her to manage her risks, give her the best ego I know how to so that when life steps on her, it doesn't flatten her, and show her that when life does flatten her, I won't spend my time telling her how she shouldn't have taken a risk.
Same thing goes as goes with drinking. I'd rather she call me for a ride then to drive drunk to avoid me being mad at her.
And speaking as a hiring manager, draw on how your IT experience will allow you to develop solutions that will work seamlessly with the whole IT ecosystem at your organization.
I know I've seen over the years many situations where a development team will say "OK the code is ready!". When I ask them what firewall rules they will require, they just look at me blankly and turn towards IT, because that's "infrastructure stuff".
Typically we have a name for Development staff who doesn't do that... Senior developers:).
Basically the way it works is you get, as a family, 12 months of EI for the birth of a child. You can apportion it in any way you wish up to 6 months for the father or 12 months for the mother.
Like you, I took vacation as we couldn't afford to lose that much of my salary. I think I have a very close relationship with my daughter, in part because I spent that time taking care of her while my wife recovered from the c-section. (As with all things parenting related, YMMV, and this was the case for me. Your case is likely different. Do not take as medical advice.:))
Bottom line - people pick useless passwords. The time required to brute force a hash given that you have a significant number of hashes to play with is sadly trivial. The various defcon contests are proof of this.
Until users start using random passwords, you don't want the bad guys to get a hold of your hash database. Especially if you're not salting.
Elaborate please? I ask because my wife did exactly that (emigrated from the US to Canada).
She would argue that Canadian immigration policy is much more even handed (score enough points, get in). This is especially true for US professionals (look up the NAFTA TN-1 visa). There are also guest worker programs.
Once you are a perm resident, there are two requirements:
1) Don't do anything deportable 2) Spend enough time in Canada, rather then somewhere else.
You do those two things are you get treated almost the same as a Canadian born person. The three exceptions are:
1) You cannot hold a senior govt post 2) You cannot serve in the military 3) You cannot vote in elections
Write your citizenship exam (you qualify after 4 years) and you are the same as someone who was born here. You can even be Prime Minister. No birth certificate required:).
Oh and we don't have any caps. We'll take as many people who meet the entrance requirements. No lotteries, no caps.
If any of the above is wrong (I am fallible:)) or out of date, let me know, but I believe everything above is correct.
To paraphrase another author -- your biggest problem is not going to be piracy, your biggest problem will be obscurity. Being well known that piracy numbers are significant will be success, as it implies your software is actually well enough known for someone to put in the time for a keygen.
How about we start doing actual risk analysis and stop reacting on a purely emotional level. How about we recognize that the chances of my daughter being abducted at some point in her life are approx: 1: 610,000, and that her odds of dying in a plane crash are approx 1:310,000? Let's not even discuss the chances of her getting hit by a car. She's also way more likely to be stuck by lightning then either of the above (1:10,000, given our geographic locale during her lifetime)
There are SO many things I would be better off spending time with my daughter discussing, including but not limited to her new stuffed friends, that any minute stolen from me discussing things with such a low incidence risk make me slightly resentful.
Now the odds of her posting a picture that causes her grief over her lifetime. That's a bunch higher.
Oh and the "Don't meet people from the internet" rule? I'd never have met my wife, and therefore my daughter wouldn't exist.
Life is risk. The only way to avoid risk is not to live it.
As others have already pointed out in the thread, I was providing one realtively benign example of "selling your vote".
Other examples of transactions involving your vote might include (stolen from above in some cases): "Vote this way, and I won't break your fingers" "Vote this way and you can keep your job" "Hey honey, can I see who you voted for? Uncle Fred didn't win...."
Vote selling happens in many subtle ways. The lack of a way to prove they got what they paid for prevents it. You can offer to buy someone a beer if they vote for Fred, but you can never know conclusively if they voted for Fred.
The problem with this and most similar schemes is it allows you to sell your vote.
The thing that protects against vote selling is the difficulty of proving that you were faithful in your execution of the agreement. If I pay you 10$ to vote for the great flying spaghetti monster, I want to know you did in fact vote as instructed, and not for the lazy ravioli monster.
The inability to verify a secret ballot is a feature, not a bug.
You're also forgetting that ppl south of the border have to deal with medical which was in my wife's case 500/mo due to a congenital heart defect. That'll put a crimp in your entry level job budgeting.
She'll tell you if you're poor, be poor in Canada, it's cheaper.
Well it was a rather belts and suspenders plan. The platters were also encrypted, but we preferred to have as much plausible deniability as possible to avoid the 5$ wrench attack against crypto. (http://xkcd.com/538/) The exec REALLY wanted to avoid the 5$ wrench attack.:)
Lack of a single identifying number is not an insolible problem.
Take Canada for example. We have a social insurance number (SIN - way better acronym:)). It is ILLEGAL to require it for anything other then tax purposes (in effect that means your employer and your bank if you have a savings account for most people).
If you go to buy a car, and they want to pull a CB on you, you can say no. If you refuse to provide a SIN, they will match you based on a compound key. (Name, address, telephone, previous address etc).
Ya, some times you get a mismatch, but those are relativity rare and usually resolvable if the person who happens to generate a mismatch isn't attempting fraud. I doubt requiring that SIN would improve things, it'd just provide more opportunities for it to be stolen, as we see in the US.
Does fraud happen? Yep, or I'd be out of a job. Is it common? Nope.
I have in the past provided the following instructions to an exec:
1) Go to local computer store 2) Purchase off the shelf hard drive with this model:xxx-xxxx-xxx - pay with local cash 3) Purchase philips screw driver 4) Remove HDD (more details here on how to remove a HDD) and replace with local drive. 5) Drive over old HDD with rental SUV. Repeat until fragments. Ensure HDD platters are fragments. 6) drop into at least 3 random trash bins in tourist areas 7) If questioned during exit, inform them that the computer crashed and that IT had you take it to a local repair shop but it's not working still.
Who needs a back door when you have a range of security vulnerabilities to choose from.
Here's the slide deck from the talk on Huawei talk at Defcon 20 this year. At the end of the talk the presenter addressed the topic of backdoors by saying (my paraphrase) given the state of the code, who knows if a given hole is a backdoor or unintential security vulnerability.
I'm 39(!) now so I did the school thing in the 80s mostly.
My elementary had C-64s, mostly due to fund raising efforts by the Parents Auxiliary (PTA/School Council/etc.) In the first few grades the teacher's didn't know much, and most of my 'education' came in giving tech support to the teachers as I had one at home.
Mostly they were running software from the Commodore educational software bundle. (Oregon trail! Never mind that we're Canadian students and the Chilkoot trail would have been more topical) Also I remember playing quiet a bit of artillery duel.
That continued to about grade 6 where I met a teacher who had actually decided that this was interesting stuff. He got deeply into Logo, and taught us all the basics of procedural programming using it.
This continued until highschool where we moved to PS/2 systems, and the wonders of Netware. By this time computers had become more mainstream and the games were being traded in the halls. None in the computers at school tho.
One of my teachers had a rule - if he caught you playing games in class, he'd take your 3.5" floppy and stab it with a pin about 10 times. If it still worked, you could use it.
Of course I gamed that system. Brought in two identical floppies. One pre-holed, formatted to map out the bad blocks and games installed after bad blocks were marked out. The other was pristine. When the teacher caught me and stabbed the disk, I swapped it with the working one, and miracually it worked.
I suspect I got away with it because the teacher knew full well he wasn't teaching me anything (by this point I was running a fidonet node (if you don't know what it is, look it up you whippersnapper:)) and using material from the echomail in school reports, with proper attribution of course:). Was always cool when I could include in a current affairs report the viewpoints of people living through the events.
In typing class we were still using C-64s. My big irritation there was that the software they were using disabled the backspace key and COUNTED HITTING IT AS AN ADDITIONAL TYPO. Because typewriters don't have backspace keys.
Fortunately the software was written in C-64 basic so I found the code and 'fixed the bug for them'... I may not have asked for recognition for my work tho!:).
Next up was Grade 10/11 Comp sci. Here we met Turbo Pascal. Again I outpaced and discovered Advance Placement Comp Sci which is how I finished my high school CS classes.
Slashdot Mirror
Making it public would solve that problem however....
Ex-Employee: "Psst, I have the customer list from Xyz corp! 100K"
Prospective Buyer: "Downloaded it from their website too, but I fit mine in 4K, you should strip the HTML next time!"
Min
My wife and I met on a text MUSH in the 90s. Got married 10 years ago next may.
It worked for us!
Min
The disable ads option is still there for me, mehaps your karma just isn't high enough at the moment?
Min
OK, here goes:
****WARNING: I AM ABOUT TO BREAK GODWIN'S LAW.****
When we refer to the atrocities in Nazi Germany, in spite of them being nominally legal (they were declared extra-legal by Hitler, placing them in the same logical category as gitmo) we refer to the murder of the Jewish people.
So therefore regardless of dictionary definition, I think the general consensus is that the difference between murder and execution is a moral one, subject to hindsight.
BTW, Canada's murder rate went DOWN after we stopped executing people. Just sayin.
We just doubled our internal recruiting bonus at work. Nothing like 30K but still, doubled.
We find that people who are internally recruited have better retention rates and are less likely to be 'misrepresenting themselves' then candidates from recruiters, generally speaking.
Min
Ummm...
Do you believe that children are less inventive now then when you were a kid?
Did you ever do something you didn't want your parents to know about and succeed at it?
Why would you think children today are any different? I'll be shocked if my daughter when she's 30 doesn't have teenaged secrets I know nothing about. Shocked and probably a bit sad.
Let's look at the obvious ways my daughter could get access to facebook without me knowing (oh and I work in infosec, so I'm probably harder to fool then most parents):
1) Use a computer at the public library ....
2) Keep a second facebook account she doesn't tell me about and use a proxy/vpn/etc to access it
3) Go to a friend's house
4) Use the computer in the school's library (might need to bypass a filter here)
5) TOR
Ever hear the one about trying to stop a teenage boy from seeing porn? Ya, I fancy my chances about the same with facebook or anything else my daughter truly wants to get to when she's a teenager.
My solution: Teach her to manage her risks, give her the best ego I know how to so that when life steps on her, it doesn't flatten her, and show her that when life does flatten her, I won't spend my time telling her how she shouldn't have taken a risk.
Same thing goes as goes with drinking. I'd rather she call me for a ride then to drive drunk to avoid me being mad at her.
Min
This. I've worked projects where there was a 30% hold back until my work had been signed off, even as a contracted manager.
That way I still had skin in the game to deliver on the end project deliverables (e.g. documentation)
Min
And speaking as a hiring manager, draw on how your IT experience will allow you to develop solutions that will work seamlessly with the whole IT ecosystem at your organization.
I know I've seen over the years many situations where a development team will say "OK the code is ready!". When I ask them what firewall rules they will require, they just look at me blankly and turn towards IT, because that's "infrastructure stuff".
Typically we have a name for Development staff who doesn't do that... Senior developers :).
Min
My daughter was dada. Drove my wife nuts for months till she said mommy.
I've heard anecdotally that this is because the da phoneme is easier to perform for an uncoordinated infant than the ma phoneme.
Min
And really edgy!
Basically the way it works is you get, as a family, 12 months of EI for the birth of a child. You can apportion it in any way you wish up to 6 months for the father or 12 months for the mother.
Like you, I took vacation as we couldn't afford to lose that much of my salary. I think I have a very close relationship with my daughter, in part because I spent that time taking care of her while my wife recovered from the c-section. (As with all things parenting related, YMMV, and this was the case for me. Your case is likely different. Do not take as medical advice. :))
Min
Yes, nobody ever cracks hashes.
http://contest-2012.korelogic.com/stats.html
http://threatpost.ca/en_us/blogs/anatomy-lulzsec-attack-singles-out-web-20-weakness-052312
http://franx47.wordpress.com/2013/01/31/using-hashcat-to-crack-hash-password/
Bottom line - people pick useless passwords. The time required to brute force a hash given that you have a significant number of hashes to play with is sadly trivial. The various defcon contests are proof of this.
Until users start using random passwords, you don't want the bad guys to get a hold of your hash database. Especially if you're not salting.
Min
Try to emigrate to Canada.
Elaborate please? I ask because my wife did exactly that (emigrated from the US to Canada).
She would argue that Canadian immigration policy is much more even handed (score enough points, get in). This is especially true for US professionals (look up the NAFTA TN-1 visa). There are also guest worker programs.
Once you are a perm resident, there are two requirements:
1) Don't do anything deportable
2) Spend enough time in Canada, rather then somewhere else.
You do those two things are you get treated almost the same as a Canadian born person. The three exceptions are:
1) You cannot hold a senior govt post
2) You cannot serve in the military
3) You cannot vote in elections
Write your citizenship exam (you qualify after 4 years) and you are the same as someone who was born here. You can even be Prime Minister. No birth certificate required :).
Oh and we don't have any caps. We'll take as many people who meet the entrance requirements. No lotteries, no caps.
If any of the above is wrong (I am fallible :)) or out of date, let me know, but I believe everything above is correct.
Min
Contrast this with say, buying an iPhone, in which case you're Apple's customer
Not quite true - otherwise Apple would not be in the advertising business (http://en.wikipedia.org/wiki/IAd)
In general, you can assume that any large company is treating you as the product. The only question is to what degree and if you're also a customer.
And if you bought a google nexus phone/tablet, you're also Google's customer as well as product.
Min
To paraphrase another author -- your biggest problem is not going to be piracy, your biggest problem will be obscurity. Being well known that piracy numbers are significant will be success, as it implies your software is actually well enough known for someone to put in the time for a keygen.
Min
How about we start doing actual risk analysis and stop reacting on a purely emotional level. How about we recognize that the chances of my daughter being abducted at some point in her life are approx: 1: 610,000, and that her odds of dying in a plane crash are approx 1:310,000? Let's not even discuss the chances of her getting hit by a car. She's also way more likely to be stuck by lightning then either of the above (1:10,000, given our geographic locale during her lifetime)
There are SO many things I would be better off spending time with my daughter discussing, including but not limited to her new stuffed friends, that any minute stolen from me discussing things with such a low incidence risk make me slightly resentful.
Now the odds of her posting a picture that causes her grief over her lifetime. That's a bunch higher.
Oh and the "Don't meet people from the internet" rule? I'd never have met my wife, and therefore my daughter wouldn't exist.
Life is risk. The only way to avoid risk is not to live it.
Min
As others have already pointed out in the thread, I was providing one realtively benign example of "selling your vote".
Other examples of transactions involving your vote might include (stolen from above in some cases):
"Vote this way, and I won't break your fingers"
"Vote this way and you can keep your job"
"Hey honey, can I see who you voted for? Uncle Fred didn't win...."
Vote selling happens in many subtle ways. The lack of a way to prove they got what they paid for prevents it. You can offer to buy someone a beer if they vote for Fred, but you can never know conclusively if they voted for Fred.
Min
The problem with this and most similar schemes is it allows you to sell your vote.
The thing that protects against vote selling is the difficulty of proving that you were faithful in your execution of the agreement. If I pay you 10$ to vote for the great flying spaghetti monster, I want to know you did in fact vote as instructed, and not for the lazy ravioli monster.
The inability to verify a secret ballot is a feature, not a bug.
Min
You're also forgetting that ppl south of the border have to deal with medical which was in my wife's case 500/mo due to a congenital heart defect. That'll put a crimp in your entry level job budgeting.
She'll tell you if you're poor, be poor in Canada, it's cheaper.
Min
Well it was a rather belts and suspenders plan. The platters were also encrypted, but we preferred to have as much plausible deniability as possible to avoid the 5$ wrench attack against crypto. (http://xkcd.com/538/) The exec REALLY wanted to avoid the 5$ wrench attack. :)
Min
Lack of a single identifying number is not an insolible problem.
Take Canada for example. We have a social insurance number (SIN - way better acronym :)). It is ILLEGAL to require it for anything other then tax purposes (in effect that means your employer and your bank if you have a savings account for most people).
If you go to buy a car, and they want to pull a CB on you, you can say no. If you refuse to provide a SIN, they will match you based on a compound key. (Name, address, telephone, previous address etc).
Ya, some times you get a mismatch, but those are relativity rare and usually resolvable if the person who happens to generate a mismatch isn't attempting fraud. I doubt requiring that SIN would improve things, it'd just provide more opportunities for it to be stolen, as we see in the US.
Does fraud happen? Yep, or I'd be out of a job. Is it common? Nope.
Min
I have in the past provided the following instructions to an exec:
1) Go to local computer store
2) Purchase off the shelf hard drive with this model:xxx-xxxx-xxx - pay with local cash
3) Purchase philips screw driver
4) Remove HDD (more details here on how to remove a HDD) and replace with local drive.
5) Drive over old HDD with rental SUV. Repeat until fragments. Ensure HDD platters are fragments.
6) drop into at least 3 random trash bins in tourist areas
7) If questioned during exit, inform them that the computer crashed and that IT had you take it to a local repair shop but it's not working still.
Such is life in the odd world we live in.
Min
"Good for Apple to show contempt for them"
I think this word will feature prominently in the judge's reaction too.
Min
Who needs a back door when you have a range of security vulnerabilities to choose from.
Here's the slide deck from the talk on Huawei talk at Defcon 20 this year. At the end of the talk the presenter addressed the topic of backdoors by saying (my paraphrase) given the state of the code, who knows if a given hole is a backdoor or unintential security vulnerability.
The deck is worth a read if only for the fortune cookie slides, which contain actual quotes from the object code:
http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf
Min
I'm 39(!) now so I did the school thing in the 80s mostly.
My elementary had C-64s, mostly due to fund raising efforts by the Parents Auxiliary (PTA/School Council/etc.) In the first few grades the teacher's didn't know much, and most of my 'education' came in giving tech support to the teachers as I had one at home.
Mostly they were running software from the Commodore educational software bundle. (Oregon trail! Never mind that we're Canadian students and the Chilkoot trail would have been more topical) Also I remember playing quiet a bit of artillery duel.
That continued to about grade 6 where I met a teacher who had actually decided that this was interesting stuff. He got deeply into Logo, and taught us all the basics of procedural programming using it.
This continued until highschool where we moved to PS/2 systems, and the wonders of Netware. By this time computers had become more mainstream and the games were being traded in the halls. None in the computers at school tho.
One of my teachers had a rule - if he caught you playing games in class, he'd take your 3.5" floppy and stab it with a pin about 10 times. If it still worked, you could use it.
Of course I gamed that system. Brought in two identical floppies. One pre-holed, formatted to map out the bad blocks and games installed after bad blocks were marked out. The other was pristine. When the teacher caught me and stabbed the disk, I swapped it with the working one, and miracually it worked.
I suspect I got away with it because the teacher knew full well he wasn't teaching me anything (by this point I was running a fidonet node (if you don't know what it is, look it up you whippersnapper :)) and using material from the echomail in school reports, with proper attribution of course :). Was always cool when I could include in a current affairs report the viewpoints of people living through the events.
In typing class we were still using C-64s. My big irritation there was that the software they were using disabled the backspace key and COUNTED HITTING IT AS AN ADDITIONAL TYPO. Because typewriters don't have backspace keys.
Fortunately the software was written in C-64 basic so I found the code and 'fixed the bug for them'... I may not have asked for recognition for my work tho! :).
Next up was Grade 10/11 Comp sci. Here we met Turbo Pascal. Again I outpaced and discovered Advance Placement Comp Sci which is how I finished my high school CS classes.
Min