Ok, I'll admit I'm not 16 anymore, but I'm not 60 either and I wonder WTF does the Unicode Consortium have to do with stupid smileys?????
This is one of the "don't they have more important things to worry about" moments. But more importantly, this is utter crap and doesn't belong into a fucking fontset. You want to have dancing teddy bears and cups of coffee and stuff, fine, make your own icon font, nobody stops you.
Until this post I didn't even realize that this crap is now official Unicode, and I still can't believe it. Solution looking for a problem, yes?
The primary test for all kinds of organized crime is that there has to be an agreement between the involved parties, an understanding to commit a crime together. That is usually the difficult part to prove.
A torrent is more like a mob. You can leave or join at any time and nobody else cares much. There's very little organisation. I don't think you could successfully bring an organized crime charge against a mob.
When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.
Which have begun to add in newgroups, mailing lists, forums and chats...
The primary design error in networking was to trust other devices. If we had designed networking from the start under the assumption of malicious intruders, we would have things like "to do anything, you need a token that proves you're allowed to do it". It would be in the protocols.
On embedded devices, I want a networking stack that will cryptographically check all incoming packets, and at the lowest level discard them if they don't carry a valid token. Nothing gets even processed unless you are authorized to interact with the device.
In many jurisdictions, data about real-world facts cannot be copyrighted, so the only theoretically copyrightable parts are the texts that users wrote (profile texts and emails), and I would guess that AM is not the coypright holder (thought they could have a clause in the contract saying posting something on the site is a transferal of copyright).
So they could claim trade secret, but in many jurisdictions once your secret is no longer secret, it is not a trade secret anymore. Basically, the courts refuse to participate in the "let's sue everyone because the whole world knows" scenario.
Since you don't have a connection to the original hackers, what crime you think they would sue you for?
True to some extent. I didn't say forget all good practice.
But, for example, for the game listed in my.sig I wrote a lot of very specific GIS code. Yes, I could have spent the additional time and conceptual work and written a generic "find object on map based on criteria" service and maybe it would be useful in some future project.
But with what I've learnt doing it the way I did, I could write another task-specific piece of GIS code in half the time that the abstraction would cost me, with none of the overhead and performance impacts.
There are, but at least the ones I know do rely on other people. For example they will buy assets (icons, sound effects, whatever) or get ready-made-libraries for many tasks.
There are definite advantages to a solo-programmer project.
For starters, you can take shortcuts you couldn't take in a team, because there is a reason that you have all these coding styles and guidelines and templates and levels of abstraction and frameworks and all that other stuff, and the reason is "you are not the only person working on this project".
Well, if you are a lot of these constraints disappear. I love to write code with a low amount of abstraction, because yes, I understand its advantages, but if I need to hop through 20 levels of abstraction before I find the place where the actual (potentially buggy) calculation is being done, that's just a chore. In a team, where other people re-use your code, you want modular.
There are projects you can do alone. In fact, a lot of applications can perfectly well be written by one person with enough time. I've got probably a million lines of code in various projects that are all one-man projects or started out that way.
And frameworks make your job easier not more difficult. There is so much stuff in them that you don't have to re-invent or write yourself. I wrote one complex web-app using pure PHP and I don't want to ever do that again. With Symfony2 (my choice ATM) or whatever other framework you like, you can have a basic app running in one day.
What I find to be the problem more and more is not that you need more programmers. But that you need designers and graphics artists and UX experts to make a competitive software, application, website, etc. today.
Back in C64 times, you could draw a couple sprites yourself, even if you were not an artist. Yeah, they would not look as great, but it was good enough. Today, peoples standards are higher and while you can make a 12x21 pixel that looks similar to what a real artist might make, you will not do something that comes even close at 128x128.
So in summary: Absolutely, you can code a reasonably complex application with one programmer. Aside from a few edge cases it is really hard to create the whole application with everything as one person. Though in parts you can simply buy what you can't make yourself. Icons are not a problem to get for free or for money, for example.
Yes, because this data set gives us interesting insights into so many topics. From figuring out what your chances of actually meeting a woman on such sites, to demographical analysis (how does the data set in the AM database vary from the average demographics? How can we explain the difference? Self-reporting bias (i.e. presenting yourself better than you are), of course, but maybe there is more?
Blackmailing these people really is just skiming the surface for easy-to-catch fish. If you dig deep into such a dataset, who knows what you can find?
Are their profile texts included? I'm sure you can do so many interesting linguistical analysis if you have both the texts and the demographic data. I know this has been done in the past on other dating sites for research projects, but here you have an even more specific set. We can measure deception in written language - do these profiles show above-average signs of deception, or are these people who deceive their spouses honest to their potential online partners?
Depends on the body mass of these people, which thankfully are included in the sample (well, at least their self-reported body mass, but we have good studies showing the statistical discrepancies, so we can extrapolate).
If we assume that 4 people can comfortably fuck on a king-size bed, and for simplicity assume such a bed to be 2x2 m then a football field 6400 m^2 (american football) oder 7140 m^2 (european soccer) is the equivalent of 1600-1785 orgies. Let's leave a little space inbetween for walking, etc. then we have 1500 women and 4500 men on such a football field.
The analysis says 12,000 women, so that's 8 football fields. Since that includes only 36,000 men, the remaining ca. 32 mio. need to fit in the stands, meaning 4 mio. per stadium. The largest stadium in the world is, interestingly, in North Korea and it fits 150,000.
So, by flawless math and logic, we can deduce that a lot of those male profiles are either fake as well, or gay (which means we need to add a couple stadiums with same-sex orgies).
There, put it into football fields for you. Happy?
I can do it myself, in which case I may screw up my vehicle.
Which is basically saying that you can't do it yourself. Which is good. If you don't know enough about recoding a car computer, then you don't know enough to make sure your recoding doesn't break something important that only shows up when you're going 150 mph.
With the data analysis coming out now, it becomes clear that not the fact they couldn't keep customer data secret will damage them, but the fact that the data reveals their shady business strategy (for example that almost all the women profiles are fakes or inactives).
Many companies have skeletons like that in the closet. You think Facebook or Twitter user numbers represent actual, active users? Of course not. If the true numbers were reliably exposed, their customers (advertisers) would not be willing to pay prices based on the inflated numbers anymore.
There is not enough willingness to pay for it. Look at what artists make. No matter if they are musicians, painters, writers, actors or anything else. 1% of them makes 99% of the money, the rest would get a real job if a) there were real jobs for people with artistic talents and b) they were not driven by passion instead of greed.
Look at the jobs that require humans instead of workers. Teachers, nurses, policemen. Some of the worst paid jobs if you put it in relation to what is required of them.
The problem is that our entire economic system is stuck in the industrial age. People who produce tangible objects are paid well, and people who own the means to production earn well. In IT we have the one exceptional field where knowledge workers earn pretty good. Everywhere else, if what you make is not tangible, it doesn't earn you as much as it should.
There is enough to do. I could easily give 10 people work just from the things that I have in my head that I'd like to see done. Unfortunately, I'm not a billionaire, or I would. Instead I try to do them by myself, in addition to working for money.
I personally cannot wait for the day someone makes this brilliant breakthrough that replaces all the jobs that we all know can and should be done by machines. It will be ugly for a few years, but it will force us as a society to re-evaluate which kinds of activities we consider worthy paying for, and how to pay for them.
We may be a reckless and hedonistic species, but weâ(TM)re not going to replace ourselves into extinction. Thatâ(TM)s just silly. Someone still has to design robots, train them, fix them, and streamline their processes.
Firstly, human being do a lot of silly things. Saying something is silly means absolutely nothing on the axis of "likely to happen".
Secondly, I see nothing that prevents robots in principle from designing, training or fixing other robots. In fact, we already have most of the components for such things in place.
What robots can't do, at this time, is to decide about purpose. They can do things, and even figure out better ways of doing them by themselves, and very soon they will be able to decide independently what to do in order to reach a given goal. But the goal-giving is still human.
But, I don't think that's a god-given. Where do our goals from? They're basically just what's bubbling up from this sea of desires, interests and good old instincts. The ultimate goal is a question as old as mankind, and as silly. We don't have a goal, really. What we consider goals and purposes are just higher-level to-do items, and a sufficiently complex computer program can come up with equivalent things, in principle.
So in summary, we very much may replace ourselves into extinction. And on some level, we even need to do it. Our biological machine is as primitive and flawed as it is beautiful and brilliant. The same will be true for machines we design, but with self-replicating machines, the evolutionary cycles can be much faster in the same way that language and writing have dramatically increased the speed at which we humans develop compared to animals who only have genetics to pass on whatever they learnt.
The lesson: Big sins usually start off as small ones
The real lesson: If you want to control people, make them feel guilty about something they have little conscious control over.
I cannot control my instincts, there are dozens of studies proving that many things like noticing something of interest in your environment happens unconsciously and your conscious mind is only informed after the fact and then makes up a story about how it was responsible.
I can control my actions. Standing up and hitting on that woman is something that does not happen unconsciously.
Any religion that makes me feel bad because of things not under my control, instead of for that which is mine to answer for, is evil.
We also try to remember that if God has forgiven us our sins against Him, then we also ought to be willing to forgive those who sin against us. Most marriages can be saved if both partners are willing to save it, and, sometimes, even if one of them is not.
That is true, and needs to reference to imaginary friends.
Judging from divorce rates, movies and other stories and general impression, I would say that at least half of all marriages already seem to be a lie held together by financial needs and the interest of providing the children a home.
Infidelity is just one of the many lies.
I understand your logic. I don't understand why we as society single out infidelity so much over all the other problems that a marriage can have.
No, of course I understand. Because we are still animals and our instincts tell us that all the other shit that's going on is not so important as long as we can be sure our offspring actually has our genes. Because for all the importance we attribute ourselves, we're just the train that our genes ride on their way to the next generation.
Our software is shit, our systems crap, our understanding of business laughable. We are not the solution, we are the problem.
Readers excercise: Customer is requesting a company website, with a CMS system so his PR people can manage it. Build it securely. What are you going to use? List the systems you want to use. After you have selected them (don't read on until you did!) - imagine you did this three years ago. Check how many bugs your selected systems had in this time that could have been used to hack this website.
Would you have accepted liability for any successful hacks on this website? Why not? The corporation wants to secure its data and is even paying you for it. I'm quite sure it's not their interest that makes this fail, but your inability or unwillingness to provide.
Because you can't. Such a system would have to be custom-built, almost from the ground up. And not just the software. The whole management environment, the whole password management scheme, if your customer is a high-profile target, maybe even the hosting and networking. Heck, there are so many BGP attacks that can get that website redirected elsewhere and everything you did on the system was for nothing.
What makes a system insecure? The system integration/networking? The software, especially third party software with its disclaimers about "no liability for implied merchantability and fitness for a particular purpose"?
That is the problem, right there.
If you want to run a secure system, you should not be allowed to use such software on it, period.
True, Free Software is great, and often of the highest quality. But why is there no market for secure software, if we have such a need for it?
Because it matters little if you download your server software from Github or buy it from Vendor X for half your money plus your firstborn son. When the shit hits the fan, both of them will point to some clause in the license that absolves them of any and all responsibility.
To me it smells like Sarbanes-Oxley all over again.
No, SOX is too weak to cover this. Disclaimer: I was the head SOX guy at a company.
It's patently ridiculous how you can be absolutely compliant with very little effort if you kick out the consultants and put some actual thought and understanding of your business systems into the compliance topic. If consultants designed your compliance, you are almost certainly spending at least twice as much as you need to, and probably ten times. If you get them in only for the testing, you're doing it much smarter.
We need liability, not compliance. That's a different thing.
If I can buy software that the vendor actually guarantees for, and is sure enough in to take liability for, then we are going somewhere.
Worse yet, what about unknown exploits used for which there are no patches?
Software has bugs. But we know how to write software so that it has at least one, possibly two orders of magnitude fewer bugs than the crap we produce every day.
It's just that it's a bit more expensive.
If there were liability, suddenly that equation would change. If bugs cost you actual money and not just the effort of fixing it and a small risk of reputation loss, companies would understand that writing almost bug-free software in the first place is cheaper.
I fail to see why anyone with a traditional moral compass would sign up for this website.
So what about people with a more modern moral compass?
Even if you are not married and simply looking for a one nighter, you are still signing up to site where married people are looking for an affair.
One of the things that people who are merely looking for sexual encounters are afraid of is getting involved with someone who wants more. The same way that men pretend to be interested in love in order to get some sex, there are women who pretend to be interested in sex in order to get some love.
Sleeping with married women is actually a very old method to make sure there will be none of that, if you don't want it.
The other people could have simply signed up for a different website where the main intent is not cheating. It seems there would be plenty, and none of them are getting hacked
Yeah, aiding and abetting. It is a valid argument. However, so is letting other people mind their own business. When you work in a shop, do you always check if the people buying your stuff can afford it, or do you leave it to them to decide?
Look, here's the thing: Sure, AM business model is based on something that we as society reject. But strangely, it has millions of users. So, speaking as society, we reject it and the same time desire it enough to spend considerable amounts of money.
Maybe instead of the talk about morals we should have a talk with ourselves about this incongruity?
At the end of the day these people signed up for a site whose primary market is marital infidelity. I feel a bit sorry for the woman referenced above, but I also have to wonder if the partners of the people she's "engaged with" on AM were as accepting as her husband was. I kind of doubt it.
But that is not the issue at all.
In a relationship, whatever is acceptable to both partners should be fine. But society has its own strange rules, even about things that are not its business, like what you do in your bedroom.
Betraying your partner is one thing. But doing as this woman did and not wanting to be judged by society for it simply because people wouldn't understand is an absolutely legitimate interest. It's none of their business in the first place.
There are a lot of other sites out there that don't specifically target cheating that she could have used instead. By choosing to have her hookups through that site she was pretty much guaranteeing that she was actively screwing around with someone else's relationship.
Why we always assume other people are stupid? She probably checked her choices and decided on AM for good reasons. Other dating sites? Too many people interested in romantic relationships for what she wanted. Sex dating sites? Too many creeps.
And other people's relationships - yes, probably. But you know what? It's a healthy attitude to assume that other people you interact with are adults and their business is their business and not yours.
Slashdot Mirror
And now, for the first time, I'm happy that it doesn't.
If they ever add it, please, please, please also add a "rate all posts using emojis at -5" filter at the same time.
Ok, I'll admit I'm not 16 anymore, but I'm not 60 either and I wonder WTF does the Unicode Consortium have to do with stupid smileys?????
This is one of the "don't they have more important things to worry about" moments. But more importantly, this is utter crap and doesn't belong into a fucking fontset. You want to have dancing teddy bears and cups of coffee and stuff, fine, make your own icon font, nobody stops you.
Until this post I didn't even realize that this crap is now official Unicode, and I still can't believe it. Solution looking for a problem, yes?
The primary test for all kinds of organized crime is that there has to be an agreement between the involved parties, an understanding to commit a crime together. That is usually the difficult part to prove.
A torrent is more like a mob. You can leave or join at any time and nobody else cares much. There's very little organisation. I don't think you could successfully bring an organized crime charge against a mob.
When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.
Which have begun to add in newgroups, mailing lists, forums and chats...
What we need more is a base model of distrust.
The primary design error in networking was to trust other devices. If we had designed networking from the start under the assumption of malicious intruders, we would have things like "to do anything, you need a token that proves you're allowed to do it". It would be in the protocols.
On embedded devices, I want a networking stack that will cryptographically check all incoming packets, and at the lowest level discard them if they don't carry a valid token. Nothing gets even processed unless you are authorized to interact with the device.
this torrent is legally questionable to download
Depends on your jurisdiction.
In many jurisdictions, data about real-world facts cannot be copyrighted, so the only theoretically copyrightable parts are the texts that users wrote (profile texts and emails), and I would guess that AM is not the coypright holder (thought they could have a clause in the contract saying posting something on the site is a transferal of copyright).
So they could claim trade secret, but in many jurisdictions once your secret is no longer secret, it is not a trade secret anymore. Basically, the courts refuse to participate in the "let's sue everyone because the whole world knows" scenario.
Since you don't have a connection to the original hackers, what crime you think they would sue you for?
Since we are two orders of magnitude away from the goal, +50% really doesn't matter.
Also, I agree with WP to not consider race tracks as "stadiums". And I rarely agree with WP.
True to some extent. I didn't say forget all good practice.
But, for example, for the game listed in my .sig I wrote a lot of very specific GIS code. Yes, I could have spent the additional time and conceptual work and written a generic "find object on map based on criteria" service and maybe it would be useful in some future project.
But with what I've learnt doing it the way I did, I could write another task-specific piece of GIS code in half the time that the abstraction would cost me, with none of the overhead and performance impacts.
There are, but at least the ones I know do rely on other people. For example they will buy assets (icons, sound effects, whatever) or get ready-made-libraries for many tasks.
There are definite advantages to a solo-programmer project.
For starters, you can take shortcuts you couldn't take in a team, because there is a reason that you have all these coding styles and guidelines and templates and levels of abstraction and frameworks and all that other stuff, and the reason is "you are not the only person working on this project".
Well, if you are a lot of these constraints disappear. I love to write code with a low amount of abstraction, because yes, I understand its advantages, but if I need to hop through 20 levels of abstraction before I find the place where the actual (potentially buggy) calculation is being done, that's just a chore. In a team, where other people re-use your code, you want modular.
There are projects you can do alone. In fact, a lot of applications can perfectly well be written by one person with enough time. I've got probably a million lines of code in various projects that are all one-man projects or started out that way.
And frameworks make your job easier not more difficult. There is so much stuff in them that you don't have to re-invent or write yourself. I wrote one complex web-app using pure PHP and I don't want to ever do that again. With Symfony2 (my choice ATM) or whatever other framework you like, you can have a basic app running in one day.
What I find to be the problem more and more is not that you need more programmers. But that you need designers and graphics artists and UX experts to make a competitive software, application, website, etc. today.
Back in C64 times, you could draw a couple sprites yourself, even if you were not an artist. Yeah, they would not look as great, but it was good enough. Today, peoples standards are higher and while you can make a 12x21 pixel that looks similar to what a real artist might make, you will not do something that comes even close at 128x128.
So in summary: Absolutely, you can code a reasonably complex application with one programmer. Aside from a few edge cases it is really hard to create the whole application with everything as one person. Though in parts you can simply buy what you can't make yourself. Icons are not a problem to get for free or for money, for example.
Yes, because this data set gives us interesting insights into so many topics. From figuring out what your chances of actually meeting a woman on such sites, to demographical analysis (how does the data set in the AM database vary from the average demographics? How can we explain the difference? Self-reporting bias (i.e. presenting yourself better than you are), of course, but maybe there is more?
Blackmailing these people really is just skiming the surface for easy-to-catch fish. If you dig deep into such a dataset, who knows what you can find?
Are their profile texts included? I'm sure you can do so many interesting linguistical analysis if you have both the texts and the demographic data. I know this has been done in the past on other dating sites for research projects, but here you have an even more specific set. We can measure deception in written language - do these profiles show above-average signs of deception, or are these people who deceive their spouses honest to their potential online partners?
Depends on the body mass of these people, which thankfully are included in the sample (well, at least their self-reported body mass, but we have good studies showing the statistical discrepancies, so we can extrapolate).
If we assume that 4 people can comfortably fuck on a king-size bed, and for simplicity assume such a bed to be 2x2 m then a football field 6400 m^2 (american football) oder 7140 m^2 (european soccer) is the equivalent of 1600-1785 orgies. Let's leave a little space inbetween for walking, etc. then we have 1500 women and 4500 men on such a football field.
The analysis says 12,000 women, so that's 8 football fields. Since that includes only 36,000 men, the remaining ca. 32 mio. need to fit in the stands, meaning 4 mio. per stadium. The largest stadium in the world is, interestingly, in North Korea and it fits 150,000.
So, by flawless math and logic, we can deduce that a lot of those male profiles are either fake as well, or gay (which means we need to add a couple stadiums with same-sex orgies).
There, put it into football fields for you. Happy?
I can do it myself, in which case I may screw up my vehicle.
Which is basically saying that you can't do it yourself. Which is good. If you don't know enough about recoding a car computer, then you don't know enough to make sure your recoding doesn't break something important that only shows up when you're going 150 mph.
AM is actually a good example.
With the data analysis coming out now, it becomes clear that not the fact they couldn't keep customer data secret will damage them, but the fact that the data reveals their shady business strategy (for example that almost all the women profiles are fakes or inactives).
Many companies have skeletons like that in the closet. You think Facebook or Twitter user numbers represent actual, active users? Of course not. If the true numbers were reliably exposed, their customers (advertisers) would not be willing to pay prices based on the inflated numbers anymore.
Brilliant video (20 minutes), absolutely must-view for anyone riding the morale high ground here:
http://www.ted.com/talks/esthe...
There is enough to do.
There is not enough willingness to pay for it. Look at what artists make. No matter if they are musicians, painters, writers, actors or anything else. 1% of them makes 99% of the money, the rest would get a real job if a) there were real jobs for people with artistic talents and b) they were not driven by passion instead of greed.
Look at the jobs that require humans instead of workers. Teachers, nurses, policemen. Some of the worst paid jobs if you put it in relation to what is required of them.
The problem is that our entire economic system is stuck in the industrial age. People who produce tangible objects are paid well, and people who own the means to production earn well. In IT we have the one exceptional field where knowledge workers earn pretty good. Everywhere else, if what you make is not tangible, it doesn't earn you as much as it should.
There is enough to do. I could easily give 10 people work just from the things that I have in my head that I'd like to see done. Unfortunately, I'm not a billionaire, or I would. Instead I try to do them by myself, in addition to working for money.
I personally cannot wait for the day someone makes this brilliant breakthrough that replaces all the jobs that we all know can and should be done by machines. It will be ugly for a few years, but it will force us as a society to re-evaluate which kinds of activities we consider worthy paying for, and how to pay for them.
from TFA:
We may be a reckless and hedonistic species, but weâ(TM)re not going to replace ourselves into extinction. Thatâ(TM)s just silly. Someone still has to design robots, train them, fix them, and streamline their processes.
Firstly, human being do a lot of silly things. Saying something is silly means absolutely nothing on the axis of "likely to happen".
Secondly, I see nothing that prevents robots in principle from designing, training or fixing other robots. In fact, we already have most of the components for such things in place.
What robots can't do, at this time, is to decide about purpose. They can do things, and even figure out better ways of doing them by themselves, and very soon they will be able to decide independently what to do in order to reach a given goal. But the goal-giving is still human.
But, I don't think that's a god-given. Where do our goals from? They're basically just what's bubbling up from this sea of desires, interests and good old instincts. The ultimate goal is a question as old as mankind, and as silly. We don't have a goal, really. What we consider goals and purposes are just higher-level to-do items, and a sufficiently complex computer program can come up with equivalent things, in principle.
So in summary, we very much may replace ourselves into extinction. And on some level, we even need to do it. Our biological machine is as primitive and flawed as it is beautiful and brilliant. The same will be true for machines we design, but with self-replicating machines, the evolutionary cycles can be much faster in the same way that language and writing have dramatically increased the speed at which we humans develop compared to animals who only have genetics to pass on whatever they learnt.
The lesson: Big sins usually start off as small ones
The real lesson: If you want to control people, make them feel guilty about something they have little conscious control over.
I cannot control my instincts, there are dozens of studies proving that many things like noticing something of interest in your environment happens unconsciously and your conscious mind is only informed after the fact and then makes up a story about how it was responsible.
I can control my actions. Standing up and hitting on that woman is something that does not happen unconsciously.
Any religion that makes me feel bad because of things not under my control, instead of for that which is mine to answer for, is evil.
We also try to remember that if God has forgiven us our sins against Him, then we also ought to be willing to forgive those who sin against us. Most marriages can be saved if both partners are willing to save it, and, sometimes, even if one of them is not.
That is true, and needs to reference to imaginary friends.
Judging from divorce rates, movies and other stories and general impression, I would say that at least half of all marriages already seem to be a lie held together by financial needs and the interest of providing the children a home.
Infidelity is just one of the many lies.
I understand your logic. I don't understand why we as society single out infidelity so much over all the other problems that a marriage can have.
No, of course I understand. Because we are still animals and our instincts tell us that all the other shit that's going on is not so important as long as we can be sure our offspring actually has our genes. Because for all the importance we attribute ourselves, we're just the train that our genes ride on their way to the next generation.
While funny, that is also 100% spot on.
To answer the GP: Because it's none of our business and the people involved should decide what is permissible and what not and what the punishment is.
In general, there's nothing anyone can do who isn't deeply involved in computer security and cryptography, which on average is everyone.
This.
Don't think companies aren't trying. But it's incredibly hard, and one mistake is all it takes and you're owned.
how corporations have to secure data,
Corporations are trying.
IT is not supporting them very good in doing it.
Our software is shit, our systems crap, our understanding of business laughable. We are not the solution, we are the problem.
Readers excercise: Customer is requesting a company website, with a CMS system so his PR people can manage it. Build it securely. What are you going to use? List the systems you want to use. After you have selected them (don't read on until you did!) - imagine you did this three years ago. Check how many bugs your selected systems had in this time that could have been used to hack this website.
Would you have accepted liability for any successful hacks on this website? Why not? The corporation wants to secure its data and is even paying you for it. I'm quite sure it's not their interest that makes this fail, but your inability or unwillingness to provide.
Because you can't. Such a system would have to be custom-built, almost from the ground up. And not just the software. The whole management environment, the whole password management scheme, if your customer is a high-profile target, maybe even the hosting and networking. Heck, there are so many BGP attacks that can get that website redirected elsewhere and everything you did on the system was for nothing.
What makes a system insecure? The system integration/networking? The software, especially third party software with its disclaimers about "no liability for implied merchantability and fitness for a particular purpose"?
That is the problem, right there.
If you want to run a secure system, you should not be allowed to use such software on it, period.
True, Free Software is great, and often of the highest quality. But why is there no market for secure software, if we have such a need for it?
Because it matters little if you download your server software from Github or buy it from Vendor X for half your money plus your firstborn son. When the shit hits the fan, both of them will point to some clause in the license that absolves them of any and all responsibility.
To me it smells like Sarbanes-Oxley all over again.
No, SOX is too weak to cover this.
Disclaimer: I was the head SOX guy at a company.
It's patently ridiculous how you can be absolutely compliant with very little effort if you kick out the consultants and put some actual thought and understanding of your business systems into the compliance topic. If consultants designed your compliance, you are almost certainly spending at least twice as much as you need to, and probably ten times. If you get them in only for the testing, you're doing it much smarter.
We need liability, not compliance. That's a different thing.
If I can buy software that the vendor actually guarantees for, and is sure enough in to take liability for, then we are going somewhere.
Worse yet, what about unknown exploits used for which there are no patches?
Software has bugs. But we know how to write software so that it has at least one, possibly two orders of magnitude fewer bugs than the crap we produce every day.
It's just that it's a bit more expensive.
If there were liability, suddenly that equation would change. If bugs cost you actual money and not just the effort of fixing it and a small risk of reputation loss, companies would understand that writing almost bug-free software in the first place is cheaper.
I fail to see why anyone with a traditional moral compass would sign up for this website.
So what about people with a more modern moral compass?
Even if you are not married and simply looking for a one nighter, you are still signing up to site where married people are looking for an affair.
One of the things that people who are merely looking for sexual encounters are afraid of is getting involved with someone who wants more. The same way that men pretend to be interested in love in order to get some sex, there are women who pretend to be interested in sex in order to get some love.
Sleeping with married women is actually a very old method to make sure there will be none of that, if you don't want it.
The other people could have simply signed up for a different website where the main intent is not cheating. It seems there would be plenty, and none of them are getting hacked
Yeah, aiding and abetting. It is a valid argument. However, so is letting other people mind their own business. When you work in a shop, do you always check if the people buying your stuff can afford it, or do you leave it to them to decide?
Look, here's the thing: Sure, AM business model is based on something that we as society reject. But strangely, it has millions of users. So, speaking as society, we reject it and the same time desire it enough to spend considerable amounts of money.
Maybe instead of the talk about morals we should have a talk with ourselves about this incongruity?
At the end of the day these people signed up for a site whose primary market is marital infidelity. I feel a bit sorry for the woman referenced above, but I also have to wonder if the partners of the people she's "engaged with" on AM were as accepting as her husband was. I kind of doubt it.
But that is not the issue at all.
In a relationship, whatever is acceptable to both partners should be fine. But society has its own strange rules, even about things that are not its business, like what you do in your bedroom.
Betraying your partner is one thing. But doing as this woman did and not wanting to be judged by society for it simply because people wouldn't understand is an absolutely legitimate interest. It's none of their business in the first place.
There are a lot of other sites out there that don't specifically target cheating that she could have used instead. By choosing to have her hookups through that site she was pretty much guaranteeing that she was actively screwing around with someone else's relationship.
Why we always assume other people are stupid? She probably checked her choices and decided on AM for good reasons. Other dating sites? Too many people interested in romantic relationships for what she wanted. Sex dating sites? Too many creeps.
And other people's relationships - yes, probably. But you know what? It's a healthy attitude to assume that other people you interact with are adults and their business is their business and not yours.