TV is a declining medium. 15 years ago, when I removed the TV from my home, I was an exotic. Since then, more and more people I meet also don't have a TV, especially young people. And a lot of the others use it to watch movies from DVD or download/streaming, not any TV station.
It's big still and thanks to exclusive deals for events like olympics and world cups, it will stay around for many more years, but it's a medium on the way to exit, and two generations from now it will be part of media history like gramophone records or cassette tapes.
Innovation in this area will only speed up its decline. Heck, even the "Apple TV" thing doesn't really do television - it replaces television with iTunes media consumption.
But not because you lack technical skills, those can be learnt. You're seriously working for a boss who thinks that he can turn a sysadmin into the head of a pentesting department by telling him to make it happen?
There's a lot that goes into a good pentest, and a reason that there are entire companies staffed with people who do essentially just that. It's not something you learn with a book on a few weekends. If your boss doesn't understand that, the result will be a disaster. And we already have too many people out there selling the printout of a Nessus scan as a penetration test.
What other comments said is spot on. Your boss needs to hire an experienced pentester, period. If he doesn't want to do that, there's no chance you'll be heading a pentesting department anytime soon.
I didn't mean other watches, sorry for not being clear. I meant the high price tag on the gold Apple watch makes the regular Apple watches seem affordable. It's a variation of an old marketing trick called "door in the face".
Are you aware how much free press this thing creates for Apple? Not to mention it makes the very expensive regular watches seem affordable in comparison. Meanwhile the target audience doesn't care if it's 10k or 20k or whatever. Do you think the Silicon Valley billionaires give one fuck about 10 grand? Or the movie and music stars? They don't care that they'll buy a new one in 2 years, or probably next year, either. They already buy a new iPhone every time they lost theirs in one of their ten bedrooms. Normal people like us can hardly understand how little money matters to people who don't work for it (they let other people work).
I'd be interested to see which distro can get their image down to the smallest (functional) size.
LFS, of course. Or any other non-distro approach. What do you need a distro for if all you want is the kernel and basic system functions? It's not so difficult to start with zero and get to a shell prompt. Been there, done that.
The really interesting approach would be to have a deployment distro - a way to add packages to such an image from outside, without having all the packaging crap and its dependencies on the image itself.
I think what you really want is a build system that can install to the image.
I kinda miss the era in which a general computing proficiency was possible. Specialization used to be for insects.
It still is. But when you have millions of people working in IT, instead of thousands, there's space for insects. Doesn't mean you have to become one.
To any new technology that people worship I say: Give me one hour on the Internet, then I'll know what I need to know about it and you can worry about the implementation details if you like it so much.
You may have noticed I don't care how it got there, only why they are acting now the way they are.
Many companies have this immune system response that if something happens that shouldn't have, they will at the same time punish someone internally, and defend themselves externally claiming everything is proper.
They are taking a calculated risk knowing that very few GPL lawsuits actually went to court. They know it takes money to fight a legal battle and hope the opposing side doesn't have it, or will run out of it before reaching a final verdict. And finally, from the fact that they've been at this since 2012 - they probably think that it's a fairly cost-efficient way to buy more time and make business.
The only way you can have losses that exceed your net-worth is if someone has given you a huge amount of money that they really shouldn't. Typically, it means the banks gave these guys credit beyond even the most loose definition of sanity.
More and more I'm thinking that the fantasy worlds we live in when we play roleplaying or computer games are much closer to reality than the fantasy world of the financial industry.
will run on [...] phones and provide an experience very much like the desktop. [...] repeatedly failed to take the mobile space [...]"
Yeah, I wonder if these two could be in any way related...
MS is a design and UI fiasco and always has been. The only reason few people realize how unusable the crap is, is that we are so used to it that we don't notice anymore - until the next major update, or if you don't use it daily and then suddenly sit in front of it and wonder who the fuck came up with this stupidity.
And everyone who knows anything at all about mobile devices and usability knows that nobody on the planet wants a windows desktop experience on their smartphone. People want a smartphone experience on their smartphone, what's so difficult to understand about that?
Oh, speaking of that: People also don't want a mobile experience on their desktop. They want a desktop experience on their desktop, that's not so difficult, either.
Those two missions aren't mutually exclusive. Defend yourself at home and go on offense abroad.
It works for bombs and tanks, but not for computer networks and communications. It might have even worked in the time of telegraphs and snail mail letters. But for encryption, it doesn't work. A cipher is either weak, or strong. You can compromise a foreign postal system without affecting the security of your own, but you can't secretly build a backdoor into an encryption algorithm that works only for you.
Simply asserting that something is mutually contradictory because it sounds good to use words like 'cognitive dissonance' isn't any kind of argument.
Now you're trying to reverse the chain of causality just to make a cute finishing sentence.:-)
Everyone knows about the evil bit. That's what prompted me to write the bracket remark. But it's not quite the same as a "we're from the NSA, nothing to see here" flag.
What's with the clickbait headlines? By itself, the headline is total BS. The actual statement made, however, is spot on. The hole in your security doesn't care who exploits it. There's no "good guy" flag in IP headers (though I'm sure some April 1st RFC will soon introduce it).
What worries me most is that we could win this fight, if it weren't for our own governments deciding to betray us. There are vastly more people interested in secure communication and other people not being able to spy on or subvert our computers and mobile devices than there are people interested in compromised communications and systems (basically only criminals and some deluded, criminal-if-the-laws-were-right elements of governments).
There is just one problem to Bruce's argument: The largest and most powerful spy agency in the world disagrees with his fundamental assumption. We often forget that the NSA has two missions, and they are exactly the two things that Bruce argues cannot co-exist: To secure the computing infrastructure of the US against foreign espionage, and to provide espionage on foreign communication. The NSA believes, and/or is tasked with exactly these two things that Bruce says (and I agree) are mutually exclusive. No surprise they've gone rogue, their very mission statement is a recipe for a mental breakdown through cognitive dissonance.
Doesn't it depend a lot on what you refactor, when and how?
I have 3 year old code that I would like to refactor because I've since switched framework (from CodeIgniter to Symfony 2) and it would bring it in line with all my other projects, allowing me more easy code-reuse and not maintaining two frameworks both on servers and in my mind. But it's largely a convenience factor and I would agree that it will probably not improve code quality very much.
But I also have 12+ year old code written in plain PHP with my own simple database abstraction layer. I'm quite certain that refactoring that would do a world of good.
Anyone who knows both - how does Unreal compare to Unity? I mean from a developer perspective. I've been using Unity since late 1.x / early 2.x days, and one thing that I like it for is that compared to the other engines I know from that time (e.g. Torque), it was always very easy to use and develop with, especially in the early development phases when you're prototyping and want to see some results, fast, so you can test basic gameplay and mechanics.
It's a cop-out if you say "laziness" as if it explains anything. That's like the police finding a crime scene and concluding that the gun killed the man, and then packing up their things and going home.
We need to figure out why people are lazy and check if we can address it. Maybe we're making it too difficult?
Here's an example: Backups. Even I didn't have a good backup regime until Apple came up with Time Machine. It's just too much stupid work. But someone sat his ass down and asked the right question. And that's not "why are these fuckers so fucking lazy?", but "how can we make it easier for the users?".
they usually see as *an obstacle* to fun
That exactly is the point. If people see our work as an obstacle - maybe every once in a while we should climb down from our high horse and admit that they could be right?
Threema is only $1 more than WhatsApp. Pop quiz: how many people buy these over the insecure alternatives? Now you know how much the users care.;)
Messaging apps are driven purely by networks. If all your friends switched to Threema, you'd do it too. If nobody does it, you're unlikely to be the first. Security doesn't matter enough to lose contact with all your friends.
If I am looking for Foobar Inc's website, and I see www.foobar.com, I can be pretty sure that is legitimate.
That's not been true for a decade. Due to overloading (i.e. multiple organisations, same name), the Foobar Inc you are looking for could be at foobar.com - but it could also be at foobar-inc.com or foobarinc.com or foobar-newyork.com or foooobar.com or whatever domain name was still available when they finally went on the Internet.
It highlights a problem with the DNS system since ICANN took over.
We used to have a logical, hierarchical system. Any company would be under.com and any university under.edu -- then it broke apart and you would find anything under.com and anyone who couldn't get the.com name under.org,.net or whatever.
Then ICANN came along and greed won. Now you'll find anyone under anything, provided they paid for it. The TLD part has become entirely meaningless as it does not convey meaning anymore. ".dev" does not actually mean anything. You might think it means something if you associate those three letters with a meaning, but actually it only means "owned by Google".
We should just ditch the.tld entirely and that's it.
Sarcasm aside, professionals use the right tool for a job. Not necessarily the most complex or expensive or technical. A professional knows when to use the combo-hyper-pro-magic-machine as well as when to take a hammer or a screwdriver.
URLs have a reason to exist, and they will. The same way that IPs have a reason to exist and will, even though we rarely use them today. But 10 years ago, I knew the IPs of all my servers by heart. Today I need them rarely, but sometimes I do and I know where to find them. Today I know all my domains by heart. Maybe in 10 years I will use them rarely, but when I do, I know how to do it.
If you have the long laundry list of crimes that Kimble has, and everyone with any interest in the subject is wondering how you're still not in jail, then yes, that is the proper approach.
Don't get me wrong, in a court of law, I'm all for the innocence assumption. But outside, in the real world, when you're dealing with a career criminal then for your own safety you should assume that he's not suddenly turned into a little angel just because you are such a sweety to him.
Three years ago, I tried to start something called the Human Security Initiative. Not by accident acrynomically close to Human Computer Interfaces.
This is desperately needed. We need to sit our asses and oh-so-smart brains down, get some designers and psychologist into the room, and talk about how to properly design security, not just engineer it.
Top labs are *still* researching how to replace passwords while maintaining security.
I know. I've tried my own hand on this topic, to no avail. It's really hard.
And yes, entering your password once is a very big progress.
That's true except all kinds of people have learned to use GPG.
If you have to, or really, really want to, you will learn to use the worst tool in the history of mankind. But we should think about people who have no such drive.
The real reason people rarely use it is pure laziness
That's a cop-out. Another cheap excuse. You're blaming the user and stopping there. Let me help you with some cognitive dissonance: The same users that you call "lazy" spend an hour a day clicking on a screen to plant FarmVille crops. The most useless and boring activity ever invented. If Zynga can get them to click on some pixels repeatedly, twenty times a day, why can't we get them to click on a button once?
it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right
There's your problem right there. Once we grow three brain cells and understand that corporations are not people, and while they deserve rights, they don't deserve the same rights. I'm not even saying higher or lower, just saying there's a fucking difference, acknowledge it!
I'm not saying users are completely blameless littel angels. But I'm so sick and tired of this reflex of blaming everything on stupid users.
Some comedian said it very nicely about another topic: When a house burns down, and the firefighters put out the flames, they don't just go home and write a report saying "fire destroyed the house". They go in and sift through the debris and try to figure out what caused the fire.
In IT we largely don't do that. We treat users as mystical black boxes and root causes and once we've found the user somewhere in the chain of causality, we stop. We don't ask ourselves why the user made this mistake or why the users don't seem to want security. We say "stupidity" the same way ancient map makers put "here be dragons" on their maps.
And that, I say, is stupid. We should go in there and figure out what actually is in that white spot. Why did the user make this mistake? Why do they fall for phishing? Why do they want speed over security? And a boilerplate "because they're stupid" is not an acceptable answer.
We're so smart (or so we think), but we can't figure out how to make security desirable, unobtrusive and a positive experience. Really?
You can lead a horse to water but you can't make him drink.
cheap excuse
People are too lazy to type in a password in order to send mail.
Then make it not necessary to type in a password. Even I don't understand why I should type a password for every mail I send.
Yes I do use GPG its the best thing we have going right now for the average person to protect his data.
No, it's not. It might be technically the best tool, but if it's unusable, then in sum total, it's not. There are many factors that go into these equations, and we techies are sometimes blind to some of them.
Slashdot Mirror
TV is a declining medium. 15 years ago, when I removed the TV from my home, I was an exotic. Since then, more and more people I meet also don't have a TV, especially young people. And a lot of the others use it to watch movies from DVD or download/streaming, not any TV station.
It's big still and thanks to exclusive deals for events like olympics and world cups, it will stay around for many more years, but it's a medium on the way to exit, and two generations from now it will be part of media history like gramophone records or cassette tapes.
Innovation in this area will only speed up its decline. Heck, even the "Apple TV" thing doesn't really do television - it replaces television with iTunes media consumption.
Am I beyond hope?
Yes.
But not because you lack technical skills, those can be learnt. You're seriously working for a boss who thinks that he can turn a sysadmin into the head of a pentesting department by telling him to make it happen?
There's a lot that goes into a good pentest, and a reason that there are entire companies staffed with people who do essentially just that. It's not something you learn with a book on a few weekends. If your boss doesn't understand that, the result will be a disaster. And we already have too many people out there selling the printout of a Nessus scan as a penetration test.
What other comments said is spot on. Your boss needs to hire an experienced pentester, period. If he doesn't want to do that, there's no chance you'll be heading a pentesting department anytime soon.
I didn't mean other watches, sorry for not being clear. I meant the high price tag on the gold Apple watch makes the regular Apple watches seem affordable. It's a variation of an old marketing trick called "door in the face".
Are you aware how much free press this thing creates for Apple? Not to mention it makes the very expensive regular watches seem affordable in comparison. Meanwhile the target audience doesn't care if it's 10k or 20k or whatever. Do you think the Silicon Valley billionaires give one fuck about 10 grand? Or the movie and music stars? They don't care that they'll buy a new one in 2 years, or probably next year, either. They already buy a new iPhone every time they lost theirs in one of their ten bedrooms. Normal people like us can hardly understand how little money matters to people who don't work for it (they let other people work).
I'd be interested to see which distro can get their image down to the smallest (functional) size.
LFS, of course. Or any other non-distro approach. What do you need a distro for if all you want is the kernel and basic system functions? It's not so difficult to start with zero and get to a shell prompt. Been there, done that.
The really interesting approach would be to have a deployment distro - a way to add packages to such an image from outside, without having all the packaging crap and its dependencies on the image itself.
I think what you really want is a build system that can install to the image.
I kinda miss the era in which a general computing proficiency was possible. Specialization used to be for insects.
It still is. But when you have millions of people working in IT, instead of thousands, there's space for insects. Doesn't mean you have to become one.
To any new technology that people worship I say: Give me one hour on the Internet, then I'll know what I need to know about it and you can worry about the implementation details if you like it so much.
You may have noticed I don't care how it got there, only why they are acting now the way they are.
Many companies have this immune system response that if something happens that shouldn't have, they will at the same time punish someone internally, and defend themselves externally claiming everything is proper.
They are taking a calculated risk knowing that very few GPL lawsuits actually went to court. They know it takes money to fight a legal battle and hope the opposing side doesn't have it, or will run out of it before reaching a final verdict. And finally, from the fact that they've been at this since 2012 - they probably think that it's a fairly cost-efficient way to buy more time and make business.
The only way you can have losses that exceed your net-worth is if someone has given you a huge amount of money that they really shouldn't. Typically, it means the banks gave these guys credit beyond even the most loose definition of sanity.
More and more I'm thinking that the fantasy worlds we live in when we play roleplaying or computer games are much closer to reality than the fantasy world of the financial industry.
will run on [...] phones and provide an experience very much like the desktop. [...] repeatedly failed to take the mobile space [...]"
Yeah, I wonder if these two could be in any way related...
MS is a design and UI fiasco and always has been. The only reason few people realize how unusable the crap is, is that we are so used to it that we don't notice anymore - until the next major update, or if you don't use it daily and then suddenly sit in front of it and wonder who the fuck came up with this stupidity.
And everyone who knows anything at all about mobile devices and usability knows that nobody on the planet wants a windows desktop experience on their smartphone. People want a smartphone experience on their smartphone, what's so difficult to understand about that?
Oh, speaking of that: People also don't want a mobile experience on their desktop. They want a desktop experience on their desktop, that's not so difficult, either.
Those two missions aren't mutually exclusive. Defend yourself at home and go on offense abroad.
It works for bombs and tanks, but not for computer networks and communications. It might have even worked in the time of telegraphs and snail mail letters. But for encryption, it doesn't work. A cipher is either weak, or strong. You can compromise a foreign postal system without affecting the security of your own, but you can't secretly build a backdoor into an encryption algorithm that works only for you.
Simply asserting that something is mutually contradictory because it sounds good to use words like 'cognitive dissonance' isn't any kind of argument.
Now you're trying to reverse the chain of causality just to make a cute finishing sentence. :-)
Everyone knows about the evil bit. That's what prompted me to write the bracket remark. But it's not quite the same as a "we're from the NSA, nothing to see here" flag.
What's with the clickbait headlines? By itself, the headline is total BS. The actual statement made, however, is spot on. The hole in your security doesn't care who exploits it. There's no "good guy" flag in IP headers (though I'm sure some April 1st RFC will soon introduce it).
What worries me most is that we could win this fight, if it weren't for our own governments deciding to betray us. There are vastly more people interested in secure communication and other people not being able to spy on or subvert our computers and mobile devices than there are people interested in compromised communications and systems (basically only criminals and some deluded, criminal-if-the-laws-were-right elements of governments).
There is just one problem to Bruce's argument: The largest and most powerful spy agency in the world disagrees with his fundamental assumption. We often forget that the NSA has two missions, and they are exactly the two things that Bruce argues cannot co-exist: To secure the computing infrastructure of the US against foreign espionage, and to provide espionage on foreign communication.
The NSA believes, and/or is tasked with exactly these two things that Bruce says (and I agree) are mutually exclusive. No surprise they've gone rogue, their very mission statement is a recipe for a mental breakdown through cognitive dissonance.
Doesn't it depend a lot on what you refactor, when and how?
I have 3 year old code that I would like to refactor because I've since switched framework (from CodeIgniter to Symfony 2) and it would bring it in line with all my other projects, allowing me more easy code-reuse and not maintaining two frameworks both on servers and in my mind. But it's largely a convenience factor and I would agree that it will probably not improve code quality very much.
But I also have 12+ year old code written in plain PHP with my own simple database abstraction layer. I'm quite certain that refactoring that would do a world of good.
Anyone who knows both - how does Unreal compare to Unity? I mean from a developer perspective. I've been using Unity since late 1.x / early 2.x days, and one thing that I like it for is that compared to the other engines I know from that time (e.g. Torque), it was always very easy to use and develop with, especially in the early development phases when you're prototyping and want to see some results, fast, so you can test basic gameplay and mechanics.
How does Unreal compare?
It's not a cop-out.
It's a cop-out if you say "laziness" as if it explains anything. That's like the police finding a crime scene and concluding that the gun killed the man, and then packing up their things and going home.
We need to figure out why people are lazy and check if we can address it. Maybe we're making it too difficult?
Here's an example: Backups. Even I didn't have a good backup regime until Apple came up with Time Machine. It's just too much stupid work. But someone sat his ass down and asked the right question. And that's not "why are these fuckers so fucking lazy?", but "how can we make it easier for the users?".
they usually see as *an obstacle* to fun
That exactly is the point. If people see our work as an obstacle - maybe every once in a while we should climb down from our high horse and admit that they could be right?
Threema is only $1 more than WhatsApp. Pop quiz: how many people buy these over the insecure alternatives? Now you know how much the users care. ;)
Messaging apps are driven purely by networks. If all your friends switched to Threema, you'd do it too. If nobody does it, you're unlikely to be the first. Security doesn't matter enough to lose contact with all your friends.
If I am looking for Foobar Inc's website, and I see www.foobar.com, I can be pretty sure that is legitimate.
That's not been true for a decade. Due to overloading (i.e. multiple organisations, same name), the Foobar Inc you are looking for could be at foobar.com - but it could also be at foobar-inc.com or foobarinc.com or foobar-newyork.com or foooobar.com or whatever domain name was still available when they finally went on the Internet.
It highlights a problem with the DNS system since ICANN took over.
We used to have a logical, hierarchical system. Any company would be under .com and any university under .edu -- then it broke apart and you would find anything under .com and anyone who couldn't get the .com name under .org, .net or whatever.
Then ICANN came along and greed won. Now you'll find anyone under anything, provided they paid for it. The TLD part has become entirely meaningless as it does not convey meaning anymore. ".dev" does not actually mean anything. You might think it means something if you associate those three letters with a meaning, but actually it only means "owned by Google".
We should just ditch the .tld entirely and that's it.
Sarcasm aside, professionals use the right tool for a job. Not necessarily the most complex or expensive or technical. A professional knows when to use the combo-hyper-pro-magic-machine as well as when to take a hammer or a screwdriver.
URLs have a reason to exist, and they will. The same way that IPs have a reason to exist and will, even though we rarely use them today. But 10 years ago, I knew the IPs of all my servers by heart. Today I need them rarely, but sometimes I do and I know where to find them. Today I know all my domains by heart. Maybe in 10 years I will use them rarely, but when I do, I know how to do it.
guilty until proven innocent.
If you have the long laundry list of crimes that Kimble has, and everyone with any interest in the subject is wondering how you're still not in jail, then yes, that is the proper approach.
Don't get me wrong, in a court of law, I'm all for the innocence assumption. But outside, in the real world, when you're dealing with a career criminal then for your own safety you should assume that he's not suddenly turned into a little angel just because you are such a sweety to him.
Three years ago, I tried to start something called the Human Security Initiative. Not by accident acrynomically close to Human Computer Interfaces.
This is desperately needed. We need to sit our asses and oh-so-smart brains down, get some designers and psychologist into the room, and talk about how to properly design security, not just engineer it.
Top labs are *still* researching how to replace passwords while maintaining security.
I know. I've tried my own hand on this topic, to no avail. It's really hard.
And yes, entering your password once is a very big progress.
That's true except all kinds of people have learned to use GPG.
If you have to, or really, really want to, you will learn to use the worst tool in the history of mankind. But we should think about people who have no such drive.
The real reason people rarely use it is pure laziness
That's a cop-out. Another cheap excuse. You're blaming the user and stopping there. Let me help you with some cognitive dissonance: The same users that you call "lazy" spend an hour a day clicking on a screen to plant FarmVille crops. The most useless and boring activity ever invented. If Zynga can get them to click on some pixels repeatedly, twenty times a day, why can't we get them to click on a button once?
it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right
There's your problem right there. Once we grow three brain cells and understand that corporations are not people, and while they deserve rights, they don't deserve the same rights. I'm not even saying higher or lower, just saying there's a fucking difference, acknowledge it!
I'm not saying users are completely blameless littel angels. But I'm so sick and tired of this reflex of blaming everything on stupid users.
Some comedian said it very nicely about another topic: When a house burns down, and the firefighters put out the flames, they don't just go home and write a report saying "fire destroyed the house". They go in and sift through the debris and try to figure out what caused the fire.
In IT we largely don't do that. We treat users as mystical black boxes and root causes and once we've found the user somewhere in the chain of causality, we stop. We don't ask ourselves why the user made this mistake or why the users don't seem to want security. We say "stupidity" the same way ancient map makers put "here be dragons" on their maps.
And that, I say, is stupid. We should go in there and figure out what actually is in that white spot. Why did the user make this mistake? Why do they fall for phishing? Why do they want speed over security? And a boilerplate "because they're stupid" is not an acceptable answer.
We're so smart (or so we think), but we can't figure out how to make security desirable, unobtrusive and a positive experience. Really?
You can lead a horse to water but you can't make him drink.
cheap excuse
People are too lazy to type in a password in order to send mail.
Then make it not necessary to type in a password. Even I don't understand why I should type a password for every mail I send.
Yes I do use GPG its the best thing we have going right now for the average person to protect his data.
No, it's not. It might be technically the best tool, but if it's unusable, then in sum total, it's not. There are many factors that go into these equations, and we techies are sometimes blind to some of them.