I suspect this is a south park reference (I don't watch south park, but I've heard other people make similar references).
That said, where I live, this is pretty damn close to true.
Transit workers just got off a 6 week strike. All kinds of teacher / support staff strike talks in our universities. Water department just averted a strike. Air Canada basically got told they can't strike (but they wanted to).
I think the actual reality is indeed that any system can be abused, and there are always those who are going to take a system designed to protect people from harassment and use it to.. harass them.
We have plenty of groups twisting laws up here just as you do down there.
I do agree with this, and like many Canadians, am thoroughly pissed off about it. The party in power up here also happens to be the worst for this. It's interesting, people joke about Canada being under British control, but the US influences our politics in an actual tangible manner.
At the very least, US big media is pulling some serious strings up here.
The irony there is our watered down free speech laws (freedom of expression) are probably going to provide more freedom than will realistically be available in the US (despite your 1'st amendment) fairly soon.
Just to offer my commentary on US vs Canada law. The US is all about absolutes. You (supposedly) have a set of absolute, undeniable rights. In Canada, it's about balance and compromise. I have a right to express my opinions, but people have a right not to be harassed with hate speech. The theoretical implications of the Canadian approach seem worse than the US approach, however I think in the practical world they work out much better.
Further, I think the differences make sense when you look at our countries history. Down in the US, you folks had a huge war to get your independence.. lots of inspiring speeches and acts of heroism and such. You _won_ your absolute independence and are adamant about protecting it.
Here in Canada, we hashed out our independence in a series of meetings with the British. It was a compromise solution invloving a gradual transition where we would get a constitution and all the things that really matter for the day to day running of a country, and the British would still maintain a largely symbolic involvement in our politics.
An American would of course freak out at this. Total independence or death and such but it works for us.
And operating any kind of outdoor stand or kiosk capable of producing cinematically pleasing debris when a car crashes through it is a very frustrating occupation.
I like to think if I came upon that problem a red flag would go off in my brain saying "ok, we need to do something here".. but I can definitely see something like that getting missed and some programmer just pounding the data in there directly.
Don’t worry I don’t do much work with databases any more (nor web apps)... but isn’t the whole SQL injection problem pretty much solved by using prepared statements to decouple data from the query?
I get that prepared statements arn’t a panacea for all vulnerabilities, but I always thought it pretty much did defeated the SQL injection stuff. Are there some this doesn’t eliminate, or is this just one of “those” products (“dear CEO, protect yourself from losing millions like these companies did by installing a DATABASE FIREWALL today”)?
I was actually buying it until I read that. That's not to say I had an extreme "omg that is so untrue that this must be fake" rection, it just knocked me out of my mindless daze long enough to notice the other (what should have been obvious) clues.
I don't know enough about either side of the argument to figure it out. I did assume they "just already have it" and are banking on the movie bringing in more then they spend (that is, an investment of sorts).
On the actual topic, I'm on the fence. On one hand, most indie stuff sucks. People who like it tend to like it specifically because it's indie. Not saying there arn't some real gems out there, but I think claiming that we have an over-abundance of high quality indie material out there is pushing it fairly far. We certainly arn't at a level where it's going to topple the major budget stuff.
On the other hand, technology is really lowering the bar. When we look at the level of stuff people are producing to put on youtube, there is definitely some hope. That and as said, social media and sites like kickstarter are nibbling away at what I see as the two big hurtles: exposure and financing.
I'd be curious if any big companies are doing this. This seems like the kind of thing a small shop would do. It seems legally dubious enough that big companies would fear lawsuits.
Yes, I personally would tell an employer to go pound sand. I don't even have a facebook account, but the fact that they do that as part of their interview process would mean it's not a company I want anything to do with.
I'm also in a position where I can probably find another job after leaving the interview. A lot of people arn't. Times are tough right now, and if it's a choice between losing the house or standing up for your ideals.. a lot of people are going to go for the former. Also worth noting that in a lot of companies, the HR department and the people you are actually working for are very different. The HR guy might be an ass, but the company itself might be great.
Further to that, right now it is a rare practice. If it catches on it'll become hard to find a decent job without this kind of requirement and we won't get to be smug either.
I definitely think the law needs to limit what employers can use on the net in the same way they limit things like race/sexuality questions.
Problem with the whole geohotz thing was that yeah, I couldn't stand the guy either.. but the case revolved around an issue that was important to me. I was actually pretty happy with the "nothing changed" result.
In this community we heard about it non-stop for what feels like years. Outside this community, no one really cared. Yes Sony lost some business, but even if everyone who could explain in a sentence what the OtherOS thing was about stopped buying Sony, it would probably be a tiny blip on the profit statement.
Same with the geohotz thing. Huge deal to us, non-issue for most. The rootkit thing is the closest Sony ever came to doing something that actually pissed of a large chunk of their users with an issue (outside the PSN thing, but again, people were upset for the wrong reason).. and even that most people wern't mad enough to swear of Sony products forever.. it was more of an amused "well that was naughty of them" response from the vast majority of people.
The group of people who understand the nature of Sony, the relevance of this kind of behavior, or care at all is relatively small.
Lest we forget, after the PSN hack and all that personal info got stolen, the absolute loudest cry was from gamers who wanted the PSN back up ASAP. The people who understood the nature of Sony's fuckup and that a huge chunk of their personal info just got stolen make up a very tiny portion of Sony's customer base.
In addition to that, people are just plain used to companies being evil. It just happens that Sony is evil in a way that is particularily relevant to us. It's important to remind ourselves that the rest of the world really doesn't care about this stuff.
It has a very primitive system with a set of odd rules and behaviours that can be exploited. Ultimately the only thing you are really given easily is a NOT gate. Doing something like this has two primary challanges:
- the logic of the thing itself - translating it into "minecraft" logic and working within the restrictions imposed
The system is built around blocks being powered/unpowered.. with different game blocks powering blocks around it in different patterns, and other blocks responding to that power in different ways.
It's definitely not as straight forward as just drawing out a circuit diagram in the equivalent game pieces.
Problem is the article is all over the place. It lists basic "intro to linux 101" stuff right next to "security paranoid enterprise server admin" stuff (which is does a very bad job of explaining anyway).
There are plenty of good "intro to SSH" articles and plenty of good "advanced SSH tricks" articles out there. This is just trash.
Indeed. And that was the closest thing to an "ultimate hack". Everything else was basic intro to Linux type stuff.
That and the randomart stuff was very poorly explained. Personally I think that feature is pointless anyway. If you are in a position where you feel you might actually get a MiM attack.. copy the key onto a USB stick.
Tip 16 and friends (the keyart stuff) is very poorly explained. You don’t know that the key is secure, but you magically know that the randomart is? That’s the bit they forgot to mention. It’s a visual representation of the key that _you have to have seen before to be able to verify_. Personally if you are going to go to the trouble.. I say throw the key on a USB stick and be done with it.
The screen stuff maybe worth mentioning the more modern alternative tmux.
SSHFS is better than NFS
For quick one-off stuff.. maybe. Cryptographic overhead is still startlingly effective at slowing things down, even on fast hardware (random: can anyone explain why.. you’d think it shouldn’t make any difference at this point.. I’m guessing it has something to do with network framing?).
Tip 4 (logging in with server-specific keys ) seems like the kind of thing that very few people will ever need to do.. and if they do.. they’ll google it. Kinda silly putting it in an article like this.
Tip 2 (ssh tunnel) is probably the only thing in here that _might_ be considered an “ultimate” hack (everything else is pretty much Linux 101).
Tip 1 (Evading silly web restrictions) is great. Alternate title: “my job is important, but damnit I need my facebook/twitter fix”.
I'd rather them take the cost off the ticket (somewhere around $50 a person apparently) and bring my own cheaper yet much better food on board or just not eat (I can go a surprisingly long while before I actually get uncomfortably hungry).
Slashdot Mirror
I suspect this is a south park reference (I don't watch south park, but I've heard other people make similar references).
That said, where I live, this is pretty damn close to true.
Transit workers just got off a 6 week strike. All kinds of teacher / support staff strike talks in our universities. Water department just averted a strike. Air Canada basically got told they can't strike (but they wanted to).
I think the actual reality is indeed that any system can be abused, and there are always those who are going to take a system designed to protect people from harassment and use it to.. harass them.
We have plenty of groups twisting laws up here just as you do down there.
I do agree with this, and like many Canadians, am thoroughly pissed off about it. The party in power up here also happens to be the worst for this. It's interesting, people joke about Canada being under British control, but the US influences our politics in an actual tangible manner.
At the very least, US big media is pulling some serious strings up here.
The irony there is our watered down free speech laws (freedom of expression) are probably going to provide more freedom than will realistically be available in the US (despite your 1'st amendment) fairly soon.
Just to offer my commentary on US vs Canada law. The US is all about absolutes. You (supposedly) have a set of absolute, undeniable rights. In Canada, it's about balance and compromise. I have a right to express my opinions, but people have a right not to be harassed with hate speech. The theoretical implications of the Canadian approach seem worse than the US approach, however I think in the practical world they work out much better.
Further, I think the differences make sense when you look at our countries history. Down in the US, you folks had a huge war to get your independence .. lots of inspiring speeches and acts of heroism and such. You _won_ your absolute independence and are adamant about protecting it.
Here in Canada, we hashed out our independence in a series of meetings with the British. It was a compromise solution invloving a gradual transition where we would get a constitution and all the things that really matter for the day to day running of a country, and the British would still maintain a largely symbolic involvement in our politics.
An American would of course freak out at this. Total independence or death and such but it works for us.
And operating any kind of outdoor stand or kiosk capable of producing cinematically pleasing debris when a car crashes through it is a very frustrating occupation.
Mm, good point.
I like to think if I came upon that problem a red flag would go off in my brain saying "ok, we need to do something here" .. but I can definitely see something like that getting missed and some programmer just pounding the data in there directly.
Don’t worry I don’t do much work with databases any more (nor web apps)... but isn’t the whole SQL injection problem pretty much solved by using prepared statements to decouple data from the query?
I get that prepared statements arn’t a panacea for all vulnerabilities, but I always thought it pretty much did defeated the SQL injection stuff. Are there some this doesn’t eliminate, or is this just one of “those” products (“dear CEO, protect yourself from losing millions like these companies did by installing a DATABASE FIREWALL today”)?
Haha, yup!
I was actually buying it until I read that. That's not to say I had an extreme "omg that is so untrue that this must be fake" rection, it just knocked me out of my mindless daze long enough to notice the other (what should have been obvious) clues.
I don't know enough about either side of the argument to figure it out. I did assume they "just already have it" and are banking on the movie bringing in more then they spend (that is, an investment of sorts).
On the actual topic, I'm on the fence. On one hand, most indie stuff sucks. People who like it tend to like it specifically because it's indie. Not saying there arn't some real gems out there, but I think claiming that we have an over-abundance of high quality indie material out there is pushing it fairly far. We certainly arn't at a level where it's going to topple the major budget stuff.
On the other hand, technology is really lowering the bar. When we look at the level of stuff people are producing to put on youtube, there is definitely some hope. That and as said, social media and sites like kickstarter are nibbling away at what I see as the two big hurtles: exposure and financing.
I'd be curious if any big companies are doing this. This seems like the kind of thing a small shop would do. It seems legally dubious enough that big companies would fear lawsuits.
* giving up a password to get the gig or losing your house and standing up for your ideals :(
There are of course problems with this.
Yes, I personally would tell an employer to go pound sand. I don't even have a facebook account, but the fact that they do that as part of their interview process would mean it's not a company I want anything to do with.
I'm also in a position where I can probably find another job after leaving the interview. A lot of people arn't. Times are tough right now, and if it's a choice between losing the house or standing up for your ideals.. a lot of people are going to go for the former. Also worth noting that in a lot of companies, the HR department and the people you are actually working for are very different. The HR guy might be an ass, but the company itself might be great.
Further to that, right now it is a rare practice. If it catches on it'll become hard to find a decent job without this kind of requirement and we won't get to be smug either.
I definitely think the law needs to limit what employers can use on the net in the same way they limit things like race/sexuality questions.
Problem with the whole geohotz thing was that yeah, I couldn't stand the guy either .. but the case revolved around an issue that was important to me. I was actually pretty happy with the "nothing changed" result.
The OtherOS is actually a perfect example.
In this community we heard about it non-stop for what feels like years. Outside this community, no one really cared. Yes Sony lost some business, but even if everyone who could explain in a sentence what the OtherOS thing was about stopped buying Sony, it would probably be a tiny blip on the profit statement.
Same with the geohotz thing. Huge deal to us, non-issue for most. The rootkit thing is the closest Sony ever came to doing something that actually pissed of a large chunk of their users with an issue (outside the PSN thing, but again, people were upset for the wrong reason).. and even that most people wern't mad enough to swear of Sony products forever.. it was more of an amused "well that was naughty of them" response from the vast majority of people.
The group of people who understand the nature of Sony, the relevance of this kind of behavior, or care at all is relatively small.
Lest we forget, after the PSN hack and all that personal info got stolen, the absolute loudest cry was from gamers who wanted the PSN back up ASAP. The people who understood the nature of Sony's fuckup and that a huge chunk of their personal info just got stolen make up a very tiny portion of Sony's customer base.
In addition to that, people are just plain used to companies being evil. It just happens that Sony is evil in a way that is particularily relevant to us. It's important to remind ourselves that the rest of the world really doesn't care about this stuff.
I was amused.. people need to lighten up!
It has a very primitive system with a set of odd rules and behaviours that can be exploited. Ultimately the only thing you are really given easily is a NOT gate. Doing something like this has two primary challanges:
- the logic of the thing itself
- translating it into "minecraft" logic and working within the restrictions imposed
The system is built around blocks being powered/unpowered .. with different game blocks powering blocks around it in different patterns, and other blocks responding to that power in different ways.
It's definitely not as straight forward as just drawing out a circuit diagram in the equivalent game pieces.
I have to assume this kid probably had some prior programming interest before taking on this project.
If not, that's even more hardcore (and this whole thing really is quite insane.. ).
Problem is the article is all over the place. It lists basic "intro to linux 101" stuff right next to "security paranoid enterprise server admin" stuff (which is does a very bad job of explaining anyway).
There are plenty of good "intro to SSH" articles and plenty of good "advanced SSH tricks" articles out there. This is just trash.
Wow. Thanks!
And yeah.. that was more useful and more worthy of being called an "ultimate hack" then everything in this lame article combined.
Indeed. And that was the closest thing to an "ultimate hack". Everything else was basic intro to Linux type stuff.
That and the randomart stuff was very poorly explained. Personally I think that feature is pointless anyway. If you are in a position where you feel you might actually get a MiM attack.. copy the key onto a USB stick.
Tip 16 and friends (the keyart stuff) is very poorly explained. You don’t know that the key is secure, but you magically know that the randomart is? That’s the bit they forgot to mention. It’s a visual representation of the key that _you have to have seen before to be able to verify_. Personally if you are going to go to the trouble.. I say throw the key on a USB stick and be done with it.
The screen stuff maybe worth mentioning the more modern alternative tmux.
SSHFS is better than NFS
For quick one-off stuff .. maybe. Cryptographic overhead is still startlingly effective at slowing things down, even on fast hardware (random: can anyone explain why.. you’d think it shouldn’t make any difference at this point.. I’m guessing it has something to do with network framing?).
Tip 4 (logging in with server-specific keys ) seems like the kind of thing that very few people will ever need to do.. and if they do.. they’ll google it. Kinda silly putting it in an article like this.
Tip 2 (ssh tunnel) is probably the only thing in here that _might_ be considered an “ultimate” hack (everything else is pretty much Linux 101).
Tip 1 (Evading silly web restrictions) is great. Alternate title: “my job is important, but damnit I need my facebook/twitter fix”.
True enough, but a man can dream ;p
Indeed.
I'd rather them take the cost off the ticket (somewhere around $50 a person apparently) and bring my own cheaper yet much better food on board or just not eat (I can go a surprisingly long while before I actually get uncomfortably hungry).
* genius
.. sigh.. Monday :(